Exam 200-301 All QuestionsBrowse all questions from this exam
Go to Exam
Question 1052

SIMULATION

-

Guidelines

-

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.

• Refer to the Topology tab to access the device console(s) and perform the tasks.

• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.

• All necessary preconfigurations have been applied.

• Do not change the enable password or hostname for any device.

• Save your configurations to NVRAM before moving to the next item.

• Click Next at the bottom of the screen to submit this lab and move to the next question.

• When Next is clicked, the lab closes and cannot be reopened.

Topology

-

Tasks

-

Connectivity between three routers has been established, and IP services must be configured in the order presented to complete the implementation. Tasks assigned include configuration of NAT, NTP, DHCP, and SSH services.

1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All source addresses must be translated from R3 to the IP address of Ethernet0/0 on R2, while using only a standard access list named PUBNET. To verify, a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration.

2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the R1 Ethernet0/2 interface. Set the clock on the NTP server for midnight on May 1, 2018.

3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL. Using a single command, exclude addresses 1 - 10 from the range. Interface Ethernet0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP.

4. Configure SSH connectivity from R1 to R3, while excluding access via other remote connection protocols. Access for user netadmin and password N3t4ccess must be set on router R3 using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11. Do NOT modify console.

    Correct Answer:

Discussion
Goena

NAT: R2(config)# ip access list standard PUBNET R2(config-std-nacl)# permit 10.2.3.3 R2(config-std-nacl)# permit 10.1.3.11 R2(config-std-nacl)# permit 192.168.3.1 R2(config-std-nacl)# exit R2(config)# interface e0/1 R2(config-if)# ip nat inside R2(config)# interface e0/0 R2(config-if)# ip nat outside R2(config)# ip nat inside source list PUBNET interface e0/0 overload NTP: R1# clock set 00:00:00 jan 1 2019 R1(config)# ntp master 1 R2(config)# ntp server 10.1.3.1 DHCP: R1(config)# ip dhcp pool NETPOOL R1(dhcp-config)# network 10.1.3.0 255.255.255.0 R1(config)# exit R1(config)# ip dhcp excluded-address 10.1. 3.1 10.1.3.10 R3(config)# interface e0/2 R3(config-if)# ip address dhcp SSH: R3(config)# username netadmin password N3t4ccess R3(config)# line vty 0 4 R3(config-line)# login local R3(config-line)# exit R3(config)# ip domain-name cisco.com R3(config)# crypto key generate rsa

rogi2023

in ssh config missing "transport input ssh" (while excluding access via other remote connection protocols)

Friday_Night

why use jan 1 2019 when it stated that clock must be May 1, 2018 ?

Shabeth

overload is for PAT, but the task said NAT, i am confused

Shri_Fcb10

yes because the question is asking to translate all source IP add from R3 to the IP add of e0/0 of R2. So we are mapping multiple source addresses to a single IP address hence PAT is required

daryl10

My configs to use: NAT/PAT (Need to translate multiple IP address into a single IP) R2: ip access list standard PUBNET Permit host 10.2.3.3 Permit host 10.1.3.11 Permit host 192.168.3.1 exit interface e0/1 ip nat inside exit interface e0/0 ip nat outside exit ip nat inside source list PUBNET interface e0/0 overload NTP: R1: clock set 00:00:00 May 1 2018 (From privilege mode) ntp master 1 R2: ntp server 10.1.3.1 DHCP: R1: ip dhcp excluded-address 10.1. 3.1 10.1.3.10 ip dhcp pool NETPOOL network 10.1.3.0 255.255.255.0 R3: Interface e0/2 Ip address dhcp SSH: R3: ip domain name ccna.com crypto key generate rsa general-keys modulus 1024 username netadmin secret N3t4ccess line vty 0 15 transport input ssh login local

dropspablo

1- NAT R2(config)# ip access-list standard PUBNET R2(config-std-nacl)# permit 192.168.3.1 0.0.0.0 R2(config-std-nacl)# permit host 10.2.3.3 R2(config-std-nacl)# permit 10.1.3.11 (you can use both ways) R2(config-std-nacl)# exit R2(config)# ip nat inside source PUBNET interface ethernet0/0 overload R2(config)#int e0/1 R2(config-if)#ip nat inside R2(config-if)#interface e0/0 R2(config-if)#ip nat outside #end R3# ping 192.168.1.1 (to R1 Loopback1) R2# show ip nat translations 2- NTP R1(config)# ntp master R1(config)# clock set 00:00:00 mai 1 2018 R1# do show clock - R2(config)# ntp server 10.1.3.1 R2# do show ntp associations

dropspablo

3- DHCP R1(config)# ip dhcp pool NETPOOL R1(dhcp-config)# network 10.1.3.0 255.255.255.0 R1(dhcp-config)# exit R1(config)# ip dhcp excluded-address 10.1.3.1 10.1.3.10 R1# do show ip dhcp pool - R3(config)# interface ethernet0/2 R3(config-if)# ip address dhcp R3# do show ip interface brief 4- SSH R3(config)# username netadmin password N3t4ccess R3(config)# ip domain-name cisco.com R3(config)# crypto key generate rsa |1024| R3(config)# access-list 10 permit 10.1.3.1 R3(config)# line vty 0 15 R3(config-line)# login local R3(config-line)# transport input ssh R3(config-line)# access-class 10 in R3(config-line)# end R1# ssh -l netadmin 10.1.3.11

dropspablo

Attention (* Do not change the enable password or hostname for any device.)

dropspablo

Correcting, access list in the vty lines (there are three): R3(config)#access-list 10 permit 10.1.3.1 R3(config)#access-list 10 permit 192.168.1.1 R3(config)#access-list 10 permit 10.1.2.1

AbdullahMohammad251

Since you used access-class in, you're controlling which users (source-IPs) have access to the VTY lines of R3, so the access list should include the interfaces of R1 not R3 R3(config)# access-list 10 permit 10.1.3.11 R3(config)# access-list 10 permit 10.2.3.3 R3(config)# access-list 10 permit 192.168.3.1

AbdullahMohammad251

And I don't think this is necessary, the question didn't ask to restrict access via ssh for R1

dropspablo

Attention - (1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2.) Check with "#show ip route", if the route from R3 to R1 Loopback goes through R2. If not, we must configure a static route on R3: R3(config)# ip route 192.168.1.1 255.255.255.255 10.2.3.2

tumajay

i tried to ping 192.168.1.1 from R3, it didn't work

tumajay

figured it out. forgot to add a route from R3 to R1 on packet tracer

[Removed]

I'm confused about the NAT part, i don't undertand what they want exactly but here's my answer for the rest of the configuration : NTP : R1 : enable clock set 00:00:00 1 may 2018 configure terminal ntp master 1 end copy running-config startup-config R2 : enable configure terminal ntp server 10.1.3.1 end copy running-config startup-config DHCP : R1 : enable configure terminal ip dhcp exluded-address 10.1.3.1 10.1.3.10 ip dhcp pool NETPOOL network 10.1.3.0 255.255.255.0 end copy running-config startup-config R3 : enable configure terminal interface e0/2 ip address dhcp end copy running-config startup-config SSH : R3 : enable configure terminal username netadmin secret N3t4ccess ip domain-name ccna-lab.com crypto key generate rsa general-keys modulus 1024 line vty 0 15 login local transport input ssh end

JunsK1e

Step 1: (Create the standard name ACL) R2: ! !(you need to permit all source ip address inside of R3) ! ip access-list standard PUBNET permit 10.0.0.0 0.2.255.255 permit host 192.168.3.1 exit ! ! Step 2: (Configuret the NAT/PAT using the exit interface) ! ! ip nat inside source list PUBNET interface e0/0 overload ! interface e0/1 ip nat inside exit ! interface e0/0 ip nat outside exit

picho707

Task 1 ip access-list standard PUBNET permit 192.168.3.1 permit 10.1.3.0 0.0.0.255 permit 10.2.3.0 0.0.0.255 interface GigabitEthernet0/1 ip nat inside interface GigabitEthernet0/0 ip nat outside ip nat inside source list PUBNET interface GigabitEthernet0/0 overload Task 2 R1(config)#ntp master R1#clock set 00:00:00 May 1 2018 R2(config)#ntp server 10.1.3.1 Task 3 R1 ! ip dhcp excluded-address 10.1.3.1 10.1.3.10 ! ip dhcp pool NETPOOL network 10.1.3.0 255.255.255.0 ! R3 ! interface GigabitEthernet0/2 ip address dhcp ! Task 4 R3(config)#ip domain-name cml.priv R3(config)#username netadmin password N3t4ccess R3(config)#crypto key generate rsa modulus 1024 R3(config)#ip access-list standard 10 R3(config-std-nacl)#permit host 10.1.3.1 R3(config)#line vty 0 15 R3(config-line)#access-class 10 in R3(config-line)#login local R3(config-line)#transport input ssh ssh -l netadmin 10.1.3.11

5eba813

What does it mean do not use nvi on nat configuration !

nothanksimgucci

NVI (or NAT Virtual Interface) removes the requirements to specify the interfaces as either "ip NAT inside" or "ip NAT outside." An interface can be configured to use NAT or not use NAT with "ip NAT enable" so you don't need to specify in/outside.

Toto86

Implementing DHCP like task 3 is not a part of CCNA 200-301. It was part of CCNA ICND1 100-105. CCNA 200-301 Official Cert Guide, Volume 2 Appendix D page 6

tumajay

what does Do NOT modify console mean?

Bugmenot240411

don't set line console and line vty unless required, I guess.

Secsoft

In NAT, To verify, a ping must be successful to the R1 Loopback address sourced from R3. How can we achieve this by NAT configuration?

Goena

Is it nat to the loopback that is asked? And how do you configure to a loopback?

Goena

The configuration of NAT is missing.