Skip to Content

Cisco 200-301: How to Configure Local User Account, Named ACL & Port Security on Cisco Switches?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Step-by-step guide on configuring local user account with telnet access, applying named ACL to restrict pings and telnet, and enabling port security on Cisco switches for the CCNA 200-301 exam.

Question

This is a lab item in which tasks will be performed on virtual devices.

  • Refer to the Tasks tab to view the tasks for this lab item.
  • Refer to the Topology tab to access the device console(s) and perform the tasks.
  • Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
  • All necessary preconfigurations have been applied.
  • Do not change the enable password or hostname for any device.
  • Save your configurations to NVRAM before moving to the next item.
  • Click Next at the bottom of the screen to submit this lab and move to the next question.
  • When Next is clicked, the lab doses and cannot be reopened.

Topology

Refer to the topology. All physical cabling is in place. Configure a local user account, a Named ACL (NACL) and security.

Tasks

Refer to the topology. All physical cabling is in place. Configure a local user account, a Named ACL (NACL) and security.

  1. Configure a local account on Sw101 with telnet access only on virtual ports 0-4. Use the following information:
    • Username: netops
    • Password: ipsec4all
    • Algorithm: “Vigenere”
    • Privilege level: Exec mode
  2. Configure and apply a single NACL on Sw103 using the following:
    • name: ENT_ACL
    • Restrict only PC1 on VLAN 10 from pinging PC2
    • Allow only PC1 on VLAN 10 to telnet to R1 (172.16.30.2)
    • Prevent all other devices from telnetting from VLAN 10
    • Allow all other network traffic from VLAN 10
  3. Configure security on interface Ethernet 0/0 of Sw102:
    • Set the maximum number of secure MAC addresses to two
    • Ensure that the port discards the packet, counts the number of violations and sends a syslog message
    • Allow secure mac addresses to be learned dynamically

Answer

Task 1

SW101(config)# usemame netops password ipsec4all
SW101(config)# service password-encryption
SW101(config)# line vty 0 4
SW101(config-line)# login local
SW101(config-line)# transport input telnet
SW101(config-line)# exit
SW101(config)# end
SW101# write memory

Task 2

SW103(config)# ip access-list extended ENT_ACL
SW103(config-ext-ac1)# permit icmp host 172.16.10.10 host 172.16.20.10
SW103(config-ext-ac1)# deny icmp amy any
SW103(config-ext-ac1)# permit tcp host 172.16.10.10 host 172.16.30.2 eq telnet
SW103(config-ext-ac1)# deny tcp any any eq telnet
SW103(config-ext-ac1)# permit ip any any
SW103(config-ext-ac1)# exit
SW103(config)# interface vlan 10
SW103(config-if)# ip access-group ENT_ACL in
SW103(config-if)# exit
SW103(config)# end
SW103# write memory

Task 3

SW102(config)# interface Ethernet0/0
SW102(config-if)# switchport port-security
SW102(config-if)# switchport port-security maximun 2
SW102(config-if)# switchpoit port-security violation restrict
SW102(config-if)# exit
SW102(config)# end
SW102# write memory

Cisco 200-301 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Cisco 200-301 exam and earn Cisco 200-301 certification.