1 Reply Latest reply: Nov 21, 2011 3:54 AM by Ray RSS

    Exploration4 - Troubleshooting Enterprise Networks Labs


      Hi guys,


      I have a week left until i will be in front of the exam. I learned a lot, CNAP, Cisco Press, Todd Lammle, and a lot of other resources out there.


      I have a problem now with the troubleshooting labs at the final of the 4th module : Activity 8.5.2

      I succeed to do apox 65% from the lab, but i cannot finish it.

      It asks me the following things i don't understand :


           - R2 must have secure login procedures because it is the Internet edge router. - I configured SSH, but no grade on that so maybe secure login procedures means something else

           - Routing protocols must be used securely. EIGRP is used in this scenario. - I have PT5.3.2, i cannot configure eigrp authentication, cause this i understand about "used securely".

           - R3 has access to both VLAN 11 and 30 via its Fast Ethernet port 0/1. - R3 provides inter-vlan routing with subinterfaces, i believe this means access to both vlans on fa0/1


      It's my understanding or something else?

      Does anyone cleared this labs ?


      Thanks in advance!

        • 1. Re: Exploration4 - Troubleshooting Enterprise Networks Labs



          R2 - Secure login procedures - this could mean a variety of things, but given the base config of

          security passwords min-length 6

          aaa new-model
          aaa authentication login local_auth local
          line vty 0 4
          exec-timeout 15 0

          login authentication local_auth 
          transport input telnet

          All you can add to the above is enable ssh access and then
          disable telnet access as its cleartext, and you would
          assume that is what they are looking for.

          ip domain-name cisco.com
          crypto key generate rsa general-keys modulus 1024
          ip ssh time-out 60
          ip ssh authentication-retries 2
          line vty 0 4
           transport input ssh

          another secure login procedure could be the following but
          it is more of a security topic rather than ccna,

          login block-for 30 attempts 2 within 15

          login on-failure log

          login delay 3


          adding an access-class to R2 to allow only telnet sessions from internal addresses could also be a secure login procedure.


          For the eigrp part  - Normally i would agree that you need to enable eigrp authentication but I think they are just looking for the passive-interface default command to be applied to all 3 routers and subsequently issuing the no passive-interface x on the required interfaces. it seems that those commands are applied on R1 & R2, so just add to R3

          Routing protocols must be used securely is a bit of a general statement without adding what specificially they want you to secure.

          The passive-interface command prevents routers from sending routing updates to all interfaces except those interfaces configured to participate in routing updates


          R3 has access to both vlan 11 and 30 via its fast ethernet port 0/1

          This seems to be setup as required on the base config, those vlans are allowed on the trunk,


          interface FastEthernet0/1

          no shutdown

          interface FastEthernet0/1.11
          encapsulation dot1Q 11
          ip address
          interface FastEthernet0/1.30
          encapsulation dot1Q 30
          ip address

          switch's 2 & 3 are allowing those vlan's on the trunks to R3

          interface FastEthernet0/1

          switchport trunk allowed vlan 11,30

          switchport mode trunk


          hope that helps in some way,. and best of luck,