ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-301 All Questions

View all questions & answers for the 200-301 exam
Go to Exam

Exam 200-301 topic 1 question 1060 discussion

Actual exam question from Cisco's 200-301
Question #: 1060
Topic #: 1
[All 200-301 Questions]

SIMULATION
-


Guidelines
-

This is a lab item in which tasks will be performed on virtual devices

• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked the lab closes and cannot be reopened.


Topology
-




Tasks
-

Refer to the topology. All physical cabling is in place. Configure a local user account, a Named ACL (NACL), and security.


Task 1
-

Configure a local account on Sw101 with telnet access only on virtual ports 0-4. Use the following information:

• Username: support
• Password: max2learn
• Privilege level: Exec mode


Task 2
-

Configure and apply a single NACL on Sw101 using the following:

• Name: ENT_ACL
• Restrict only PC2 on VLAN 200 from pinging PC1
• Allow only PC2 on VLAN 200 to telnet to Sw101
• Prevent all other devices from telnetting from VLAN 200
• Allow all other network traffic from VLAN 200


Task 3
-

Configure security on interface Ethernet 0/0 of Sw102:

• Set the maximum number of secure MAC addresses to four.
• Drop packets with unknown source addresses until the number of secure MAC addresses drops below the configured maximum value. No notification action is required.
• Allow secure MAC addresses to be learned dynamically.







Show Suggested Answer Hide Answer
Suggested Answer:
by rogi2023 at April 16, 2023, 11:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 1 year, 8 months ago
1) SW101: username support privilege 1 (or 15, question is not clear) password maz2learn line vty 0 4 > login local > transport input telnet 2) SW101: ip access-list extended ENT_ACL > deny icmp host 192.168.200.10 host 192.168.100.10 permit tcp host 192.168.200.10 any eq 23 permit tcp any any eq 23 permit ip any any int vlan 200 > ip access-group ENT_ACL in //Actually I prefer to apply ACL to interface e0/2 on SW101 if there is a configuration no switchport. Nevermind. 3) SW102: int e0/0 > sw port-se > sw port-se max 4 > sw po vio pro > sw po mac_add sticky //actually there is no need to sticky command because of default but idk Final: copy running-config startup-config
upvoted 9 times
MicroDiff
8 months, 3 weeks ago
You didn't enter the command 'switchport mode access' in interface e0/0. If you try put the comand 'switchport port-security' first, the switch don't accept.
upvoted 2 times
...
...
matass_md
Most Recent 11 months, 1 week ago
VACL differ from ACL .
upvoted 1 times
...
onyia.edward
1 year ago
you cannot directly set a user's privilege level to Exec mode on a Cisco switch. This is because Exec mode (User EXEC mode) is the default access level you enter after logging in to the switch without any special privileges.
upvoted 1 times
matass_md
11 months, 1 week ago
yes you can : username privilege 1(no privilege- 15 max and you enter directly in user privileged mode) password
upvoted 1 times
...
...
FranRig
1 year, 5 months ago
Considering that the telnet rule does not say anything in particular about the destination address of the SW101 in the telnet, I don't know what is tested on the exam. So, I think the rule should be the following: Sw101(config-nacl)#deny icmp host 192.168.200.10 host 192.168.100.10 Sw101(config-nacl)#permit tcp host 192.168.200.10 host 192.168.200.1 eq 23 Sw101(config-nacl)#permit tcp host 192.168.200.10 host 192.168.100.1 eq 23 Sw101(config-nacl)#permit tcp host 192.168.200.10 host <address of 192.168.3.0/30> eq 23 Sw101(config-nacl)#deny tcp any any eq 23 Sw101(config-nacl)#permit ip any any
upvoted 1 times
FranRig
1 year, 5 months ago
I correct myself: Considering that the telnet rule does not say anything in particular about the destination address of the SW101 in the telnet, I don't know what is tested on the exam. So, I think the rule should be the following: Sw101(config-nacl)#deny icmp host 192.168.200.10 host 192.168.100.10 Sw101(config-nacl)#permit tcp host 192.168.200.10 host 192.168.200.1 eq 23 Sw101(config-nacl)#permit tcp host 192.168.200.10 host 192.168.100.1 eq 23 Sw101(config-nacl)#permit tcp host 192.168.200.10 host <address of 192.168.3.0/30> eq 23 Sw101(config-nacl)#deny tcp 192.168.200.0 0.0.0.255 any eq 23 Sw101(config-nacl)#permit ip any any
upvoted 2 times
exiledwl
9 months, 1 week ago
We don't need to specify a permit statement for each destination, but rather for any destination like this: permit tcp udp host 192.168.200.10 any eq 23
upvoted 1 times
...
...
...
[Removed]
1 year, 6 months ago
Task 1 Sw101(config)#username support privilege 15 secret max2learn Sw101(config)#line vty 0 4 Sw101(config-line)#login local Sw101(config-line)#transport input telnet Note: It just says exec, so I opted for global exec which is 15. User exec would just be 1. Task 2 Sw101(config)#ip access list extended ENT_ACL Sw101(config-nacl)#deny icmp host 192.168.200.10 host 192.168.100.10 Sw101(config-nacl)#permit tcp host 192.168.200.10 any eq 23 Sw101(config-nacl)#deny tcp any any eq 23 Sw101(config-nacl)#permit ip any any Sw101(config-nacl)#exit Sw101(config)#interface vlan200 Sw101(config-if)#ip access-group ENT_ACL in Task 3 Sw102(config)#interface e0/0 Sw102(config-if)#switchport port-security Sw102(config-if)#switchport port-security maximum 4 Sw102(config-if)#switchport port-security violation protect Sw102(config-if)#switchport port-security mac-address sticky
upvoted 4 times
7fc63f9
1 year, 6 months ago
I am not sure why you are applying the ACL on VLAN 200 interface as PC2 is in the VLAN 200 and PC1 in VLAN 100
upvoted 1 times
AbdullahMohammad251
1 year, 5 months ago
An access-list applied outbound to a vlan interface filters traffic going TO machines on that vlan. An access-list applied inbound to a vlan filters traffic coming FROM machines on that vlan. https://community.cisco.com/t5/switching/acl-direction-when-applied-to-a-vlan-on-a-switch/td-p/1423652 https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7830/Content/Chp_ACLs/ACLs_cmds/app-acc-lis-to-int-vla.htm#:~:text=Applies%20an%20ACL%20to%20the,replace%20the%20currently%2Dapplied%20ACL.
upvoted 1 times
...
...
...
picho707
1 year, 7 months ago
Task 1 => It is not clear the privilege level of the user account (user exec or privilege exec) sw101(config)#username support privilege 15 password max2learn sw101(config)#line vty 0 4 sw101(config-line)#transport input telnet sw101(config-line)#login local Task 2 => It is not clear if sw101 has 2 IP addresses assigned. if it does, the ACL will need to be applied to the remote virtual interfaces in addition to VLAN 200. ip access-list extended ENT_ACL deny icmp host 192.168.200.10 host 192.168.100.10 permit tcp host 192.168.200.10 any eq telnet deny tcp any any eq telnet permit ip any any interface Vlan200 ip access-group ENT_ACL in line vty 0 4 access-class ENT_ACL in Task 3 sw102(config)#interface gigabitEthernet 0/0 sw102(config-if)#switchport port-security sw102(config-if)#switchport port-security maximum 4 sw102(config-if)#switchport port-security violation protect sw102(config-if)#switchport port-security mac-address sticky
upvoted 1 times
...
PaddyInNZ
1 year, 7 months ago
Good answers on the ACLs team. I believe that the requirement in Task 1 concerning "privilege level: exec mode" is asking the student to automatically enter privileged exec mode upon Telnetting in. By adding the privilege 15 option, the user is automagically taken to this mode without requiring to enter the privileged exec password.
upvoted 1 times
...
rogi2023
2 years, 2 months ago
the given solution with errors: Task1+2 is for sw101: username support pass max2learn privi 15 line vt 0 4 login local transport input telnet Task2 says apply a SINGLE NACL, so therefore not another ACL on line vt 0 4 as sugested in solution access-list ENT-ACL deny icmp host 192.168.200.10 host 192.168.100.10 access-list ENT-ACL permit tcp host 192.168.200.10 any eq 23 access-list ENT-ACL deny tcp any any eq 23 access-list ENT-ACL permit ip any any interface Vlan 200 ip access-group ENT_ACL in task3 for Sw102: (the provided solutions is correct) interf e0/0 sw port-sec sw port-sec max 4 sw port-sec violation protect sw port-sec mac-address sticky wr mem
upvoted 2 times
jonathan126
2 years, 2 months ago
How about this? Question requires EXEC mode, priv 15 is privilege EXEC mode, dynmaic mac addr is enabled by default, the provided answer is for sticky mac addr on dynmaic learned addr. Task 1 username support password max2learn line vty 0 4 login local transport input telnet Task 2 ip access-list extended ENT_ACL deny icmp host 192.168.200.10 192.168.100.10 permit tcp host 192.168.200.10 any eq 23 deny tcp any any eq 23 permit ip any any int vlan 200 ip access-group ENT_ACL in Task 3 int e0/0 switchport port-security switchport port-security maximum 4 switchport port-security voilation protect
upvoted 9 times
ac89l
2 years, 1 month ago
They asked for named ACL not extended .....there is a difference
upvoted 1 times
studying_1
2 years, 1 month ago
you need to use protocols and port numbers, it only works when you use extended ACLs
upvoted 6 times
...
...
4aynick
2 years, 1 month ago
username support priv 15 password max2learn
upvoted 3 times
...
ac89l
2 years, 1 month ago
They should be more clear in those questions: Router> - User EXEC mode Router# - Privileged EXEC mode
upvoted 6 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel