CCNA Discovery 4 Module 9 Exam Answers Version 4.0

1. Which two statements describe factors that influence the layout of a proposal? (Choose two.)
• A specific proposal layout is followed when one is specified in the RFP.
• A designer chooses the layout if a written RFP does not specify an outline.

2 . What two items are typically included in the executive summary of a proposal? (Choose two.)
• project scope summary
• emphasis on the benefits that meet the goals of the customer

3. Which proposal section describes the intended routing protocol, security mechanisms, and addressing for the planned network?
• logical design

4. Which occurrence would indicate a failure of the design phase?
• The new network capacity is inadequate to support required traffic.

5. A network installation team is assigned to replace all core switches in an existing data center. No other upgrades are planned. Which kind of installation is this?
• a phased installation

6. What service is provided Cisco standard warranty?
• replacement of defected hardware

7. An upgraded version of the Cisco IOS has been purchased. However, the CD arrived damaged. How will this loss be covered?
• a software warranty

8. A company informs the account manager that the installation of a new edge router at the customer remote branch location cannot be done at the scheduled time because of a large order that the branch office needs to complete. As a result, the end date of the project must be adjusted to accommodate the additional time. What is the action should the account manager take?
• Adjust the timeline documentation to show the company how the delay will affect the
• project completion date.

9. NetworkingCompany completes the installation of a network upgrade for a retail customer. All of the onsite tests complete successfully and the customer IT staff approves the results of the tests. The manager of the retail store contacts NetworkingCompany to inform the company that the store will not pay for the upgrade until a recently purchased software package is installed and tested on the network. Which two items that are contained in the proposal can the account manager refer to when discussing this issue with the store manager?(Choose two.)
• the project scope
• the terms and conditions

10. The operation of a new branch location network is delayed because a VPN cannot be configured and established between the branch location and the main office. It is determined that the router at the main office does not have enough memory and does not have the correct Cisco IOS version image to support the VPN features. To prevent this delay, this problem should have been identified and corrected during which part of the design project?
• the characterization of the existing network

11.The NetworkingCompany team is tasked to prepare an implementation schedule for a customer. It is determined that the new firewalls and wireless controllers that are specified in the design cannot be delivered and installed within the agreed upon time frame. The NetworkingCompany informs the customer of the problem. What two options can the NetworkingCompany team take to ensure the success of the project? (Choose two.)
• plan to add additional staff and resources to shorten the installation time after the new equipment is delivered
• renegotiate a new time frame with the customer to accommodate the delay

12. AAA Financial Services Company is performing implementation planning for a core switch upgrade. The company has 200 financial software programmers that work billable hours during the week. They have critical, scheduled money transfer transmissions that occur at hourly intervals every night. There are two, two-hour long IT maintenance windows scheduled for software upgrades, one on Saturday and one on Sunday. The bank advertises online banking as available 24 hours on business days and 21 hours on the weekends. However, a network upgrade that is necessary to replace some switches is expected to take four hours. Because of rack constraints, this time includes three hours to remove the old switches before the new switches can be installed and one hour to test the logical configuration. How should the implementation scheduling be handled
• Coordinate and publish an eight-hour downtime incorporating the Saturday window. This ill allow four hours for installation and logical testing, one hour for troubleshooting and decision, and three hours to roll back to the previous configuration if the new switching cannot pass the logical testing. Defer any software upgrades until the new network is proven to be working orrectly with the old software.

13. ncluded in a Bill of Materials (BOM) for a SOHO wired implementation is a Cisco 2811 router, Catalyst 2560 switch, four PCs, three laptops, and a networked printer. Wireless LAN capability will be implemented on this network. Which two equipment types must be added to the BOM to implement this request? (Choose two.)
• wireless NICs
• wireless access points

14. A customer has just taken delivery of a Cisco 2811 router and Catalyst 3560 switch. Included with the purchase is the SMARTnet Service. Which two resources are included with SMARTnet Service? (Choose two.)
• signature file updates
• technical support from TAC
• maintenance releases for OS

15. A Cisco 1841 router has been purchased without an agreement for SMARTnet Service. What two items are guaranteed under the standard warranty? (Choose two.)
• replacement of defective physical media
• under normal use, replacement of defective hardware

16. Upon completion of a proposal, a network design team must sell their ideas to two key stakeholders. Who are these two stakeholders? (Choose two.)
• customers
• internal management

17. What are two important guidelines when creating a slide presentation for a meeting with a customer? (Choose two.)
• Use contrasting colors for background and text to aid visibility.
• Use bulleted text to lead the discussion.

18. In order to finalize a project proposal, an account manager of a
• networking company creates the terms and conditions section. What are two clauses that should be included in this section? (Choose two.)
• change order procedures
• problem resolution process
• maintenance contract quotation

19. Which two items will a systems engineer include in an implementation plan? (Choose two.)
• references to design documents
• the steps to install and test the network

20. Which statement describes a phased installation into an existing network?
• A phased installation requires detailed planning in order to avoid disruption of user services.

Read more...

CCNA Discovery 4 Module 8 Exam Answers Version 4.0

1. Which mechanism is used to create a floating static route?
• administrative distance

2. IPSec operates at which layer of the OSI model?
• network

3. Which is true regarding Frame Relay LMI?
• There are three LMI types standardized by ANSI, ITU-T, and Cisco.

4. Which statement identifies the IP address design for subinterfaces that are configured for a Frame Relay network?
• Multipoint configurations require IP addresses for each subinterface on each router to be a part of the same subnet.

5. Which three algorithms can be used to encrypt user data in an IPSec VPN framework? (Choose three.)
• 3DES
• AES
• DES

6. Which flag is set by a Frame Relay switch to inform the receiving station that congestion was experienced?
• FECN

7. Refer to the exhibit. The complete configuration of a Frame Relay interface on the Chicago router is shown. How does the Chicago router know which DLCI is mapped to the IP address of the remote router?
• Inverse ARP

8. What statement correctly defines the purpose of the split horizon rule?
• prevents routers from advertising a network through the interface from which the update came

9. Which PVC status suggests that the router recognizes the DLCI configured on its interface as being present on the Frame Relay switch, but the PVC associated with the DLCI is not capable of end-to-end communication?
• inactive

10. Refer to the exhibit. Which router command is used to associate a Layer 2 address with the corresponding Layer 3 address?
• Miller(config-if)#frame-relay map ip 172.16.150.2 110

11. A network administrator issued the command show frame-relay pvc. The response from the router shows the status of a PVC as deleted. What is the reason for this status?
• The DLCI configured on the CPE device does not match the DLCI.

12. What is one benefit of using a network simulation software package?
• The network design can be tested before it is actually implemented.

13. What are two components a network designer considers when planning a VPN? (Choose two.)
• encryption algorithm for privacy and security
• encapsulation protocol to use when creating the VPN tunnel

14. When identifying VPN requirements for endpoint users, what care must be taken to protect the network when remote users log in from unsecured public locations?
• Ensure that remote users can only access network resources that are appropriate to their job function.

15. Which two components are key elements when implementing a VPN? (Choose two.)
• encryption
• encapsulation

16. What tool can help ease the configuration of VPN servers on routers?
• Cisco SDM

17. What is used to identify the path to the next frame-relay switch in a Frame Relay network?
• DLCI

18. Which two statements are true regarding VPN security? (Choose two.)
• Users that connect to a network through a VPN are are considered trusted users on the network.
• Users may establish a VPN connection from unsecure locations such as airports and hotel lobbies.

19. Refer to the exhibit. What is placed in the address field of a frame that will travel from the Orlando office to the DC office?
• DLCI 100

20. Two directly connected routers are able to ping each other through the Serial 0/0/0 interfaces. A network administrator changes the encapsulation on one router to PPP, and the other is left at the default value. What statement would appear in the output of the show interfaces command issued on one of the routers?
• Serial 0/0/0 is up, line protocol is down

21. Refer to the exhibit. What statement is true about the configuration shown for R2?
• R2 is configured as the Frame Relay switch.

22. A company uses serial interfaces on its border router to connect to branch offices through WAN connections. The security policy dictates that the encapsulation should use PPP with authentication protocol CHAP. Which statement is true about the configuration requirement of CHAP?
• Both the username and password are case sensitive.

23. Which two statements about split tunnels are true? (Choose two.)
• Traffic to the corporate network will be encrypted.

24. An IP address has been assigned to the S0/0/0 interface of a new Cisco router. The administrator wishes to quickly test basic connectivity with the serial interface of an adjoining Cisco router via the use of the default WAN protocol. Which WAN protocol will be used for this test?
• HDLC

25. Which two statements about split tunnels are true? (Choose two.)
• Traffic to the corporate network will be encrypted.
• Traffic to public web sites and general Internet navigation is not encrypted.

Read more...

CCNA Discovery 4 Module 7 Exam Answers Version 4.0

1. A network engineer has decided to pilot test a portion of a new network design rather than rely on a prototype for proof-of-concept. What are two advantages of pilot testing a design concept?(Choose two.)
• The test network experiences real-world network traffic.
• Network response can be tested in unplanned and unpredictable situations.

2. While preparing a network test plan document, a network designer records all initial and modified device configurations. Which section of the document typically contains this information?
• Appendix

3. Refer to the exhibit. A network designer creates a test plan that includes the specification shown. In which section of the test plan would this specification be found?
• Anticipated Results and Success Criteria

4. What OSI model Layer 2 security measure can a network engineer implement when prototyping network security?
• port security at the access design layer

5. How do designers decide which network functions need to be included in the prototype test?
• They select the functions that align with the business goals.

6. Refer to the exhibit. During prototype testing of the Cisco network shown, connectivity must be verified. Assuming all connections are working and CDP is enabled on all devices and interfaces, on which device was the command issued?
• R1

7. Refer to the exhibit. During prototyping, Layer 2 functionality is being tested. Based on the output shown, which two pieces of information can be determined? (Choose two.)
• Interface Fa0/2 on Switch1 is the alternate port used to reach the root bridge.
• Based on the entries in the "Role" column, it can be concluded that RSTP has been implemented.

8. What Rapid Spanning Tree Protocol (RSTP) state is given to the forwarding port elected for every switched Ethernet LAN segment?
• designated

9. Refer to the exhibit. During prototype testing, verification of VLAN connectivity is being performed. Based on the information shown, what command produced the output?
• show interfaces trunk

10. Switch port Fa0/24 was previously configured as a trunk, but now it is to be used to connect a host to the network. How should the network administrator reconfigure switch port Fa0/24?
• Use the switchport mode access command from interface configuration mode.

11. Refer to the exhibit. The redundant paths are of equal bandwidth and EIGRP is the routing protocol in use. Which statement describes the data flow from Server to PC2?
• EIGRP load balances across the R3 to R1 and R3 to R2 links.

12. A network designer needs to determine if a proposed IP addressing scheme allows efficient route summarization and provides the appropriate amount of scalability to a design. What is useful for validating a proposed hierarchical IP addressing scheme?
• a network simulator

13. In the router command encapsulation dot1q 10, what does the number 10 represent?
• the number of the VLAN associated with the encapsulated subinterface

14. Refer to the exhibit. The users on the 192.168.10.192 network are not allowed Internet access. The network design calls for an extended ACL to be developed and tested. Where should the ACL be placed for the least effect on other network traffic?
• inbound on Fa0/1 of R3

15. Refer to the exhibit. What two measures can be taken to address the areas of weakness circled in the network design? (Choose two.)
• Add a switch in the server block connecting the server farm to each core switch.
• Provide a redundant firewall router connecting to a second ISP, the core switches, and the DMZ.

16. Why is it important to record baseline measurements of a prototype network?
• Test results are compared to the baseline to see how the test conditions increase processor use or decrease available bandwidth.

17. Refer to the exhibit. A network administrator has been given the task of creating a design for a temporary classroom building that is to be set up outside an overcrowded school. In testing the prototype, it is found that the student PC cannot ping the teacher PC. All the switch interfaces are active and connected properly, as is interface Fa0/0 of the router. Given that only the commands shown have bee added to the router configuration, what is the source of the problem?
• The IP settings on the student PC are incorrect.

18. Refer to the exhibit. Why are interfaces Fa0/11, Fa0/23, and Fa0/24 not shown in this switch output?
• Interfaces Fa0/11, Fa0/23, and Fa0/24 are trunks.

19. Refer to the exhibit. A network technician is performing an initial installation of a new switch in the east wing. The technician removes the switch from the box, makes the connections to the network, and adds the configuration shown. The technician notifies the network administrator that the switch has been installed. When the network administrator at the home office attempts to telnet to the switch from host 192.168.0.1, the connection fails. What action should the network technician take?
• Add a default gateway to the switch configuration.

20. Refer to the exhibit. After all the interfaces have stabilized, what is the spanning-tree state of all the enabled interfaces of SW11?
• forwarding

Read more...

CCNA Discovery 4 Module 6 Exam Answers Version 4.0

1. A network engineer researched whether there are mechanisms available to help with the transition from an IPv4 addressing structure to IPv6. What three options did the engineer find?(Choose three.)
• A protocol translation mechanism allows communication between the IPv4 and IPv6 networks.
• A dual-stack network design allows both IPv4 and IPv6 addressing to be used on all network devices.
• Tunneling allows IPv4 packets to be encapsulated so that they can traverse IPv6 networks and vice versa.

2. When should the command no auto-summary be used?
• with RIP version 2, when discontigous networks exist

3. Refer to the exhibit. What must an administrator do on R3 to ensure that update packets are sent with subnet mask information?
• Add the commands:
R3(config-router)# version 2
R3(config-router)# no auto-summary

4. What best describes a discontiguous network?
• separated from the rest of the hierarchical group by another network

5. Refer to the exhibit. A company has decided to add a new workgroup. If the subnetting scheme for the network uses contiguous blocks of addresses, what subnet is assigned to WGROUP3?
• 172.16.3.16/29

6. A network administrator is using the 10.0.0.0/8 network for the company. The administrator must create a masking scheme to support 750 users at the main office and 620 users at the remote office. What mask should be assigned to the 10.0.0.0/8 network to preserve the most addresses?
• 255.255.252.0

7. What is another format for the IPv6 address 1080:0000:0000:0000:0000:0000:1267:01A2?
• 1080::1267:01A2

8. How many bits make up an IPv6 address?
• 128

9. After activating IPv6 traffic forwarding, configuring IPv6 addresses, and globally configure RIPng, what is the remaining step to activate RIPng?
• Enter the interface mode for each IPv6 interface and enable RIPng with the ipv6 rip name enable command.

10. Refer to the exhibit. The IT management has determined that the new subnet for WGROUP3 needs to be broken down into four more subnets. What would the subnet mask be for the four newly created subnets within WGROUP3?
• 255.255.192.0

11. Refer to the exhibit. What is the first usable IP address that can be assigned to the WGROUP3 switch?
• 172.16.50.97/27

12. Refer to the exhibit. Which set of router commands is required to turn on unequal-cost load sharing so that RTRA selects the path A-B-E and the lowest cost path A-C-E to the Internet?
• RTRA(config)# router eigrp 1
RTRA(config-router)# variance 2

13. Refer to the exhibit. Assuming that the default EIGRP configuration is running on both routers, which statement is true about Router A reaching the 2.2.2.0/24 network?
• The no auto-summary command needs to be issued to disable automatic summarization.

14. Refer to the exhibit. The network administrator wants router RTA to send only the summarized route of 10.10.0.0/16 to RTC. Which configuration accomplishes this?
• RTA(config)# interface s0/1
RTA(config-if)# ip summary-address eigrp 101 10.10.0.0 255.255.0.0
RTA(config-if)# exit
RTA(config)# router eigrp 101
RTA(config-router)# no auto-summary

15. What is a good design practice when developing a hierarchical addressing scheme?
• Determine where statically configured addressing will be implemented.

16. A network administrator is asked to design a new addressing scheme for a corporate network. Presently, there are 850 users at the head office, 220 users at sales, 425 at manufacturing, and 50 at the research site. Which statement defines the correct VLSM addressing map with minimal waste using the 172.17.0.0/16 network?
• 172.17.0.0/22 head office
172.17.4.0/23 manufacturing
172.17.5.0/24 sales
172.17.6.0/26 research

16. How would the routes for networks 172.16.1.0/24, 172.16.3.0/24, and 172.16.15.0/24 be summarized?
• 172.16.0.0/20

17. What two advantages does CIDR provide to a network? (Choose two.)
• reduced routing update traffic
• easier management of summarization

18. Which statement describes MD5 authentication for neighbor authentication?
• All passwords are sent in clear text when neighbors first learn about each other.

19. Refer to the exhibit. What are the broadcast addresses for each subnet?

20. Refer to the exhibit. The IT management is adding three VLANs to the wgroup3 switch. The current subnet will be broken down to support 14 hosts for each of the new VLANs. What will the new subnet mask be for these VLANs?
• 255.255.255.240

21. An administrator is configuring IPv6 on a router. The steps that have already been completed are:
1. Activate IPv6 traffic forwarding.
2. Configure IPv6 addresses.
3. Globally configure RIPng.
What is the remaining step to complete the activation of RIPng?
• Enter the interface mode for each IPv6 interface and enable RIPng with the ipv6 rip name enable command.

22. Which range includes all available networks in the 192.168.8.0/21 network?
• 192.168.8.0/24 - 192.168.15.0/24

23. Which two are best practices for creating a new IP addressing scheme for a network? (Choose two.)
• Plan and allow for significant growth.
• Plan the entire addressing scheme before assigning any addresses.

24. Refer to the exhibit. Which subnet will provide sufficient addresses for the Production network with minimal waste?
• 172.16.0.192/27

25. A network designer is implementing a new network for a company. The designer is using all new Cisco equipment and has decided to select a hierarchical routing protocol for the network. The designer wishes to minimize traffic from routing updates but also needs fast routing convergence in the event of a topology change. Also, the existing IP addressing scheme requires that the selected protocol support VLSM. Which routing protocol should be chosen?
• OSPF

Read more...

CCNA Discovery 4 Module 5 Exam Answers Version 4.0

1. Which rule should be followed when implementing the security requirements of a network design?

• Avoid reducing security in order to add additional network capabilities.

2. What limitations of the 2960 switch prevent it from providing the services needed in the Distribution layer?

• It does not support route summarization.

3. When considering converged network designs, it is important to identify appropriate service demands. What is a concern when preparing a network design to fit this environment?

• voice-level quality of service

4. Which three design requirements are implemented at the access layer? (Choose three.)

• PoE

• VLANs

• QoS traffic classification and marking

5. Refer to the exhibit. Which statement is true regarding how the ISP router filters traffic?

• All traffic from the 64.100.0.0/21 network can access the Internet.

6. Which two factors should be considered when designing a wireless LAN that provides seamless roaming capabilities? (Choose two.)

• use of a wireless controller to manage IP addressing

• coverage

7. What are three features of a Catalyst 2960 switch? (Choose three.)

• redundant power availability

• SNMP

• switch clustering

8. A company lists this equipment in their network design:

Two Catalyst 4503 Layer 3 switches

One 5500 security appliance firewall

Two Catalyst 6509 switches

Two lightweight access points

Two Catalyst 2960 switches

Which two types of devices would be appropriate to use at the access layer to provide end-user connectivity? (Choose two.)

• lightweight access points

• Catalyst 2960 switches

9. Which two statements are true regarding the following extended ACL? (Choose two.)

• access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20

access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21

access-list 101 permit ip any any

• Telnet traffic originating on network 172.16.3.0/24 is denied.

10. Which statement applies to a large network with thousands of nodes?

• Intrusion detection is more likely to be performed by a separate device rather than integrated into a switch or router

11. on campus. The college currently has only wired network device access. Which two devices must be incorporated into the network design to best accommodate roaming for wireless IP phones?(Choose two.)

• Cisco wireless LAN controller

• lightweight access points

12. What type of WAN service is Frame Relay?

• packet switched

13. Refer to the exhibit. What is an advantage of having two links connected between the two switches shown?

• provides connectivity when one of the connections between the switches fails

14. What is the function of the access layer in the Cisco three-layer hierarchical internetworking model?

• provides QoS classification and marking

15. When applying network security, what security measure should be implemented first?

• securing the network devices

16. What characteristic of a network supports high availability?

• redundancy

17. What is integrated into a Cisco IP phone to reduce the number of ports needed in the wiring closet?

• switch

18. Which network design process identifies where to place access points?

• site survey

19. Using expandable, modular network devices is a key element of what network design criteria?

• scalability

20. What is a primary function of a wireless LAN controller?

• tuning each AP channel for optimal coverage

21. What characteristic in a routing protocol allows it to support the network design criteria for availability?

• fast convergence

22. A network designer is evaluating the network security implementation for an organization. The designer recommends adding network security devices in front of the server farm, although network security devices have been deployed in the Enterprise Edge for two years. What type of attack can be effectively prevented with this recommendation?

• internal attack

23. Refer to the exhibit. The branch office needs constant access to the servers in the enterprise headquarters. Therefore, a backup Frame Relay link is added. A network

• administrator is configuring the routers in the branch office to make sure that when the backup Frame Relay link is used, only the traffic to access the enterprise headquarters is allowed. Which statement is true about the routing configuration on branch office edge routers?

• The command ip route 128.107.0.0 255.255.0.0 serial 0/0 50 should be configured on BE2.

24. An automobile sales company is establishing a new, small sales showroom in a downtown area. To update the inventory database, the new sales office will need a WAN connection to the headquarters that is located in the suburban area. The WAN connection should be around a 4 Mb/s connection. Which WAN service will provide the most economical approach to meet the requirement?

• DSL

25. A network designer is selecting a WAN technology for connections between the headquarters of an organization and its branch offices. In this context, what is one advantage of choosing Frame Relay over a T1 line?

• flexible bandwidth

Read more...

proposal upgrade jaringan dilabor

1.Masalah jaringan karena kegagalan piranti jaringan

Skala gangguan akibat dari kegagalan piranti jaringan juga bisa bervariasi, dari hanya sebuah komputer karena kegagalan NIC – lan card; beberapa komputer karena kegagalan switch; atau bahkan berskala luas karena kegagalan pada switch central yang menghubungkan jaringan server. Untuk kegagalan lan card di salah satu komputer bisa diganti dengan network card cadangan anda.
Terus bagaimana kalau kegagalan jaringan itu akibat kerusakan pada switch? Design anda mengenai redundansi jaringan akan sangat membantu dalam menyelamatkan kegagalan jaringan anda. Kebutuhan load balancing dan redundansi haruslah dikaji untuk setiap kebutuhan berdasarkan penggunaan link redundansi; piranti router; switch dan multi-homed host yang bersifat kritis. Tujuan dari system redundansi ini dimaksudkan untuk menjamin ketersediaan layanan dimana tidak ada satupun titik rawan kegagalan.

2.Hal yang perlu di upgrade yaitu Masalah jaringan karena kegagalan kabel jaringan
Yang ini merupakan masalah jaringan yang umum kita temui akibat putusnya kabel jaringan yang bisa mempengaruhi kinerja sebuah komputer dalam jaringan karena putusnya kabel patch anda karena digigit tikus; masalah jaringan yang berdampak pada satu blok gedung karena putusnya kabel antar switch (uplink cable); atau bahkan berdampak pada sebagian besar komputer dalam jaringan lan anda karena kegagalan backbone cable.
3.anti virus perlu diupgrade untuk memperlancar jaringan

Read more...

CCNA Discovery 4 Module 4

1. In addition to the technical considerations, what other major factor is used to evaluate the success of a network installation?
• user satisfaction

2. Which two network applications are most affected by network congestion and delays? (Choose two.)
• IP telephony
• live video webcasts

3. What two Cisco tools can be used to analyze network application traffic? (Choose two.)
• NBAR
• NetFlow

4. In network design, which technology can be implemented to prioritize traffic based on its importance and technical requirements?
• QoS

5. What are two characteristics of voice over IP traffic? (Choose two.)
• Voice packets tend to be small.
• Voice packets must be processed in real time.

6. What are two things that a network designer can do to determine current and anticipated network traffic flows? (Choose two.)
• Survey end users to obtain customer input.
• Conduct an inventory of all networking devices that includes model numbers and memory configurations

7. A company that has a traditional telephone system wants to convert to IP telephony. Which two factors should be considered for the design? (Choose two.)
• Voice-enabled routers or a server must be used for call control and signaling.
• Power to the phones can be supplied through properly equipped patch panels or switches.

8. Several web and email servers have recently been installed as part of an enterprise network. The security administrator has been asked to provide a summary of security features that can be implemented to help prevent unauthorized traffic from being sent into or out of sensitive internal networks. Which three features should the security administrator recommend? (Choose three.)
• firewalls
• access control lists
• intrusion detection systems

9. The design of an IP telephony system needs to meet the technical requirements to provide a connection to the PSTN as well as provide high-quality voice transmissions using the campus network. Which two elements directly affect the ability of the design to meet these requirements?(Choose two.)
• voice-enabled router at the enterprise edge
• separate voice and data VLANs with QoS implemented

10. When implementing VoIP services, which two design considerations should be followed?(Choose two.)
• Confirm that network jitter is minimal.
• Ensure that packet delays do not exceed 150 ms.

11. What design strategy should be followed when designing a network that uses video on demand?
• install servers to store the data in a centrally located server farm

12. When implementing QoS in traffic queues, what is the first step the designer should take to ensure that traffic is properly prioritized?
• identify traffic requirements

13. Which two statements are characteristics of file transfer traffic flows? (Choose two.)
• Transfers are throughput intensive.
• Response-time requirements are low.

14. Which two items can be determined by diagramming internal traffic flow? (Choose two.)
• the areas where network congestion may occur
• locations where high-bandwidth connections are required

15. Which two traffic types are examples of external traffic flows? (Choose two.)
• A user in marketing connects to the web server of a competitor.
• A user in the services department logs in to a web-based email program.

16. Which service can be provided by the NetFlow Cisco utility?
• peak usage times and traffic routing

17. Refer to the exhibit. If ACL 150 identifies only voice traffic from network 192.168.10.0/24 and no other traffic, which queue will voice traffic from other networks use?
• default

18. Refer to the exhibit. After configuring QoS, a network administrator issues the command show queueing interface s0/1. What two pieces of information can an administrator learn from the output of this command? (Choose two.)
• type of queuing being implemented
• number of packets placed in each queue

19. An analysis of network protocols reveals that RTP and RTCP are being used. What uses these protocols?
• real-time video

20. A company is considering adding voice and video to the data networks. Which two statements are true if voice and video are added? (Choose two.)
• More UDP-based traffic flows will be evident.
• QoS will most likely be implemented to prioritize traffic flows.

21. Refer to the exhibit. Which option correctly matches the terms on top with its definition on the bottom? 1
• A=4, B=3, C=1, D=2

22. A database server is configured to purge all data that is 60 days old. Ten data items that are 60 days old are to be purged. However, there is a failure halfway through the transaction, and the entire transaction is voided. What type of transaction action occurred?
• atomic

23. What is the primary goal of QoS?
• providing priority service to selected traffic

24. Which technology provides a mechanism for implementing QoS at Layer 2?
• CoS

25. A customer purchases tickets online and pays using a credit card, but the system goes down before the transaction is complete. What transaction type retains a record of this transaction after the system failure so that the customer will still receive the tickets and the credit card account will be debited accordingly?
• durable

26. Refer to the exhibit. The network design documents include requirements to prevent switching loops, to provide link-specific failover, and to provide Layer 3 recovery. Which two protocols would be needed to provide the support? (Choose two.)
• HSRP
• RSTP

27. network design must minimize latency to support real-time streaming applications. Which two protocols enable control and scalability of the network resources and minimize latency by incorporating QoS mechanisms? (Choose two.)
• RTCP
• RTP

28. Which two major differences are associated with IP telephony when compared to traditional telephony that uses a PBX? (Choose two.)
• manages phones centrally
• requires a separate infrastructure to support data transfer

29. When QoS is implemented in a converged network, which two factors can be controlled to improve performance? (Choose two.)
• delay
• jitter

Read more...

CCNA Discovery 4 Module 3

1. It is important to identify the details of network sections and devices that will be affected or involved in a new design. This information is included in which section of the Network Design Requirements Document?
• Project Scope

2. Which two pieces of information does the network designer need to determine if the Cisco IOS of a router requires an upgrade? (Choose two.)
• model number of the router
• installed Cisco IOS feature set and version

3. Which three pieces of information need to be considered when selecting the proper Cisco IOS version for an upgrade? (Choose three.)
• amount of DRAM
• device make and model
• size of system flash memory

4. What are two practices a network technician should follow when installing a new interface card in a router? (Choose two.)
• Handle the interface card by the edges to avoid static discharge.
• Push the interface card into place until the edge connector is seated securely

5. The new serial interface card for the router arrives and the network technician reads that it is hotswappable. What does this mean?
• The card can be installed while the router is powered on if the router supports this technology.

6. Refer to the exhibit. A network administrator issues the command shown to gain knowledge about a poorly documented network. Which two pieces of information can the network administrator discover from the command output? (Choose two.)
• One connected device has router capability.
• Five Cisco devices with CDP enabled are directly connected to device C3750-24_MDF

7. Refer to the exhibit. Which of the three Cisco IOS images shown will load into RAM? .
• The router selects an image depending on the boot system command in the configuration.

8. An administrator wants to download a new Cisco IOS software version to the local router. Which command performs this task?
• copy tftp flash

9. Refer to the exhibit. The top of the output shows the Cisco Feature Navigator regarding a Cisco IOS image that the administrator wants to install on a router. Below it is the output from the show version command for that router. Which statement is true regarding the capacity of the router to run this Cisco IOS image?
• There is not enough DRAM and flash.

10. Which two items are objectives of a WLAN design site survey? (Choose two.)
• identify coverage areas
• determine primary AP locations

11. Refer to the exhibit. Which two actions improve the weaknesses of the topology shown, assuming that each access layer segment is in its own subnet? (Choose two.)
• Implement redundant links to each server by adding additional NICs.
• Implement a backup firewall with a link to a secondary ISP and implement a redundant link to the DMZ.

12. A company is beginning to analyze their new Cisco IOS upgrade requirements. What is one of the router components that a network administrator must consider when selecting a new Cisco IOS version?
• interfaces and modules to be supported

13. An employee at a company notices that the wireless signal strength indicator on his laptop fluctuates from good to low. The network administrator decides to do a site survey of that area. Which three factors need to be included in the survey? (Choose three.)
• number of users in the area
• location of the AP
• location of walls and filing cabinets in the office

14. The new network design for AnyCompany must include support of voice and video traffic. Before upgrading, the network designer checks whether the existing devices can support the new requirements. Which three items does the designer need to check? (Choose three.)
• size of DRAM and flash on each device
• routers that will support HWICs and VWICs
• modules supported on the loaded Cisco IOS

15. A new Cisco IOS version has been copied into flash from a TFTP server. When a reload is issued to upgrade the Cisco IOS, the router freezes part of the way through the loading process. What could be the problem?
• There is enough flash but not enough RAM in the router.

16. Refer to the exhibit. A network designer has no documentation and is attempting to create a logical diagram of the network using the output from show commands. What can be determined from the output shown?
• The designer cannot telnet to the attached switch.

17. A production router is reloaded and finishes with a Router> prompt. What three facts can be determined? (Choose three.)
• POST occurred normally.
• A full version of the Cisco IOS was located and loaded.
• A configuration file was not located in NVRAM or from a TFTP server.

18. During a site survey, the network designer noticed that people were accessing the company wireless network from the parking lot. What should be done to stop the wireless signal from radiating out into the parking lot?
• change the type of antenna attached to the AP

19. A network design project includes a review of the existing network. What is the purpose of this phase of the project?
• To determine what existing network devices require upgrades to meet the new

20. Refer to the exhibit. Based upon the Cisco IOS file naming convention, what is represented by the value ipvoicek9 listed in the IOS filename?
• feature set

21. Refer to the exhibit. What two items can be determined from the output? (Choose two.)
• R2 is a Cisco 2600 device.
• The version of the IOS is 12.3.

22. During a wireless site survey, a consultant is determining the hours of peak usage and the estimated number of users in each location. The consultant is currently in what step of the site survey process?
• the identification of coverage areas

23. Refer to the exhibit. The network administrator is attempting to install a new version of the IOS on R2. Based on the exhibited output, what are two possible reasons that the transfer failed?(Choose two.)
• Connectivity between R2 and the TFTP server was not verified.
• The administrator did not verify that the TFTP server is running.

24. In which section of the Network Design Requirements document would a network consulting team detail names and IP addresses of important networking components and servers, provide network diagrams and topologies, and define strengths and weaknesses of the network?
• state of the network

Read more...

CCNA Discovery 4 Module 2

1. During an evaluation of the currently installed network, the IT staff performs a gap analysis to determine whether the existing network infrastructure can support the desired new features. At which stage of the Cisco Lifecycle Services approach does this activity occur?
• Plan Phase

2. Which stage of the Cisco Lifecycle Services strategy is usually completed before an organization issues a Request For Proposal (RFP) or Request For Quotation (RFQ)?
• Prepare Phase

3. What is the purpose of SNMP?
• to facilitate the exchange of information between devices and the NMS

4. During an analysis of a customer network, several possible opportunities for network improvement are identified. At which stage of the Cisco Lifecycle Services does this process occur?
• Design Phase

5. What provides the initial data for the Optimize Phase?
• performance monitoring

6. Which two statements are true regarding the response to an RFQ?(Choose two.)
• it should strictly conform to the formatting requirements specified by the RFQ.
• The response helps the customer compare pricing with other potential contractors.

7. What are two disadvantages of using a bottom-up approach instead of a top-down approach to network design? (Choose two.)
• It can result in an inappropriate network design.
• It does not take into account the business goals of the company.

8. What is a business constraint that may impact the WAN design of a company?
• company policy requiring the use of specific vendor networking equipment due to partnerships

9. What is the purpose of preparing a business case?
• to justify the financial investment in implementing the technology change

10. What is the purpose of creating a prioritized list of technical requirements?
• defines the project scope

11. A network engineer is analyzing the network of a potential client company to identify problems and determine whether a network upgrade or addition is needed. Which role in the sales team is this engineer assuming?
• pre-sales engineer

12. Which two statements best describe the responsibilities of an account manager? (Choose two.)
• acts as the primary point of contact between the company and the client
• directs the sales teams and support personnel

13. What is the purpose of system-level acceptance testing?
• to check that the newly installed network meets the business goals and design requirements

14. What is a purpose of establishing a network baseline?
• It creates a point of reference for future network evaluations.

15. When should a network baseline be performed within the stages of the Cisco Lifecycle Services?
• Operate Phase

16. What are two benefits of using a top-down approach instead of a bottom-up approach to network design? (Choose two.)
• incorporates organizational requirements
• clarifies design goals from the perspective of applications and network solutions

17. Which software component is installed on network devices that are managed through SNMP?
• management agents

18. A network engineer working for a contracting company is informed of a pre-bid meeting with a potential client. What purpose does the network engineer have for attending the pre-bid meeting?
• to clarify project scope and timelines not included in the original request for proposal

19. A major corporation has decided to hire someone to upgrade their network infrastructure. A network consulting company wants the job. What document must the network consulting company obtain to learn about the business goals, the project scope, the requirements for the new network and the expected deliverables?
• Request for Proposal

20. A corporation (client) wants a network upgrade and is putting out a request for services to various network consulting companies (contractors). A RFQ is required. Which statement is true concerning the RFQ?
• sent from the client to the contractors in place of a RFP when the technical specifications of a project are known

21. Which stage of the Cisco Lifecycle Services involves proactive management to identify and resolve issues before the organization is affected?
• Optimize Phase

22. Why is it important to prioritize business goals when developing network design?
• to adhere to the best opportunities to contribute to the success of the business

23. Which two items help identify business goals and priorities before a new network project starts? (Choose two.)
• motivation
• profitability

24. A network engineer working for ABC company is writing a response to an RFP for a network upgrade and must create an executive summary. Which statement describes the basic components of an executive summary?
• quick overview of the problem, the recommended solution, and the justification for ABC company doing the job

25. In a network management architecture, which statement best describes a management agent?
• software running on a managed device to collect network information and allow that device to be managed by a management station

Read more...

CCNA Discovery 4 Module 1

1. What are two mechanisms that provide redundancy for server farm implementations? (Choose two.)
• Rapid Spanning Tree Protocol
• Hot Standby Routing Protocol

2. The ability to connect securely to a private network over a public network is provided by which WAN technology?
• VPN

3. Which three statements describe the functions of the Cisco hierarchical network design model? (Choose three.)
• The distribution layer is responsible for traffic filtering and isolating failures from the core.
• Two goals of the core layer are 100 percent uptime and maximizing throughput.
• The access layer provides a means of connecting end devices to the network.

4. A network designer is creating a new network. The design must offer enough redundancy to provide protection against a single link or device failure, yet must not be too complex or expensive to implement. What topology would fill these needs?
• partial mesh

5. Refer to the exhibit. If the firewall module has been correctly configured using best practices for network security, which statement is true about the security design for the network?
• Servers in the DMZ are protected from internal and external attacks.

6. Which statement is true about a DMZ in a traditional network firewall design?
• Servers in the DMZ provide limited information that can be accessed from external networks.

7. What network connection would be most cost efficient while still meeting the security and connectivity needs of this teleworker?
• DSL VPN connection with a dialup backup link

8. Refer to the exhibit. The network administrator creates a standard access control list to prohibit traffic from the 192.168.1.0/24 network from reaching the 192.168.2.0/24 network while still permitting Internet access for all networks. On which router interface and in which direction should it be applied? d
• interface fa0/1, outbound

9. Refer to the exhibit. The server broadcasts an ARP request for the MAC address of its default gateway. If STP is not enabled, what is the result of this ARP request?
• Switch_A and Switch_B continuously flood the message onto the network.

10. What are two best practices in wireless LAN design to ensure secure wireless access to the corporate network? (Choose two.)
• Use a separate WLAN for employees.
• Configure WPA.

11. In a well-designed, high-availability network, which device significantly affects the most users if a failure occurs?
• small workgroup switch in the network access layer

12. Which two statements are true regarding network convergence? (Choose two.)
• In a large network, using the EIGRP or OSPF routing protocols rather than RIPv2 may improve convergence time.
• Route summarization improves convergence time by minimizing the size of the routing table.

13. Centralizing servers in a data center server farm can provide which benefit over a distributed server environment?
• It is easier to filter and prioritize traffic to and from the data center.

14. Refer to the exhibit. What effect does the ACL shown have on network traffic, assuming that it is correctly applied to the interface?
• All Telnet traffic from the 172.16.0.0 network to any destination is denied.

15. Which Cisco IOS function can be configured at the distribution layer to filter unwanted traffic and provide traffic management?
• access control lists

16. What kind of ACL inspects outbound UDP, TCP, and ICMP traffic and allows inbound access only to traffic that belongs to these established sessions?
• reflexive ACL

17. Which three functions are performed at the distribution layer of the hierarchical network model? (Choose three.)
• summarizing routes from the access layer
• isolating network problems to prevent them from affecting the core layer
• utilizing redundant links for load balancing to increase available bandwidth

18. Refer to the exhibit. Which two devices are part of the access design layer? (Choose two.)
• FC-AP
• FC-ASW-2

19. What is true about implementing a centralized server farm topology?
• provides defined entry and exit points so that filtering and securing traffic is easier

20. Refer to the exhibit. What happens when Host 1 attempts to send data?
• Frames from Host 1 cause the interface to shut down, and a log message is sent.

21. Which two considerations are valid when designing access layer security?(Choose two.)
• SSH is more secure than Telnet to administer network devices.
• Disabling unused ports on the switches helps prevent unauthorized access to the network.

22. What address can be used to summarize only networks 172.16.0.0/24, 172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/24?
• 172.16.0.0/22

23. Which two items in a physical WLAN design can be identified through a site survey? (Choose two.)
• the types of antennas that are required
• the access point hardware that is required

24. Refer to the exhibit. Which two statements correctly describe the benefits of the network access layer design that is shown? (Choose two.)
• If host A sends a broadcast message, only hosts in VLAN10 receive the broadcast frame.
• Segmenting all voice traffic on a separate VLAN facilitates the implementation of QoS.

25. What are three ways to ensure that an unwanted user does not connect to a wireless network and view the data? (Choose three.)
• Disable SSID broadcasting.
• Use authentication between clients and the wireless device.
• Configure strong encryption such as WPA.

Read more...

CCNA3 - Lab 8.3.3 Configuring and Verifying Standard ACLs

Step 1: Connect the equipment

1. Connect the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of Router 2 using a serial cable.
2. Connect the Fa0/0 interface of Rourter 1 to the Fa0/1 port of Switch 1 using a straight-through cable.
3. Connect a console cable to the PC to perform configurations on the routers and switch.
4. Connect H1 to the Fa0/2 port of Switch 1 using a straight-through cable.

Step 2: Perform basic configuration on Router 1

1. Connect a PC to the console port of the router to perform configurations using a terminal emulation program.
2. On Router 1, configure the hostname, interfaces, passwords, and message-of-the-day banner and disable DNS lookups according to the addressing table and topology diagram. Save the configuration.

Step 3: Perform basic configuration on Router 2

Perform basic configuration on Router 2 and save the configuration.

Step 4: Perform basic configuration on Switch 1

Configure Switch 1 with a hostname and passwords according to the addressing table and topology diagram.

Step 5: Configure the host with IP address, subnet mask, and default gateway

1. Configure the host with the proper IP address, subnet mask, and default gateway. The host should be assigned the address 192.168.200.10/24 and the default gateway of 192.168.200.1.
2. The workstation should be able to ping the attached router. If the ping is not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.

Step 6: Configure RIP routing and verify end-to-end connectivity in the network

1. On Router 1, enable the RIP routing protocol and configure it to advertise both connected networks.
2. On Router 2, enable the RIP routing protocol and configure it to advertise all three connected networks.
3. Ping from Host 1 to the two loopback interfaces on Router 2.

Were the pings from Host 1 successful? Yes

If the answer is no, troubleshoot the router and host configurations to find the error. Ping again until they are both successful.

Step 7: Configure and test a standard ACL

Step 8: Test the ACL

1. From Host 1, ping the 192.168.1.1 loopback address.

Is the ping successful? No

1. From Host 1, ping the 192.168.2.1 loopback address.

Is the ping successful? No

1. Issue the show access-list command again.

How many matches are there for the first ACL statement (permit)?

Answers will vary but there should be at least 8-16 matches if the pings to the loopbacks were done.

Step 9: Reflection

1. Why is careful planning and testing of access control lists required?   Jawaban: To verify that the intended traffic – and ONLY the intended – traffic is permitted.
2. What is the main limitation of standard ACLs? Jawaban: They can only filter based on source address

Read more...

CCNA3 - Lab 8.3.4 Planning, Configuring and Verifying Extended ACLs

Step 1: Connect the equipment

1. Connect the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of Router 2 using a serial cable.
2. Connect the Fa0/0 interface of Router 1 to the Fa0/1 port of Switch 1 using a straight-through cable.
3. Connect a console cable to each PC to perform configurations on the routers and switch.
4. Connect Host 1 to the Fa0/3 port of Switch 1 using a straight-through cable.
5. Connect Host 2 to the Fa0/2 port of Switch 1 using a straight-through cable.
6. Connect a crossover cable between Host 3 and the Fa0/0 interface of Router 2.

Step 2: Perform basic configuration on Router 1

1. Connect a PC to the console port of the router to perform configurations using a terminal emulation program.
2. On Router 1, configure the hostname, interfaces, passwords, and message-of-the-day banner and disable DNS lookups according to the addressing table and topology diagram. Save the configuration.

Step 3: Perform basic configuration on Router 2

Perform basic configuration on Router 2 and save the configuration.

Step 4: Perform basic configuration on Switch 1

Configure Switch 1 with a hostname, console, Telnet, and privileged passwords according to the addressing table and topology diagram.

Step 5: Configure the hosts with IP address, subnet mask, and default gateway

1. Configure the hosts with IP address, subnet mask, and default gateway according to the addressing table and the topology diagram.
2. Each workstation should be able to ping the attached router. If the pings are not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.

Step 6: Configure RIP routing and verify end to end connectivity in the network

1. On R1, enable the RIP routing protocol and configure it to advertise both connected networks.
2. On R2, enable the RIP routing protocol and configure it to advertise both connected networks.
3. Ping from each host to the other two hosts.

Were the pings successful? yes

If the answer is no, troubleshoot the router and host configurations to find the error. Ping again until they are all successful.

Step 7: Configure Extended ACLs to control traffic

Host 3 in this network contains proprietary information. Security requirements for this network dictate that only certain devices should be allowed access to this machine. Host 1 is the only host that will be allowed to access this computer. All other hosts on this network are used for guest access and should not be allowed access to Host 3.

Step 8: Test the ACL

1. Ping Host 3 from both Hosts 1 and 2.

Can Host 1 ping Host 3? yes

Can Host 2 ping Host 3? no

1. To verify that other addresses can ping Host 3, ping Host 3 from R1.

Is the ping successful? yes

1. Display the access control list again with the show access-lists command.

Step 9: Configure and test the ACL for the next requirement

1. Host 3 is the only host that should be allowed to connect to R1 for remote management.
2. Because the source traffic could come from any direction, this ACL needs to be applied to both interfaces on R1. The traffic to be controlled would be inbound to the router.
3. Now attempt to telnet to R1 from all hosts and R2. Attempt to telnet to both R1 addresses.

Can you telnet to R1 from any of these devices? If yes, which one(s)?  Jawaban: Yes, from Host 3 only.

1. View the output of the show access-lists command on R1.

Step 11: Reflection

1. Why is careful planning and testing of access control lists required? Jawaban: To verify that the intended traffic – and ONLY the intended – traffic is permitted.
2. What is an advantage of using Extended ACLs over Standard ACLs? Jawaban: Extended ACLs allow you to filter based on more information that just the source address.

Read more...

CCNA3 - Lab 8.3.5 Configuring and Verifying Extended Named ACLs

Step 1: Connect the equipment

1. Connect the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of Router 2 using a serial cable as shown in the diagram and addressing table.
2. Connect the Fa0/0 interface of Router 1 to the Fa0/1 port of Switch 1 using a straight-through cable.
3. Connect Host 1 to the Fa0/2 port of Switch 1 using a straight-through cable.
4. Connect Host 2 to the Fa0/3 port of Switch 1 using a straight-through cable.

Step 2: Perform basic configuration on Router 1

1. Connect a PC to the console port of the router to perform configurations using a terminal emulation program.
2. On Router 1 configure the hostname, interfaces, passwords, and message-of-the-day banner and disable DNS lookups according to the addressing table and topology diagram. Save the configuration.

Step 3: Perform basic configuration on Router 2

Step 4: Perform basic configuration on Switch 1

Step 5: Configure the hosts with IP address, subnet mask, and default gateway

1. Configure the hosts IP address, subnet mask, and default gateway according to the addressing table and the topology diagram.
2. Each workstation should be able to ping R1 and each other. If the pings are not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.

Step 6: Verify that the network is functioning

1. From the attached hosts, ping the FastEthernet interface of the default gateway router.
2. Use the command show ip interface brief and check the status of each interface.
3. Ping from the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of Router 2.

Was the ping successful? Jawaban:  Yes

If the answer is no, troubleshoot the router configurations to find the error. Ping again until successful.

Step 7: Configure static and default routing on the routers.

1. Configure a default route on R1. Use the next hop interface on R2 as the path.

R1(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.2

1. From one of the host PCs on R1, ping R2.

Why is the ping unsuccessful? Jawaban: There is no return route configured on R2 to reach the 192.168.15.0 network.

1. Configure a static route on R2 to the R1 192.168.15.0 network. Use the next hop interface on R1 as the path.

Step 8: Configure and test a simple Named Standard ACL

1. Create a Named ACL that allows H2 to reach other hosts on the local network but does not allow H2 to access remote networks. At the configuration prompt, use this command sequence:

Why do you need the third statement?  Jawaban: To allow other IP traffic not covered by the ACL.

1. Apply the ACL to the interface.

Describe how you should test this ACL:  Jawaban: Ping from H2 to H1 to verify that H2 can reach hosts on the local network; ping from H2 to R1 and R2. Those pings should fail. Pings from H1 to R1 or R2 should succeed.

1. Conduct the tests to verify that this ACL achieves its goals. If it does not, troubleshoot by viewing the output of a show running-config command to verify that the ACL is present and applied to the correct interface.

Step 9: Create and test a Named Extended ACL

1. Create a Named ACL that does not allow H1 to ping R2 but allows H1 to reach the local network and R1. Describe how you would test this ACL:

Jawaban: Ping successfully from H1 to H2; ping unsuccessfully to R2, but ping successfully to R1.

1. Conduct the tests to verify that this ACL achieves its goals. If it does not, troubleshoot by viewing the output of a show running-config command to verify that the ACL is present and applied to the correct interface.

Step 10: Edit a Named Standard ACL

1. You have decided to edit the Named Standard ACL. In privileged EXEC mode, view the access list statements.
2. Add a line to this Named Standard ACL to block H1 from reaching R1, but still permit H1 and H2 to reach each other. Enter configuration commands, one per line. End with CNTL/Z.

If you added a new PC to the topology, attached it to S1, and gave it the IP address 192.168.15.4/24, would it be able to reach R1?Jawaban: Yes

Step 11: Reflection

1. Why is it good practice to perform basic configurations and verify connectivity before adding ACLs to routers? Jawaban:  ACLs add many possible “error points” or places where a mistake results in traffic being disrupted. It is easier to troubleshoot if you can verify that the basic configuration is working before you add ACLs. If the basic configuration fails after adding an ACL, troubleshoot the ACL.
2. What advantages do Named ACLs offer? Jawaban: The ability to give ACLs logical, easy-to-remember names; unlimited numbers, rather than being limited to a specific range of numbers.

Read more...

CCNA3 - Lab 8.3.6 Configuring and Verifying VTY Restrictions

Step 1: Connect the equipment

1. Connect the S0/0/0 interface of Router 1 to the S0/0/0 interface of Router 2 using a serial cable as shown in the diagram and addressing table.
2. Connect the Fa0/0 interface of Router 1 to the Fa0/1 port of Switch 1 using a straight-through cable.
3. Connect Host 1 to the Fa0/2 port of Switch 1 using a straight-through cable, and connect Host 2 to the Fa0/3 port of Switch 1 using a straight-through cable.
4. Connect Host 3 to the Fa0/2 port of Switch 2 using a straight-through cable, and connect Host 4 to the Fa0/3 port of Switch 2 using a straight-through cable.

Step 2: Perform basic configuration on Router 1

1. Connect a PC to the console port of the router to perform configurations using a terminal emulation program.
2. On Router 1, configure the hostname, interfaces, passwords and message-of-the-day banner and disable DNS lookups according to the addressing table and topology diagram. Save the configuration.

Step 3: Perform basic configuration on Router 2

Step 4: Perform basic configuration on Switch 1 and Switch 2

Step 5: Configure the hosts with IP address, subnet mask, and default gateway

1. Configure the hosts IP address, subnet mask, and default gateway according to the table and the topology diagram.
2. Each workstation should be able to ping the attached router. If the pings were not successful, troubleshoot as necessary. Check and verify that the workstation has been assigned a specific IP address and default gateway.

Step 6: Configure dynamic routing on the routers

1. Configure RIP routing on R1. Advertise the appropriate networks.
2. Configure RIP routing on R2. Advertise the appropriate networks.

Step 7: Verify connectivity

1. If the network has converged, list four destinations that H1 should be able to ping: R1, R2, H2, H3, H4
2. Test connectivity by pinging all the destinations. If any pings fail, troubleshoot the configurations on the routers and host PCs.
3. Check the routing table on R1.
4. Verify that all routes appear in the routing table. If a route is missing, troubleshoot the router configuration.
5. Telnet from the hosts to both routers. All hosts should be able to Telnet to both routers. If Telnet fails, troubleshoot the router and host configurations.

Step 8: Configure and test an ACL that will limit Telnet access

1. Create a standard ACL that represents the LAN attached to R1. R1(config)#access-list 1 permit 192.168.15.0 0.0.0.255
2. Now that you have defined the LAN traffic, you must apply it to the vty lines. This allows users from this LAN to Telnet to this router, but will block users from other LANs from accessing Telnet on this router.
3. Test the restriction.

Step 9: Create vty restrictions for R2

1. Create a Standard ACL that will not allow hosts on the R1 LAN to Telnet to R2 but will allow hosts on the R2 LAN to Telnet to their attached router.
2. Conduct the tests to verify that this ACL achieves its goals. If it does not, troubleshoot by viewing the output of a show running-config command to verify that the ACL is present and applied correctly.

Step 10: Reflection

Why is the vty restriction ACL a good practice when configuring a router? Jawaban: if foreign hosts can Telnet into a router, they have the ability to view and modify the configuration. Security demands that Telnet be restricted. Because vty ACLs are applied to the vty lines and not to physical interfaces, this controls Telnet access to the router regardless of from where the host(s) attempt to connect on the network.

Read more...