Category Archives: CCNA 3 v5

CCNA 3 v5 Switched Networks Practice Skills Assessment – Packet Tracer 2014

CCNA 3 v5 Switched Networks Practice Skills Assessment – Packet Tracer 2014

CCNA Routing and Switching
Switched Networks

Practice Skills Assessment – Packet Tracer

A few things to keep in mind while completing this activity:

Do not use the browser Back button or close or reload any exam windows during the exam.
Do not close Packet Tracer when you are done. It will close automatically.
Click the Submit Assessment button in the browser window to submit your work.

Introduction

In this practice skills assessment, you will configure the Company A network with RPVST+, port security, EtherChannel, DHCP, VLANs and trunking, and routing between VLANs. In addition you will perform an initial configuration on a switch, secure unused switch ports and secure SVIs. A simple access control list will also be configured.

All IOS device configurations should be completed from a direct terminal connection to the device console from an available host.

Some values that are required to complete the configurations have not been given to you. In those cases, create the values that you need to complete the requirements. These values may include certain IP addresses, passwords, interface descriptions, banner text, and other values.

For the sake of time, many repetitive but important configuration tasks have been omitted from this activity. Many of these tasks, especially those related to device security, are essential elements of a network configuration. The intent of this activity is not to diminish the importance of full device configurations.

You will practice and be assessed on the following skills:

  • Configuration of initial switch settings
  • IPv4 address assignment and configuration
  • Configuration of switch management settings including SSH
  • Configuration of port security
  • Configuration of unused switch ports according to security best practices
  • Configuration of RPVST+
  • EtherChannel configuration
  • Configuration of a router as a DHCP server
  • Configuration of VLANs and trunks
  • Configuration of routing between VLANs

You are required to do the following:

Campus:

  • Configure interface IPv4 addresses and descriptions
  • Configure DHCP pools and excluded addresses
  • Configure routing between VLANs
  • Configure a simple standard access control list

SW-A:

  • Create and name VLANs
  • Configure EtherChannel
  • Configure trunking
  • Assign access ports to VLANs
  • Configure remote management settings
  • Configure RPVST+

SW-B:

  • Configure initial device settings
  • Create and name VLANs
  • Configure EtherChannel
  • Configure trunking
  • Assign access ports to VLANs
  • Configure remote management settings and SSH
  • Activate RPVST+
  • Secure unused switch ports
  • Configure port security

SW-C:

  • Create and name VLANs
  • Configure EtherChannel
  • Configure trunking
  • Assign access ports to VLANs
  • Configure remote management settings
  • Configure RPVST+

Internal PC hosts:

  • Configure as DHCP clients
  • Assign Static IPv4 addresses

Tables

Note: You are provided with the networks that interfaces should be configured on. Unless you are told to do differently in the detailed instructions below, you are free to choose the host addresses to assign.

Addressing Table:

Instructions

All configurations must be performed through a direct terminal connection to the device consoles from an available host.

Step 1: Configure initial device settings on SW-B only.

  • Configure the host name as SW-B. The host name must match the value in the table exactly in spelling, case, and punctuation.
  • Prevent the router CLI from attempting to look up mistyped commands as URLs.
  • Configure an appropriate message-of-the-day banner.
  • Configure an encrypted password for Privileged EXEC mode.
  • Protect access to the device console.
  • Prevent IOS status messages from interrupting command line output at the device console.
  • Encrypt all clear text passwords.

Step 2: Create and name VLANs.

On all three switches, create and name the VLANs shown in the VLAN Table.

  • The VLAN names must match the values in the table exactly in spelling, case, and punctuation.
  • Each switch should be configured with all of the VLANs shown in the table.

Step 3: Assign switch ports to VLANs.

Using the VLAN table, assign the switch ports to the VLANs you created in Step 2, as follows:

  • All switch ports that you assign to VLANs should be configured to static access mode.
  • All switch ports that you assign to VLANs should be activated.
  • Note that all the unused ports on SW-B only should be assigned to VLAN 999. This configuration step on switches SW-A and SW-C has been left out of this activity for the sake of time.

Step 4: Configure the SVIs.

Using the addressing table, create and address the SVIs on all three switches. Configure the switches so that they can connect with remote hosts. Full connectivity will be established after routing between VLANs has been configured later in this assessment.

Step 5: Configure Trunking and EtherChannel.

a. Use the information in the Port-Channel Groups table to configure EtherChannel as follows:

  • Use LACP.
  • The switch ports on both sides of Channels 1 and 2 should both initiate negotiations for channel establishment.
  • The switch ports on the SW-B side of the Channel 3 should initiate negotiations with the switch ports on SW-C.
  • The switch ports on the SW-C side of Channel 3 should not initiate negotiations with the switch ports on the other side of the channel.

b. Configure all port-channel interfaces as trunks.

c. Configure trunking on the switch port on SW-A that is connected to Campus.

Step 6: Configure Rapid PVST+.

Configure Rapid PVST+ settings as follows.

a. Activate Rapid PVST+ and set root priorities.

  • All three switches should be configured to run Rapid PVST+.
  • SW-A should be configured as root primary for VLAN 5 and VLAN 10 using the default primary priority values.
  • SW-A should be configured as root secondary for VLAN 15 and VLAN 100 using the default secondary priority values.
  • SW-C should be configured as root primary for VLAN 15 and VLAN 100 using the default primary priority values.
  • SW-C should be configured as root secondary for VLAN 5 and VLAN 10 using the default secondary priority values.

b. Activate PortFast and BPDU Guard on the SW-C switch access ports.

  • Configure PortFast on all access ports that are connected to hosts. This must be configured on the switch ports. Do not use the portfast default form of the command.
  • Activate BPDU Guard on all access ports that are connected to hosts.

Step 7: Configure switch security.

You are required to complete the following only on SW-B for this assessment. In reality, security should be configured on all devices in the network.

a. Secure unused switch ports. Following security best practices, do the following on SW-B only:

  • Shutdown all unused switch ports.
  • Configure all unused switch ports as access ports.
  • All unused switch ports should be assigned to VLAN 999.

b. Configure port security on all active access ports on the SW-B.

  • Each switch port should accept only two MAC addresses before a security action occurs.
  • The learned MAC addresses should be recorded in the running configuration.
  • If a security violation occurs, the switch ports should provide notification that a violation has occurred but not place the interface in an err-disabled state.

c. On SW-B, configure the virtual terminal lines to accept only SSH connections on the virtual terminal lines.

  • Use a domain name of ccnaPTSA.com.
  • Use a modulus value of 1024.
  • Configure SSH version 2.
  • Configure the vty lines to only accept SSH connections.
  • Configure user-based authentication for SSH connections to the vty lines with a user name of netadmin and a secret password of SSH_secret9. The user name and password must match the values provided here exactly in case, punctuation, and spelling.

Step 8: Configure routing between VLANs.

Configure router Campus to route between VLANs according to the information in the addressing table.

  • Do not route VLAN 999.

Step 9: Configure a standard access control list.

Configure a standard access control list to control access to the management interfaces (SVI) of the switches as follows:

  • Use the number 1 for the list.
  • Permit only addresses from the admin VLAN network to access any address on the manage VLAN network.
  • Hosts on the admin VLAN network should be able to reach all other destinations.
  • Your list should consist of one statement.

Step 10: Configure the router as a DHCP server.

Configure three DHCP pools as follows:

  • Create a DHCP pool for hosts on VLAN5 using the pool name vlan5pool.
  • Create a DHCP pool for hosts on VLAN10 using the pool name vlan10pool.
  • Create a DHCP pool for hosts on VLAN15 using the pool name vlan15pool.
  • All VLAN pool names must match the provided values exactly.
  • Exclude the first five addresses from each pool.
  • Configure a DNS server address of 192.0.2.62.
  • Once they have received addresses, the hosts should be able to ping hosts on other networks.

Step 11: Configure host addressing.

All hosts should be able to ping each other and the two external servers after they have been addressed.
Hosts on VLANs 5, 10 and 15 should be configured to receive addresses dynamically over DHCP.
Hosts on VLAN 100 should be addressed statically as indicated in the addressing table. Once configured, the hosts should be able to ping hosts on other networks.

Shared by Gega Sxirtladze

Router Campus

en
conf t
int g0/1
no shut
no shutdown
exit

int g0/1.5
encapsulation dot1Q 5
ip address 10.10.5.1 255.255.255.0
no shutdown
exit
int g0/1.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
no shut
exit
int g0/1.15
encapsulation dot1Q 15
ip addr 10.10.15.1 255.255.255.0
no shut
exit
int g0/1.100
encapsulation dot1Q 100
ip addr 10.10.100.1 255.255.255.0
no shut
exit
int g0/1.199
encapsulation dot1Q 199
ip addr 10.10.199.1 255.255.255.0
no shut
exit
ip dhcp excluded-address 10.10.5.1 10.10.5.5
ip dhcp pool vlan5pool
network 10.10.5.0 255.255.255.0
default-router 10.10.5.1
dns-server 192.0.2.62
exit

ip dhcp excluded-address 10.10.10.1 10.10.10.5
ip dhcp pool vlan10pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 192.0.2.62
exit

ip dhcp excluded-address 10.10.15.1 10.10.15.5
ip dhcp pool vlan15pool
network 10.10.15.0 255.255.255.0
default-router 10.10.15.1
dns-server 192.0.2.62
exit
ip access-list standard 1
permit 10.10.100.0 0.0.0.255
exit
int g0/1.199
ip access-group 1 out

————————————————-

SW-B
en
conf t
hostname SW-B
no ip domain-lookup
banner motd “SW-B”
enable secret cisco
service password-encryption

line console 0
password cisco
login
Logging synchronous
exit

line vty 0 15
password cisco
login
exit

no logging console

vlan 5
name sales
exit
vlan 10
name prod
exit
vlan 15
name acct
exit
vlan 100
name admin
exit
vlan 199
name manage
exit
vlan 999
name null
exit
int f0/7
switchport mode access
switchport access vlan 5
no shutdown
exit

int f0/10
switchport mode access
switchport access vlan 10
no shutdown
exit

int f0/15
switchport mode access
switchport access vlan 15
no shutdown
exit

int f0/24
switchport mode access
switchport access vlan 100
no shutdown
exit

int vlan 199
ip address 10.10.199.253 255.255.255.0
ip default-gateway 10.10.199.1
int port-channel 2
exit
int range fa0/3-4
channel-group 2 mode active
exit

int port-channel 3
exit
int range fa0/5-6
channel-group 3 mode active
exit

int range fa0/3-6
switchport mode trunk
exit

spanning-tree mode rapid-pvst

int range fa0/1-2
switchport mode access
switchport access vlan 999
shutdown
exit

int range fa0/8-9
switchport mode access
switchport access vlan 999
shutdown
exit

int range fa0/11-14
switchport mode access
switchport access vlan 999
shutdown
exit

int range fa0/16-23
switchport mode access
switchport access vlan 999
shutdown
exit

Int range g1/1-2
switchport mode access
switchport access vlan 999
shutdown
exit
int fa0/7
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
exit

int fa0/10
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
exit

int fa0/15
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
exit

int fa0/24
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security violation restrict
exit

ip domain-name ccnaPTSA.com
crypto key generate rsa
1024
ip ssh version 2

line vty 0 4
login local
transport input ssh
exit

username netadmin secret SSH_secret9

—————————————————-
SW-A>
en
conf t

vlan 5
name sales
exit
vlan 10
name prod
exit
vlan 15
name acct
exit
vlan 100
name admin
exit
vlan 199
name manage
exit
vlan 999
name null
exit
int f0/5
switchport mode access
switchport access vlan 5
no shutdown
exit

int f0/10
switchport mode access
switchport access vlan 10
no shutdown
exit
int f0/15
switchport mode access
switchport access vlan 15
no shutdown
exit

int f0/24
switchport mode access
switchport access vlan 100
no shutdown
exit

int vlan 199
ip address 10.10.199.254 255.255.255.0
ip default-gateway 10.10.199.1
int port-channel 1
exit
int port-channel 2
exit

int range fa0/1-2
channel-group 1 mode active
exit

int range fa0/3-4
channel-group 2 mode active
exit

int range fa0/1-4
switchport mode trunk
exit

int gig1/1
no shutdown
switchport mode trunk
exit

spanning-tree mode rapid-pvst
spanning-tree vlan 5 root primary
spanning-tree vlan 10 root primary
spanning-tree vlan 15 root secondary
spanning-tree vlan 100 root secondary

————————————————–
SW-C

en
conf t

vlan 5
name sales
exit
vlan 10
name prod
exit
vlan 15
name acct
exit
vlan 100
name admin
exit
vlan 199
name manage
exit
vlan 999
name null
exit
int f0/7
switchport mode access
switchport access vlan 5
no shutdown
exit

int f0/10
switchport mode access
switchport access vlan 10
no shutdown
exit
int f0/15
switchport mode access
switchport access vlan 15
no shutdown
exit

int f0/24
switchport mode access
switchport access vlan 100
no shutdown
exit

int vlan 199
ip address 10.10.199.252 255.255.255.0
ip default-gateway 10.10.199.1
int port-channel 1
exit
int port-channel 3
exit

int range fa0/1-2
channel-group 1 mode active
exit

int range fa0/5-6
channel-group 3 mode passive
exit

int range fa0/1-2
switchport mode trunk
exit

int range fa0/5-6
switchport mode trunk
exit

spanning-tree mode rapid-pvst
spanning-tree vlan 15 root primary
spanning-tree vlan 100 root primary
spanning-tree vlan 5 root secondary
spanning-tree vlan 10 root secondary

int fa0/7
spanning-tree portfast
spanning-tree bpduguard enable
exit

int fa0/10
spanning-tree portfast
spanning-tree bpduguard enable
exit

int fa0/15
spanning-tree portfast
spanning-tree bpduguard enable
exit

int fa0/24
spanning-tree portfast
spanning-tree bpduguard enable
exit

CCNA 3 v5 SN OSPF Practice Skills Assessment – Packet Tracer 2014

CCNA 3 v5 SN OSPF Practice Skills Assessment – Packet Tracer 2014

CCNA Routing and Switching
Scaling Networks

OSPF Practice Skills Assessment – Packet Tracer

A few things to keep in mind while completing this activity:

  1. Do not use the browser Back button or close or reload any exam windows during the exam.
  2. Do not close Packet Tracer when you are done. It will close automatically.
  3. Click the Submit Assessment button in the browser window to submit your work.

Introduction

In Part I of this practice skills assessment, you will configure the Company A network with routing and ACLs. You will configure dynamic routing with OSPFv2 and distribute a default route. In addition, you will configure two access control lists.

In Part II of this practice skills assessment, you will configure the Company A network with RPVST+, port security, EtherChannel, DHCP, VLANs and trunking, and routing between VLANs. In addition you will perform an initial configuration on a switch, secure switch ports and create SVIs. You will also control access to the switch management network with an access control list.

All IOS device configurations should be completed from a direct terminal connection to the device console from an available host.

Some values that are required to complete the configurations have not been given to you. In those cases, create the values that you need to complete the requirements. These values may include certain IP addresses, passwords, interface descriptions, banner text, and other values.

For the sake of time, many repetitive but important configuration tasks have been omitted from this activity. Many of these tasks, especially those related to device security, are essential elements of a network configuration. The intent of this activity is not to diminish the importance of full device configurations.

You will practice and be assessed on the following skills:

  • Configuration of initial device settings
  • IPv4 address assignment and configuration
  • Configuration and addressing of device interfaces
  • Configuration of the OSPFv2 routing protocol
  • Configuration of a default route
  • Configuration of ACL to limit device access
  • Configuration of switch management settings including SSH
  • Configuration of port security
  • Configuration of unused switch ports according to security best practices
  • Configuration of RPVST+
  • Configuration of  EtherChannel
  • Configuration of a router as a DHCP server
  • Configuration of VLANs and trunks
  • Configuration of routing between VLANs

You are required to do the following:

Site 1:

  • Configure initial device settings.
  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure and customize OSPFv2.

HQ:

  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure and customize OSPFv2.
  • Configure named and numbered ACLs.
  • Configure and propagate a default route through OSPFv2.

Site 2:

  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure DHCP pools and excluded addresses.
  • Configure routing between VLANs.
  • Configure a standard ACL.
  • Configure OSPFv2.

SW-A:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings.
  • Activate and configure RPVST+.
  • Secure unused switch ports.
  • Configure port security.

SW-B:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings with SSH.
  • Activate RPVST+.

SW-C:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings.
  • Activate and configure RPVST+.
  • Configure switch ports with PortFast and BPDU Guard.

Internal PC hosts:

  • Configure as DHCP clients.
  • Assign static IPv4 addresses where indicated.


Tables

Note: You are provided with the networks that interfaces should be configured on. Unless you are told to do differently in the detailed instructions below, you are free to choose the host addresses to assign.

Addressing Table:

Device

Interface

Network

Configuration Details

Site 1

S0/0/0

192.168.100.20/30

any address in the network

192.168.100.22

G0/0

192.168.8.0/24

first host address

192.168.8.1

G0/1

192.168.9.0/24

first host address

192.168.9.1

HQ

S0/0/0

192.168.100.20/30

any address in the network

192.168.100.21

S0/0/1

192.168.100.36/30

any address in the network

192.168.100.37

S0/1/0

203.0.113.16/29

(The first address in this network is already in use on the ISP router. Any other address in the network can be assigned to this interface.)

203.0.113.18

Site 2

S0/0/1

192.168.100.36/30

any address in the network

192.168.100.38

G0/1.2

10.10.2.0/24

first address in the network

10.10.2.1

G0/1.4

10.10.4.0/24

first address in the network

10.10.4.1

G0/1.8

10.10.8.0/24

first address in the network

10.10.8.1

G0/1.15

10.10.15.0/24

first address in the network

10.10.15.1

G0/1.25

10.10.25.0/24

first address in the network

10.10.25.1

SW-A

SVI

10.10.25.0/24

the highest address in the network

10.10.25.254

SW-B

SVI

10.10.25.0/24

the second to the highest address in the network

10.10.25.253

SW-C

SVI

10.10.25.0/24

the third to the highest address in the network

10.10.25.252

Manage-1A

NIC

192.168.8.0/24

any address in the network

192.168.8.2

Clerk-1C

NIC

192.168.9.0/24

any address in the network

192.168.9.2

Admin-A

NIC

10.10.15.0/24

any available address in network

10.10.15.2

Admin-B

NIC

10.10.15.0/24

any available address in network

10.10.15.3

VLAN Switch Port Assignment Table:

VLAN

Name

Network

Device

Switch Ports

2

sales

10.10.2.0/24

SW-A

Fa0/5

SW-C

Fa0/7

4

prod

10.10.4.0/24

SW-A

Fa0/10

SW-C

Fa0/10

8

acct

10.10.8.0/24

SW-A

Fa0/15

SW-C

Fa0/15

15

admin

10.10.15.0/24

SW-A

Fa0/24

SW-C

Fa0/24

25

SVI-NET

10.10.25.0/24

SW-A

SVI

SW-B

SVI

SW-C

SVI

99

null

N/A

SW-A

all unused ports

Port-Channel Groups:

Channel

Device

Interfaces

1

SW-A

Fa0/1, Fa0/2

SW-C

Fa0/1, Fa0/2

2

SW-A

Fa0/3, Fa0/4

SW-B

Fa0/3, Fa0/4

3

SW-B

Fa0/5, Fa0/6

SW-C

Fa0/5, Fa0/6

Instructions

All configurations must be performed through a direct terminal connection to the device console line from an available host.

Part I: OSPFv2 Router Configuration

Step 1: Plan the Addressing.

Determine the IP addresses that you will use for the required interfaces on the devices and LAN hosts. Follow the configuration details provided in the Addressing Table.

Step 2: Configure Site 1.

Configure Site 1 with initial settings:

  • Configure the router host name: Site-1. This value must be entered exactly as it appears here.

Router(config)#hostname Site-1

  • Prevent the router from attempting to resolve command line entries to IP addresses.

Site-1(config)# no ip domain look up

  • Protect device configurations from unauthorized access with an encrypted secret password.

Site-1(config)# enable secret class

  • Secure the router console and remote access lines.

Site-1(config)#line console 0
Site-1(config-line)#password cisco
Site-1(config-line)#login

Site-1(config)#line vty 0 4
Site-1(config-line)#password cisco
Site-1(config-line)#login

Site-1(config)#line aux 0
Site-1(config-line)#password cisco
Site-1(config-line)#login

  • Prevent system status messages from interrupting console output.

Site-1(config)#line console 0
Site-1(config-line)#logging synchronous

  • Configure a message-of-the-day banner.

Site-1(config)#banner motd “Authorized Access Only”

  • Encrypt all clear text passwords.

Site-1(config)#service password-encryption

Step 3: Configure the Router Interfaces.

Configure the interfaces of all routers for full connectivity with the following:

  • IP addressing
  • Descriptions for serial interfaces.
  • Configure DCE settings where required. Use a rate of 128000.
  • The Ethernet subinterfaces on Site 2 will configured later in this assessment.

Step 4: Configure inter-VLAN routing on Site 2.

Configure router Site 2 to route between VLANs using information in the Addressing Table and VLAN Switch Port Assignment Table. The VLANs will be configured on the switches later in this assessment.

  • Do not route the VLAN 99 network.

Step 5: Configure Default Routing.

On HQ, configure a default route to the Internet. Use the exit interface argument. 

Step 6: Configure OSPF Routing.

a. On all routers:

  • Configure multiarea OSPFv2 to route between all internal networks. Use a process ID of 1.
  • Use the area numbers shown in the topology.
  • Use the correct wild card masks for all network statements.
  • You are not required to route the SVI-NET VLAN network on Site 2.
  • Prevent routing updates from being sent to the LANs.

b. On the HQ router:

  • Configure multiarea OSPFv2 to distribute the default route to the other routers.

Step 7: Customize Multiarea OSPFv2.

Customize multiarea OSPFv2 by performing the following configuration tasks:

a. Set the bandwidth of all serial interfaces to 128 kb/s.

b. Configure OSPF router IDs as follows:

  • Site 1: 1.1.1.1
  • HQ: 2.2.2.2
  • Site 2: 3.3.3.3
  • The configured router IDs should be in effect on all three routes.

c. Configure the OSPF cost of the link between Site 1 and HQ to 7500.

Step 8: Configure OSPF MD5 Authentication on the Required Interfaces.

Configure OSPF to authenticate routing updates with MD5 authentication on the OSPF interfaces.

  • Use a key value of 1.
  • Use xyz_OSPF as the password.
  • Apply MD5 authentication to the required interfaces.

Step 9: Configure Access Control Lists.

You will configure two access control lists in this step. You should use the any and host keywords in the ACL statements as required. The ACL specifications are as follows:

a. Restrict access to the vty lines on HQ with an ACL:

  • Create a named standard ACL using the name TELNET-BLOCK. Be sure that you enter this name exactly as it appears in this instruction.
  • Allow only Admin Host to access the vty lines of HQ.
  • No other Internet hosts (including hosts not visible in the topology) should be able to access the vty lines of HQ.
  • Your solution should consist of one ACL statement.
  • Your ACL should be placed in the most efficient location as possible to conserve network bandwidth and device processing resources.

b. Block ping requests from the Internet with an ACL:

  • Use access list number 101.
  • Allow only Admin Host to ping addresses within the Company A network. Only echo messages should be permitted.
  • Prevent all other Internet hosts (not only the Internet hosts visible in the topology) from pinging addresses inside the Company A network. Block echo messages only.
  • All other traffic should be allowed.
  • Your ACL should consist of three statements.
  • Your ACL should be placed in the most efficient location as possible to conserve network bandwidth and device processing resources.

c. Control access to the management interfaces (SVI) of the three switches attached to Site 2 as follows:

  • Create a standard ACL.
  • Use the number 1 for the list.
  • Permit only addresses from the admin VLAN network to access any address on the SVI-NET VLAN network.
  • Hosts on the  admin VLAN network should be able to reach all other destinations.
  • Your list should consist of one statement.
  • Your ACL should be placed in the most efficient location as possible to conserve network bandwidth and device processing resources.
  • You will be able to test this ACL at the end of Part II  of this assessment.

Part II: Switching and DHCP Configuration

Step 1: Create and name VLANs.

On all three switches that are attached to Site 2, create and name the VLANs shown in the VLAN Table.

  • The VLAN names that you configure must match the values in the table exactly.
  • Each switch should be configured with all of the VLANs shown in the table.

Step 2:  Assign switch ports to VLANs.

Using the VLAN table, assign switch ports to the VLANs you created in Step 1, as follows:

  • All switch ports that you assign to VLANsn should be configured to static access mode.
  • All switch ports that you assign to VLANs should be activated.
  • Note that all of the unused ports on SW-A should be assigned to VLAN 99. This configuration step on switches SW-B and SW-C is not required in this assessment for the sake of time.
  • Secure the unused switch ports on SW-A by shutting them down.

Step 3:  Configure the SVIs.

Refer to the Addressing Table. Create and address the SVIs on all three of the switches that are attached to Site 2. Configure the switches so that they can communicate with hosts on other networks. Full connectivity will be established after routing between VLANs has been configured later in this assessment.

Step 4:  Configure Trunking and EtherChannel.

a. Use the information in the Port-Channel Groups table to configure EtherChannel as follows:

  • Use LACP.
  • The switch ports on both sides of Channels 1 and 2 should initiate negotiations for channel establishment.
  • The switch ports on the SW-B side of Channel 3 should initiate negotiations with the switch ports on SW-C.
  • The switch ports on the SW-C side of Channel 3 should not initiate negotiations with the switch ports on the other side of the channel.
  • All channels should be ready to forward data after they have been configured.

b. Configure all port-channel interfaces as trunks.

c. Configure static trunking on the switch port on SW-B that is connected to Site 2.

Step 5:  Configure Rapid PVST+.

Configure Rapid PVST+ as follows:

a. Activate Rapid PVST+ and set root priorities.

  • All three switches should be configured to run Rapid PVST+.
  • SW-A should be configured as root primary for VLAN 2 and VLAN 4 using the default primary priority values.
  • SW-A should be configured as root secondary for VLAN 8 and VLAN 15 using the default secondary priority values.
  • SW-C should be configured as root primary for VLAN 8 and VLAN 15 using the default primary priority values.
  • SW-C should be configured as root secondary for VLAN 2 and VLAN 4 using the default secondary priority values.

b. Activate PortFast and BPDU Guard on the active SW-C switch access ports.

  • On SW-C, configure PortFast on the access ports that are connected to hosts.
  • On SW-C, activate BPDU Guard on the access ports that are connected to hosts.

Step 6:  Configure switch security.

You are required to complete the following only on some of the devices in the network for this assessment. In reality, security should be configured on all devices in the network.

a. Configure port security on all active access ports that have hosts connected on SW-A.

  • Each active access port should accept only two MAC addresses before a security action occurs.
  • The learned MAC addresses should be recorded in the running configuration.
  • If a security violation occurs, the switch ports should provide notification that a violation has occurred but not place the interface in an err-disabled state.

b. On SW-B, configure the virtual terminal lines to accept only SSH connections.

  • Use a domain name of ccnaPTSA.com.
  • Use SW-B as the host name.
  • Use a modulus value of 1024.
  • Configure SSH version 2.
  • Configure the vty lines to only accept SSH connections.
  • Configure user-based authentication for the SSH connections with a user name ofnetadmin and a secret password of SSH_secret9. The user name and password must match the values provided here exactly.

c. Ensure that all unused switch ports on SW-A have been secured as follows:

  • They should be assigned to VLAN 99.
  • They should all be in access mode.
  • They should be shutdown.

Step 7: Configure Site 2 as a DHCP server for the hosts attached to the SW-A and SW-C switches.

Configure three DHCP pools as follows:

  • Refer to the information in the Addressing Table.
  • Create a DHCP pool for hosts on VLAN 2 using the pool name vlan2pool.
  • Create a DHCP pool for hosts on VLAN 4 using the pool name vlan4pool.
  • Create a DHCP pool for hosts on VLAN 8 using the pool name vlan8pool.
  • All VLAN pool names must match the provided values exactly.
  • Exclude the first five addresses from each pool.
  • Configure a DNS server address of 192.168.200.225.
  • All hosts should be able to communication with hosts on other networks.

Step 8: Configure host addressing.

Hosts should be able to ping each other and external hosts after they have been correctly addressed, where permitted.

  • Hosts on VLANs 2, 4, and 8 should be configured to receive addresses dynamically over DHCP.
  • Hosts on VLAN 15 should be addressed statically as indicated in the Addressing Table. Once configured, the hosts should be able to ping hosts on other networks.
  • Hosts on the LANs attached to Site 1 should be statically assigned addresses that enable them to communicate with hosts on other networks, as indicated in the Addressing Table.

Configuration

#####–SITE 1

hostname East
no ip domain-lookup
enable secret cisco
line console 0
logging synchronous
password cisco
login
line aux 0
password cisco
login
line vty 0 15
password cisco
login
service password-encryption
banner motd @Authorized acces only!@

interface serial 0/0/0
bandwidth 128
clock rate 12800
ip address 192.168.100.22 255.255.255.252
description 2-Central
ip ospf cost 7500
ip ospf message-digest-key 1 md5 xyz_OSPF
ip ospf authentication message-digest
no shutdown
exit

interface gi 0/0
ip address 192.168.8.1 255.255.255.0
description Manage-1A
no shutdown
interface gi 0/1
ip address 192.168.9.1 255.255.255.0
description Clerk-1C
no shutdown
exit

— OSPF
router ospf 1
router-id 1.1.1.1
area 0 authentication message-digest
network 192.168.100.20 0.0.0.3 area 0
network 192.168.8.0 0.0.0.255 area 1
network 192.168.9.0 0.0.0.255 area 1
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
no auto-summary
exit

####################
########–HQ

hostname Central
no ip domain-lookup
enable secret cisco
line console 0
logging synchronous
password cisco
login
line aux 0
password cisco
login
line vty 0 15
password cisco
login
service password-encryption
banner motd @Authorized acces only @

ip route 0.0.0.0 0.0.0.0 s0/1/0
interface serial 0/0/0
bandwidth 128
ip address 192.168.100.21 255.255.255.252
description 2-East
ip ospf cost 7500
ip ospf message-digest-key 1 md5 xyz_OSPF
ip ospf authentication message-digest
no shutdown
exit

interface serial 0/0/1
bandwidth 128
ip address 192.168.100.37 255.255.255.252
description 2-West
clock rate 128000
ip ospf message-digest-key 1 md5 xyz_OSPF
ip ospf authentication message-digest
no shutdown
exit

interface serial 0/1/0
bandwidth 128
ip address 203.0.113.18 255.255.255.248
description 2-INTERNET
no shutdown
exit

— OSPF
router ospf 1
router-id 2.2.2.2
area 0 authentication message-digest
default-information originate
network 192.168.100.20 0.0.0.3 area 0
network 192.168.100.36 0.0.0.3 area 0
passive-interface Serial0/1/0
no auto-summary
exit

–ACCESS LIST
ip access-list standard TELNET-BLOCK
permit host 198.51.100.5
line vty 0 15
access-class TELNET-BLOCK in

interface serial 0/1/0
ip access-group 101 in
exit

#######################
###### –SITE 2

hostname West
no ip domain-lookup
enable secret cisco
line console 0
logging synchronous
password cisco
login
line vty 0 15
password cisco
login
service password-encryption
banner motd @Authorized acces only.@

interface serial 0/0/1
bandwidth 128
ip address 192.168.100.38 255.255.255.252
description 2-Central
ip ospf message-digest-key 1 md5 xyz_OSPF
ip ospf authentication message-digest
no shutdown

interface gi 0/1
no shutdown

interface gi 0/1.2
encapsulation dot1q 2
ip address 10.10.2.1 255.255.255.0
interface gi 0/1.4
encapsulation dot1q 4
ip address 10.10.4.1 255.255.255.0
interface gi 0/1.8
encapsulation dot1q 8
ip address 10.10.8.1 255.255.255.0
interface gi 0/1.15
encapsulation dot1q 15
ip address 10.10.15.1 255.255.255.0
interface gi 0/1.25
encapsulation dot1q 25
ip address 10.10.25.1 255.255.255.0
exit

— OSPF
router ospf 1
router-id 3.3.3.3
passive-interface GigabitEthernet0/1
network 192.168.100.36 0.0.0.3 area 0
network 10.10.2.0 0.0.0.255 area 2
network 10.10.4.0 0.0.0.255 area 2
network 10.10.8.0 0.0.0.255 area 2
network 10.10.15.0 0.0.0.255 area 2
no auto-summary
passive-interface g0/1.2
passive-interface g0/1.4
passive-interface g0/1.8
passive-interface g0/1.15
exit

– ROUTE SUMMARIZATION
interface serial 0/0/1
ip summary-address eigrp 100 10.10.0.0 255.255.240.0

– DHCP
ip dhcp excluded-address 10.10.2.1 10.10.2.5
ip dhcp excluded-address 10.10.4.1 10.10.4.5
ip dhcp excluded-address 10.10.8.1 10.10.8.5
ip dhcp pool vlan2pool
network 10.10.2.0 255.255.255.0
default-router 10.10.2.1
dns-server 192.168.200.225
ip dhcp pool vlan4pool
network 10.10.4.0 255.255.255.0
default-router 10.10.4.1
dns-server 192.168.200.225
ip dhcp pool vlan8pool
network 10.10.8.0 255.255.255.0
default-router 10.10.8.1
dns-server 192.168.200.225
exit

–ACCESS LIST
access-list 1 permit 10.10.15.0 0.0.0.255
interface gi0/1.25
ip access-group 1 out

#######–SW-A

hostname Bldg1
no ip domain-lookup
enable secret cisco
line console 0
logging synchronous
password cisco
login
line vty 0 15
password cisco
login
service password-encryption
banner motd @Authorized acces only!@

ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.254 255.255.255.0
no shutdown

interface fa0/5
switchport mode acces
switchport acces vlan 2

interface fa0/10
switchport mode acces
switchport acces vlan 4

interface fa0/15
switchport mode acces
switchport acces vlan 8

interface fa0/24
switchport mode acces
switchport acces vlan 15

interface range fa0/6-9,fa0/11-14,fa0/16-23
switchport mode acces
switchport acces vlan 99
shutdown

interface range gi1/1-2
switchport mode acces
switchport acces vlan 99
shutdown

– ETHERCHANNEL
interface range fa0/1-2
channel-group 1 mode active
interface port-channel 1
switchport mode trunk
interface range fa0/3-4
channel-group 2 mode active
interface port-channel 2
switchport mode trunk
exit

–PVST+
spanning-tree mode rapid-pvst
spanning-tree vlan 2 root primary
spanning-tree vlan 4 root primary
spanning-tree vlan 8 root secondary
spanning-tree vlan 15 root secondary

–SECURITY
interface fa0/5
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky

interface fa0/10
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky

interface fa0/15
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky

interface fa0/24
switchport port-security
switchport port-security violation restrict
switchport port-security maximum 2
switchport port-security mac-address sticky

#######–SW-B

hostname Bldg2
no ip domain-lookup
enable secret cisco
line console 0
logging synchronous
password cisco
login
line vty 0 15
password cisco
login
service password-encryption
banner motd @Authorized acces only!@

– SSH
ip ssh version 2
ip domain-name ccnaPTSA.com
crypto key generate rsa
username netadmin password SSH_secret9
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh

ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.253 255.255.255.0
no shutdown
interface gi 1/1
switchport mode trunk

– ETHERCHANNEL
interface range fa0/3-4
channel-group 2 mode active
interface port-channel 2
switchport mode trunk
interface range fa0/5-6
channel-group 3 mode active
interface port-channel 3
switchport mode trunk

–PVST+
spanning-tree mode rapid-pvst

#########– SW-C

hostname Bldg3
no ip domain-lookup
enable secret cisco
line console 0
logging synchronous
password cisco
login
line vty 0 15
password cisco
login
service password-encryption
banner motd @Authorized acces only !@

ip default-gateway 10.10.25.1
vlan 2
name sales
vlan 4
name prod
vlan 8
name acct
vlan 15
name admin
vlan 25
name SVI-NET
vlan 99
name null
interface vlan 25
ip address 10.10.25.252 255.255.255.0
no shutdown

interface fa0/7
switchport mode acces
switchport acces vlan 2

interface fa0/10
switchport mode acces
switchport acces vlan 4

interface fa0/15
switchport mode acces
switchport acces vlan 8

interface fa0/24
switchport mode acces
switchport acces vlan 15

– ETHERCHANNEL
interface range fa0/1-2
channel-group 1 mode active
no shutdown
interface port-channel 1
switchport mode trunk

interface range fa0/5-6
channel-group 3 mode passive
no shutdown
interface port-channel 3
switchport mode trunk

–PVST+
spanning-tree mode rapid-pvst
spanning-tree vlan 2 root secondary
spanning-tree vlan 4 root secondary
spanning-tree vlan 8 root primary
spanning-tree vlan 15 root primary

–Port Fast BPDU Guard
interface range fa0/7, fa0/10, fa0/15, fa0/24
spanning-tree portfast
spanning-tree bpduguard enable
no shutdown

CCNA 3 v5 SN EIGRP Practice Skills Assessment – Packet Tracer 2014

CCNA 3 v5 SN EIGRP Practice Skills Assessment – Packet Tracer 2014

CCNA 3 Routing and Switching
Scaling Networks

EIGRP Practice Skills Assessment – Packet Tracer

A few things to keep in mind while completing this activity:

  1. Do not use the browser Back button or close or reload any exam windows during the exam.
  2. Do not close Packet Tracer when you are done. It will close automatically.
  3. Click the Submit Assessment button in the browser window to submit your work.

Introduction

In Part I of this practice skills assessment, you will configure routing and ACLs. You will configure dynamic routing with EIGRP for IPv4 and static and default routes. In addition, you will configure two access control lists.

In Part II of this practice skills assessment, you will configure the Medical Company network with RPVST+, port security, EtherChannel, DHCP, VLANs and trunking, and routing between VLANs. In addition you will perform an initial configuration on a switch, secure unused switch ports and secure SVIs. You will also control access to the switch management network with an access control list.

All IOS device configurations should be completed from a direct terminal connection to the device console from an available host.

Some values that are required to complete the configurations have not been given to you. In those cases, create the values that you need to complete the requirements. These values may include certain IP addresses, passwords, interface descriptions, banner text, and other values.

For the sake of time, many repetitive but important configuration tasks have been omitted from this activity. Many of these tasks, especially those related to device security, are essential elements of a network configuration. The intent of this activity is not to diminish the importance of full device configurations.

You will practice and be assessed on the following skills:

  • Configuration of initial device settings
  • IPv4 address assignment and configuration
  • Configuration and addressing of device interfaces
  • Configuration of the EIGRP for IPv4 routing protocol
  • Configuration of a default route
  • Configuration of ACL to limit device access
  • Configuration of switch management settings including SSH
  • Configuration of port security
  • Configuration of unused switch ports according to security best practices
  • Configuration of RPVST+
  • Configuration of  EtherChannel
  • Configuration of a router as a DHCP server
  • Configuration of VLANs and trunks
  • Configuration of routing between VLANs

You are required to do the following:

East:

  • Configure initial device settings.
  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure and customize EIGRP for IPv4.

Central:

  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure and customize EIGRP for IPv4.
  • Configure named and numbered ACLs.
  • Configure and propagate a default route through EIGRP for IPv4.

West:

  • Configure interfaces with IPv4 addresses, descriptions, and other settings.
  • Configure DHCP pools and excluded addresses.
  • Configure routing between VLANs.
  • Configure EIGRP for IPv4.
  • Configure EIGRP for IPv4 route summarization.
  • Configure an ACL to limit access to the switch management network.

Bldg1:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings.
  • Activate and configure RPVST+.
  • Secure unused switch ports.
  • Configure port security.

Bldg2:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings with SSH.
  • Activate RPVST+.

Bldg3:

  • Create and name VLANs.
  • Configure EtherChannel.
  • Configure trunking.
  • Assign access ports to VLANs.
  • Configure remote management settings.
  • Activate and configure RPVST+.

Internal PC hosts:

  • Configure as DHCP clients.
  • Assign Static IPv4 addresses where indicated.


Tables

Note: You are provided with the networks that interfaces should be configured on. Unless you are told to do differently in the detailed instructions below, you are free to choose the host addresses to assign.

Addressing Table:

Device

Interface

Network

Configuration Details

East

S0/0/0

192.168.100.20/30

any address in the network

S0/0/1

192.168.100.28/30

any address in the network

G0/0

192.168.8.0/24

first host address

G0/1

192.168.9.0/24

first host address

Central

S0/0/0

192.168.100.20/30

any address in the network

S0/0/1

192.168.100.36/30

any address in the network

S0/1/0

203.0.113.16/29

(The first address in this network is already in use on the ISP router. Any other address in the network can be assigned to this interface.)

West

S0/0/0

192.168.100.28/30

any address in the network

S0/0/1

192.168.100.36/30

any address in the network

G0/1.2

10.10.2.0/24

first address in the network

G0/1.4

10.10.4.0/24

first address in the network

G0/1.8

10.10.8.0/24

first address in the network

G0/1.15

10.10.15.0/24

first address in the network

G0/1.25

10.10.25.0/24

first address in the network

Bldg1

SVI

10.10.25.0/24

the highest address in the network

Bldg2

SVI

10.10.25.0/24

the second to the highest address in the network

Bldg3

SVI

10.10.25.0/24

the third to the highest address in the network

Host 1

NIC

192.168.8.0/24

any available address in the network

Host 2

NIC

192.168.9.0/24

any available address in the network

NetAdmin 1

NIC

10.10.15.0/24

any available address in the network

NetAdmin 2

NIC

10.10.15.0/24

any available address in the network

VLAN Switch Port Assignment Table:

VLAN

Name

Network

Device

Switch Ports

2

LAB-A

10.10.2.0/24

Bldg1

Fa0/5

Bldg3

Fa0/7

4

LAB-B

10.10.4.0/24

Bldg1

Fa0/10

Bldg3

Fa0/10

8

LAB-C

10.10.8.0/24

Bldg1

Fa0/15

Bldg3

Fa0/15

15

NetAdmin

10.10.15.0/24

Bldg1

Fa0/24

Bldg3

Fa0/24

25

SW-Admin

10.10.25.0/24

Bldg1

SVI

Bldg2

SVI

Bldg3

SVI

99

spare

N/A

Bldg1

all unused ports

Port-Channel Group Interfaces:

Channel

Device

Interfaces

1

Bldg1

Fa0/1, Fa0/2

Bldg3

Fa0/1, Fa0/2

2

Bldg1

Fa0/3, Fa0/4

Bldg2

Fa0/3, Fa0/4

3

Bldg2

Fa0/5, Fa0/6

Bldg3

Fa0/5, Fa0/6

Instructions

All configurations must be performed through a direct terminal connection to the device console lines from an available host.

Part I: EIGRP Router Configuration

Step 1: Plan the Addressing.

Determine the IP addresses that you will use for the required interfaces on the devices and LAN hosts. Follow the configuration details provided in the Addressing Table.

Step 2: Configure East.

Configure East with initial settings:

  • Configure the router host name: East. This value must be entered exactly as it appears here.
  • Prevent the router from attempting to resolve command line entries to IP addresses.
  • Protect device configurations from unauthorized access with an encrypted secret password.
  • Secure the router console and remote access lines.
  • Prevent system status messages from interrupting console output.
  • Configure a message-of-the-day banner.
  • Encrypt all clear text passwords.

Hostname East

No ip domain look up

Enable secret class

Line console 0

Password cisco

Logging sinchronus

Login

Line vty 0 4

Password cisco

login

Banner motd “Authorized Access Only”

Service password-encryption

Step 3: Configure the Router Interfaces.

Use the information in the addressing table to configure the interfaces of all routers for full connectivity with the following:

  • Configure IP addressing.
  • Descriptions for all physical interfaces.
  • Configure DCE settings where required. Use a rate of 128000.
  • The Ethernet subinterfaces on West will be configured later in this assessment.

Step 4: Configure inter-VLAN routing on West.

Configure router West to route between VLANs using information in the Addressing Table and VLAN Switch Port Assignment Table. The VLANs will be configured on the switches later in this assessment.

  • Do not route the VLAN 99 network.

Step 5: Configure EIGRP Routing and a default route.

a. On all routers:

  • Configure EIGRP for IPv4 to route between the internal networks. Use ASN 100.
  • Use the precise wild card masks for all network statements.
  • You are not required to route the SW-Admin VLAN network over EIGRP.
  • Prevent routing updates from being sent on the LAN networks.  Do not use the default keyword version of the command to do so.
  • Prevent EIGRP for IPv4 from performing automatic route summarization on all routers.

b. On the Central router:

  • Configure a default route to the Internet. Use the exit interface argument.
  • Configure EIGRP for IPv4 to distribute the default route to the other routers.

Step 6: Customize EIGRP for IPv4.

Customize EIGRP for IPv4 by performing the following configuration tasks:

  • Set the bandwidth of the link between East and Central to 128 kb/s.
  • Create a summary route for the LANs connected to Bldg3. It should include all networks from 10.10.0.0 to 10.10.15.0.
  • Do not include the SW-Admin VLAN network in the summary route.
  • Configure EIGRP for IPv4 with the route summary so that it will be sent to the other routers. Be sure to configure the summary on all of the appropriate interfaces.

Step 7: Configure Access Control Lists.

You will configure two access control lists in this step. You should use the any and host keywords in the ACL statements where appropriate. The ACL specifications are as follows:

a.  Restrict access to the vty lines on Central with an ACL:

  • Create a named standard ACL using the name TELNET-BLOCK. Be sure that you enter this name exactly as it appears in this instruction.
  • Allow only Test PC to access the vty lines of Central.
  • No other Internet hosts (including hosts not visible in the topology) should be able to access the vty lines of Central.
  • Your solution should consist of one ACL statement.

b.  Block ping requests from the Internet with an ACL:

  • Use access list number 101.
  • Allow only Test PC to ping addresses within the Medical Company network. Only echo messages should be permitted.
  • Prevent all other Internet hosts (not only the Internet hosts visible in the topology) from pinging addresses inside the Medical Company network. Block echo messages only.
  • All other traffic should be allowed.
  • Your ACL should consist of three statements.
  • Your ACL should be placed in the most efficient location as possible to conserve network bandwidth and device processing resources.

c. Control access to the management interfaces (SVI) of the three switches attached to West as follows:

  • Create a standard ACL.
  • Use the number 1 for the list.
  • Permit only addresses from the NetAdmin VLAN network to access any address on the SW-Admin VLAN network.
  • Hosts on the  NetAdmin VLAN network should be able to reach all other destinations.
  • Your list should consist of one statement.


Part II: Switching and DHCP Configuration

Step 1: Create and name VLANs.

On all three switches that are attached to West, create and name the VLANs shown in the VLAN Table.

  • The VLAN names that you configure must match the values in the table exactly.
  • Each switch should be configured with all of the VLANs shown in the table.

Step 2:  Assign switch ports to VLANs.

Using the VLAN table, assign the switch ports to the VLANs you created in Step 1, as follows:

  • All switch ports that you assign to VLANs should be configured to static access mode.
  • All switch ports that you assign to VLANs should be activated.

Step 3:  Configure the SVIs.

Refer to the Addressing Table. Create and address the SVIs on all three of the switches that are attached to West. Configure the switches so that they can communicate with hosts on other networks. Full connectivity will be established after routing between VLANs has been configured later in this assessment.

Step 4:  Configure Trunking and EtherChannel.

a. Use the information in the Port-Channel Groups table to configure EtherChannel as follows:

  • Use LACP.
  • The switch ports on both sides of Channels 1 and 2 should initiate negotiations for channel establishment.
  • The switch ports on the Bldg2 side of the Channel 3 should initiate negotiations with the switch ports on Bldg3.
  • The switch ports on the Bldg3 side of Channel 3 should not initiate negotiations with the switch ports on the other side of the channel.
  • All channels should be ready to forward data after they have been configured.

b. Configure all port-channel interfaces as trunks.

c. Configure static trunking on the switch port on Bldg2 that is connected to West.

Step 5:  Configure Rapid PVST+.

Configure Rapid PVST+ settings as follows:

a. Activate Rapid PVST+ and set root priorities.

  • All three switches should be configured to run Rapid PVST+.
  • Bldg1 should be configured as root primary for VLAN 2 and VLAN 4 using the default primary priority values.
  • Bldg1 should be configured as root secondary for VLAN 8 and VLAN 15 using the default secondary priority values.
  • Bldg3 should be configured as root primary for VLAN 8 and VLAN 15 using the default primary priority values.
  • Bldg3 should be configured as root secondary for VLAN 2 and VLAN 4 using the default secondary priority values.

b. Activate PortFast and BPDU Guard on the active Bldg3 switch access ports.

  • Configure PortFast on all access ports that are connected to hosts.
  • Activate BPDU Guard on all access ports that are connected to hosts.

Step 6:  Configure switch security.

You are required to complete the following only on some of the devices in the network for this assessment. In reality, security should be configured on all devices in the network.

a. Secure unused switch ports. Following security best practices, do the following on Bldg1 only:

  • Shutdown all unused switch ports.
  • Configure all unused switch ports as static access ports.
  • Ensure that all unused switch ports have been assigned to VLAN 99.

b. Configure port security on all active access ports on Bldg1.

  • Each switch port should accept only two MAC addresses before a security action occurs.
  • The learned MAC addresses should be recorded in the running configuration.
  • If a security violation occurs, the switch ports should provide notification that a violation has occurred but not place the interface in an err-disabled state.

c. On Bldg2, configure the virtual terminal lines to accept only SSH connections.

  • Use a domain name of ccnaPTSA.com.
  • Use a modulus value of 1024.
  • Configure SSH version 2.
  • Configure the vty lines to only accept SSH connections.
  • Configure user-based authentication for the SSH connections with a user name of netadmin and a secret password of SSH_secret9. The user name and password must match the values provided here exactly in case, punctuation, and spelling.

Step 7: Configure West as a DHCP server for the hosts attached to the Bldg1 and Bldg2 switches.

Configure three DHCP pools as follows:

  • Create a DHCP pool for hosts on VLAN 2 using the pool name vlan2pool.
  • Create a DHCP pool for hosts on VLAN 4 using the pool name vlan4pool.
  • Create a DHCP pool for hosts on VLAN 8 using the pool name vlan8pool.
  • All VLAN pool names must match the provided values exactly.
  • Exclude the first five addresses from each pool.
  • Configure a DNS server address of 192.168.200.225.
  • All hosts should be able to communication with hosts on other networks.

Step 8: Configure host addressing.

All hosts should be able to ping each other and the two external servers after they have been addressed.

  • Hosts on VLANs 2, 4, and 8 should be configured to receive addresses dynamically over DHCP.
  • Hosts on VLAN 15 should be addressed statically as indicated in the addressing table. Once configured, the hosts should be able to ping hosts on other networks.
  • Hosts on the LANs attached to East should be statically assigned addressing that enables them to communicate with hosts on other networks.

Configuration

Theese Configurations ate Created By Asitha Indunil Meegama From Srilanka.
Student of Srilanka Institiute of Infromation Technology and Curtin University of Technology Australia.
I have scored 98% for this and i have corrected my mistake also here.
You can score 100%

1. Before begin please read the whole assesment.

2. And change the host name of Esat or Site 1 router accordingly.

3. To apply theese commands in each device go to global Configuration mode { (config)# } and paste them all there without changing.
Thanks !!!

***BLDG1*** or ***SW-A***

ip default-gateway 10.10.25.1

vlan 2

name sales

vlan 4

name prod

vlan 8

name acct

vlan 15

name admin

vlan 25

name SVI-NET

vlan 99

name null

interface vlan 25

ip address 10.10.25.254 255.255.255.0

no shutdown

interface fa0/5

switchport mode acces

switchport acces vlan 2

interface fa0/10

switchport mode acces

switchport acces vlan 4

interface fa0/15

switchport mode acces

switchport acces vlan 8

interface fa0/24

switchport mode acces

switchport acces vlan 15

interface range fa0/6-9,fa0/11-14,fa0/16-23

switchport mode acces

switchport acces vlan 99

shutdown

interface range gi1/1-2

switchport mode acces

switchport acces vlan 99

shutdown

– ETHERCHANNEL

interface range fa0/1-2

channel-group 1 mode active

interface port-channel 1

switchport mode trunk

interface range fa0/3-4

channel-group 2 mode active

interface port-channel 2

switchport mode trunk

–PVST+

spanning-tree mode rapid-pvst

spanning-tree vlan 2 root primary

spanning-tree vlan 4 root primary

spanning-tree vlan 8 root secondary

spanning-tree vlan 15 root secondary

–SECURITY

interface fa0/5

switchport port-security

switchport port-security violation restrict

switchport port-security maximum 2

switchport port-security mac-address sticky

interface fa0/10

switchport port-security

switchport port-security violation restrict

switchport port-security maximum 2

switchport port-security mac-address sticky

interface fa0/15

switchport port-security

switchport port-security violation restrict

switchport port-security maximum 2

switchport port-security mac-address sticky

interface fa0/24

switchport port-security

switchport port-security violation restrict

switchport port-security maximum 2

switchport port-security mac-address sticky

——————————————————————————

***BLDG2*** or ***SW-B***

ip default-gateway 10.10.25.1

vlan 2

name sales

vlan 4

name prod

vlan 8

name acct

vlan 15

name admin

vlan 25

name SVI-NET

vlan 99

name null

interface vlan 25

ip address 10.10.25.253 255.255.255.0

no shutdown

interface gi 1/1

switchport mode trunk

– ETHERCHANNEL

interface range fa0/3-4

channel-group 2 mode active

interface port-channel 2

switchport mode trunk

interface range fa0/5-6

channel-group 3 mode active

interface port-channel 3

switchport mode trunk

–PVST+

spanning-tree mode rapid-pvst

– SSH

hostname SW-B

ip ssh version 2

ip domain-name ccnaPTSA.com

crypto key generate rsa
1024
username netadmin password SSH_secret9

line vty 0 4

login local

transport input ssh

line vty 5 15

login local

transport input ssh

——————————————————————————

***BLDG3*** or ***SW-C***

ip default-gateway 10.10.25.1

vlan 2

name sales

vlan 4

name prod

vlan 8

name acct

vlan 15

name admin

vlan 25

name SVI-NET

vlan 99

name null

interface vlan 25

ip address 10.10.25.252 255.255.255.0

no shutdown

interface fa0/7

switchport mode acces

switchport acces vlan 2

interface fa0/10

switchport mode acces

switchport acces vlan 4

interface fa0/15

switchport mode acces

switchport acces vlan 8

interface fa0/24

switchport mode acces

switchport acces vlan 15

– ETHERCHANNEL

interface range fa0/1-2

channel-group 1 mode active

no shutdown

interface port-channel 1

switchport mode trunk

interface range fa0/5-6

channel-group 3 mode passive

no shutdown

interface port-channel 3

switchport mode trunk

–PVST+

spanning-tree mode rapid-pvst

spanning-tree vlan 2 root secondary

spanning-tree vlan 4 root secondary

spanning-tree vlan 8 root primary

spanning-tree vlan 15 root primary

–Port Fast BPDU Guard

interface range fa0/7, fa0/10, fa0/15, fa0/24

spanning-tree portfast

spanning-tree bpduguard enable

no shutdown

——————————————————————————

***Central*** or ***HQ***

ip route 0.0.0.0 0.0.0.0 s0/1/0

interface serial 0/0/0

bandwidth 128

ip address 192.168.100.22 255.255.255.252

description SITE

no shutdown

interface serial 0/0/1

bandwidth 128

ip address 192.168.100.37 255.255.255.252

description SITE

clock rate 128000

no shutdown

interface serial 0/1/0

bandwidth 128

ip address 203.0.113.18 255.255.255.248

description INTERNET

no shutdown

— EIGRP

router eigrp 100

redistribute static

network 192.168.100.20 0.0.0.3

network 192.168.100.36 0.0.0.3

no auto-summary

–ACCESS LIST

ip access-list standard TELNET-BLOCK

permit host 198.51.100.5

access-list 101 permit icmp 198.51.100.5 0.0.0.0 any echo

access-list 101 deny icmp any any echo

access-list 101 permit ip any any

line vty 0 4

access-class TELNET-BLOCK in

interface serial 0/1/0

ip access-group 101 in

——————————————————————————

***East*** or ***Site1***

hostname Site-1

no ip domain-lookup

enable secret cisco

line console 0

logging synchronous

password cisco

login

line vty 0 4

password cisco

login

service password-encryption

banner motd * Authorized acces only *

interface serial 0/0/0

bandwidth 128

ip address 192.168.100.21 255.255.255.252

description HQ

clock rate 128000

no shutdown

interface serial 0/0/1

bandwidth 128

ip address 192.168.100.29 255.255.255.252

description HQ

no shutdown

interface gi 0/0

ip address 192.168.8.1 255.255.255.0

description SITE

no shutdown

interface gi 0/1

ip address 192.168.9.1 255.255.255.0

no shutdown

 

— EIGRP

router eigrp 100

passive-interface GigabitEthernet0/0

passive-interface GigabitEthernet0/1

network 192.168.100.20 0.0.0.3

network 192.168.100.28 0.0.0.3

network 192.168.8.0 0.0.0.255

network 192.168.9.0 0.0.0.255

no auto-summary

——————————————————————————

***West*** or ***Site2***

interface serial 0/0/0

bandwidth 128

ip address 192.168.100.30 255.255.255.252

description SITE

no shutdown

interface serial 0/0/1

bandwidth 128

ip address 192.168.100.38 255.255.255.252

description SITE

no shutdown

interface gig 0/1

description SITE

no shutdown

interface gi 0/1.2

encapsulation dot1q 2

ip address 10.10.2.1 255.255.255.0

interface gi 0/1.4

encapsulation dot1q 4

ip address 10.10.4.1 255.255.255.0

interface gi 0/1.8

encapsulation dot1q 8

ip address 10.10.8.1 255.255.255.0

interface gi 0/1.15

encapsulation dot1q 15

ip address 10.10.15.1 255.255.255.0

interface gi 0/1.25

encapsulation dot1q 25

ip address 10.10.25.1 255.255.255.0

— EIGRP

router eigrp 100

passive-interface GigabitEthernet0/1

network 192.168.100.28 0.0.0.3

network 192.168.100.36 0.0.0.3

network 10.10.2.0 0.0.0.255

network 10.10.4.0 0.0.0.255

network 10.10.8.0 0.0.0.255

network 10.10.15.0 0.0.0.255

no auto-summary

passive-interface g0/1.2

passive-interface g0/1.4

passive-interface g0/1.8

passive-interface g0/1.15

– ROUTE SUMMARIZATION

interface serial 0/0/0

ip summary-address eigrp 100 10.10.0.0 255.255.240.0

interface serial 0/0/1

ip summary-address eigrp 100 10.10.0.0 255.255.240.0

– DHCP

ip dhcp excluded-address 10.10.2.1 10.10.2.5

ip dhcp excluded-address 10.10.4.1 10.10.4.5

ip dhcp excluded-address 10.10.8.1 10.10.8.5

ip dhcp pool vlan2pool

network 10.10.2.0 255.255.255.0

default-router 10.10.2.1

dns-server 192.168.200.225

ip dhcp pool vlan4pool

network 10.10.4.0 255.255.255.0

default-router 10.10.4.1

dns-server 192.168.200.225

ip dhcp pool vlan8pool

network 10.10.8.0 255.255.255.0

default-router 10.10.8.1

dns-server 192.168.200.225

–ACCESS LIST

access-list 1 permit 10.10.15.0 0.0.0.255

interface gi0/1.25

ip access-group 1 out

——————————————————————————

***HOSTS***

Assighn Ip addersses and Defauld gateways Accordingly.
For the hosts which do not have an IP address set them as dhcp.

 

CCNA 3 v5 SN Final Exam Answers 2015

CCNA 3 R&S: Scaling Networks Final Exam Answers (updated with new questions 2015)

1

Refer to the exhibit. A network administrator is attempting to upgrade the IOS system image on a Cisco 2901 router. After the new image has been downloaded and copied to the TFTP server, what command should be issued on the router before the IOS system image is upgraded on the router?

ping 10.10.10.1
dir flash:
ping 10.10.10.2*
copy tftp: flash0:

2

Fill in the blank.

The ” backbone ” area interconnects with all other OSPF area types.

3
Which address is used by an IPv6 EIGRP router as the source for hello messages?

the interface IPv6 link-local address*
the 32-bit router ID
the all-EIGRP-routers multicast address
the IPv6 global unicast address that is configured on the interface

4

Refer to the exhibit. A network administrator issues the show ipv6 eigrp neighbors command. Which conclusion can be drawn based on the output?

The link-local addresses of neighbor routers interfaces are configured manually.*
If R1 does not receive a hello packet from the neighbor with the link-local address FE80::5 in 2 seconds, it will declare the neighbor router is down.
R1 has two neighbors. They connect to R1 through their S0/0/0 and S0/0/1 interfaces.
The neighbor with the link-local address FE80::5 is the first EIGRP neighbor that is learned by R1.

5

Refer to the exhibit. Which two conclusions can be derived from the output? (Choose two.)

The network 192.168.10.8/30 can be reached through 192.168.11.1.
The reported distance to network 192.168.1.0/24 is 41024256.
Router R1 has two successors to the 172.16.3.0/24 network.
There is one feasible successor to network 192.168.1.8/30.*
The neighbor 172.16.6.1 meets the feasibility condition to reach the 192.168.1.0/24 network.*

6


Refer to the exhibit. An administrator attempts to configure EIGRP for IPv6 on a router and receives the error message that is shown. Which command must be issued by the administrator before EIGRP for IPv6 can be configured?

eigrp router-id 100.100.100.100
no shutdown
ipv6 eigrp 100
ipv6 cef
ipv6 unicast-routing*

7
What two conditions have to be met in order to form a cluster that includes 5 access points? (Choose two.)

The APs must use different cluster names.
The APs must all be configured to use different radio modes.
At least two controllers are needed to form the cluster.
The APs have to be connected on the same network segment.*
Clustering mode must be enabled on the APs.*

8
Which technological factor determines the impact of a failure domain?

the forwarding rate of the switches used on the access layer
the number of layers of the hierarchical network
the role of the malfunctioning device*
the number of users on the access layer

9
Which mode configuration setting would allow formation of an EtherChannel link between switches SW1 and SW2 without sending negotiation traffic?

SW1: desirable
SW2: desirable

SW1: passive
SW2: active

SW1: on
SW2: on*

SW1: auto
SW2: auto
trunking enabled on both switches

SW1: auto
SW2: auto
PortFast enabled on both switches

10
In a large enterprise network, which two functions are performed by routers at the distribution layer? (Choose two.)

provide Power over Ethernet to devices
provide a high-speed network backbone
connect remote networks*
connect users to the network
provide data traffic security*

11
A network engineer is implementing security on all company routers. Which two commands must be issued to force authentication via the password 1C34dE for all OSPF-enabled interfaces in the backbone area of the company network? (Choose two.)

area 0 authentication message-digest*
ip ospf message-digest-key 1 md5 1C34dE*
username OSPF password 1C34dE
enable password 1C34dE
area 1 authentication message-digest

12
When does an OSPF router become an ABR?

when the router is configured as an ABR by the network administrator
when the router has interfaces in different areas*
when the router has an OSPF priority of 0
when the router has the highest router ID

13
Which characteristic would most influence a network design engineer to select a multilayer switch over a Layer 2 switch?

ability to have multiple forwarding paths through the switched network based on VLAN number(s)
ability to aggregate multiple ports for maximum data throughput
ability to build a routing table*
ability to provide power to directly-attached devices and the switch itself

14
A network designer is considering whether to implement a switch block on the company network. What is the primary advantage of deploying a switch block?

A single core router provides all the routing between VLANs.
This is network application software that prevents the failure of a single network device.
The failure of a switch block will not impact all end users.*
This is a security feature that is available on all new Catalyst switches.

15

A network administrator enters the spanning-tree portfast bpduguard default command. What is the result of this command being issued on a Cisco switch?

Any switch port will be error-disabled if it receives a BPDU.
Any switch port that has been configured with PortFast will be error-disabled if it receives a BPDU.*
Any trunk ports will be allowed to connect to the network immediately, rather than waiting to converge.
Any switch port that receives a BPDU will ignore the BPDU message.

16
What are two differences between the Cisco IOS 12 and IOS 15 versions? (Choose two.)

Every Cisco ISR G2 platform router includes a universal image in the IOS 12 versions, but not the IOS 15 versions.
The IOS version 15 license key is unique to each device, whereas the IOS version 12 license key is not device specific.*
The IOS 12 version has two trains that occur simultaneously, whereas the IOS 15 version still has two trains, but the versions occur in a single sequential order.
The IOS 12 version has commands that are not available in the 15 version.
IOS version 12.4(20)T1 is a mainline release, whereas IOS version 15.1(1)T1 is a new feature release.*

17

Refer to the exhibit. What are two results of issuing the displayed commands on S1, S2, and S3? (Choose two.)

S3 can be elected as a secondary bridge.
S2 can become root bridge if S3 fails.
S1 will automatically adjust the priority to be the lowest.*
S2 can become root bridge if S1 fails.*
S1 will automatically adjust the priority to be the highest.

18
A remote classroom can successfully access video-intensive streaming lectures via wired computers. However, when an 802.11n wireless access point is installed and used with 25 wireless laptops to access the same lectures, poor audio and video quality is experienced. Which wireless solution would improve the performance for the laptops?

Upgrade the access point to one that can route.
Decrease the power of the wireless transmitter.
Adjust the wireless NICs in the laptops to operate at 10GHz to be compatible with 802.11n.
Add another access point.*

19
A network engineer is troubleshooting a single-area OSPFv3 implementation across routers R1, R2, and R3. During the verification of the implementation, it is noted that the routing tables on R1 and R2 do not include the entry for a remote LAN on R3. Examination of R3 shows the following:

that all interfaces have correct addressing
that the routing process has been globally configured
that correct router adjacencies have formed
What additional action taken on R3 could solve the problem?

Force DR/BDR elections to occur where required.
Use the network command to configure the LAN network under the global routing process.
Enable the OSPFv3 routing process on the interface connected to the remote LAN.*
Restart the OPSFv3 routing process.

20
When should EIGRP automatic summarization be turned off?

when a network addressing scheme uses VLSM
when a router has more than three active interfaces
when a network contains discontiguous network addresses*
when a router has less than five active interfaces
when a router has not discovered a neighbor within three minutes

21
When will a router that is running EIGRP put a destination network in the active state?

when the EIGRP domain is converged
when there is outgoing traffic toward the destination network
when the connection to the successor of the destination network fails and there is no feasible successor available*
when there is an EIGRP message from the successor of the destination network

22
Which action should be taken when planning for redundancy on a hierarchical network design?

add alternate physical paths for data to traverse the network
continually purchase backup equipment for the network*
immediately replace a non-functioning module, service or device on a network
implement STP portfast between the switches on the network

23
Fill in the blank. Use the acronym.
Which encryption protocol is used by the WPA2 shared key authentication technique? ” AES

24

Refer to the exhibit. When the show ip ospf neighbor command is given from the R1# prompt, no output is shown. However, when the show ip interface brief command is given, all interfaces are showing up and up. What is the most likely problem?

R1 has not sent a default route down to R2 by using the default-information originate command.
R2 has not brought the S0/0/1 interface up yet.
R1 or R2 does not have a network statement for the 172.16.100.0 network.*
The ISP has not configured a static route for the ABC Company yet.
R1 or R2 does not have a loopback interface that is configured yet.

25

Refer to the exhibit. If router B is to be configured for EIGRP AS 100, which configuration must be entered?

B(config-router)# network 192.168.10.4 0.0.0.3
B(config-router)# network 192.168.10.8 0.0.0.3
B(config-router)# network 192.168.10.64 0.0.0.63
B(config-router)# network 192.168.10.128 0.0.0.63
B(config-router)# network 192.168.10.192 0.0.0.63

B(config-router)# network 192.168.10.4 255.255.255.248
B(config-router)# network 192.168.10.8 255.255.255.248
B(config-router)#network 192.168.10.128 255.255.255.192

B(config-router)# network 192.168.10.0 255.255.255.0

B(config-router)# network 192.168.10.0 0.0.0.255

B(config-router)# network 192.168.10.4 0.0.0.3
B(config-router)# network 192.168.10.8 0.0.0.3
B(config-router)#network 192.168.10.128 0.0.0.63*

B(config-router)# network 192.168.10.4 0.0.0.3
B(config-router)# network 192.168.10.8 0.0.0.3

26

Refer to the exhibit. A network technician is troubleshooting missing OSPFv3 routes on a router. What is the cause of the problem based on the command output?

The local router has formed complete neighbor adjacencies, but must be in a 2WAY state for the router databases to be fully synchronized.
The neighbor IDs are incorrect. The interfaces must use only IPv6 addresses to ensure fully synchronized routing databases.
The dead time must be higher than 30 for all routers to form neighbor adjacencies.
There is a problem with the OSPFv3 adjacency between the local router and the router that is using the neighbor ID 2.2.2.2.*

27

Refer to the exhibit. Which two conclusions can be drawn from the output? (Choose two.)

The bundle is fully operational.
The port channel is a Layer 3 channel.
The EtherChannel is down.*
The port channel ID is 2.*
The load-balancing method used is source port to destination port.

28

Refer to the exhibit. Based on the command output shown, what is the status of the EtherChannel?

The EtherChannel is dynamic and is using ports Fa0/10 and Fa0/11 as passive ports.
The EtherChannel is in use and functional as indicated by the SU and P flags in the command output.*
The EtherChannel is down as evidenced by the protocol field being empty.
The EtherChannel is partially functional as indicated by the P flags for the FastEthernet ports.

29
A network engineer is configuring a LAN with a redundant first hop to make better use of the available network resources. Which protocol should the engineer implement?

FHRP
VRRP
GLBP*
HSRP

30
Users on an IEEE 801.11n network are complaining of slow speeds. The network administrator checks the AP and verifies it is operating properly. What can be done to improve the wireless performance in the network?

Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band.*
Set the AP to mixed mode.
Change the authentication method on the AP.
Switch to an 802.11g AP.

31
A network administrator is troubleshooting slow performance in a Layer 2 switched network. Upon examining the IP header, the administrator notices that the TTL value is not decreasing. Why is the TTL value not decreasing?

This is the normal behavior for a Layer 2 network.*
The VLAN database is corrupt.
The MAC address table is full.
The inbound interface is set for half duplex.

32
What is a wireless modulation technique used by 802.11 WLAN standards that can implement MIMO?

FHSS
OFDM*
BSS
DSSS

33
Which technology is an open protocol standard that allows switches to automatically bundle physical ports into a single logical link?

Multilink PPP
PAgP
DTP
LACP*

34
A set of switches is being connected in a LAN topology. Which STP bridge priority value will make it least likely for the switch to be selected as the root?

32768
4096
65535
61440*

35
Which wireless network topology is being configured by a technician who is installing a keyboard, a mouse, and headphones, each of which uses Bluetooth?

ad hoc mode*
hotspot
mixed mode
infrastructure mode

36

Refer to the exhibit. Which route or routes will be advertised to the router ISP if autosummarization is enabled?

10.0.0.0/8*

10.1.0.0/16

10.1.0.0/28

10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
10.1.4.0/28

37
When are EIGRP update packets sent?

only when necessary*
every 30 seconds via broadcast
every 5 seconds via multicast
when learned routes age out

38
Which requirement should be checked before a network administrator performs an IOS image upgrade on a router?

The old IOS image file has been deleted.
The FTP server is operational.
There is sufficient space in flash memory.*
The desired IOS image file has been downloaded to the router.

39
What method of wireless authentication is dependent on a RADIUS authentication server?

WPA Personal
WEP
WPA2 Enterprise*
WPA2 Personal

40
A network administrator wants to verify the default delay values for the interfaces on an EIGRP-enabled router. Which command will display these values?

show running-config
show interfaces*
show ip protocols
show ip route

41
A network administrator in a branch office is configuring EIGRP authentication between the branch office router and the headquarters office router. Which security credential is needed for the authentication process?

a randomly generated key with the crypto key generate rsa command
a common key configured with the key-string command inside a key chain*
the username and password configured on the headquarters office router
the hostname of the headquarters office router and a common password

42

Refer to the exhibit. Interface FastEthernet 0/1 on S1 is connected to Interface FastEthernet 0/1 on S2, and Interface FastEthernet 0/2 on S1 is connected to Interface FastEthernet 0/2 on S2. What are two errors in the present EtherChannel configurations? (Choose two.)

Desirable mode is not compatible with on mode.
The trunk mode is not allowed for EtherChannel bundles.
Two auto modes cannot form a bundle.*
The channel group is inconsistent.*
The interface port channel ID should be different in both switches.

43
Which port role is assigned to the switch port that has the lowest cost to reach the root bridge?

disabled port
root port*
designated port
non-designated port

44
What are two features of OSPF interarea route summarization? (Choose two.)

ASBRs perform all OSPF summarization.
Routes within an area are summarized by the ABR.*
Route summarization results in high network traffic and router overhead.
ABRs advertise the summarized routes into the backbone.*
Type 3 and type 5 LSAs are used to propagate summarized routes.

45

Launch PT Hide and Save PT

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Which message was displayed on the web server?

Work done!
Congratulations!
Wonderful work!
You’ve made it!*

46

Refer to the exhibit. What two pieces of information could be determined by a network administrator from this output? (Choose two.)

The metric that will be installed in the routing table for the 10.0.0.0 route will be 65 (64+1).
Interface Fa0/1 is not participating in the OSPF process.
R1 is the distribution point for the routers that are attached to the 10.0.0.4 network.*
R1 is participating in multiarea OSPF.*
The OSPF process number that is being used is 0.

47

RouterA# -> copy flash0:tftp:

Source Filename? -> C1900-universalk9-m.SPA.152-4.M3.bin

Address or name of remote host ->2001:DB8:CAFE:100::9

48
A network administrator has configured an EtherChannel between two switches that are connected via four trunk links. If the physical interface for one of the trunk links changes to a down state, what happens to the EtherChannel?

Spanning Tree Protocol will recalculate the remaining trunk links.
The EtherChannel will remain functional.*
The EtherChannel will transition to a down state.
Spanning Tree Protocol will transition the failed physical interface into forwarding mode.

49

Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to the default gateway?

MAC addresses of both the forwarding and standby routers
MAC address of the standby router
MAC address of the virtual router*
MAC address of the forwarding router

50

Refer to the exhibit. A company has migrated from single area OSPF to multiarea. However, none of the users from network 192.168.1.0/24 in the new area can be reached by anyone in the Branch1 office. From the output in the exhibit, what is the problem?

There are no interarea routes in the routing table for network 192.168.1.0.*
The OSPF routing process is inactive.
The router has not established any adjacencies with other OSPF routers.
The link to the new area is down.

51
What are two requirements when using out-of-band configuration of a Cisco IOS network device? (Choose two.)

Telnet or SSH access to the device
a connection to an operational network interface on the device
a direct connection to the console or AUX port*
a terminal emulation client*
HTTP access to the device

52
For troubleshooting missing EIGRP routes on a router, what three types of information can be collected using the show ip protocols command? (Choose three.)

any interfaces on the router that are configured as passive*
any ACLs that are affecting the EIGRP routing process*
any interfaces that are enabled for EIGRP authentication
networks that are unadvertised by the EIGRP routing protocol
the local interface that is used to establish an adjacency with EIGRP neighbors
the IP addresses that are configured on adjacent routers*

53
What are two requirements to be able to configure an EtherChannel between two switches? (Choose two.)

All the interfaces need to work at the same speed.*
All interfaces need to be assigned to different VLANs.
The interfaces that are involved need to be contiguous on the switch.
All the interfaces need to be working in the same duplex mode.*
Different allowed ranges of VLANs must exist on each end.

54

This type of LSA exists in multi-access & non-broadcast multi-access networks w/DR => TYPE 2 LSA
This type of LSA describes routes to networks outside of the OSPF AS => TYPE 5 LSA
This type of LSA is flooded only within the area which it originated => TYPE 1 LSA
This type of LSA is used by ABR to advertise networks from other areas => TYPE 3 LSA

55
At a local college, students are allowed to connect to the wireless network without using a password. Which mode is the access point using?

network
shared-key
open*
passive

56
What are three access layer switch features that are considered when designing a network? (Choose three.)

broadcast traffic containment
forwarding rate***
failover capability
Power over Ethernet***
speed of convergence
port density***

57

Refer to the exhibit. What can be concluded about network 192.168.1.0 in the R2 routing table?

This network has been learned from an internal router within the same area.
This network was learned through summary LSAs from an ABR.*
This network is directly connected to the interface GigabitEthernet0/0.
This network should be used to forward traffic toward external networks.

58
Which two statements are correct about EIGRP acknowledgment packets? (Choose two.)

The packets are sent as unicast.*
The packets are unreliable.*
The packets are used to discover neighbors that are connected on an interface.
The packets require confirmation.
The packets are sent in response to hello packets.

59
An STP instance has failed and frames are flooding the network. What action should be taken by the network administrator?

Broadcast traffic should be investigated and eliminated from the network.
Spanning tree should be disabled for that STP instance until the problem is located.
Redundant links should be physically removed until the STP instance is repaired.*
A response from the network administrator is not required because the TTL field will eventually stop the frames from flooding the network.

60
A network administrator issues the command R1(config)# license boot module c1900 technology-package securityk9 on a router. What is the effect of this command?

The IOS will prompt the user to provide a UDI in order to activate the license.
The IOS will prompt the user to reboot the router.
The features in the Security package are available immediately.
The Evaluation Right-To-Use license for the Security technology package is activated.*

61
A router has been removed from the network for maintenance. A new Cisco IOS software image has been successfully downloaded to a server and copied into the flash of the router. What should be done before placing the router back into service?

Delete the previous version of the Cisco IOS software from flash.
Copy the running configuration to NVRAM.
Back up the new image.
Restart the router and verify that the new image starts successfully.*

62
What are the two methods that are used by a wireless NIC to discover an AP? (Choose two.)

receiving a broadcast beacon frame*
delivering a broadcast frame
transmitting a probe request*
sending an ARP request
initiating a three-way handshak

63

Refer to the exhibit. Why did R1 and R2 not establish ad adjacency?

The link-local address must be the same on both routers.

The AS number must be the same on R1 and R2.*

R1 S0/0/0 and R2 S0/0/0 are on different networks.

The no shutdown command is misapplied on both routers.

The router ID must be the same on both routers.

64

feasible distance to 192.168.11.64 => 660110
new successor to network 192.168.1.0 => 192.168.3.1
destination network => 192.168.11.64

NEW QUESTIONS

 

65

Refer to the exhibit. Router CiscoVille has been partially configured for EIGRP authentication. What is missing that would allow successful authentication between EIGRP neighbors?

The interfaces that will use EIGRP authentication must be specified.

The CiscoVIlle router requires a second keychain to function correctly when using two interfaces for EIGRP authentication.

The same key number must be used on any EIGRP neighbor routers.

The keychain for EIGRP authentication must be configured on the interfaces.*

66 Which Cisco IOS Software Release 15.0 technology pack is shipped with a permanent license on all Cisco ISR G2 devices?

IPBase*

DATA

Unified Communications

Security

 

New questions:

By default, how many equal cost routes to the same destination can be installed in the routing table of a Cisco router?
2
4***
16
32

=======================
What are two reasons to implement passive interfaces in the EIGRP configuration of a Cisco router? (Choose two.)

to provide increased network security ***

to shut down unused interfaces

to exclude interfaces from load balancing

to mitigate attacks coming from the interfaces

to avoid unnecessary update traffic ***

=======================================

What is a difference between the Cisco IOS 12 and IOS 15 versions?

The IOS 12 version has commands that are not available in the 15 version.

IOS version 12.4(20)T1 is a mainline release, whereas IOS version 15.1(1)T1 is a new feature release.*

The IOS version 15 license key is unique to each device, whereas the IOS version 12 license key is not device specific.

Every Cisco ISR G2 platform router includes a universal image in the IOS 12 versions, but not the IOS 15 versions.

=======================================

Fill in the blank. Do not use abbreviations.
The spanning-tree “mode rapid-pvst” global configuration command is used to enable Rapid PVST+.

=======================================

A WLAN user wants to allocate an optimal amount of bandwidth to a specific online game. What is a Linksys Smart Wi-Fi tool that will allow the user to do this?

Widgets

Speed Test

Media Prioritization

Bandwidth Prioritization*

=======================================

When a Cisco router is configured with fast-switching, how are packets distributed over equal-cost paths?

on a per-path-load basis

on a per-destination basis*

on a per-interface basis

on a per-packet basis

=======================================

A network administrator is analyzing first-hop router redundancy protocols. What is a characteristic of VRRPv3?

VRRPv3 is Cisco proprietary.

It supports IPv6 and IPv4 addressing.*

It allows load balancing between routers.

It works together with HSRP.

=======================================

Which two channel group modes would place an interface in a negotiating state using PAgP? (Choose two.)
– auto *
– desirable *
– on
– passive
– active

=======================================
What is the purpose of the Cisco PAK?
– It is a proprietary encryption algorithm.
– It is a compression file type used when installing IOS 15 or an IOS upgrade.
– It is a way to compress an existing IOS so that a newer IOS version can be co-installed on a router.
– It is a key for enabling an IOS feature set.*

=======================================
What two license states would be expected on a new Cisco router once the license has been activated? (Choose two.)
– License State: On
– License State: Active, Registered
– License Type: Permanent *
– License Type: ipbasek9
– License Type: Temporary
– License State: Active, In Use *

=======================================
If a company wants to upgrade a Cisco 2800 router from IOS 12.4T, what IOS should be recommended for a stable router platform?
– 13.1T
– 12.5T
– 15.1M *
– 14.0

=======================================
Fill in the blank.
EIGRP keeps feasible successor routes in the “routing” table.

=======================================
A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?
– Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will result in fewer users accessing these services.
– The 5 GHz band has a greater range and is therefore likely to be interference-free.
– The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia. *
– The only users that can switch to the 5 GHz band will be those with the latest wireless NICs, which will reduce usage.

Feel free to correct me if I’m wrong.

NEW QUESTIONS 2015/02/05

What type of OSPF IPv4 route is indicated by a route table entry descriptor of O E1?
– an intra-area route that is advertised by the DR
– a summary route that is advertised by an ABR
– a directly connected route that is associated with an Ethernet interface
– an external route that is advertised by an ASBR*

Which type of OSPF LSA represents an external route and is propagated across the entire OSPF domain?
type 1
type 2
type 3
type 4
type 5*

A network administrator is analyzing the features that are supported by different first-hop router redundancy protocols. Which statement is a feature that is associated with GLBP?
It uses a virtual router master.
GLBP allows load balancing between routers.*
It works together with VRRP.
It is nonproprietary.

A network administrator is analyzing the features that are supported by different first-hop router redundancy protocols. Which statement describes a feature that is associated with HSRP?
HSRP uses active and standby routers.*
HSRP is nonproprietary.
It uses ICMP messages in order to assign the default gateway to hosts.
It allows load balancing between a group of redundant routers.

What is the purpose of a Cisco IOS 15 EM release?

It specifies advanced IP services features such as advanced security and service provider packages.

It provides regular bug fix maintenance rebuilds, plus critical fix support for network-affecting bugs.

It is used for long-term maintenance, enabling customers to qualify, deploy, and remain on the release for an extended period.*

It provides premium packages and enables additional IOS software feature combinations that address more complex network requirements.

A network administrator is analyzing first -hop router redundancy protocols.What is characteristic of VRRPv3.
characteristics of VRRPV3:
*INTEROPERABILITY IN MULTI-VENDOR ENVIRONMENTS
*VRRPv3 SUPPORTS USAGE OF IPv4 and IPv6
*IMPROVE SCALABILITY THROUGH USE OF VRRS PATHWAYS
so judging from the options given it will be supports both IPv6 and IPv4 addressing

What are two methods to make the OSPF routing protocol more secure? (Choose two.)
-Use only OSPFv3.
-Use MD5 authentication. *
-When feasible, create a VPN tunnel between each OSPF neighbor adjacency.
-Use the enable secret command.
-Use the passive-interface command on LAN interfaces that are connected only to end-user devices.

Which function is provided by EtherChannel?
-enabling traffic from multiple VLANs to travel over a single Layer 2 link
-dividing the bandwidth of a single link into separate time slots
-creating one logical link by using multiple physical links between two LAN switches *
-spreading traffic across multiple physical WAN links

New question 21.02.2015

Which two parameters does EIGRP use by default to calculate the best path? (Choose two.)
-transmit and receive load
-delay
-MTU*
-bandwidth*
-reliability

New question 21.02.2015

Which wireless encryption method is the most secure?
-WPA
-WPA2 with AES *
-WPA2 with TKIP
-WEP

New question 21.02.2015

What occurs when authentication is configured on an EIGRP router?
-After EIGRP authentication has been configured, the router must be rebooted to be able to reestablish adjacencies.
-If adjacencies are displayed after the use of the show ipv6 eigrp neighbors command, then EIGRP authentication was successful.
-Only one router is required to be configured for EIGRP authentication.
-If only one router has been configured for EIGRP authentication, any prior adjacencies will remain intact.* (propabbly)

New question 21.02.2015

An administrator issues the router eigrp 100 command on a router. What is the number 100 used for?

-as the maximum bandwidth of the fastest interface on the router
-as the autonomous system number
-as the length of time this router will wait to hear hello packets from a neighbor
-as the number of neighbors supported by this router * (propabbly)

CCNA 3 v5 SN Practice Final Exam Answers 2014

CCNA 3 v5 SN Practice Final Exam Answers 2014

Scaling Networks (Version 5.0)

2


Refer to the exhibit. What are two consequences of issuing the displayed commands? (Choose two.)

The routing update information is protected against being falsified.*
The key is encrypted with the MD5 hashing algorithm. *
The routing table of R2 will be secured.
OSPF routes will get priority over EIGRP routes going into the routing table.
The overhead of OSPF information exchange will reduce.

3
What two STP features are incorporated into Rapid PVST+? (Choose two.)

loop guard
BPDU guard
BPDU filter
UplinkFast *
BackboneFast*
PortFast

4
What are two reasons to enable OSPF routing protocol authentication on a network? (Choose two.)

to prevent data traffic from being redirected and then discarded *
to ensure faster network convergence
to provide data security through encryption
to prevent redirection of data traffic to an insecure link *
to ensure more efficient routing

5


Refer to the exhibit. A network administrator has issued the show ip eigrp neighbors command. What can be concluded from the output?

An EIGRP neighbor with IP address 10.10.10.14 is connected to R1 via serial interface 0/1/0.
If R1 does not receive a Hello packet in 4 seconds from the neighbor with IP 10.10.10.18, it will declare the neighbor is down.
There is no incoming EIGRP message at this moment.
The first EIGRP neighbor R1 learned about has the IP address 10.10.10.2.*

6
What are three characteristics of the Cisco IOS Software Release 12.4T train? (Choose three.)

It receives regular software fixes that are synchronized with the 12.4 Mainline train.*
It has a number of embedded technology packages.
It requires the activation of a license.
It is updated with new features and hardware support. *
It is derived from the Cisco IOS Software Release 12.4 Mainline train.*
It has extended maintenance new feature releases approximately every 16 to 20 months.

8

Refer to the exhibit. How did this router learn of the highlighted route in the routing table?

by entering the router configuration mode command default-information originate
by entering the global configuration mode command ip route 0.0.0.0 0.0.0.0 ip-address
by entering the global configuration mode command ip route 0.0.0.0 0.0.0.0 interface-type interface-number
by receiving an update from another OSPF router that is running another routing protocol
by receiving an update from another OSPF router that has the default-information originate command configured*

9
When the show spanning-tree vlan 33 command is issued on a switch, three ports are shown in the forwarding state. In which two port roles could these interfacesfunction while in the forwarding state? (Choose two.)

blocked
disabled
designated *
alternate
root*

10
Which method of wireless authentication is currently considered to be the strongest?

WEP
WPA2 *
WPA
shared key
open

11
When a range of ports is being configured for EtherChannel, which mode will configure LACP on a port only if the port receives LACP packets from another device?

passive*
auto
desirable
active

12
While attending a conference, participants are using laptops for network connectivity. When a guest speaker attempts to connect to the network, the laptop fails to display any available wireless networks. The access point must be operating in which mode?

active*
passive
mixed
open

13

Fill in the blank.
By default, EIGRP is able to use up to 50 percent of the bandwidth for EIGRP messages on an EIGRP-enabled

interface.

14
Which model and which two characteristics would be more likely to be considered in purchasing an access layer switch, as compared to buying switches that operate at the other layers of the Cisco hierarchical design model? (Choose three.)

RSTP
EtherChannel
PoE *
number of ports *
Catalyst 4500X
Catalyst 2960

15
What is the purpose of issuing the ip ospf message-digest-key key md5 password command and the area area-id authentication message-digest command on a router?

to facilitate the establishment of neighbor adjacencies
to encrypt OSPF routing updates
to enable OSPF MD5 authentication on a per-interface basis
to configure OSPF MD5 authentication globally on the router*

16
Which two metric weights are set to one by default when costs in EIGRP are being calculated? (Choose two.)

k4
k3*
k2
k1*
k6
k5

17
What are two reasons to install a single 48-port fixed configuration switch, rather than two 24-port fixed configuration switches, in a wiring closet that supports two classrooms? (Choose two.)

more ports available for end devices *
more power provided to each port
higher uplink speeds
reduced power and space requirements *
reduced number of VLANs/broadcast domains

18
In the Cisco hierarchical design model, which layer is more likely to have a fixed configuration switch than the other layers?

access *
internet
transport
core
distribution

19
Which step supports disaster recovery and should be performed first when upgrading an IOS system image on a Cisco router?

Delete the current image from flash memory.
Configure the router to load the new image from the TFTP server.
Copy the current image from the router to a TFTP server. *
Use the boot system command to configure the router to load the new image.

20

Refer to the exhibit. Two routers have been configured to use EIGRP. Packets are not being forwarded between the two routers. What could be the problem?

An incorrect IP address was configured on a router interface. *
The default bandwidth was used on the routers.
The routers were not configured to monitor neighbor adjacency changes.
EIGRP does not support VLSM.

21

Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to the default gateway?

MAC addresses of both the forwarding and standby routers
MAC address of the forwarding router
MAC address of the standby router
MAC address of the virtual router *

22

Fill in the blank.
In RSTP, BPDU frames are sent every 2 seconds by default

23

Refer to the exhibit. Which switching technology would allow data to be transmitted over each access layer switch link and prevent the port from being blocked by spanning tree due to the redundant link?

trunking
EtherChannel *
PortFast
HSRP

24
In which mode is the area area-id range address mask command issued when multiarea OSPF summarization is being configured?

global configuration mode
interface configuration mode of all participating interfaces
router configuration mode *
interface configuration mode of area 0 interfaces

25
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
Why are users in the OSPF network not able to access the Internet?

The interface that is connected to the ISP router is down.
The default route is not redistributed correctly from router R1 by OSPF.
The OSPF network statements are misconfigured on the routers R2 and R3.
The OSPF timers that are configured on the routers R1, R2, and R3 are not compatible.
The network statement is misconfigured on the router R1.*

26
Which statement describes the Autonomous System number that is used in EIGRP?

It identifies the priority of the networks to be included in update packets.
It is associated with the global Autonomous System number that is assigned by IANA.
It specifies the EIGRP routing process on a router. *
It defines the reliability of the EIGRP routing protocol.

27

Refer to the exhibit. Why are some of the entries marked O IA?

They correspond to entries that are learned from other routing protocols.
They are default routes that are learned from other routing protocols.
They represent summary routes that are internal to the area.
They correspond to entries that are learned from other areas.*

28
Which command can be issued on a router to display information about the successors and feasible successors for a destination network when EIGRP is used as the routing protocol?

show ip eigrp topology *
show ip protocols
show ip eigrp interfaces
show ip eigrp neighbors

29
What does an OSPF area contain?

routers that share the same router ID
routers that have the same link-state information in their LSDBs *
routers whose SPF trees are identical
routers that share the same process ID

30
A network administrator is configuring the authentication for EIGRP routing. The administrator enters these commands:

R1(config)# key chain THE_KEY
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string key123

What is the next step necessary to enable the authentication for EIGRP routing?

Configure an ACL to identify the networks that are participating in EIGRP.
Configure the priority of authentication algorithms to be used.
Configure the authentication in the router eigrp as-number configuration mode.
Configure the authentication on all interfaces that are participating in EIGRP.*

31
When EtherChannel is configured, which mode will force an interface into a port channel without exchanging aggregation protocol packets?

desirable
on *
active
auto

32
In wireless networks what is a disadvantage of using mixed mode on an AP?

The wireless network operates slower if one device uses an older standard wireless NIC.*
No encryption can be used by the AP or by the wireless NIC that is attached to the AP.
Devices must be closer to the AP due to the limited distance range.
Only 802.11n wireless NICs can attach to the AP.

33
The customer of a networking company requires VPN connectivity for workers who must travel frequently. To support the VPN server, the customer router must be upgraded to a new Cisco IOS software version with the Advanced IP Services feature set. What should the field engineer do before copying the new IOS to the router?

Issue the show running-configuration command to determine the features of the currently installed IOS image file.

Issue the show version and the show flash commands to ensure that the router has enough memory and file space to support the new IOS image.*

Delete the currently installed IOS by using the erase flash: command, and reload the router

Set the router to load the new IOS image file directly from the TFTP server on the next reboot.

34

Refer to the exhibit. A network administrator is verifying the bridge ID and the status of this switch in the STP election. Which statement is correct based on the command output?

The bridge priority of Switch_2 has been lowered to a predefined value to become the root bridge.*
The bridge priority of Switch_2 has been lowered to a predefined value to become the backup root bridge.
The STP instance on Switch_2 is using the default STP priority and the election is based on Switch_2 MAC address.
The STP instance on Switch_2 is failing due to no ports being blocked and all switches believing they are the root.

35
A network technician is attempting to upgrade an IOS system image on a Cisco 1941 router. Which command should the technician issue to verify the presence of sufficient free space in flash for the new image on the router that is being upgraded?

show file system
show flash0: *
show running-config
show version

36
When would a network engineer configure an access point with channel bonding?

when trunking is enabled between the access point and switch
when security is an issue
when older wireless NICs are being used
when more throughput is needed*

37
Which two parameters must match on the ports of two switches to create a PAgP EtherChannel between the switches? (Choose two.)

MAC address
port ID
VLAN information *
speed *
PAgP mode

38
Which statement describes a characteristic of a Cisco Enterprise Architecture module?

Server Farm and Data Center Module are submodules of the Enterprise Edge module.
The Enterprise Campus only consists of the core layer of the campus infrastructure.
The Enterprise Edge consists of the Internet, VPN, and WAN modules connecting the enterprise with the service provider’s network. *
The Service Provider Edge provides QoS, policy reinforcement, service levels, and security.

39
What is a wireless security mode that requires a RADIUS server to authenticate wireless users?

shared key
personal
WEP
enterprise*

40

Refer to the exhibit. The routing table on R2 does not include all networks that are attached to R1. The network administrator verifies that the network statement is configured to include these two networks. What is a possible cause of the issue?

The no auto-summary command is missing in the R1 configuration. *
The network statements should include the wild card mask.
The AS number does not match between R1 and R2.
The interfaces that are connected to these two networks are configured as passive interfaces.

41
Which wireless network topology would be used by network engineers to provide a wireless network for an entire college building?

hotspot
ad hoc
infrastructure *
mixed mode

42

Refer to the exhibit. Why did R1 and R2 not establish an adjacency?

The automatic summarization is enabled on R1 and R2.
There is no network command for the network 192.168.1.0/24 on R1.
The IPv4 address of Fa0/0 interface of R1 has a wrong IP address.
The AS number does not match on R1 and R2.*

43
Which command will start the process to bundle two physical interfaces to create an EtherChannel group via LACP?

channel-group 2 mode auto
interface port-channel 2
channel-group 1 mode desirable
interface range GigabitEthernet 0/4 – 5*

44
A laptop cannot connect to a wireless access point. Which two troubleshooting steps should be taken first? (Choose two.)

Ensure that the laptop antenna is attached.
Ensure that the correct network media is selected.
Ensure that the NIC is configured for the proper frequency.
Ensure that the wireless NIC is enabled.*
Ensure that the wireless SSID is chosen.*

45

Refer to the exhibit. A network administrator issues the show ip protocols command. Based on the exhibited output, what can be concluded?

The EIGRP K values are default values. *
The no auto-summary command is not applied for the EIGRP operation.
Up to 4 routes of different metric values to the same destination network will be included in the routing table.
R1 receives routes to the network 192.168.1.0/24 and 10.0.0.0/24.

47
Which routing protocol is able to scale for large networks and utilizes non-backbone areas for expansion?

BGP
RIPv2
OSPF *
EIGRP

48
What are two advantages of EtherChannel? (Choose two.)

Load balancing occurs between links configured as different EtherChannels.
Spanning Tree Protocol views the physical links in an EtherChannel as one logical connection.*
EtherChannel uses upgraded physical links to provide increased bandwidth.
Configuring the EtherChannel interface provides consistency in the configuration of the physical links. *
Spanning Tree Protocol ensures redundancy by transitioning failed interfaces in an EtherChannel to a forwarding state.

49
A network administrator is troubleshooting the EIGRP routing between two routers, R1 and R2. The problem is found to be that only some, but not all networks attached to R1 are listed in the routing table of router R2. What should the administrator investigate on router R1 to determine the cause of the problem?

Does the hello interval setting match the hello interval on R2?
Does the AS number match the AS number on R2?
Do the network commands include all the networks to be advertised?*
Is the interface connected to R2 configured as a passive interface?

50

Refer to the exhibit. A network engineer is preparing to upgrade the IOS system image on a Cisco 2901 router. Based on the output shown, how much space is available for the new image?

25574400 bytes
33591768 bytes
249856000 bytes
221896413 bytes*

CCNA 3 v5 SN Pretest Exam Answers 2014

CCNA 3 v5 SN Pretest Exam Answers 2014

Scaling Networks (Version 5.0) – ScaN Pretest Exam

1
What is a disadvantage of NAT?
There is no end-to-end addressing. *
The router does not need to alter the checksum of the IPv4 packets.
The internal hosts have to use a single public IPv4 address for external communication.
The costs of readdressing hosts can be significant for a publicly addressed network.

2

Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented?

static NAT with a NAT pool
dynamic NAT with a pool of two public IP addresses
PAT using an external interface *
static NAT with one entry

3
A router needs to be configured to route within OSPF area 0. Which two commands are required to accomplish this? (Choose two.)
RouterA(config)# router ospf 1 *
RouterA(config-router)# network 192.168.2.0 0.0.0.255 area 0 *
RouterA(config-router)# network 192.168.2.0 255.255.255.0 0
RouterA(config-router)# network 192.168.2.0 0.0.0.255 0
RouterA(config)# router ospf 0

4
Which OSPF component is identical in all routers in an OSPF area after convergence?
adjacency database
SPF tree
routing table
link-state database*

5
Which statement is true about the difference between OSPFv2 and OSPFv3?
OSPFv3 routers do not need to have matching subnets to form neighbor adjacencies.*
OSPFv3 routers use a 128 bit router ID instead of a 32 bit ID.
OSPFv3 routers use a different metric than OSPFv2 routers use.
OSPFv3 routers do not need to elect a DR on multiaccess segments.

6
What are two features of a link-state routing protocol? (Choose two.)
Routers send periodic updates only to neighboring routers.
Routers create a topology of the network by using information from other routers. *
Routers send triggered updates in response to a change. *
The database information for each router is obtained from the same source.
Paths are chosen based on the lowest number of hops to the designated router.

7
What condition is required to enable Layer 3 switching?
All routed subnets must be on the same VLAN.
All participating switches must have unique VLAN numbers.
Inter-VLAN portions of Layer 3 switching must use router-on-a-stick.
The Layer 3 switch must have IP routing enabled.*

8

Refer to the exhibit. Which address will R1 use as the source address for all OSPFv3 messages that will be sent to neighbors?

2001:DB8:ACAD:A::1
FF02::1
FE80::1 *
FF02::5

9
An organization needs to provide temporary voice and data services to a new small lab building. They plan to install an access switch in the new lab and connect it using a 100Mb/s FastEthernet trunk link. The network administrator is concerned about the capability of the link to meet quality requirements of the proposed voice and data services. The administrator plans to manage the datalink layer traffic to and from the lab so that trunk usage is optimized. What could the administrator apply to the trunk to help achieve this?

Disable Spanning Tree Protocol to provide maximum bandwidth for the voice and data traffic.
Configure the trunk ports on the trunk link to the lab to allow only the voice and data VLANs.* 
Configure the switches to run Per VLAN Spanning Tree for the voice and data VLANs only.
Configure the lab switch to use the same voice and data VLAN as the rest of the campus LAN.

10


Refer to the exhibit. A network administrator is configuring a router as a DHCPv6 server. The administrator issues a show ipv6 dhcp pool command to verify the configuration. Which statement explains the reason that the number of active clients is 0?

The default gateway address is not provided in the pool.
No clients have communicated with the DHCPv6 server yet.
The IPv6 DHCP pool configuration has no IPv6 address range specified.
The state is not maintained by the DHCPv6 server under stateless DHCPv6 operation.*

11
Which two factors are important when deciding which interior gateway routing protocol to use? (Choose two.)

campus backbone architecture
the autonomous system that is used
scalability*
speed of convergence*
ISP selection

12
A network administrator is using the router-on-a-stick method to configure inter-VLAN routing. Switch port Gi1/1 is used to connect to the router. Which command should be entered to prepare this port for the task?

Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# spanning-tree vlan 1

Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# switchport access vlan 1

Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# switchport mode trunk*****

Switch(config)# interface gigabitethernet 1/1
Switch(config-if)# spanning-tree portfast

13
Which three pieces of information does a link-state routing protocol use initially as link-state information for locally connected links? (Choose three.)

the link next-hop IP address
the link bandwidth
the link router interface IP address and subnet mask *
the type of network link*
the cost of that link*

14

Fill in the blank.
The ip default-gateway command is used to configure the default gateway on a switch.

15
Which three parameters could be in an extended access control list? (Choose three.)

source address and wildcard mask *
default gateway address and wildcard mask
access list number between 1 and 99
subnet mask and wild card mask
access list number between 100 and 199 *
destination address and wildcard mask*

16
————————————————————————————————–

17
The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)

access-list 5 deny any
ip access-group 5 in
access-list 5 permit 10.7.0.0 0.0.0.31*
access-class 5 in *
ip access-group 5 out
access-list standard VTY
permit 10.7.0.0 0.0.0.127

18
Which two commands should be implemented to return a Cisco 3560 trunk port to its default configuration? (Choose two.)

S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 1
S1(config-if)# no switchport trunk native vlan *
S1(config-if)# no switchport trunk allowed vlan *
S1(config-if)# switchport mode dynamic desirable

19
Which two methods can be used to provide secure management access to a Cisco switch? (Choose two.)

Configure specific ports for management traffic on a specific VLAN.*
Configure all unused ports to a “black hole.”
Configure SSH for remote management.*
Configure all switch ports to a new VLAN that is not VLAN 1.
Configure the native VLAN to match the default VLAN.

20
What is a function of the distribution layer?

fault isolation
network access to the user
high-speed backbone connectivity
interconnection of large-scale networks in wiring closets*

21
Which statement describes a characteristic of standard IPv4 ACLs?

They can be created with a number but not with a name.
They filter traffic based on source IP addresses only. *
They can be configured to filter traffic based on both source IP addresses and source ports.
They are configured in the interface configuration mode.

22

Refer to the exhibit.

What summary static address should be configured on R3 to advertise to an upstream neighbor?
192.168.0.0/24
192.168.0.0/23
192.168.0.0/22
192.168.0.0/21*

23

Refer to the exhibit. A network administrator issues the show ip route command on R2. What two types of routes are installed in the routing table? (Choose two.)

a configured default route
routes that are learned through the EIGRP routing protocol *
routes that are learned through the OSPF routing protocol
a configured static route to the network 209.165.200.224
directly connected networks*

24

Refer to the exhibit. Router R1 has an OSPF neighbor relationship with the ISP router over the 192.168.0.32 network. The 192.168.0.36 network link should serve as a backup when the OSPF link goes down. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/0/1 100 was issued on R1 and now traffic is using the backup link even when the OSPF link is up and functioning. Which change should be made to the static route command so that traffic will only use the OSPF link when it is up?

Change the destination network to 192.168.0.34.
Add the next hop neighbor address of 192.168.0.36.
Change the administrative distance to 120. *
Change the administrative distance to 1.

25
Which two statements are true about half-duplex and full-duplex communications? (Choose two.)

Full duplex offers 100 percent potential use of the bandwidth.
Full duplex allows both ends to transmit and receive simultaneously. *
Half duplex has only one channel.
Full duplex increases the effective bandwidth.*
All modern NICs support both half-duplex and full-duplex communication.

26
What are the two methods that a wireless NIC can use to discover an AP? (Choose two.)

sending a multicast frame
transmitting a probe request *
receiving a broadcast beacon frame *
initiating a three-way handshake
sending an ARP request broadcast

27
What is the purpose of the Spanning Tree Protocol (STP)?

prevents routing loops on a router
creates smaller collision domains
prevents Layer 2 loops *
allows Cisco devices to exchange routing table updates
creates smaller broadcast domains

28

Refer to the exhibit. What can be concluded about network 192.168.1.0 in the R2 routing table?

This network has been learned from an internal router within the same area.
This network should be used to forward traffic toward external networks.
This network was learned through summary LSAs from an ABR. *
This network is directly connected to the interface GigabitEthernet0/0.

29
When are EIGRP update packets sent?

every 5 seconds via multicast
only when necessary *
every 30 seconds via broadcast
when learned routes age out

30
What are two advantages of EtherChannel? (Choose two.)

Configuring the EtherChannel interface provides consistency in the configuration of the physical links.*
EtherChannel uses upgraded physical links to provide increased bandwidth.
Load balancing occurs between links configured as different EtherChannels.
Spanning Tree Protocol views the physical links in an EtherChannel as one logical connection. *
Spanning Tree Protocol ensures redundancy by transitioning failed interfaces in an EtherChannel to a forwarding state.

31

Refer to the exhibit. What are two results of issuing the displayed commands on S1, S2, and S3? (Choose two.)

S1 will automatically adjust the priority to be the highest.
S2 can become root bridge if S3 fails.
S3 can be elected as a secondary bridge.
S2 can become root bridge if S1 fails. *
S1 will automatically adjust the priority to be the lowest.*

32
A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?

The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.*
The only users that can switch to the 5 GHz band will be those with the latest wireless NICs, which will reduce usage.
Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will result in fewer users accessing these services.
The 5 GHz band has a greater range and is therefore likely to be interference-free.

33
Which wireless encryption method is the most secure?

WPA2 with TKIP
WPA
WEP
WPA2 with AES*

34
Which statement describes a characteristic of the delivery of EIGRP update packets?

EIGRP sends all update packets via unicast.
EIGRP sends all update packets via multicast.
EIGRP uses a reliable delivery protocol to send all update packets. *
EIGRP uses UDP to send all update packets.

35

Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to the default gateway?

MAC address of the virtual router *
MAC address of the forwarding router
MAC address of the standby router
MAC addresses of both the forwarding and standby routers

36

Refer to the exhibit. A network technician is troubleshooting missing OSPFv3 routes on a router. What is the cause of the problem based on the command output?

There is a problem with the OSPFv3 adjacency between the local router and the router that is using the neighbor ID 2.2.2.2. *
The neighbor IDs are incorrect. The interfaces must use only IPv6 addresses to ensure fully synchronized routing databases.
The local router has formed complete neighbor adjacencies, but must be in a 2WAY state for the router databases to be fully synchronized.
The dead time must be higher than 30 for all routers to form neighbor adjacencies.

37
Which statement is true regarding states of the IEEE 802.1D Spanning Tree Protocol?

It takes 15 seconds for a port to go from blocking to forwarding.
Ports must be blocked before they can be placed in the disabled state.
Ports are manually configured to be in the forwarding state.
Ports listen and learn before going into the forwarding state.*

38
Which wireless network topology is being configured by a technician who is installing a keyboard, a mouse, and headphones, each of which uses Bluetooth?

hotspot
mixed mode
infrastructure mode
ad hoc mode*

39
A network administrator is troubleshooting slow performance in a Layer 2 switched network. Upon examining the IP header, the administrator notices that the TTL value is not decreasing. Why is the TTL value not decreasing?

The outbound interface is set for half duplex.
The MAC address table is corrupt.
This is the normal behavior for a Layer 2 network. *
The VLAN database is full.

40

Refer to the exhibit. Which two conclusions can be derived from the output? (Choose two.)

The network 192.168.10.8/30 can be reached through 192.168.11.1.
The neighbor 172.16.6.1 meets the feasibility condition to reach the 192.168.1.0/24 network. *
The reported distance to network 192.168.1.0/24 is 41024256.
There is one feasible successor to network 192.168.1.8/30. *
Router R1 has two successors to the 172.16.3.0/24 network.

CCNA 3 v5 SN Chapter 9 Exam Answers 2014

CCNA 3 v5 SN Chapter 9 Exam Answers 2014 

Scaling Networks


Beginning with the Cisco IOS Software Release 15.0, which license is a prerequisite for installing additional technology pack licenses?

UC

IPBase*

SEC

DATA


When a router is powered on, where will the router first search for a valid IOS image to load by default?

flash memory*

RAM

ROM

NVRAM


What statement describes a Cisco IOS image with the “universalk9_npe” designation for Cisco ISR G2 routers?

It is an IOS version that, at the request of some countries, removes any strong cryptographic functionality.​*

It is an IOS version that provides only the IPBase feature set.

It is an IOS version that offers all of the Cisco IOS Software feature sets.

It is an IOS version that can only be used in the United States of America.


Which statement describes a difference between the IOS 15.0 extended maintenance release and a standard maintenance release?

A new standard maintenance release will synchronize with the latest extended maintenance release before the extended is made available.

The extended maintenance release will deliver new IOS features as soon as they are available.

They consist of two separate parallel trains.

The standard maintenance release enables faster IOS feature delivery than the extended maintenance release does.*


A network administrator configures a router with the command sequence:

R1(config)# boot system tftp://c1900-universalk9-mz.SPA.152-4.M3.bin
R1(config)# boot system rom

What is the effect of the command sequence?

The router will copy the IOS image from the TFTP server and then reboot the system.

The router will search and load a valid IOS image in the sequence of flash, TFTP, and ROM.

On next reboot, the router will load the IOS image from ROM.

The router will load IOS from the TFTP server. If the image fails to load, it will load the IOS image from ROM.*


Which command would a network engineer use to find the unique device identifier of a Cisco router?

show running-configuration

show license udi*

license install stored-location-url

show version


Which command is used to configure a one-time acceptance of the EULA for all Cisco IOS software packages and features?

license save

license accept end user agreement*

show license

license boot module module-name


How long is the evaluation license period for Cisco IOS Release 15.0 software packages?

30 days

15 days

60 days*

180 days


Which IOS 12.4 software package integrates full features, including voice, security, and VPN capabilities, for all routing protocols?

Service Provider Services

Advanced Enterprise Services*

Advanced Security

Advanced IP Services

10 
A network engineer is upgrading the Cisco IOS image on a 2900 series ISR. What command could the engineer use to verify the total amount of flash memory as well as how much flash memory is currently available?

show version

show interfaces

show startup-config

show flash0:*

11 
Which three software packages are available for Cisco IOS Release 15.0?

Security*

Advanced IP Services

IPVoice

DATA*

Enterprise Services

Unified Communications*

12 
Fill in the blank. Do not use abbreviations.
The license ” install ” flash0:seck9-C1900-SPE150_K9-FAB12340099.xml command will restore the specified saved Cisco IOS Release 15 license to a router.

13 
A newly hired network engineer wants to use a 2911 router from storage. What command would the technician use to verify which IOS technology licenses have been activated on the router?

show interfaces

show flash0:

show version

show license*

show startup-config

14 
When a customer purchases a Cisco IOS 15.0 software package, what serves as the receipt for that customer and is used to obtain the license as well?

Product Activation Key*

Unique Device Identifier

Software Claim Certificate

End User License Agreement

15 
The customer of a networking company requires VPN connectivity for workers who must travel frequently. To support the VPN server, the customer router must be upgraded to a new Cisco IOS software version with the Advanced IP Services feature set. What should the field engineer do before copying the new IOS to the router?

Issue the show version and the show flash commands to ensure that the router has enough memory and file space to support the new IOS image.*

Set the router to load the new IOS image file directly from the TFTP server on the next reboot.

Delete the currently installed IOS by using the erase flash: command, and reload the router

Issue the show running-configuration command to determine the features of the currently installed IOS image file.

16 
What is the major release number in the IOS image name c1900-universalk9-mz.SPA.152-3.T.bin?

2

3

52

1900

15*

17


Place the options in the following order: 
universalk9 

mz 
c1900 
– not scored – 
M4 

bin 
15

18


Place the options in the following order: 
[+] branches from another train 
[+] has the latest features 
[#] possibly is 12.4 
[#] contains mostly bug fixes

[+] Order does not matter within this group.
[#] Order does not matter within this group.

CCNA 3 v5 SN Chapter 8 Exam Answers 2014

CCNA 3 v5 SN Chapter 8 Exam Answers 2014 

Scaling Networks


Which command can be issued on a router to verify that automatic summarization is enabled?

show ip eigrp neighbors

show ip protocols*

show ip interface brief

show ip eigrp interfaces


Which address best summarizes the IPv6 addresses 2001:DB8:ACAD::/48, 2001:DB8:9001::/48, and 2001:DB8:8752::/49?

2001:DB8:8000::/48

2001:DB8:8000::/36

2001:DB8:8000::/47

2001:DB8:8000::/34*

3


Refer to the exhibit. Router R3 is receiving multiple routes through the EIGRP routing protocol. Which statement is true about the implementation of summarization in this network?

Automatic summarization has been enabled only for the 172.21.100.0/24 network.

Automatic summarization is enabled on neighboring routers​.

Automatic summarization is disabled on a per-interface basis.

Automatic summarization is disabled on R3.*

4


Refer to the exhibit. Considering that R2, R3, and R4 are correctly configured, why did R1 not establish an adjacency with R2, R3, and R4?

because the automatic summarization is enabled on R1

because the IPv4 address on Fa0/0 interface of R1 is incorrect

because the Fa0/0 interface of R1 is declared as passive for EIGRP*

because there is no network command for the network 192.168.1.0/24 on R1


In which IOS CLI mode must a network administrator issue the maximum-paths command to configure load balancing in EIGRP?​

router configuration mode*

interface configuration mode

global configuration mode

privileged mode


Two routers, R1 and R2, have established an EIGRP neighbor relationship, but there is still a connectivity problem. Which issue could be causing this problem?​

a process ID mismatch

an authentication mismatch

an access list that is blocking advertisements from other networks*

automatic summarization that is disabled on both routers

7


Refer to the exhibit. Remote users are experiencing connectivity problems when attempting to reach hosts in the 172.21.100.0 /24 network. Using the output in the exhibit, what is the most likely cause of the connectivity problem?

The GigabitEthernet 0/1 interface is not participating in the EIGRP process.*

The hello timer has been modified on interface GigabitEthernet 0/1 of R3 and not on the neighbor, causing a neighbor adjacency not to form.

The passive-interface command is preventing neighbor relationships on interface GigabitEthernet 0/0.

The GigabitEthernet interfaces are not limiting the flow of EIGRP message information and are being flooded with EIGRP traffic.


In which scenario will the use of EIGRP automatic summarization cause inconsistent routing in a network?

when there is no common subnet that exists between neighboring routers

when the routers in an IPv4 network have mismatching EIGRP AS​ numbers

when there is no adjacency that is established between neighboring routers

when the routers in an IPv4 network are connected to discontiguous networks with automatic summarization enabled*

9


Refer to the exhibit. Routers R1 and R2 are directly connected via their serial interfaces and are both running the EIGRP routing protocol. R1 and R2 can ping the directly connected serial interface of their neighbor, but they cannot form an EIGRP neighbor adjacency.

What action should be taken to solve this problem?

Configure the same hello interval between the routers.

Configure EIGRP to send periodic updates.

Enable the serial interfaces of both routers.

Configure both routers with the same EIGRP process ID.*

10


Refer to the exhibit. Which statement accurately reflects the configuration of routing on the HQ router?

The IP address assigned to the GigabitEthernet0/0 interface is 172.16.2.0 255.255.255.0.

A static default route was configured on this router.*

A static default route was learned via EIGRP routing updates.

The static default route should be redistributed using the default-information originate command.​

11


Refer to the exhibit. Which statement is supported by the output?

The route to 192.168.1.1 represents the configuration of a loopback interface.

A static default route has been manually configured on this router.

A default route is being learned through an external process.*

Summarization of routes has been manually configured.

12


Refer to the exhibit. Which two routes will be advertised to the router ISP if autosummarization is disabled? (Choose two.)

10.1.2.0/24*

10.1.4.0/28

10.1.4.0/30*

10.1.4.0/24

10.1.0.0/16

13


Refer to the exhibit. A network administrator has configured EIGRP authentication between routers R1 and R2. After the routing tables are reviewed, it is noted that neither router is receiving EIGRP updates. What is a possible cause for this failure?

The same autonomous system numbers must be used in the interface configurations of each router.*

The key string should be used in interface mode instead of the key chain.

The same number of key strings must be used on each router.

The same key chain name must be used on each router.

The authentication configuration is correct, issue the show ip eigrp neighbors command to troubleshoot the issue.

14 
Two routers, R1 and R2, share a 64 kb/s link. An administrator wants to limit the bandwidth used by EIGRP between these two routers to 48 kb/s. Which command is used on both routers to configure the new bandwidth setting?

ip bandwidth-percent eigrp 100 48

ip bandwidth-percent eigrp 100 75*

ip bandwidth-percent eigrp 75 100

ip bandwidth-percent eigrp 64 48

ip bandwidth-percent eigrp 100 64

15 
Which three statements are advantages of using automatic summarization? (Choose three.)

It decreases the number of entries in the routing table.*

It reduces the frequency of routing updates.*

It ensures that traffic for multiple subnets uses one path through the internetwork.*

It maximizes the number of routes in the routing table.

It improves reachability in discontiguous networks.

It increases the size of routing updates.

16


Refer to the exhibit. After the configuration shown is applied on router R1, the exhibited status message is displayed. Router R1 is unable to form a neighbor relationship with R2 on the serial 0/1/0 interface. What is the most likely cause of this problem?

The passive-interface command should have been issued on serial 0/1/0.

The IPv4 address configured on the neighbor that is connected to R1 serial 0/1/0 is incorrect.*

The hello interval has been altered on serial 0/1/0 and is preventing a neighbor relationship from forming.

The network statement used for EIGRP 55 does not enable EIGRP on interface serial 0/1/0.

The networks that are configured on serial 0/0/0 and serial 0/1/0 of router R1 are overlapping.

17 
What is a characteristic of manual route summarization?

requires high bandwidth utilization for the routing updates

has to be configured globally on the router

reduces total number of routes in routing tables*

cannot include supernet routes​

18 
Fill in the blank. Do not use abbreviations.
The ” passive-interface ” command causes an EIGRP router to stop sending hello packets through an interface.

19


Refer to the exhibit. A network administrator has issued the shown commands. The EIGRP routing domain has completely converged and a network administrator is planning on configuring EIGRP authentication throughout the complete network. On which two interfaces should EIGRP authentication be configured between R2 and R3? (Choose two.)

gig 0/0 of R3

serial 0/1/0 of R4

serial 0/1/0 of R2*

serial 0/0/1 of R2

serial 0/0/1 of R3*

20 
Fill in the blank. Do not use abbreviations.
What is the command that should be issued on a router to verify that EIGRP adjacencies were formed?​

” show ip eigrp neighbor ”

21

Launch PT   Hide and Save PT
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

R1 and R2 could not establish an EIGRP adjacency. What is the problem?​

EIGRP is down on R2.

EIGRP is down on R1.*

R1 Fa0/0 link local address is wrong.

R1 Fa0/0 and R2 Fa0/0 are on different networks.

R1 Fa0/0 is not configured to send hello packets.

22


Refer to the exhibit. A network administrator has attempted to implement a default route from R1 to the ISP and propagate the default route to EIGRP neighbors. Remote connectivity from the EIGRP neighbor routers to the ISP connected to R1 is failing. Based on the output from the exhibit, what is the most likely cause of the problem?

There are no EIGRP neighbor relationships on R1.

The command default-information originate has not been issued on R1.

The network statement for the ISP connection has not been issued.

The command redistribute static has not been issued on R1.*

The ip route command must specify a next-hop IP address instead of an exit interface when creating a default route.

23


Refer to the exhibit. All networks are active in the same EIGRP routing domain. When the auto-summary command is issued on R3, which two summary networks will be advertised to the neighbors? (Choose two.)

172.16.3.0/24

172.16.0.0/16*

192.168.10.0/24*

192.168.10.0/30

192.168.1.0/30

CCNA 3 v5 SN Chapter 7 Exam Answers 2014

CCNA 3 v5 SN Chapter 7 Exam Answers 2014 

Scaling Networks

1


Place the options in the following order: 
first 
– not scored – 
third 
second

2


Refer to the exhibit. Which command should be used to configure EIGRP to only advertise the network that is attached to the gigabit Ethernet 0/1 interface?

network 172.16.23.64 0.0.0.63*

network 172.16.23.0 255.255.255.192

network 172.16.23.64 0.0.0.127

network 172.16.23.0 255.255.255.128


What is the purpose of using protocol-dependent modules in EIGRP?

to accommodate routing of different network layer protocols*

to identify different application layer protocols

to describe different routing processes

to use different transport protocols for different packets


Which statement describes a characteristic of the delivery of EIGRP update packets?

EIGRP sends all update packets via unicast.

EIGRP uses a reliable delivery protocol to send all update packets.*

EIGRP uses UDP to send all update packets.

EIGRP sends all update packets via multicast.


A new network administrator has been asked to verify the metrics that are used by EIGRP on a Cisco device. Which two EIGRP metrics are measured by using static values on a Cisco device? (Choose two.)

bandwidth*

MTU

delay*

load

reliability


Which protocol is used by EIGRP to send hello packets?

RTP*

TCP

UDP

IP


Which destination MAC address is used when a multicast EIGRP packet is encapsulated into an Ethernet frame?

01-00-5E-00-00-09

01-00-5E-00-00-10

01-00-5E-00-00-0A*

01-00-5E-00-00-0B

8


Place the options in the following order: 
– not scored – 
EIGRP for IPv4 only 
both EIGRP for IPv4 and EIGRP for IPv6 
EIGRP for IPv6 only

9


Refer to the exhibit. R2 has two possible paths to the 192.168.10.4 network. What would make the alternate route meet the feasibility condition?

a reported distance greater than 41024000

a feasible distance greater than 41024000

an administrative distance less than 170

a reported distance less than 3523840*

10


Refer to the exhibit. Which two networks contain feasible successors? (Choose two.)

192.168.51.0

10.44.101.252

10.44.104.253

10.44.100.252*

192.168.71.0*
11 
If all router Ethernet interfaces in an EIGRP network are configured with the default EIGRP timers, how long will a router wait by default to receive an EIGRP packet from its neighbor before declaring the neighbor unreachable?

10 seconds

15 seconds*

20 seconds

30 seconds

12 
Which command or commands must be entered on a serial interface of a Cisco router to restore the bandwidth to the default value of that specific router interface?

shutdown
no shutdown

bandwidth 1500

copy running-config startup-config
reload

no bandwidth*

13 
Which EIGRP route would have the preferred administrative distance?

a summary route*

an internal route

an external route that is redistributed from RIP

an external route that is redistributed from OSPF

14 
How do EIGRP routers establish and maintain neighbor relationships?

by comparing known routes to information received in updates

by exchanging routing tables with directly attached routers

by dynamically learning new routes from neighbors

by exchanging hello packets with neighboring routers*

by exchanging neighbor tables with directly attached routers

15 
When an EIGRP-enabled router uses a password to accept routes from other EIGRP-enabled routers, which mechanism is used?

EIGRP authentication*

Diffusing Update Algorithm

Reliable Transport Protocol

bounded updates

partial updates

16 
What is indicated when an EIGRP route is in the passive state?

The route has the highest path cost of all routes to that destination network.

The route is a feasible successor and will be used if the active route fails.

The route is viable and can be used to forward traffic.*

There is no activity on the route to that network.

The route must be confirmed by neighboring routers before it is put in the active state.

17 
Which three metric weights are set to zero by default when costs in EIGRP are being calculated? (Choose three.)

k6

k3

k5*

k4*

k2*

k1

18 
Why would a network administrator use a wildcard mask in the network command when configuring a router to use EIGRP?

to send a manual summarization

to exclude some interfaces from the EIGRP process*

to subnet at the time of the configuration

to lower the router overhead

19 
Which table is used by EIGRP to store all routes that are learned from EIGRP neighbors?

the adjacency table

the routing table

the topology table*

the neighbor table

20 
Where are EIGRP successor routes stored?

only in the routing table

in the routing table and the topology table*

only in the neighbor table

in the routing table and the neighbor table

21

Launch PT – Hide and Save PT
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Which code is displayed on the web server?

Done

Complete*

EIGRP

IPv6EIGRP

22 
Which command is used to display the bandwidth of an interface on an EIGRP-enabled router?

show ip protocols

show interfaces*

show ip interface brief

show ip route

23 
Fill in the blank.
In an EIGRP topology table, a route that is in a/an ” active ” state will cause the Diffusing Update Algorithm to send EIGRP queries that ask other routers for a path to this network.

CCNA 3 v5 SN Chapter 6 Exam Answers 2014

CCNA 3 v5 SN Chapter 6 Exam Answers 2014 

Scaling Networks


The network administrator has been asked to summarize the routes for a new OSPF area. The networks to be summarized are 172.16.8.0, 172.16.10.0, and 172.16.12.0 with subnet masks of 255.255.255.0 for each network. Which command should the administrator use to forward the summary route for area 15 into area 0?

area 15 range 172.16.8.0 255.255.255.248

area 0 range 172.16.8.0 255.255.248.0

area 0 range 172.16.8.0 255.255.255.248

area 15 range 172.16.8.0 255.255.248.0*


Fill in the blank.
The ” backbone ” area interconnects with all other OSPF area types.

3

Place the options in the following order: 
backbone router 
– not scored – 
internal router 
Autonomous System Boundary Router 
Area Border Router


Fill in the blank. Do not use acronyms.
OSPF type 2 LSA messages are only generated by the ”  DR  ” router to advertise routes in multiaccess networks.


What is one advantage of using multiarea OSPF?

It improves the routing efficiency by reducing the routing table and link-state update overhead.*

It enables multiple routing protocols to be running in a large network.

It increases the routing performance by dividing the neighbor table into separate smaller ones.

It allows OSPFv2 and OSPFv3 to be running together.


A network administrator is verifying a multi-area OSPF configuration by checking the routing table on a router in area 1. The administrator notices a route to a network that is connected to a router in area 2. Which code appears in front of this route in the routing table within area 1?

O IA*

O

C

O E2

7


Refer to the exhibit. What can be concluded about network 192.168.4.0 in the R2 routing table?

This network should be used to forward traffic toward external networks.

The network was learned from a router within the same area as R2.*

The network was learned through summary LSAs from an ABR.

The network can be reached through the GigabitEthernet0/0 interface.


An ABR in a multiarea OSPF network receives LSAs from its neighbor that identify the neighbor as an ASBR with learned external networks from the Internet. Which LSA type would the ABR send to other areas to identify the ASBR, so that internal traffic that is destined for the Internet will be sent through the ASBR?

LSA type 1

LSA type 2

LSA type 3

LSA type 4*

LSA type 5


Which three steps in the design and implementation of a multiarea OSPF network are considered planning steps? (Choose three.)

Configure OSPF.

Define the OSPF parameters.*

Troubleshoot the configurations.

Gather the required parameters.*

Define the network requirements.*

Verify OSPF.

10 
Fill in the blank. Use a number.
An ASBR generates type ” 5 ” LSAs for each of its external routes and floods them into the area that it is connected to.

11


Refer to the exhibit. What is indicated by the O IA in the router output?

The route was learned from within the area.

The route was learned from outside the internetwork.

The route was manually configured.

The route was learned from another area.*

12 
Which command can be used to verify the contents of the LSDB in an OSPF area?

show ip route ospf

show ip ospf database*

show ip ospf interface

show ip ospf neighbor

13 
Which statement describes a multiarea OSPF network?

It has a core backbone area with other areas connected to the backbone area.*

It has multiple routers that run multiple routing protocols simultaneously, and each protocol consists of an area.

It consists of multiple network areas that are daisy-chained together.

It requires a three-layer hierarchical network design approach.

14 
Which characteristic describes both ABRs and ASBRs that are implemented in a multiarea OSPF network?

They usually have many local networks attached.

They both run multiple routing protocols simultaneously.

They are required to perform any summarization or redistribution tasks.*

They are required to reload frequently and quickly in order to update the LSDB.

15 
Where can interarea route summarization be performed in an OSPF network?

ABR*

any router

DR

ASBR

16


Refer to the exhibit. Which two statements are correct? (Choose two.)

The entry for 172.16.200.1 represents a loopback interface.

To reach network 172.16.2.0, traffic will travel through the GigabitEthernet0/0 interface.

To reach network 192.168.1.0, traffic will exit via the Serial0/0/0 interface​.*

The routing table contains routes from multiple areas.*

The routing table contains two intra-area routes.

17

Launch PT  Hide and Save PT
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
What is preventing users who are connected to router R2 from accessing resources located either within the network 192.168.1.0 or the internet?

The router R2 is not receiving any updates from either router R1 or R3.*

The default route is not redistributed correctly from the router R1 by OSPF.

The OSPF timers that are configured on routers R1, R2, and R3 are not compatible.

The interface that is connected to the ISP is down.

The OSPF network statements are misconfigured on one of the routers.

18 
Which two statements correctly describe OSPF type 3 LSAs? (Choose two.)

Type 3 LSAs are used to update routes between OSPF areas.*

Type 3 LSAs are known as router link entries​.

Type 3 LSAs are used for routes to networks outside the OSPF autonomous system​.

Type 3 LSAs are known as autonomous system external LSA entries.​

Type 3 LSAs are generated without requiring a full SPF calculation.​*

19 
A network administrator is implementing OSPF in a portion of the network and must ensure that only specific routes are advertised via OSPF. Which network statement would configure the OSPF process for networks 192.168.4.0, 192.168.5.0, 192.168.6.0, and 192.168.7.0, now located in the backbone area, and inject them into the OSPF domain?

r1(config-router)# network 192.168.0.0 0.0.0.255 area 1

r1(config-router)# network 192.168.4.0 0.0.255.255 area 0

r1(config-router)# network 192.168.4.0 0.0.15.255 area 1

r1(config-router)# network 192.168.0.0 0.0.3.255 area 0

r1(config-router)# network 192.168.4.0 0.0.3.255 area 0*

r1(config-router)# network 192.168.4.0 0.0.3.255 area 1

20 
Which two networks are part of the summary route 192.168.32.0/22? (Choose two.)

192.168.35.0/24*

192.168.36.0/24

192.168.33.0/24*

192.168.31.0/24

192.168.37.0/24

192.168.38.0/24

21


Refer to the exhibit. Fill in the blank. Do not use abbreviations.
The “network 192.168.10.128 0.0.0.127 area 1” command must be issued to configure R1 for multiarea OSPF.​