QUESTION 291
A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.
The following have already been configured on the router:
The basic router configuration
The appropriate interfaces have been configured for NAT inside and NAT outside
The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.)
All passwords have been temporarily set to “cisco”
Image may be NSFW.
Clik here to view.
Correct Answer:
The company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it
Router>enable
Router#configure terminal
First you should change the router’s name to Weaver
Router(config)#hostname Weaver
Create a NAT pool of global addresses to be allocated with their netmask.
Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask
255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Establish dynamic source translation, specifying the access list that was defined in the prior step
Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110) Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to- one) by using different ports.
The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Finally, we should save all your work with the following command:
Weaver#copy running-config startup-config
Check your configuration by going to “Host for testing” and type:
C : \ >ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114
QUESTION 292
Image may be NSFW.
Clik here to view.
Correct Answer:
Router>enable
Router#config terminal
Router(config)#hostname weaver
weaver(config)#ip nat pool test 198.18.191.145 198.18.191.150 255.255.255.248 weaver(config)#ip nat inside source list 1 pool test overload
weaver(config)#access-list 1 permit 192.168.108.32 0.0.0.31
weaver(config)#interface fa0/0
weaver(config-if)#ip address 192.168.108.62 255.255.255.224
weaver(config-if)#ip nat inside
weaver(config-if)#interface s0/0
weaver(config-if)#ip nat outside
QUESTION 293
Image may be NSFW.
Clik here to view.
Correct Answer:
Login Lab_A router.
Lab_A>enable password: cisco
Lab_A#config terminal
Lab_A(config)#router ospf 2
Lab_A(config-route)#no network 192.168.121.0 0.0.0.4 area 0
Lab_A(config-route)#network 192.168.121.0 0.0.0.3 area 0
Lab_RA(config-route)#end
Lab_A#copy run start
QUESTION 294
Image may be NSFW.
Clik here to view.
Correct Answer:
Select the console on Corp1 router
Configuring ACL
Corp1>enable
Corp1#configure terminal
comment: To permit only Host C (192.168.33.3){source addr} to access finance server address (172.22.242.23) {destination addr} on port number 80 (web) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
comment: To deny any source to access finance server address (172.22.242.23) {destination addr} on port number 80 (web)
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
comment: To permit ip protocol from any source to access any destination because of the implicit deny any any statement at the end of ACL.
Corp1(config)#access-list 100 permit ip any any
Applying the ACL on the Interface
comment: Check show ip interface brief command to identify the interface type and number by checking the IP address configured.
Corp1(config)#interface fa 0/1
If the ip address configured already is incorrect as well as the subnet mask. This should be corrected in order ACL to work
type this commands at interface mode:
no ip address 192.x.x.x 255.x.x.x (removes incorrect configured ipaddress and subnet mask) Configure Correct IP Address and subnet mask:
ip address 172.22.242.30 255.255.255.240 ( range of address specified going to server is given as 172.22.242.17 – 172.22.242.30 )
comment: Place the ACL to check for packets going outside the interface towards the finance web server.
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Important: To save your running config to startup before exit.
Corp1#copy running-config startup-config
Verifying the Configuration:
Step1: show ip interface brief command identifies the interface on which to apply access list. Step2: Click on each host A,B,C & D. Host opens a web browser page. Select address box of the web browser and type the ip address of finance web server(172.22.242.23) to test whether it permits /deny access to the finance web Server.
Step 3: Only Host C (192.168.33.3) has access to the server. If the other host can also access then maybe something went wrong in your configuration. check whether you configured correctly and in order.
Step 4: If only Host C (192.168.33.3) can access the Finance Web Server you can click on NEXT button to successfully submit the ACL SIM.
QUESTION 295
Lab-CLI
Central Florida Widgets recently installed a new router in their office. Complete the network installation by performing the initial router configurations and configuring R1PV2 routing using the router command line interface (CLI) on the RC.
Configure the router per the following requirements:
Name of the router is R2
Enable secret password is cisco
The password to access user EXEC mode using the console is cisco2
The password to allow telnet access to the router is cisco3
IPV4 addresses mast be configured as follows:
Ethernet network 209.165.201.0/27 – router has fourth assignable host address in subnet
Serial network is 192.0.2.176/28 – router has last assignable host address in the subnet.
Interfaces should be enabled.
Router protocol is RIPV2
Attention:
In practical examinations, please note the following, the actual information will prevail.
1. Name of the router is xxx
2. Enable. secret password is xxx
3. Password In access user EXEC mode using the console is xxx
4. The password to allow telnet access to the router is xxx
5. IP information
Image may be NSFW.
Clik here to view.
Correct Answer:
Router>enable
Router#config terminal
Router(config)#hostname R2
R2(config)#enable secret cisco
R2(config)#line console 0
R2(config-line)#password cisco2
R2(config-line)#exit
R2(config)#line vty 0 4
R2(config-line)#password cisco3
R2(config-line)#login
R2(config-line)#exit
R2(config)#interface fa0/0
R2(config-if)#no shutdown
R2(config-if)#ip address 209.165.201.4 255.255.255.224
R2(config)#interface s0/0/0
R2(config-if)#ip address 192.0.2.190 255.255.255.240
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 209.165.201.0
R2(config-router)#network 192.0.2.176
R2(config-router)#end
R2#copy run start
QUESTION 296
Lab-EIGRP
After adding RTR_2 router, no routing updates are being exchanged between RTR_1 and the new location. All other inter connectivity and internet accesses for the existing locations of the company are working properly.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.![clip_image009[1]](http://www.ccnadump.com/wp-content/uploads/2014/07/clip_image0091_thumb.jpg "clip_image009[1]")
Image may be NSFW.
Clik here to view.![clip_image009[2]](http://www.ccnadump.com/wp-content/uploads/2014/07/clip_image0092_thumb.jpg "clip_image009[2]")
Image may be NSFW.
Clik here to view.![clip_image009[3]](http://www.ccnadump.com/wp-content/uploads/2014/07/clip_image0093_thumb.jpg "clip_image009[3]")
Image may be NSFW.
Clik here to view.![clip_image009[4]](http://www.ccnadump.com/wp-content/uploads/2014/07/clip_image0094_thumb.jpg "clip_image009[4]")
Image may be NSFW.
Clik here to view.![clip_image009[5]](http://www.ccnadump.com/wp-content/uploads/2014/07/clip_image0095_thumb.jpg "clip_image009[5]")
The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords on all routers are Cisco.
IP addresses are listed in the chart below.
Correct Answer:
RTR_A#show run
!
!
interface FastEthernet0/0
ip address 192.168.60.97 255.255.255.240
!
interface FastEthernet0/1
ip address 192.168.60.113 255.255.255.240
!
interface Serial0/0
ip address 192.168.36.14 255.255.255.252
!
router eigrp 212
network 192.168.36.0
network 192.168.60.0
no auto-summary
!
RTR_A#show ip route
192.168.36.0/30 is subnetted, 1 subnets
C 192.168.36.12 is directly connected, Serial 0/0
192.168.60.0/24 is variably subnetted, 5 subnets, 2 masks
C 192.168.60.96/28 is directly connected, FastEthernet0/0
C 192.168.60.112/28 is directly connected, FastEthernet0/1
D 192.168.60.128/28 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0
D 192.168.60.144/28 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0
D 192.168.60.24/30 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0
D* 198.0.18.0 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0
***************************************************************************
RTR_2#show run
!
!
interface FastEthernet0/0
ip address 192.168.77.34 255.255.255.252
!
interface FastEthernet0/1
ip address 192.168.60.65 255.255.255.240
!
interface FastEthernet1/0
ip address 192.168.60.81 255.255.255.240
!
!
router eigrp 22
network 192.168.77.0
network 192.168.60.0
no auto-summary
!
RTR_2#show ip route
192.168.60.0/28 is variably subnetted, 2 subnets
C 192.168.60.80 is directly connected, FastEthernet1/0
C 192.168.60.64 is directly connected, FastEthernet0/1
192.168.77.0/30 is subnetted, 1 subnets
C 192.168.77.32 is directly connected, FastEthernet0/0
**********************************************************
RTR_B#show run
!
interface FastEthernet0/0
ip address 192.168.60.129 255.255.255.240
!
interface FastEthernet0/1
ip address 192.168.60.145 255.255.255.240
!
interface Serial0/1
ip address 192.168.60.26 255.255.255.252
!
router eigrp 212
network 192.168.60.0
!
RTR_B#show ip route
192.168.60.0/24 is variably subnetted, 5 subnets, 2 masks
C 192.168.60.24/30 is directly connected, Serial0/1
C 192.168.60.128/28 is directly connected, FastEthernet0/0
C 192.168.60.144/28 is directly connected, FastEthernet0/1
D 192.168.60.96/28 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1
D 192.168.60.112/28 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1
192.168.36.0/30 is subnetted, 1 subnets
D 192.168.36.12 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1
D* 198.0.18.0 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1
**************************************************************************
RTR_1#show run
!
!
interface FastEthernet0/0
ip address 192.168.77.33 255.255.255.252
!
interface Serial1/0
ip address 198.0.18.6 255.255.255.0
clockrate 64000
!
!
interface Serial0/0
ip address 192.168.36.13 255.255.255.252
clockrate 64000
!
interface Serial0/1
ip address 192.168.60.25 255.255.255.252
clockrate 64000
!
!
router eigrp 212
network 192.168.36.0
network 192.168.60.0
network 192.168.85.0
network 198.0.18.0
no auto-summary
!
ip classless
ip default-network 198.0.18.0
ip route 0.0.0.0 0.0.0.0 198.0.18.5
ip http server
RTR_1#show ip route
192.168.36.0/30 is subnetted, 1 subnets
C 192.168.36.12 is directly connected, Serial 0/0
192.168.60.0/24 is variably subnetted, 5 subnets, 2 masks
C 192.168.60.24/30 is directly connected, Serial0/1
D 192.168.60.128/28 [ 90/21026560 ] via 192.168.60.26, 00:00:57, Serial 0/1
D 192.168.60.144/28 [ 90/21026560 ] via 192.168.60.26, 00:00:57, Serial 0/1
D 192.168.60.96/28 [ 90/21026560 ] via 192.168.36.14, 00:00:57, Serial 0/0
192.168.77.0/30 is subnetted, 1 subnets
C 192.168.77.32 is directly connected, FastEthernet0/0
C 192.0.18.0/24 is directly connected, Serial 1/0
*S 0.0.0.0 via 198.0.18.5
QUESTION 297
Image may be NSFW.
Clik here to view.
Correct Answer:
Router>enable
Router# config terminal
Router(config)# hostname munford
munford(config)#ip nat pool test 198.18.154.57 198.18.154.62 netmask 255.255.255.192 munford (config)#ip nat inside source list 1 pool test overload
munford (config)#access-list 1 permit 192.168.42.64. 0.0.0.31
munford (config)#interface fa0/0
munford (config-if)# ip address 192.168.42.94 255.255.255.224
munford (config-if)#ip nat inside
munford (config-if)#interface serial 0/0
munford (config-if)#ip nat outside
QUESTION 298
Image may be NSFW.
Clik here to view.
Correct Answer:
Image may be NSFW.
Clik here to view.
QUESTION 299
Image may be NSFW.
Clik here to view.
Correct Answer:
Image may be NSFW.
Clik here to view.
QUESTION 300
Image may be NSFW.
Clik here to view.
Correct Answer:
Image may be NSFW.
Clik here to view.
Download Latest Complete Collection of ICND2 200-101 Real Exam ,help you to pass exam 100%.
Image may be NSFW.
Clik here to view.
Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Exams Questions and Answers