Skip to Content

Cisco 200-301: How to Configure Local User Account, Named ACL, and Dynamic ARP Inspection on Cisco Devices?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Learn step-by-step how to set up a local user account with telnet access, create and apply a Named ACL to filter traffic, and enable Dynamic ARP Inspection with MAC and IP validation on Cisco routers and switches. Perfect for acing the Cisco 200-301 CCNA certification exam.

Question

Guidelines

This is a lab item in which tasks will be performed on virtual devices

  • Refer to the Tasks tab to view the tasks for this lab item.
  • Refer to the Topology tab to access the device console(s) and perform the tasks.
  • Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
  • All necessary pre-configurations have been applied.
  • Do not change the enable password or hostname for any device.
  • Save your configurations to NVRAM before moving to the next item.
  • Click Next at the bottom of the screen to submit this lab and move to the next question.
  • When Next is clicked, the lab closes and cannot be reopened.

Topology

This is a lab item in which tasks will be performed on virtual devices

Tasks

Refer to the topology. All physical cabling is in place. Configure local user account, configure a Named ACL (NACL), and Dynamic Arp Inspection.

  1. Configure a local account on Sw3 with telnet access only on virtual ports 0-4. Use the following information:
    • Username: tech12
    • Password: load1key
    • Algorithm type: md5
    • Privilege level: Exec mode
  2. Configure and apply a NACL on R1 to control network traffic towards ISP:
    • Name: ISP_ACL
    • Restrict RFC 1918 class A and B addresses
    • Allow all other addresses
  3. A DHCP IP Pool is preconfigured on R1 for VLAN 5, and DHCP Snooping is configured on Sw2. Configure on Sw2:
    • Dynamic Arp Inspection for VLAN 5
    • Enable validation of the ARP packet destination MAC address
    • Enable validation of the ARP packet source MAC address
    • Enable validation of the ARP Packet IP address

Answer

Task 1

Sw3(config)# usemame tech12 secret load1key
Sw3(config)# service password-encryption
Sw3(config)# line vty 0 4
Sw3(config-line)# login local
Sw3(config-line)# transport input telnet
Sw3(config-line)# exit
Sw3(config)# end

Task 2

R1(config)# ip access-list extended ISP_ACL
R1(config-ext-acl)# deny ip 10.0.0.0 0.255.255.255 any
R1(config-ext-acl)# deny ip 172.16.0.0 0.255.255.255 any
R1(config-ext-acl)# permit ip any any
R1(config-ext-ac1)# exit
R1(config)# interface e0/1
R1(config-if)# ip access-group ISP_ACL out
R1(config-if)# exit

Task 3

Sw2(config)# ip arp inspection vlan 5
Sw2(config)# ip arp inspection validate dst-mac
Sw2(config)# ip asp inspection validate src-mac
Sw2(config)# ip am inspection validate ip

Cisco 200-301 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Cisco 200-301 exam and earn Cisco 200-301 certification.