I have a week left until i will be in front of the exam. I learned a lot, CNAP, Cisco Press, Todd Lammle, and a lot of other resources out there.
I have a problem now with the troubleshooting labs at the final of the 4th module : Activity 8.5.2
I succeed to do apox 65% from the lab, but i cannot finish it.
It asks me the following things i don't understand :
- R2 must have secure login procedures because it is the Internet edge router. - I configured SSH, but no grade on that so maybe secure login procedures means something else
- Routing protocols must be used securely. EIGRP is used in this scenario. - I have PT5.3.2, i cannot configure eigrp authentication, cause this i understand about "used securely".
- R3 has access to both VLAN 11 and 30 via its Fast Ethernet port 0/1. - R3 provides inter-vlan routing with subinterfaces, i believe this means access to both vlans on fa0/1
It's my understanding or something else?
Does anyone cleared this labs ?
Thanks in advance!
R2 - Secure login procedures - this could mean a variety of things, but given the base config of
security passwords min-length 6
aaa authentication login local_auth local
line vty 0 4
exec-timeout 15 0
login authentication local_auth
transport input telnet
All you can add to the above is enable ssh access and then
disable telnet access as its cleartext, and you would
assume that is what they are looking for.ip domain-name cisco.com
crypto key generate rsa general-keys modulus 1024
ip ssh time-out 60
ip ssh authentication-retries 2
line vty 0 4transport input ssh
another secure login procedure could be the following but
it is more of a security topic rather than ccna,
login block-for 30 attempts 2 within 15
login on-failure log
login delay 3
adding an access-class to R2 to allow only telnet sessions from internal addresses could also be a secure login procedure.
For the eigrp part - Normally i would agree that you need to enable eigrp authentication but I think they are just looking for the passive-interface default command to be applied to all 3 routers and subsequently issuing the no passive-interface x on the required interfaces. it seems that those commands are applied on R1 & R2, so just add to R3
Routing protocols must be used securely is a bit of a general statement without adding what specificially they want you to secure.
The passive-interface command prevents routers from sending routing updates to all interfaces except those interfaces configured to participate in routing updates
R3 has access to both vlan 11 and 30 via its fast ethernet port 0/1
This seems to be setup as required on the base config, those vlans are allowed on the trunk,
no shutdowninterface FastEthernet0/1.11
encapsulation dot1Q 11
ip address 192.168.11.3 255.255.255.0
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
switch's 2 & 3 are allowing those vlan's on the trunks to R3
switchport trunk allowed vlan 11,30
switchport mode trunk
hope that helps in some way,. and best of luck,