Skip navigation
Login   |   Register
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions

_Communities

3892 Views 1 Reply Latest reply: Nov 21, 2011 3:54 AM by Ray RSS

Currently Being Moderated

Exploration4 - Troubleshooting Enterprise Networks Labs

Nov 17, 2011 7:19 AM

Ionut 21 posts since
Jul 21, 2011

Hi guys,

 

I have a week left until i will be in front of the exam. I learned a lot, CNAP, Cisco Press, Todd Lammle, and a lot of other resources out there.

 

I have a problem now with the troubleshooting labs at the final of the 4th module : Activity 8.5.2

I succeed to do apox 65% from the lab, but i cannot finish it.

It asks me the following things i don't understand :

 

     - R2 must have secure login procedures because it is the Internet edge router. - I configured SSH, but no grade on that so maybe secure login procedures means something else

     - Routing protocols must be used securely. EIGRP is used in this scenario. - I have PT5.3.2, i cannot configure eigrp authentication, cause this i understand about "used securely".

     - R3 has access to both VLAN 11 and 30 via its Fast Ethernet port 0/1. - R3 provides inter-vlan routing with subinterfaces, i believe this means access to both vlans on fa0/1

 

It's my understanding or something else?

Does anyone cleared this labs ?

 

Thanks in advance!

  • Ray 3 posts since
    Dec 18, 2010

    Hi,

     

    R2 - Secure login procedures - this could mean a variety of things, but given the base config of

    security passwords min-length 6

    aaa new-model
    aaa authentication login local_auth local
    line vty 0 4
    exec-timeout 15 0

    login authentication local_auth 
    transport input telnet

    All you can add to the above is enable ssh access and then
    disable telnet access as its cleartext, and you would
    assume that is what they are looking for.

    ip domain-name cisco.com
    crypto key generate rsa general-keys modulus 1024
    ip ssh time-out 60
    ip ssh authentication-retries 2
    line vty 0 4
     transport input ssh

    another secure login procedure could be the following but
    it is more of a security topic rather than ccna,

    login block-for 30 attempts 2 within 15

    login on-failure log

    login delay 3

     

    adding an access-class to R2 to allow only telnet sessions from internal addresses could also be a secure login procedure.

     

    For the eigrp part  - Normally i would agree that you need to enable eigrp authentication but I think they are just looking for the passive-interface default command to be applied to all 3 routers and subsequently issuing the no passive-interface x on the required interfaces. it seems that those commands are applied on R1 & R2, so just add to R3

    Routing protocols must be used securely is a bit of a general statement without adding what specificially they want you to secure.

    The passive-interface command prevents routers from sending routing updates to all interfaces except those interfaces configured to participate in routing updates

     

    R3 has access to both vlan 11 and 30 via its fast ethernet port 0/1

    This seems to be setup as required on the base config, those vlans are allowed on the trunk,


    R3

    interface FastEthernet0/1

    no shutdown

    interface FastEthernet0/1.11
    encapsulation dot1Q 11
    ip address 192.168.11.3 255.255.255.0
    interface FastEthernet0/1.30
    encapsulation dot1Q 30
    ip address 192.168.30.1 255.255.255.0

    switch's 2 & 3 are allowing those vlan's on the trunks to R3

    interface FastEthernet0/1

    switchport trunk allowed vlan 11,30

    switchport mode trunk

     

    hope that helps in some way,. and best of luck,

    Ray

    Join this discussion now: Login / Register

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)