Step-by-step guide on configuring local user account with telnet access, applying named ACL to restrict pings and telnet, and enabling port security on Cisco switches for the CCNA 200-301 exam.
Question
This is a lab item in which tasks will be performed on virtual devices.
- Refer to the Tasks tab to view the tasks for this lab item.
- Refer to the Topology tab to access the device console(s) and perform the tasks.
- Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
- All necessary preconfigurations have been applied.
- Do not change the enable password or hostname for any device.
- Save your configurations to NVRAM before moving to the next item.
- Click Next at the bottom of the screen to submit this lab and move to the next question.
- When Next is clicked, the lab doses and cannot be reopened.
Topology
Tasks
Refer to the topology. All physical cabling is in place. Configure a local user account, a Named ACL (NACL) and security.
- Configure a local account on Sw101 with telnet access only on virtual ports 0-4. Use the following information:
- Username: netops
- Password: ipsec4all
- Algorithm: “Vigenere”
- Privilege level: Exec mode
- Configure and apply a single NACL on Sw103 using the following:
- name: ENT_ACL
- Restrict only PC1 on VLAN 10 from pinging PC2
- Allow only PC1 on VLAN 10 to telnet to R1 (172.16.30.2)
- Prevent all other devices from telnetting from VLAN 10
- Allow all other network traffic from VLAN 10
- Configure security on interface Ethernet 0/0 of Sw102:
- Set the maximum number of secure MAC addresses to two
- Ensure that the port discards the packet, counts the number of violations and sends a syslog message
- Allow secure mac addresses to be learned dynamically
Answer
Task 1
SW101(config)# usemame netops password ipsec4all
SW101(config)# service password-encryption
SW101(config)# line vty 0 4
SW101(config-line)# login local
SW101(config-line)# transport input telnet
SW101(config-line)# exit
SW101(config)# end
SW101# write memory
Task 2
SW103(config)# ip access-list extended ENT_ACL
SW103(config-ext-ac1)# permit icmp host 172.16.10.10 host 172.16.20.10
SW103(config-ext-ac1)# deny icmp amy any
SW103(config-ext-ac1)# permit tcp host 172.16.10.10 host 172.16.30.2 eq telnet
SW103(config-ext-ac1)# deny tcp any any eq telnet
SW103(config-ext-ac1)# permit ip any any
SW103(config-ext-ac1)# exit
SW103(config)# interface vlan 10
SW103(config-if)# ip access-group ENT_ACL in
SW103(config-if)# exit
SW103(config)# end
SW103# write memory
Task 3
SW102(config)# interface Ethernet0/0
SW102(config-if)# switchport port-security
SW102(config-if)# switchport port-security maximun 2
SW102(config-if)# switchpoit port-security violation restrict
SW102(config-if)# exit
SW102(config)# end
SW102# write memory
Cisco 200-301 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Cisco 200-301 exam and earn Cisco 200-301 certification.