ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-301 All Questions

View all questions & answers for the 200-301 exam
Go to Exam

Exam 200-301 topic 1 question 1052 discussion

Actual exam question from Cisco's 200-301
Question #: 1052
Topic #: 1
[All 200-301 Questions]

SIMULATION
-


Guidelines
-

This is a lab item in which tasks will be performed on virtual devices.

• Refer to the Tasks tab to view the tasks for this lab item.
• Refer to the Topology tab to access the device console(s) and perform the tasks.
• Console access is available for all required devices by clicking the device icon or using the tab(s) above the console window.
• All necessary preconfigurations have been applied.
• Do not change the enable password or hostname for any device.
• Save your configurations to NVRAM before moving to the next item.
• Click Next at the bottom of the screen to submit this lab and move to the next question.
• When Next is clicked, the lab closes and cannot be reopened.


Topology
-




Tasks
-

Connectivity between three routers has been established, and IP services must be configured in the order presented to complete the implementation. Tasks assigned include configuration of NAT, NTP, DHCP, and SSH services.

1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2. All source addresses must be translated from R3 to the IP address of Ethernet0/0 on R2, while using only a standard access list named PUBNET. To verify, a ping must be successful to the R1 Loopback address sourced from R3. Do not use NVI NAT configuration.
2. Configure R1 as an NTP server and R2 as a client, not as a peer, using the IP address of the R1 Ethernet0/2 interface. Set the clock on the NTP server for midnight on May 1, 2018.
3. Configure R1 as a DHCP server for the network 10.1.3.0/24 in a pool named NETPOOL. Using a single command, exclude addresses 1 - 10 from the range. Interface Ethernet0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP.
4. Configure SSH connectivity from R1 to R3, while excluding access via other remote connection protocols. Access for user netadmin and password N3t4ccess must be set on router R3 using RSA and 1024 bits. Verify connectivity using an SSH session from router R1 using a destination address of 10.1.3.11. Do NOT modify console.

Show Suggested Answer Hide Answer
Suggested Answer:
by Goena at March 17, 2023, 7:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Goena
Highly Voted 1 year, 11 months ago
NAT: R2(config)# ip access list standard PUBNET R2(config-std-nacl)# permit 10.2.3.3 R2(config-std-nacl)# permit 10.1.3.11 R2(config-std-nacl)# permit 192.168.3.1 R2(config-std-nacl)# exit R2(config)# interface e0/1 R2(config-if)# ip nat inside R2(config)# interface e0/0 R2(config-if)# ip nat outside R2(config)# ip nat inside source list PUBNET interface e0/0 overload NTP: R1# clock set 00:00:00 jan 1 2019 R1(config)# ntp master 1 R2(config)# ntp server 10.1.3.1 DHCP: R1(config)# ip dhcp pool NETPOOL R1(dhcp-config)# network 10.1.3.0 255.255.255.0 R1(config)# exit R1(config)# ip dhcp excluded-address 10.1. 3.1 10.1.3.10 R3(config)# interface e0/2 R3(config-if)# ip address dhcp SSH: R3(config)# username netadmin password N3t4ccess R3(config)# line vty 0 4 R3(config-line)# login local R3(config-line)# exit R3(config)# ip domain-name cisco.com R3(config)# crypto key generate rsa
upvoted 30 times
matass_md
6 months, 1 week ago
R1(config)# ip dhcp pool NETPOOL R1(dhcp-config)# network 10.1.3.0 255.255.255.0 R1(config)# exit R1(config)# ip dhcp excluded-address 10.1. 3.1 10.1.3.10 R3(config)# interface e0/2 R3(config-if)# ip address dhcp We need to add the default-router command as well ( this send the default-gateway to the client, in our case we need to use (dhcp-config)#default-router 10.1.3.1
upvoted 2 times
...
rogi2023
1 year, 10 months ago
in ssh config missing "transport input ssh" (while excluding access via other remote connection protocols)
upvoted 14 times
...
Friday_Night
1 year, 8 months ago
why use jan 1 2019 when it stated that clock must be May 1, 2018 ?
upvoted 8 times
...
Shabeth
1 year, 8 months ago
overload is for PAT, but the task said NAT, i am confused
upvoted 1 times
Shri_Fcb10
1 year, 7 months ago
yes because the question is asking to translate all source IP add from R3 to the IP add of e0/0 of R2. So we are mapping multiple source addresses to a single IP address hence PAT is required
upvoted 7 times
...
...
...
daryl10
Highly Voted 1 year, 1 month ago
My configs to use: NAT/PAT (Need to translate multiple IP address into a single IP) R2: ip access list standard PUBNET Permit host 10.2.3.3 Permit host 10.1.3.11 Permit host 192.168.3.1 exit interface e0/1 ip nat inside exit interface e0/0 ip nat outside exit ip nat inside source list PUBNET interface e0/0 overload NTP: R1: clock set 00:00:00 May 1 2018 (From privilege mode) ntp master 1 R2: ntp server 10.1.3.1 DHCP: R1: ip dhcp excluded-address 10.1. 3.1 10.1.3.10 ip dhcp pool NETPOOL network 10.1.3.0 255.255.255.0 R3: Interface e0/2 Ip address dhcp SSH: R3: ip domain name ccna.com crypto key generate rsa general-keys modulus 1024 username netadmin secret N3t4ccess line vty 0 15 transport input ssh login local
upvoted 6 times
matass_md
6 months, 3 weeks ago
The only thing i want to add is next at setting up SSH : if Router 3 does not have a enable secret password then when you log in via SSH you can't get access to the router . But we don't require that password if we use the command : user netadmin privilege 15 password N3t4ccess , the privilege 15 log us in in privileged exec mode directly and bypasses the need of a password set .
upvoted 1 times
...
...
gorun
Most Recent 6 days, 19 hours ago
Who knows if the "?"-contextual help command works in labs?
upvoted 1 times
...
ntp_master
1 week, 2 days ago
it says Interface Ethernet0/2 on R3 must be issued the IP address of 10.1.3.11 via DHCP. I did not see so far someone entered a commands for this part. Chat says we have to do following: ip dhcp pool STATIC-R3 host 10.1.3.11 255.255.255.0 client-identifier 00a1.b2c3.d4e5 default-router 10.1.3.1 What do you think about it? agree?
upvoted 1 times
...
Joshua25
3 months, 2 weeks ago
Apparently Cisco has been driven mad by money. How can NAT, NTP, DHCP and SSH be in one question? This question will take quite a bit of time in the exam. Not to mention the insufficient information provided in the question which confuses the examinee.
upvoted 4 times
...
MicroDiff
4 months, 1 week ago
This simulation is most dificult of all simulations of this dump.
upvoted 2 times
...
Dronep
4 months, 3 weeks ago
Hi all, i have a doubt for task 4 4. Configure the link between R1 and R3 to disable their ability to add other OSPF routers. I says Disable ability. Does that mean to use "passive-interface" command on the interfaces connected between R1 and R3? Or no network?
upvoted 1 times
Dronep
4 months, 3 weeks ago
That question was not for this case. Sorry
upvoted 1 times
...
...
tumajay
8 months, 2 weeks ago
what does Do NOT modify console mean?
upvoted 1 times
[Removed]
7 months, 3 weeks ago
don't set line console and line vty unless required, I guess.
upvoted 2 times
...
...
picho707
1 year, 2 months ago
Task 1 ip access-list standard PUBNET permit 192.168.3.1 permit 10.1.3.0 0.0.0.255 permit 10.2.3.0 0.0.0.255 interface GigabitEthernet0/1 ip nat inside interface GigabitEthernet0/0 ip nat outside ip nat inside source list PUBNET interface GigabitEthernet0/0 overload Task 2 R1(config)#ntp master R1#clock set 00:00:00 May 1 2018 R2(config)#ntp server 10.1.3.1 Task 3 R1 ! ip dhcp excluded-address 10.1.3.1 10.1.3.10 ! ip dhcp pool NETPOOL network 10.1.3.0 255.255.255.0 ! R3 ! interface GigabitEthernet0/2 ip address dhcp ! Task 4 R3(config)#ip domain-name cml.priv R3(config)#username netadmin password N3t4ccess R3(config)#crypto key generate rsa modulus 1024 R3(config)#ip access-list standard 10 R3(config-std-nacl)#permit host 10.1.3.1 R3(config)#line vty 0 15 R3(config-line)#access-class 10 in R3(config-line)#login local R3(config-line)#transport input ssh ssh -l netadmin 10.1.3.11
upvoted 4 times
...
5eba813
1 year, 2 months ago
What does it mean do not use nvi on nat configuration !
upvoted 2 times
nothanksimgucci
1 year ago
NVI (or NAT Virtual Interface) removes the requirements to specify the interfaces as either "ip NAT inside" or "ip NAT outside." An interface can be configured to use NAT or not use NAT with "ip NAT enable" so you don't need to specify in/outside.
upvoted 1 times
...
...
Secsoft
1 year, 6 months ago
In NAT, To verify, a ping must be successful to the R1 Loopback address sourced from R3. How can we achieve this by NAT configuration?
upvoted 1 times
...
dropspablo
1 year, 6 months ago
1- NAT R2(config)# ip access-list standard PUBNET R2(config-std-nacl)# permit 192.168.3.1 0.0.0.0 R2(config-std-nacl)# permit host 10.2.3.3 R2(config-std-nacl)# permit 10.1.3.11 (you can use both ways) R2(config-std-nacl)# exit R2(config)# ip nat inside source PUBNET interface ethernet0/0 overload R2(config)#int e0/1 R2(config-if)#ip nat inside R2(config-if)#interface e0/0 R2(config-if)#ip nat outside #end R3# ping 192.168.1.1 (to R1 Loopback1) R2# show ip nat translations 2- NTP R1(config)# ntp master R1(config)# clock set 00:00:00 mai 1 2018 R1# do show clock - R2(config)# ntp server 10.1.3.1 R2# do show ntp associations
upvoted 3 times
tumajay
10 months, 3 weeks ago
i tried to ping 192.168.1.1 from R3, it didn't work
upvoted 1 times
tumajay
10 months, 3 weeks ago
figured it out. forgot to add a route from R3 to R1 on packet tracer
upvoted 1 times
...
...
dropspablo
1 year, 6 months ago
Attention - (1. All traffic sent from R3 to the R1 Loopback address must be configured for NAT on R2.) Check with "#show ip route", if the route from R3 to R1 Loopback goes through R2. If not, we must configure a static route on R3: R3(config)# ip route 192.168.1.1 255.255.255.255 10.2.3.2
upvoted 3 times
...
dropspablo
1 year, 6 months ago
3- DHCP R1(config)# ip dhcp pool NETPOOL R1(dhcp-config)# network 10.1.3.0 255.255.255.0 R1(dhcp-config)# exit R1(config)# ip dhcp excluded-address 10.1.3.1 10.1.3.10 R1# do show ip dhcp pool - R3(config)# interface ethernet0/2 R3(config-if)# ip address dhcp R3# do show ip interface brief 4- SSH R3(config)# username netadmin password N3t4ccess R3(config)# ip domain-name cisco.com R3(config)# crypto key generate rsa |1024| R3(config)# access-list 10 permit 10.1.3.1 R3(config)# line vty 0 15 R3(config-line)# login local R3(config-line)# transport input ssh R3(config-line)# access-class 10 in R3(config-line)# end R1# ssh -l netadmin 10.1.3.11
upvoted 3 times
dropspablo
1 year, 6 months ago
Attention (* Do not change the enable password or hostname for any device.)
upvoted 1 times
...
dropspablo
1 year, 6 months ago
Correcting, access list in the vty lines (there are three): R3(config)#access-list 10 permit 10.1.3.1 R3(config)#access-list 10 permit 192.168.1.1 R3(config)#access-list 10 permit 10.1.2.1
upvoted 2 times
...
AbdullahMohammad251
1 year, 2 months ago
Since you used access-class in, you're controlling which users (source-IPs) have access to the VTY lines of R3, so the access list should include the interfaces of R1 not R3 R3(config)# access-list 10 permit 10.1.3.11 R3(config)# access-list 10 permit 10.2.3.3 R3(config)# access-list 10 permit 192.168.3.1
upvoted 1 times
AbdullahMohammad251
1 year, 2 months ago
And I don't think this is necessary, the question didn't ask to restrict access via ssh for R1
upvoted 2 times
...
...
...
...
Toto86
1 year, 7 months ago
Implementing DHCP like task 3 is not a part of CCNA 200-301. It was part of CCNA ICND1 100-105. CCNA 200-301 Official Cert Guide, Volume 2 Appendix D page 6
upvoted 3 times
...
[Removed]
1 year, 7 months ago
I'm confused about the NAT part, i don't undertand what they want exactly but here's my answer for the rest of the configuration : NTP : R1 : enable clock set 00:00:00 1 may 2018 configure terminal ntp master 1 end copy running-config startup-config R2 : enable configure terminal ntp server 10.1.3.1 end copy running-config startup-config DHCP : R1 : enable configure terminal ip dhcp exluded-address 10.1.3.1 10.1.3.10 ip dhcp pool NETPOOL network 10.1.3.0 255.255.255.0 end copy running-config startup-config R3 : enable configure terminal interface e0/2 ip address dhcp end copy running-config startup-config SSH : R3 : enable configure terminal username netadmin secret N3t4ccess ip domain-name ccna-lab.com crypto key generate rsa general-keys modulus 1024 line vty 0 15 login local transport input ssh end
upvoted 4 times
JunsK1e
1 year, 3 months ago
Step 1: (Create the standard name ACL) R2: ! !(you need to permit all source ip address inside of R3) ! ip access-list standard PUBNET permit 10.0.0.0 0.2.255.255 permit host 192.168.3.1 exit ! ! Step 2: (Configuret the NAT/PAT using the exit interface) ! ! ip nat inside source list PUBNET interface e0/0 overload ! interface e0/1 ip nat inside exit ! interface e0/0 ip nat outside exit
upvoted 1 times
...
...
Goena
1 year, 11 months ago
Is it nat to the loopback that is asked? And how do you configure to a loopback?
upvoted 1 times
...
Goena
1 year, 11 months ago
The configuration of NAT is missing.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago