- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2009-2-15
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒
|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!) p( {6 W$ D/ `, `6 L! |2 b& L
对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!) }( {( F) C+ p c& a
/ m+ Z, J7 ]3 q( S9 l' ]+ x1 U9 k首先比较感谢/ ^+ k P& L+ F N: `
NP642-832备考QQ群:105918054 ' n7 ]! Q% x( H" u! y
的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版). N: K F1 N$ Y; Q- ~$ ` s0 J
给我提供了类似CCIE排错考试的.net文件 ' M: I* Y- N# \5 L6 x* `
autostart = False
- ?8 q7 a) r- V* X0 W4 K[localhost]6 {- F9 _6 A" @! p' ?" t/ W" d( j$ {
port = 7200
/ c/ L8 l$ Y! C$ a9 `, F udp = 10000
( b. W; E9 s# K, L* H9 I4 ? workingdir = ..\tmp\; m5 o6 ]# j/ D- l; T
) }$ ?* w4 ]: ^9 [) | [[3725]]0 ~- d1 y R+ f1 V2 M% H
image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin+ ?) |& j' q8 k$ _" |
ram = 128
( u8 A+ G; z; b; _8 B8 F( @4 b confreg = 0x2102
" E1 j+ r) j$ d, H. p exec_area = 64/ s3 b- M- W6 R: n4 k1 N5 m
mmap = False
* f! R% [) t L/ w slot1 = NM-16ESW
" ^* c2 A: s) k! Y- M: p! V% n [[2621]]
" H" r8 f) Q7 w; H- v, Z image = ..\ios\unzip-c2600-i-mz.121-3.T.bin/ Q9 B' w- ]" x( q
ram = 209 p& ]; E0 b4 A( }
mmap = False/ j$ M0 D6 P$ ^3 c6 k" F
confreg = 0x21022 P% W- U2 F8 {( t! l6 n4 o" O7 s
ghostios = true0 X" j7 r7 d2 Y! F
sparsemem = true
& n* z3 u7 Y7 S8 \$ H# [[2691]]
/ a& u. w7 M( i2 E# i# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin
# _4 z- [+ e/ R# ram = 100
0 Z) a* `& J% B* b6 Z9 o# confreg = 0x2142
( z& h8 R" R" u' T- C6 m9 [& [# exec_area = 64+ ~" x. l$ Q5 ~2 C2 E6 }( }# E0 e
# mmap = False% m1 ^7 |& Z2 c3 f8 P
# slot1 = NM-4T. Q1 h4 ?+ m( f3 f$ D3 r
[[7200]]* e* b1 k( ]7 z9 U+ z5 v7 n3 R
image = ..\IOS\unzip-c7200-js-mz.123-20.bin7 X6 }* ^& l4 ?7 H
npe = npe-400' i) P/ M0 r+ M4 u
ram = 96
/ k$ J4 k Q: E, _$ n% ? confreg = 0x2102; H$ y: U; z8 S% r; Y% p
exec_area = 643 V; a+ R# U, [1 ], v
mmap = False
- {6 J' D* O) v: X' w8 K. C* B slot0 = PA-C7200-IO-2FE
5 U9 ^5 t! q0 ~# H+ {5 V+ h1 n( R5 I slot1 = PA-4T7 C9 D* {" s! c" V3 M; c
[[router Client1]]( c0 x6 @$ w" |& f8 n; v0 O
model = 26211 s5 Y- B( G, q6 e0 x* d% l$ R% E4 C4 p) J
console = 3011! ?, O' {' p3 E2 l" S6 G- Z& Y/ l
f0/0 = ASW1 F1/1 1 I; t. M9 r. U) w
[[router Client2]]1 l0 c* C8 d# p2 G, I4 N5 s/ [
model = 2621
' `$ M5 Y* g" e" U console = 3012
' K J& i- a! c+ \* C7 p! U f0/0 = ASW1 F1/2 : r V k' G1 z; M; [
[[router FTP]]
* C/ u0 p- D8 }' J. i model = 2621; p& K1 i9 x3 T# E5 M' [
console = 3013$ ?5 Q; U7 |% A' @! l# O
f0/0 = ASW2 F1/1 $ |" T+ I c9 I- b. P
[[router WEB]]
, r& P3 Q) [1 ~. Q, X; C model = 2621% q2 S9 i N3 n% g% @8 F# Z
console = 3014
$ r0 H0 V- q) B4 T/ o f0/0 = Cloud F0/0 / `) C9 P. `- B$ H: t' x D0 j6 K. C
[[router ASW1]]% @- b( V* G5 A: X2 u$ Y8 j% }
model = 3725
; Z; c- w$ S/ k6 G( p6 c2 w console = 2001
# y/ c( w7 D7 d: |' G. F f1/10 = DSW1 f1/10
4 g2 I, j+ \7 v f1/11 = DSW1 f1/113 Z& j/ O4 y: F7 y; |$ A- w
f1/12 = DSW2 f1/12
4 }: ]7 `+ J5 X$ R9 q0 U; u f1/13 = DSW2 f1/13
7 {! U9 g$ z4 \% q8 h: l' } [[router ASW2]]" X# I+ A6 ^3 G9 u# W8 u( ^1 Y
model = 3725
4 g% `. x+ X/ r& P console = 2002
+ R& c- i1 Y- ]2 T f1/10 = DSW2 f1/108 k* A" }" u0 I) s; V2 T
f1/11 = DSW2 f1/11
9 p4 b" K+ B2 a% `0 v f1/12 = DSW1 f1/12( n" o; c, W( ~' j# }
f1/13 = DSW1 f1/13
' J$ |+ Q# {3 I% Q, d [[router DSW1]]
/ q* i0 C1 M, {+ b3 {$ T4 U model = 3725
a/ c- R" {3 k' P% Y( q% B4 ] console = 2003
( W! n5 x. n) h* V8 V3 e3 I" D f1/14 = DSW2 f1/14
4 i; Y; n' d: t# [ f1/15 = DSW2 f1/15; g" `- I' x" \/ M4 i
[[router DSW2]]# Y/ |- x( `. X
model = 3725/ D7 M d3 X& E: k/ n3 m/ s
console = 20047 o% P/ c0 q. @+ n$ r
[[router R1]]) D: O6 N6 H9 }
model = 72001 {! Z7 V" s& P# Q
console = 3001
) v+ l! J, m8 e s1/0 = FR 1
* x$ \+ C1 ^4 [; r% N1 l [[router R2]]1 ~5 `3 W3 y8 D9 v, C: m) u
model = 72008 h3 F- y3 @3 `& ~$ P' _/ d: Z
console = 3002
1 B( C9 x$ T2 G; s. R- u: s s1/0 = FR 2
1 E9 P+ ?. G0 Q& Y [[router R3]]( T5 R( ^0 G# {. |
model = 7200
$ `+ @$ _' ?. A- k& d8 z* i! p console = 3003
9 w3 c [% q2 `# |8 Q6 _% ^ s1/0 = FR 3
& G# z% A" T5 Y( c3 E$ W: ]% x& _ [[router R4]]4 [# ~1 c. M2 L6 {4 v: O) f
model = 7200
! j( v @$ `( I$ N; s7 `9 y console = 3004! c; S. _- F+ |/ J) ^
s1/0 = FR 4
1 ]2 u9 J: g3 c f0/0 = DSW1 f1/1
A( S; }5 H N$ L/ W# k& h( F f0/1 = DSW2 f1/1
; N2 s( Q6 H) i% z4 b* Z! m" j [[router Cloud]]
1 Q* r( F+ L E* ?3 Q model = 7200
* G8 n: _& L% _# [% X console = 3005
+ z1 E w5 ]7 `4 B7 B s1/1 = R1 s1/1) c: g$ Z0 T0 m6 c8 {5 z
[[FRSW FR]]* O) ^' U9 f1 u. i2 A' ~
1:102 = 2:201
4 x: y9 Z9 ]$ a( b- ]: n 2:203 = 3:302
3 y5 F# j" f e/ d1 E 3:304 = 4:4033 F- \$ ]9 G7 e' ]# W0 y9 N
有了初始TroubleShoting!让我去排错!
! ?/ P# D' B/ Q6 V4 F考试时间应该是140+20分钟
: N3 V8 a9 Q* c5 m7 r: G) j题目数量45–55 questions
! h* A% J" a5 Z9 `6 a16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!" e' Y5 @7 A4 b! n5 C
然后是一个大实验排错题!(差不多30个环境排错)
, z4 ?8 [ P4 ]% K; X有L2 TOP /L3 TOP/IPv6 TOP
* c+ I, y3 b# q" `- D! {4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的)! Y: o) M- D7 m e! {
类似:" R9 ?9 D! r% w% }( F4 }
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html
" C+ Z3 j5 c+ `4 g* E2 r. @涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!)
% a: E/ j2 ]5 @4 e" c- d& DEIGRP
' S: N" h" o0 f& ]8 a( zOSPF
. x- t6 f# s6 i8 |eBGP 8 L Q6 u& {1 V# l' z( {
Redistribution
' j A) N7 d \8 B9 _6 y8 K9 `1 |5 P7 }DHCP Client and Server
+ `! B0 D* i* G9 Q: X' }; H! TNAT ; y( ~# h6 |) S9 ^, W
HSRP/VRRP/GLBP
" X, W! x9 S& R& N; {. V4 ]; H5 B. \IPv6 Routing / s5 p* {8 h4 Y8 z" A) H C
IPv6 Transition Techniques 2 d* {2 y$ p) @8 T
L2 Trunking
8 _5 T) x# \ f5 I- N OL2 STP G5 u* L) f) f, x( F# [
L2 DTP
! t( B$ R5 V: {) f3 D# [Private VLANs - w& y* I* s* J# K( k
Port Security
" X" S, h2 P; D+ v @) P; |6 d4 ~Switch Security 0 V& o; U P. S
VACLs/PACLs
$ r3 X5 y0 Y# M& N/ {& E" V- PL2 SVIs
7 p/ u! t- k c( u5 P- `. tSupervisor Redundancy
4 b; N6 ]" @& X7 ^7 YNTP
i+ S( \7 A, d5 R; F- ASwitch Support of Wireless, VOIP, and Video # g# x& Z$ n7 g9 b
Router Security ) e: w( w5 C' E5 m
ACLs
# i$ d! W J' y: b% o% oAAA 1 ?! [2 K/ e% a# p# @9 H8 s
IOS Service Security
. C( E$ W: _1 q. |- ~0 F t S我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!)( @) [% H! b4 J2 |7 C
从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!4 Y+ W" f% j% f; t
(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!- X+ ]5 t. c/ Y" A
交换机 连接路由器的单臂路由接口!$ Y3 ^' r" F% k' ]# |; L
端口安全 L2的东西 还真多
5 @ K. y' ~2 G& B: F. S) ~不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!
3 T" ?5 h1 P9 C7 ?; G6 t) G(2)特别 注意NAT ip nat inside 打在主接口 是错误的!2 _$ P4 Q) T5 b: ?
(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!
" E6 l5 L5 J" {% A& D: v/ R* _(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证
6 |+ c2 M* j. X1 G" j/ D% [- o. z(5)ACL有错, ]& d8 [# G; p1 e2 S
(6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对
) _, @. u. Z4 j/ ](7)BGP的nei 不对 一直在active状态
2 S# G/ d3 |. K' l+ y5 R; O/ X(8)IPv6的OSPFv3 区域放错了!
9 c# O8 }+ r! F; [7 d0 X1 b(9)HSRP的track 应该去掉!!( s2 o* t9 K# Z3 y; m. F @' K
Ticket: ^) Q: V3 o% G6 V
1) Client 1 is not able to ping the server
1 } O3 S. H$ n! ySitution 1: Unable to ping DSW1(Use L2 Diagram)1 Y( i7 ]* R- K' G: p) l/ Y
Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3: B. L R- W& ?
Ans1) DSW19 r+ d( t, E3 K
Ans2) Scroll down and click on vlan access map/ V2 D9 r0 B( e9 ?: v4 }
Ans3)No vlan filter 10
7 o& O: g$ A0 `/ [9 @2) Client 1 is not able to ping the server6 M- ^/ N( y! I% v
Situation2: Unable to ping DSW1(Use L2 Diagram)
& {: e! d6 d1 P3 _* OOn ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there
7 |4 S; u; Q. L( TAns1)ASW1
$ b, d7 z) r+ f" }0 L* d# X! `5 tAns2)Access vlan
( ]" Z$ ^ b, i! b8 T( pAns3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 109 J' d: k; i" f
3) Client 1 is not able to ping the server
4 t6 s" r& e+ _6 WSituation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)* K$ c. b* ~! n% t0 B& C
Ans1)ASW1
+ w9 {: L" ^7 ]5 k3 BAns2)Switch to switch connectivity% t9 p/ h3 N: {
Ans3)on port channel 23 give switchport trunk allowed vlan 10,2005 @4 f0 {! N4 F, [* E
4) Client 1 is not able to ping the server+ M" `- {% P. v6 E- o
Situation4: Unable to ping DSW1(User layer 2)." J. |3 O: G8 M; I
under running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002., n! c% G1 e9 X
Also check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled
* z$ z- V @: f! c& K! W0 f5 S0 d, X: ] D: XAns1)ASW13 c. X8 e. e) B( y
Ans2)Port security, F7 P7 B5 b- f2 D. d( z3 B# l3 t
Ans3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut., m( O4 \8 A" S! e% L% ?# v
5) Client 1 is not able to ping the server; H+ |0 V+ _# u* X2 L$ d( r
Situation 5: Unable to ping R4 fast ethernet port from dsw1.9 l5 x0 j5 S v! J: j
check ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3)" O7 l& p8 ^) y' W
Ans1) R4
5 J7 T5 I" c! p# O" uAns2) IP4 EIGRP
' m( j- w% k, r+ H2 n: x# A9 D5 R3 |Ans3) Change eigrp process no: from 1 tp 10 because DSW1$ J: D' k; B! v' G( l4 J3 r) R2 H
; U \2 K0 S9 G& f5 P6) Client 1 is not able to ping the server
$ m3 h0 { M, d1 s. SSituation 6: Unable to ping serial inte**ce of R4 from the clients. / Z% D2 M3 G q8 i
Do show run, check the names of the route-maps. (use ipv4 Layer 3)
, H( o/ N0 n z& \3 @6 g7 P+ S8 U8 v* @Ans1) R4/ K# j, Q2 S( s) c9 f
Ans2) route redistribution( @3 h5 R: D6 ?2 K; K" E% Z5 Q
Ans3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’.; Z9 d' P* }8 |' {2 }3 q4 I+ C' u
7) Client 1 is not able to ping the server
+ b K0 `8 m7 l4 |3 GSituation 7: client is unable to ping R1’s serial inte**ce from the client.
1 J6 d$ |' Z' p% T1 H/ K TCheck where authentication is not given under router ospf of R1. (use ipv4 Layer 3)
9 @" i! j! t" L! DAns1) R1
P7 [ S8 z! ^4 eAns2) ipv4 OSPF5 U: n9 ^7 Z$ }* w4 B
Ans3) ip ospf authentication command must be given under router OSPF
3 z1 W$ N# ~7 G1 n7 R9 L8) Client 1 is not able to ping the server4 V) z# e f9 Y; A* _5 j5 a3 b
Situation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)# P4 P0 X+ F" Q5 |2 t
Ans1) R1
, [& H) M- `% Q1 E+ ]Ans2) IPV4 NAT+ U# w6 e8 e. ~) ?) ]2 w5 g
Ans3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255) |3 b, p4 h& s) n2 ~
`- e$ j) F8 J4 E# J" {9 w9) Client 1 is not able to ping the server
8 f) q) A6 }" V/ FSituation 9: R1 is not able to ping 209.65.200.226. W# a0 k% p+ J) f
check bgp neighborship.
" r3 U6 F% K2 d2 g, ZThe neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)( X6 q9 V8 {/ ?6 Y9 M" K
Ans1) R15 b8 c+ |5 v* b% n3 p
Ans2) BGP6 U; L7 C; d" K* _
Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)- N9 h) Y% B- U: ~
10) Client 1 is not able to ping the server/ d l f; B/ x; e6 h
Situation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)$ m* H8 T! _: z$ S8 h
Ans1) R1
! ]3 V0 y4 c* a+ Z8 V& D, ~Ans2) IPv4 Security( m. K( x" V2 ^
Ans3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.
# D; [# O# ?) y: k: d& M5 C11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback.* C, J( d, ] g% b1 h- ?
Situation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3)
" A: Q% j) E. U4 Z5 hAns1) R2/ Z" Z3 m7 m9 y; Z" k8 P
Ans2) IPV6 ospf
) u$ r3 D9 `6 G6 ZAns3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.)/ E3 S8 Y! h) v
12) HSRP: DSW1 does not become active.) X( `9 U# f4 I
Situation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3)" e0 a$ `3 D1 I2 g9 {
Ans1) DSW1
. b: X1 C: E. P- }& DAns2) HSRP
7 l1 }: A, o. G$ M' ^Ans3) delete the command with track 1 and enter the command with track 10.
a2 N8 s. K# L0 tASW1(3 TT)$ K" J! D& f! N1 N6 b
1.Access vlan - add "switchport access vlan1"$ e" g# ]3 X. L7 q' ~
2.Port Security - "no switchport port sec" and "shut" and "no sh"# ~$ F% {- k3 X
3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"9 M7 p/ y0 ^% B4 } f+ P$ c. p* R8 H2 }
DSW1(2 TT)
/ U& b3 v: p- R, t* I. A1.VACL/vlan filter - "no vlan filter ... vlan-list 10" 3 X1 {, z6 m- D
(This is on the last line, pls scroll down to see)
( A: j/ N4 R' n" ~# Z, j! x2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."* h% F5 a% r! ^& {6 C" ^* r
R4(2 TT)
: R8 F" D% [- X$ p7 v/ ?2 }. O1.IPv4 EIGRP - change as no. from 1 to 100 \5 }/ F) }6 T/ P# c( s
2.Redis. - change "redis ospf 1 route-map ..to" to "... ->"
- M+ U, m1 ^' x) z6 I8 P% x' y) aRemember that no TT on R3
. G. ^/ C3 o0 ~, P. |8 rR2(1 TT). Y! @) j& p$ r b0 i" M; K/ U
1.IPv6 OSPF - enable ipv6 ospf on s0/0/0
+ O: F, d) H/ T8 RR1(4 TT)
1 B. L4 G2 T9 p; C& H/ W: J- C) \1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server
+ p' O4 g1 [; z' }( C2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP
+ \; f: |# l& L3 J1 z; R3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server
) G2 w, `& ]- g; Z& I7 g$ G$ ]8 K4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2% f6 o& z) X! F+ v5 H+ D
$ D) Q$ K v C3 @1 i. w/ ~/ I, F6 n
建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!! u/ F S6 A' A: @
f! W' i9 g3 ]' I% p
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2010-10-30 12:18:49
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2010-10-30 17:01:29
发表于 2010-10-30 21:36:01
