- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒
|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!
( a3 G& ?" X: @$ y. J- x, y对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!
9 ?* M% A2 t, T J% E% i0 C4 i! d3 G% x U: K7 j: X
首先比较感谢
. `3 D& p' b2 h, i2 |$ g2 VNP642-832备考QQ群:105918054
- [3 H) v6 Q6 s的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版)
% {; b) O5 U, R) G' X给我提供了类似CCIE排错考试的.net文件
- s: \8 Y5 I% @* x$ f7 o% qautostart = False& P- O" h* s7 f; l9 l' y
[localhost]! s+ K* G3 y D5 j& E. C6 h5 q) g
port = 7200
: B4 x" h8 B: F. i udp = 10000
+ E3 ] x( D! T workingdir = ..\tmp\
6 R. `7 A8 Q: X9 M o/ @ 6 e$ S5 t2 {* A; ~8 Z1 ]
[[3725]]
, X# y7 j% d/ z2 X image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin
- t( L j9 D' w ram = 128
6 Z5 r5 @. ~4 B& Y; _0 D confreg = 0x2102 H7 h" w* q4 z M7 T# i8 G
exec_area = 64
: A- Y8 i! k: q# e/ T4 N, R# Z mmap = False
4 [. b$ L0 Y5 W3 S$ B slot1 = NM-16ESW
' ~& H& c# L! H [[2621]]% R) y9 r1 i8 _7 _- x" _
image = ..\ios\unzip-c2600-i-mz.121-3.T.bin
5 Y! {6 S& `3 t2 v' k# g ram = 20* [6 f* e2 y* u/ L9 O7 p
mmap = False
; W9 S+ w3 _. N5 Q, H& u& C confreg = 0x2102" s. Q c: J H* o: t3 S- g2 T7 _9 z
ghostios = true2 {* y5 g$ T r6 o: S" ~
sparsemem = true
4 h; k- m* Y0 Z# [[2691]]- U3 w) P* X- V5 P6 z
# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin c- v0 g& i" o" N6 _1 y, j6 i
# ram = 100
2 z4 M4 g% I0 _, w4 @. H$ r; |# confreg = 0x2142- R# ], n/ u4 {9 X7 v$ l
# exec_area = 64
+ h( y1 ^! Y M; d/ {$ N# mmap = False1 i. y% t+ a4 ^* C6 X% B4 O
# slot1 = NM-4T2 l* W6 J4 d9 B" `! X7 _. S
[[7200]]
) h$ R* e0 w9 ?, y5 ? image = ..\IOS\unzip-c7200-js-mz.123-20.bin$ t' Q* a6 R- T( b) _
npe = npe-400
4 D8 |5 t% P O7 q ram = 96
; ^8 { s% h; h2 e/ [ confreg = 0x2102
! F4 L1 U- T; k* x8 d exec_area = 640 t/ z# C; Q3 V
mmap = False
. J7 \1 Y. ~% D' j( `: j slot0 = PA-C7200-IO-2FE
% C- n8 d0 D$ i5 ^ slot1 = PA-4T
4 _) ]/ `! B1 H; M1 b3 p [[router Client1]]) \' o% n a% {: g
model = 2621( b1 ` _/ C3 {% ]: P
console = 3011
2 z2 W; {6 z7 D9 z) P$ D f0/0 = ASW1 F1/1 " q, |6 c+ v$ Z, j* `6 O8 M, n
[[router Client2]]
* l$ ?* ~& x% j/ @% W model = 2621. I/ G; L& p: \ d( T, _
console = 30128 U9 c4 V; x9 r4 G& e
f0/0 = ASW1 F1/2
/ _) B z5 a) w. q [[router FTP]]- M2 F% k( h0 O$ q0 }+ O4 n3 f( I
model = 2621+ }* C. b$ z1 q3 I$ I4 H' m# ?( v- X1 I
console = 30130 Q% _; }. ?" z; h" u
f0/0 = ASW2 F1/1 6 p2 N A1 @$ y# A6 V) D! I' n3 a0 T
[[router WEB]]+ u3 n F" S8 a. V; X8 L+ Y
model = 26215 w- B& Z3 Q( M. j, P/ V! T
console = 3014
$ e/ _* X+ M x" ~ f0/0 = Cloud F0/0 : L$ @2 A9 p7 o4 b* Q4 t3 S
[[router ASW1]]
m$ h* [! A9 p* C3 ^ model = 37256 |: p7 H% ]- T, n
console = 2001
0 V# E# k4 b! [5 `2 n1 I1 m$ L& W f1/10 = DSW1 f1/10
) G3 |; V6 `2 \; Q1 B. {: O f1/11 = DSW1 f1/115 u) b5 @+ v9 c9 ~: o# n$ ^( | G3 d
f1/12 = DSW2 f1/128 S. J0 r" V+ i! A( e6 _
f1/13 = DSW2 f1/137 v9 k+ y9 q9 i3 p" g+ V
[[router ASW2]]
1 z. G$ W% H6 i' L1 ?9 X model = 3725+ \+ m$ T0 D/ h7 b5 o
console = 2002
: u9 {+ Q+ i% ^4 n! t- a! z; I f1/10 = DSW2 f1/10) s9 S& \2 L3 d. q
f1/11 = DSW2 f1/11; Y# F e! Y: @7 [1 w2 k
f1/12 = DSW1 f1/126 R9 w+ j3 i1 k7 X) r( A* e4 i
f1/13 = DSW1 f1/13
% L4 q$ N/ E& u; Y9 ^! K [[router DSW1]]
5 U) G+ B4 C6 @( Y6 I% S9 _( R model = 3725
; _; a: l; O4 r4 v console = 2003
- Y, T e9 e6 R: e/ w f1/14 = DSW2 f1/145 H/ {! S3 H" @
f1/15 = DSW2 f1/15
1 W3 K; I1 s% U9 l5 y [[router DSW2]]
: o1 a v- k; J% e3 Y) R model = 3725
% q1 V4 [& m: b. ]# q) p/ i' T console = 2004
& ]8 e4 T9 W4 d9 c1 a* P* i [[router R1]]& o* ]3 |5 k& Q/ S
model = 7200% D2 b! f6 i; l3 n4 b5 k% |3 m
console = 30015 u* f1 c; ]# _3 }6 P1 O
s1/0 = FR 1
2 J x! j$ _2 z; \ [[router R2]]* J5 m% R5 d# V4 X3 r
model = 7200; n: y, Z) `. b# Q- ~
console = 3002
3 H! g3 A5 s8 E s1/0 = FR 2
! q9 D4 e# P5 g# c0 z) G [[router R3]]( j7 X. e( M% I' p; P& C
model = 7200$ E# B& H9 ?+ N5 y/ T7 z
console = 30037 q3 A8 L- |/ X& M G) L
s1/0 = FR 3- ?. [" N- W* c
[[router R4]]
, c# k! ~8 w. u model = 7200
, j9 | C% K! C3 W8 _ console = 3004& T3 m; D' Y6 D+ I4 F
s1/0 = FR 48 Z, [& z, _, B
f0/0 = DSW1 f1/1& W. c! n& Z! i* E: F+ w% b+ i# u
f0/1 = DSW2 f1/1
; o5 u/ P6 \5 ]7 n2 G [[router Cloud]]% C& p, f g0 I6 ^3 e) ^
model = 72006 y; N+ Y0 r# N% o& d( g
console = 3005
! `& ?* N; N/ g8 T: o2 |) T: f s1/1 = R1 s1/1
, M' M c; v9 W- m' g3 w [[FRSW FR]]3 f' A5 d/ ~. [# K
1:102 = 2:2017 o) o6 ^4 U# e4 K3 ]
2:203 = 3:302 V6 B9 {3 m" t- \/ f6 M% b' ^
3:304 = 4:403
. R5 K! @0 n0 s7 o# Y有了初始TroubleShoting!让我去排错!
5 V) B( k# K" y考试时间应该是140+20分钟' P" A% B' {, I. {* x$ i1 r3 D- R T
题目数量45–55 questions# x; L8 E* R4 E6 _; p# R
16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!6 O% y- O: a7 T$ C% \9 D' M' b
然后是一个大实验排错题!(差不多30个环境排错)* V, K3 R5 e" |9 m& @" Z# h7 `$ t
有L2 TOP /L3 TOP/IPv6 TOP
9 j& f6 j* t5 s: |4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的)5 K# }2 Z. D' _, P( ^# g( s
类似:6 Y1 v# f- e* v* N, D1 m
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html
/ \3 ^/ e- ]4 P) p( j$ O涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!); z% a6 K5 N* u9 i& N( J9 i
EIGRP
/ V! I# H. Y8 H9 @OSPF
* H3 e$ l' a* o L) }2 Q& j" L* _1 |eBGP + ]9 ]' T' d/ G9 ^
Redistribution
0 n" m! _3 _3 B; dDHCP Client and Server , {% n: p1 m: A7 p# V' D O) \
NAT
# k2 {7 n! \( ~$ Q' AHSRP/VRRP/GLBP
8 o# W& f* p" |$ E0 |IPv6 Routing
( x# v2 L4 S( v, [+ P, m) u$ Q, S$ |IPv6 Transition Techniques
" M' R' t( B$ P% SL2 Trunking ' e5 q8 p. D8 i- r8 a9 j
L2 STP
- d$ s4 ]1 v$ M. I0 d$ s1 gL2 DTP 7 E4 [$ }- r. t4 i( ^
Private VLANs ) S: u1 i/ B" J0 G; s4 u
Port Security ( M# b: T" u' v, @" v7 h
Switch Security ! f2 _& b9 c* k( c& F6 V) f* ^: x
VACLs/PACLs
$ o+ h, X8 O" U c$ }L2 SVIs
% d+ `# b4 H4 Q( K3 ISupervisor Redundancy
1 W: j: P( g, NNTP+ ~ m& H( o0 o Y- [! R% H, }
Switch Support of Wireless, VOIP, and Video % V2 B5 @1 U* ?- y
Router Security & f$ ]% v$ x$ x' C/ D
ACLs " s! b4 t- _$ w$ Z! t
AAA # q0 z' Z' I6 W( b/ n
IOS Service Security
3 \: n/ \# F+ }! B我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!)! T: R+ r4 l2 y/ k
从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!* |5 t# x- e& [6 Q7 b
(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!
# a3 b, ^* Q2 g( Q( f9 P' g交换机 连接路由器的单臂路由接口!
; W& c/ z* @4 S' u5 J# T端口安全 L2的东西 还真多
2 D# E0 h% Z4 d( A/ p. G( |8 u不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!
8 a1 K o# \) ^5 ]7 H$ G(2)特别 注意NAT ip nat inside 打在主接口 是错误的!
! x# |# H( {2 P# B4 f(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!
8 v' X& j Y. }* t" ^$ }(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证
6 l2 h* ]% a+ Z3 E' ^) k$ J(5)ACL有错3 Q) B' A- {" A0 k2 G0 H" q
(6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对
V% m' R+ f+ Z. _: s(7)BGP的nei 不对 一直在active状态
0 f6 G* k+ d5 V$ t1 V0 U2 S(8)IPv6的OSPFv3 区域放错了!8 o5 A& V: M/ }$ T5 t
(9)HSRP的track 应该去掉!!5 S. ]) ?2 d( Z. u% T! G
Ticket, c. J: ?6 T+ z/ o3 t& q( S5 b
1) Client 1 is not able to ping the server
+ t8 q/ v; g" lSitution 1: Unable to ping DSW1(Use L2 Diagram)! J E2 G/ l" n* r9 g6 q
Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.36 o+ N; T- p0 i7 R* a; c
Ans1) DSW1
/ C" }! d" w% j# v8 h* u/ T: ~* D# ZAns2) Scroll down and click on vlan access map% q! I5 ~! ^ K
Ans3)No vlan filter 10
7 M. u. `) ^$ y+ t. n1 a2) Client 1 is not able to ping the server D# F* M. \4 @$ Y- k7 Z1 l
Situation2: Unable to ping DSW1(Use L2 Diagram)
" e8 B5 c( Y0 ^* g9 wOn ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there
/ G. z* b9 A! FAns1)ASW16 I* F* M3 _) ~
Ans2)Access vlan& H6 `9 C# s9 E4 Y, J. n8 N% {
Ans3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 102 u) c0 }" e2 H6 g- b8 [ q
3) Client 1 is not able to ping the server
8 v; e1 \0 d6 H- _# S: a' z$ USituation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)6 L4 T3 m: G% ~" T/ T5 F. r6 Z* e
Ans1)ASW12 P' s9 h! A7 @) O/ _9 g: M
Ans2)Switch to switch connectivity
4 E% @/ z, z0 [$ b6 b% aAns3)on port channel 23 give switchport trunk allowed vlan 10,200# \8 ~ F. \7 D' ^4 C' J/ Z
4) Client 1 is not able to ping the server) w( {5 w8 X2 c7 v' Z6 b! _8 G
Situation4: Unable to ping DSW1(User layer 2).
+ I6 m" f0 ]7 Z: c9 C" S, sunder running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002.
. N! B- M+ i, x; P8 d9 C% fAlso check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled
/ l1 J" a0 Q, z( r2 mAns1)ASW1
$ y6 y' [3 L" OAns2)Port security
$ |/ y# h+ _2 r2 q7 Y/ K: LAns3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut.7 @$ d: N: S, Z7 s$ N
5) Client 1 is not able to ping the server
+ z% d5 `" q+ i" ^2 [Situation 5: Unable to ping R4 fast ethernet port from dsw1.
: z2 E( P/ z l* Y. tcheck ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3)) Z$ x$ ~" n& r* _& H. _1 A
Ans1) R4
# V7 T& ^5 Z4 D. xAns2) IP4 EIGRP
( p% K# e" y7 ~8 d2 MAns3) Change eigrp process no: from 1 tp 10 because DSW1
3 O, T% a* r& }/ w8 u% {2 N
6 `4 y: O, s' j2 B1 K9 `$ e( g' }6) Client 1 is not able to ping the server
9 x# D$ r( U c' rSituation 6: Unable to ping serial inte**ce of R4 from the clients. 6 Y) k" d5 b- q, P' r
Do show run, check the names of the route-maps. (use ipv4 Layer 3)
& M! n) S, j1 s1 w4 T) nAns1) R4$ S. M2 p' s: q# t) F: ]
Ans2) route redistribution
/ S; M! E! ^( tAns3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’. ?8 S, ]" Z# u0 n6 S% f
7) Client 1 is not able to ping the server
& Q! Q# Q6 F! F& }. |: ~+ q, Y X2 jSituation 7: client is unable to ping R1’s serial inte**ce from the client. D8 A9 l" s0 q; k. n, D
Check where authentication is not given under router ospf of R1. (use ipv4 Layer 3)
+ e. ^' k; r" {: {4 bAns1) R1+ B& |8 v/ u8 h4 U, n
Ans2) ipv4 OSPF
- y8 i* s& B5 J9 [0 L6 q+ FAns3) ip ospf authentication command must be given under router OSPF* k" s4 y7 E6 x8 V% e; C% R9 I# G
8) Client 1 is not able to ping the server
) u8 ^' c- v! {( Y! I2 ^7 wSituation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)
2 u/ e4 f" J$ h: A) M& XAns1) R1
' z4 D. j# F) l; zAns2) IPV4 NAT
# V4 X2 z; N2 `! g+ V$ QAns3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.2559 Y& m2 d, [2 v
1 H8 Y. d$ `& v
9) Client 1 is not able to ping the server
' W( T- _% F) o% D0 tSituation 9: R1 is not able to ping 209.65.200.226. " z/ @! m4 t! C0 K5 ]% ?) d0 V) X
check bgp neighborship. ! n0 E+ k, D1 j7 X7 c3 T
The neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)& t$ Q6 W/ |+ d5 k" w5 K! s; f
Ans1) R1 B) _8 G# e- U9 W2 N& n1 d
Ans2) BGP8 o. d+ ~" c4 i: N/ }
Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)5 t2 O ]6 N' c3 M( I5 M7 I5 T
10) Client 1 is not able to ping the server
# {% \; P. |9 C4 QSituation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)
* r& G/ Q4 n! k0 Q nAns1) R1, J: Z' E2 e. h
Ans2) IPv4 Security
% U$ k4 v# E7 A+ N) \& X B4 p3 TAns3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.5 w1 j+ H/ w! N" [6 t
11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback.
! W1 w- Z1 }; ~4 o z, y. S9 l; k1 vSituation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3)5 E' k0 ^3 y8 j. M" L% t
Ans1) R2
! U. N( h$ F4 @6 @! u+ zAns2) IPV6 ospf
2 k& f( k6 {8 \) ]* O |Ans3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.)' y5 ]" y: q& ` A7 r# Z
12) HSRP: DSW1 does not become active.
/ z. ^$ b# b2 D w5 gSituation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3)
8 [. ^0 P: w. S9 |; J: fAns1) DSW1. Q$ k0 U) F) {/ \
Ans2) HSRP% M' H+ h2 K; F* P
Ans3) delete the command with track 1 and enter the command with track 10.
/ z9 {5 r5 R- a Z5 z/ n" q$ VASW1(3 TT)0 g% c; \2 _ g( y" E1 n
1.Access vlan - add "switchport access vlan1"' a* A5 M' t9 h3 f4 J" _* V( a+ z9 l
2.Port Security - "no switchport port sec" and "shut" and "no sh"6 b! |5 N" m0 w. u8 J0 G
3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"2 B# l3 `# X" x, q
DSW1(2 TT)3 G9 t. S' \1 r: h+ m. h
1.VACL/vlan filter - "no vlan filter ... vlan-list 10" 2 j( ^# H- K ^7 O0 Y
(This is on the last line, pls scroll down to see)
7 C0 ?2 B9 Q' n( |# t' Z! T- q2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."' l: G! j3 k3 z& ]9 q2 j
R4(2 TT)
: u3 z8 O5 i% Q1.IPv4 EIGRP - change as no. from 1 to 102 p4 s6 _- f0 r* P
2.Redis. - change "redis ospf 1 route-map ..to" to "... ->"% p! i- _, p# h( M1 l! G
Remember that no TT on R3) @6 h q$ a! Z9 R" H) C
R2(1 TT)$ z5 s$ y! _/ ]6 {0 H
1.IPv6 OSPF - enable ipv6 ospf on s0/0/0. Q4 c( Z" D! o0 ^6 {/ \
R1(4 TT)
/ ~8 M+ @5 v- a; x L, b7 @1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server
( A% | ~/ \7 D5 d6 W0 l$ t2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP
0 i! F8 ^9 t2 g3 {' `. D+ n6 m3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server
0 d# O5 z2 G: i g' m4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2: ~! A4 c/ h% j: ^5 y3 p
g" }, m; g- H' y
建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!$ B' I( a9 \: W2 m& h3 n: \
1 O4 x7 I4 L) }7 y |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2010-10-30 12:18:49
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2010-10-30 17:01:29
发表于 2010-10-30 21:36:01
