|
1月30日过了902,今天np 832 千分顺利收官啦,算是圆满啦!! 902题库全覆盖,建议还是以理解为主,毕竟考NP也是为了有份更好工作,能力到底达到哪个水平,我想技术面试一聊就也大概知道,所以还是脚踏实地学习学习 832考试建议注重理解,并不建议直接背题,只要理解了其实不用背你也知道答案了
u- h* J! M& e" h. y H [7 T
1.先说说我自己的做题步骤,首先先把HSRP和IPv6 这两个拿下,没什么好说,直接看题干 HSRP(看题干) HSRPhas been configurationured between DSW1 and DSW2. DSW1 is configurationured tobe activerouter but it never becomes active even though the HSRP(DSW1没有成为active) communicationbetween DSW1 and DSW2 is working. | Configuration on DSW1 track 1 ip route 10.1.21.128 255.255.0.0 metric threshold threshold metric up 1 down 2 ! track 10 ip route 10.2.21.128 255.255.255.0 metric threshold threshold metric up 63 down 64 ! interface Vlan10 ip address 10.2.1.1 255.255.255.0 standby 10 ip 10.2.1.254 standby 10 priority 200 standby 10 preempt standby 10 track 1 decrement 60 | Configuration on R4 interface loopback0 ip address 10.2.21.128 255.255.255.0 故障原因:DSW1上的track ip route 使用错 解决方法:C. Under the interface vlan 10 configuration delete the standby 10 track 1 decrement 60 command and enter the standby 10 track 10 decrement 60 command. |
IPV6 OSPFV3(看题干) DSW1 andR4 cannot ping R2's loopback or R2's s0/0/0/0.12 IPv6 address. Initial troubleshooting showsand R2 is not an OSPFv3 neighbor on R3 | Configuration on R2: ipv6 unicast-routing ! ipv6 router ospf 6 router-id 2.2.2.2 ! interface s0/0/0/0.23 ipv6 address 2026::1:1/122 故障原因:R2的近端没有启用OSPFv3,没有与R3形成area0的邻居 解决方法:Under the interface Serial 0/0/0.23 configuration enter the ipv6 ospf 6 area 0 command. | Configuration on R3 ipv6 unicast-routing ! ipv6 router ospf 6 router-id 3.3.3.3 ! interface s0/0/0/0.23 ipv6 address 2026::1:2/122 ipv6 ospf 6 area 0 |
0 p3 a0 w3 V9 D ]4 a( A; l% d; O
2.排除L2的错误,L2的错误一共有5个,直接在C1上ping 网关,如果发现不同,肯定就是以下5种原因DHCP,port security,VLAN ACCESS,TRUNK,VACL DHCP(C1地址为169开头) Client 1 and Client 2 are getting a 169.x.x.x IP address and are not ableto ping DSW1 or the FTP Server. They are able to ping each other. Configuration onR4 ! no ip domain lookup ip dhcp excluded-address 10.2.1.110.2.1.253 ! ip dhcp pool TSHOOT network 10.2.1.0 255.255.255.0 default-router 10.2.1.254 ! 故障原因:R4上的DHCP配置把整个地址池的地址都exclude了 解决方法:Under the global configuration, issue the no ipdhcp excluded-address 10.2.1.1 10.2.1.253 command and enter the ip dhcpexcluded-address 10.2.1.1 10.2.1.2 command ip dhcp excluded-address 10.2.1.254 我的解题方式:直接在R4上敲 show ip pool 这里留意输出 如果故障是DHCP 配置错误造成,输出最后一行第一段的IP是0.0.0.0 ,如果不是DHCP配置错误造成则会显示分配出去的IP PORT SECURITY(C1地址为169开头) Client one is getting a 169.x.x.x IP address and is not able to pingClient 2 or DSW1. Inital troubleshooting shows that port Fa1/0/1 on ASW1 is in errdisable state.(C1ping不通C2和DSW1) Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport port-security switchport port-security mac-address0000.0000.0001 Interface FastEthernet1/0/2 switchport mode access switchport port-security switchport port-security mac-address 0000.0000.0002 故障原因:ASW1配置了port security,指定的MAC不是C1的 解决方法:In Configuration mode, using the interface rangeFa 1/0/1 -2, then no switchport-security,followed by shutdown,noshutdown interface configuration commands 没什么好说,直接ASW1上show run 留意fa1/0/1 和fa1/0/2 Access VLAN(C1地址为169开头) Client 1 and Client 2 are getting a 169.x.x.x IP address and are not ableto ping DSW1 or the FTP Server. They are able to ping each other. Configuration on ASW1 Interface FastEthernet1/0/1 switchport mode access switchport access vlan 1 故障原因:ASW1上的f0/1和f0/2都没有加入到VLAN 10 解决方法:In Configuration mode, using the interface rangeFastethernet 1/0/1 -2, then switchport accessvlan 10 command ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 1 我的解题方式:直接ASW1上 show vlan 看输出结果,vlan 10 里面是否有fa1/0/1和fa1/0/2接口 TRUNK(C1地址为169开头) Client 1and Client 2 are getting a 169.x.x.x IP address and are not able to ping DSW1or the FTP Server. They are able to ping each other. Configuration on ASW1 | Interface PortChannel13 switchport mode trunk switchport trunk allowed vlan 1-9 这里要注意的是:题库里面给出的和实际考试是有区别的 这里实际考试是 switchport trunk allowed vlan 20,200 !但是并不影响正确的答案选择 Interface PortChannel23 switchport mode trunk switchport trunk allowed vlan 1-9 switchport trunk allowed vlan 20,200 ! | Interface FastEthernet1/0/1 switchport mode access switchport access vlan 10 ! Interface FastEthernet1/0/2 switchport mode access switchport access vlan 10 ! |
故障原因: ASW1的trunk口port channel13和port channel23没有允许vlan10 解决方法:In Configuration mode, using the interface port-channel13, port-channel 23, then configure switchport trunk allowed vlan none followedby switport trunk allowed vlan 10,200 Commands 没什么好说,直接show run VACL(C1ping网关不通) Client 1 is getting an IP address from the DHCP server but is not able toping DSW1 or the FTP server. Configuration on DSW1(故障设备DSW1) vlan access-map test1 10 #故障原因:access map drop 了10.2.0.0/16流量 drop match ip address 10 ! vlan filter test1 vlan-list10 ! ip access-list standard 10 permit 10.2.0.00.0.255.255 ! Interface VLAN10 ip address 10.2.1.1 255.255.255.0 ! 解决方法:Under the global config modeenter no vlan filter test1 vlan-list 10 我的解题方式:在DSW1上直接show access-map 和 show vlan filter 如果有输出内容,则是因为VACL造成C1无法ping通209.65.200.21 3.L3的错误,只有有 EIGRP PASSVIE,OSPF AUTH,Redistribute PASSIVE(C1pingR4近端不通) the neighborship between R4 and DSW1 wasn’t establised. Client 1 can’tping R4 Configuration on R4 router eigrp 10 passive-interface default #故障原因:R4上设了passive,没有与DSW1形成EIGRP邻居 redistribute ospf 1 route-map OSPF->EIGRP network 10.1.4.4 0.0.0.3 network 10.1.4.8 0.0.0.3 default-metric 10000 100 255 1 10000 no auto-summary 解决方法:Remvoe ”Passive interface”in int f0/1 and f0/0 Redistribute(C1ping不通R4远端) Client 1is not able to reach the WebServer. Initial troubleshooting shows that DSW1 canping the Fa0/1interface of R4 but not the s0/0/0/0.34 interface. | Configuration on DSW1 router eigrp 10 network 10.1.4.4 0.0.0.0 CertKiller.com network 10.2.1.1 0.0.0.0 network 10.2.4.13 0.0.0.0 no auto-summary Configuration on DSW2 router eigrp 10 network 10.1.4.8 0.0.0.0 network 10.2.2.1 0.0.0.0 network 10.2.4.14 0.0.0.0 no auto-summary | Configuration on R4 router eigrp 10 network 10.1.4.5 0.0.0.0 no auto-summary redistribute ospf 1 metric 100 10 255 1 1500 route-mapEIGRP_to_OSPF router ospf 1 network 10.1.1.8 0.0.0.0 area 34 redistribute eigrp 10 subnets ! route-map EIGRP->OSPF match ip address 1 ! access-list 1 permit 10.0.0.0 0.255.255.255 access-list 1 permit 209.0.0.0 0.255.255.255 |
故障原因:R4上将OSPF重发布进EIGRP时写错route-map的名字 解决方法:Under EIGRP,delete redisospf 1 route-map OSPF_to_OSPF enther the redis ospf 1 route-map OSPF->EIGRP OSPF 认证(C1ping不通R1近端) Client 1 is able to ping 10.1.1.2 but not 10.1.1.1.Initial troubleshooting shows that R1 does not have any OSPF neighbors or any OSPF routes | Configuration on R1: router ospf 1 log-adjacency-changes network 10.1.1.0 0.0.0.3 area 12 default-information originate always ! interfaceSerial0/0/0/0.12 point-to-point ip address 10.1.1.1 255.255.255.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT 这里R1上少配了一句 | Configuration on R2: router ospf 1 log-adjacency-changes network 10.1.1.0 0.0.0.3 area 12 ! interfaceSerial0/0/0/0.12 point-to-point ip address 10.1.1.2 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 TSHOOT |
故障原因:R1上与R2相连的接口没有启用OSPF认证,没形成邻居 解决方法:enable OSPF Auth on thes0/0/0 interface using the ip ospf authentication message-digest command 4.R1上的错误有3个NAT,BGP,ACL NAT(C1和C2都ping不通Web,但是其他设备可以) Client 1 and Client 2 are not able to reach the WebServer at209.65.200.241. Initial troubleshooting shows that DSW1, DSW2 and all the routers are able toreach the WebServer. Configuration on R1 ip nat inside source list nat_pool interface Serial0/0/0/1 overload ! ip access-list standard nat_pool permit 10.1.0.0 ! interface Serial0/0/0/1 ip address 209.65.200.224 255.255.255.252 ip nat outside ! interfaceSerial0/0/0/0.12 ip address 10.1.1.1 255.255.255.252 ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ip ospd authentication message-digest 故障原因:R1上的NAT没有permit C1和C2所在的网段10.1.2.0 解决方法:Under the ip access-list standar nat_traficconfiguration enter the permit 10.2.0.0 0.0.255.255 command BGP(C1ping得通BGP直连地址但ping不通web) Client 1 is able to ping 209.65.200.226 but not the Web Server at209.65.200.241. Initial troubleshooting shows and R1 does not have any BGP routes. R1 also does not show any active BGP neighbor Configuration on R1 router bgp 65001 no synchronization bgp log-neighbor-changes network 209.65.200.224 mask 255.255.255.252 neighbor 209.56.200.226 remote-as 65002 no auto-summary 故障原因:R1上的BGP neighbor地址写错 解决方法:D Under the BGP process, delete the neighbor 209.56.200.226 remote-as65002 command enter the neighbor 209.65.200.226 remote-as 65002 command ACL(除了R1,其他设备都ping不通web) Client 1is not able to reach the WebServer at 209.65.200.241. Initial troubleshootingshows that R1 is also not able to reach the WebServer. R1 also doesnot have anyactive BGP neighbor. Configuration on R1 routerbgp 65001 nosynchronization bgplog-neighbor-changes network209.65.200.224 mask 255.255.255.252 neighbor209.65.200.226 remote-as 65002 noauto-summary ! access-list30 permit host 209.65.200.241 access-list30 deny 10.1.0.0 0.0.255.255 access-list30 deny 10.2.0.0 0.0.255.255 ! interface Serial0/0/0/1 ip address 209.65.200.224 255.255.255.252 ip nat outside ip access-group 30 in 故障原因:R1上配在串口in方向的ACL没有允许NAT转换后的网段209.65.200.224/32 解决方法:Under ip access-list edge-list edge_securityconfig add the permit ip 209.65.200.224 0.0.0.3 any
832
832解题步骤
/ t z7 C/ r; ?, _ y: m, K6 h" }1 i: S) G7 I; u! w. ~, i' u8 J9 J, l3 c
! Q5 L* }) z3 ^4 z9 H: [6 H; k( [
% y: A$ l5 G, K$ E, P; X
| 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
发表于 2013-2-4 13:57:28
置顶卡
喧嚣卡
变色卡
千斤顶
厉害!!!!!
