- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒
|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!, \' U3 X, D! }: I \
对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!7 V4 r' }' i: y4 s w( W0 ^
5 h, F7 U& Y# c: q首先比较感谢
4 D( K: M5 Z+ N0 ]5 V- L: sNP642-832备考QQ群:105918054 8 A. y" C: Z( c6 Q }3 s8 h
的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版)
, P- e4 o! q% H* T }# [; I给我提供了类似CCIE排错考试的.net文件 3 [$ C/ g; |7 [3 {4 \9 ^2 s
autostart = False
/ P$ z9 v4 P0 ?- o[localhost]7 V3 M5 D, p' F8 X P( P! i! ^( B
port = 7200
# [% @- [4 e/ c% L G udp = 10000
2 R3 j6 G4 S' H- Y1 X. M" O* g; H workingdir = ..\tmp\( |3 c5 d7 x' ~# U/ p" `/ I# o# d
) Q; R& o3 G1 z; m: d( [$ X- ^0 y
[[3725]]
# P* E- L) M5 ^1 u' P image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin
( H! A: I5 [( J- u. }' \" `& w ram = 128
$ }4 N7 X) C" V! @ confreg = 0x21027 t( m7 Y( w- R& Q" |1 ?
exec_area = 64. D2 j7 R) b) D$ z) g, D8 T* {
mmap = False
4 ? \; K# M. ~6 C* D4 q N. P9 M slot1 = NM-16ESW1 M, {% D& X8 u( f- S: b( i! L
[[2621]]
) q# g, {4 r' |) g image = ..\ios\unzip-c2600-i-mz.121-3.T.bin5 C* }- d& y) C4 g' l2 H& e
ram = 20
- T: U& _( g, U+ L; V1 w# ~ mmap = False1 a3 i5 e. x4 G
confreg = 0x2102
0 X1 M. i6 k$ c G+ W ghostios = true2 |& W5 }! M# X5 R
sparsemem = true
' c' J _3 z/ T' x V# [[2691]]
; B, Z$ d! E( ~, O5 T# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin/ a ^4 a3 ^& k \& C
# ram = 1004 w3 U" b. ?) C0 P; @ i8 l
# confreg = 0x21424 H9 B& ~, M* k, H
# exec_area = 644 X' v" O( m5 F+ d \0 V
# mmap = False
9 }- r r" o" ~& O) J0 |3 K6 S g# slot1 = NM-4T$ B4 m7 J( j$ l7 t
[[7200]]
^+ v7 S3 A0 q) q2 L image = ..\IOS\unzip-c7200-js-mz.123-20.bin
# { ~: O; t N; S! E8 \ npe = npe-400
( N% \3 x! T/ C' N ram = 96
3 x+ w/ c' \8 |- p% v+ q confreg = 0x21020 j0 ~3 P! H: V7 G
exec_area = 64
( e+ `- D. a9 G9 c) ?! S mmap = False: v& l+ }; I. F4 A6 N% k- i( }
slot0 = PA-C7200-IO-2FE
0 v4 u( @" B0 h; Y! Y/ j k3 H; U slot1 = PA-4T3 T2 z# _( B( h' I( U
[[router Client1]]
! }5 K/ v4 n& ]6 e* C! D model = 2621
9 Y8 a+ y0 u: a' _+ W console = 3011
. j/ `7 o0 ], ]3 L6 \( |6 f$ q8 o f0/0 = ASW1 F1/1
) G$ _8 l- p: ] ~! d5 @ [[router Client2]]
' a: a( c# T4 W' c4 w0 x3 Z# R! q model = 2621 E3 M( ]7 ?! p$ k
console = 3012( }/ a; c# j8 V* x \' u1 A
f0/0 = ASW1 F1/2 ! a; t) e* H2 `& n1 b: J- b2 L
[[router FTP]]
" x# ?2 k+ s3 S! H3 r8 {5 m* k model = 2621
/ O+ N5 C4 K! X5 K+ h console = 3013) T8 I2 Y; Q' s' P9 J* l
f0/0 = ASW2 F1/1
6 x2 W, H# V9 [# s9 ^6 j1 f [[router WEB]]* r! l# q1 Q7 z# a2 i2 m) ]5 ^, ~
model = 2621
: @+ k) M* c# f& P3 G5 ] console = 3014
$ G r4 K' t9 C0 c0 R/ x f0/0 = Cloud F0/0
+ a2 h4 b3 k1 K1 W5 b: k0 J [[router ASW1]]
. H. `/ X, l2 A$ J model = 3725
* u: C' N$ r9 ?# b W console = 20011 M" F/ K( \) v, E5 s6 ~( r0 c
f1/10 = DSW1 f1/107 [) R) e1 }7 s6 X2 c1 ?
f1/11 = DSW1 f1/11( i9 U' m# ^$ h/ I+ S2 y" f
f1/12 = DSW2 f1/12
. T6 B) U) @' {* _ f1/13 = DSW2 f1/134 Y5 v1 N1 }+ F+ J9 f# f% Q
[[router ASW2]]
- C% E8 B1 w1 x& U9 i3 L, l# U model = 3725
; `' g) {; b; g8 L. g console = 20025 y# b/ N6 V1 h3 ]" l& J
f1/10 = DSW2 f1/108 P7 B1 C _2 u& Y3 N) {
f1/11 = DSW2 f1/119 c- e2 N' @! x" N6 J
f1/12 = DSW1 f1/12
" r4 X7 r* {5 _ f1/13 = DSW1 f1/139 Z2 Y! I. I' {- y& V( F! Z
[[router DSW1]]
6 a( i+ m2 a* E( g# z6 k: b model = 3725$ L9 P5 d' A" m) n4 C: _
console = 2003) N; L# G9 S) s, y; I& M7 a0 V
f1/14 = DSW2 f1/14
) X' t p6 k- {0 D4 @/ e f1/15 = DSW2 f1/15
- j- ~2 q0 ?% F [[router DSW2]]2 `, O& L: T0 i) F) J
model = 3725( f* U0 B! g" _) w2 C
console = 2004
1 R0 _0 e6 v, f2 k8 v5 d [[router R1]]; z, B3 K+ d" z" g* n: y
model = 7200
$ i$ c5 `- y1 O! l) T5 \ console = 30016 s% \6 B9 t& ]0 Z) F
s1/0 = FR 1
# g4 v+ X7 W$ x- { [[router R2]]
$ E A* H0 W. ^ _- x* g% W# b model = 7200: F8 a% i# {8 A& {6 t0 X9 h5 ?
console = 3002
8 t' a9 v2 ~* s( Y$ d$ t* X s1/0 = FR 2" z+ A6 ]8 {7 L" g: j9 }
[[router R3]]
9 E* Y1 V! Y* O( F model = 7200
. r+ P' E# F1 L console = 30031 _5 Y0 y# n" w/ S4 W
s1/0 = FR 3
. v7 @" [, Q! g/ d% a9 A9 I [[router R4]]
V3 V. L" I9 W, f model = 7200/ }$ d1 @9 O3 b; O% h8 W! |- M1 V; r
console = 30043 @- L: V" J3 p: B
s1/0 = FR 4
w; a0 c! A* H- W# P7 ?- ] f0/0 = DSW1 f1/1
% T* v5 ]7 v1 g. i f0/1 = DSW2 f1/10 Z7 ~8 A$ d# W y* ?0 Y
[[router Cloud]]
2 i* `4 \: @; i( k/ n model = 7200! s! K/ \9 a8 M2 P6 M z7 Q
console = 3005
7 x" T! @/ V1 V* t# a% U% s, d [0 D7 E s1/1 = R1 s1/19 m& g, i$ Z6 p* M
[[FRSW FR]]; q- L E$ `6 G2 H3 ]$ W
1:102 = 2:201" P. E( @0 {: V; x9 b
2:203 = 3:302
* y" H# w+ g! W& G 3:304 = 4:403
. Y! k) m ~) v( M有了初始TroubleShoting!让我去排错!8 _& N. F1 i+ _( T2 V
考试时间应该是140+20分钟
' e' w4 p0 @7 `9 w3 g' k题目数量45–55 questions
8 \: M3 R) k( t( ^: X8 ]5 _16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!. F# X5 r$ u9 q
然后是一个大实验排错题!(差不多30个环境排错)
) j) F! ~' u8 L+ @8 x F& |2 d# f有L2 TOP /L3 TOP/IPv6 TOP
4 O J0 r- l9 c- c, V4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的)
) {: j5 T; R v6 L" W# R! ?类似:! i1 z$ j8 f4 U& C# }7 G
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html' X" Y0 q* l" L: M: A; a
涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!)
+ i: ?( O6 v3 cEIGRP 4 k; ] r' w! }+ b; Z' P# [
OSPF 5 M% Y i4 h+ r" o6 H( L/ d! I
eBGP
% k, t7 i! V* y& W& J! \3 Q ]Redistribution
X) `2 B- z, i3 |7 I% M3 jDHCP Client and Server
& O9 ^' n$ C& r; G" V) o1 i$ mNAT
. M7 w l( D O0 L/ ^HSRP/VRRP/GLBP
0 {2 z, J/ b. A* B2 }IPv6 Routing # l+ \$ A/ B6 \1 i: i. g
IPv6 Transition Techniques ; d- }, o; d2 X2 @
L2 Trunking
( y: o$ g$ N/ h4 n4 lL2 STP
! U& w6 a1 V9 k! Z! r7 pL2 DTP
' Z" z/ {+ J) }5 U' T3 v( p& f0 XPrivate VLANs 9 F0 J: H7 [9 o' o0 a- p9 g6 ^
Port Security
5 t: c- w: e! p( ]% L( Q# O: [Switch Security 4 ^3 R z f3 L: {8 R! I; U. E
VACLs/PACLs - ?7 y- v7 R8 v0 A3 s
L2 SVIs
7 V" Y' _& |0 q7 K9 e/ QSupervisor Redundancy 9 q3 p' R2 [3 D
NTP
) G" |! }4 f" m6 l: x3 MSwitch Support of Wireless, VOIP, and Video
: L" K, t# M) Q4 T' C- MRouter Security 9 K( @" r3 D5 U l6 R# j" d3 u8 P ?
ACLs . z+ \/ W( W5 L$ h7 d) F) }
AAA
1 p. i* i3 a5 e5 R x7 T4 qIOS Service Security 3 R# X4 m2 [" {0 `: f
我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!), T! M* ?$ Q" O/ h" H x8 L: o, }
从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!3 n! m6 @! S1 P. ^
(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!
- Y- Z, }0 H" x' D' c! w! h9 l0 m' L9 F交换机 连接路由器的单臂路由接口!
" o) E' m4 _. d2 e! e6 \& q& z J端口安全 L2的东西 还真多0 J1 {/ K# r ]. U( e3 v7 u
不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!
" z" B1 N% ^( Y K o5 Q% |0 D- } y(2)特别 注意NAT ip nat inside 打在主接口 是错误的!
' e/ E+ K6 X' S/ T0 D(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!# v3 r8 j9 F: C9 e
(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证
4 I4 S/ \- _. i+ T' y# G. d! b(5)ACL有错
; h. x, d8 O7 u$ T# a4 ~(6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对
r; b3 Z4 w' G& @8 T(7)BGP的nei 不对 一直在active状态+ g9 @: S( u5 X/ d0 e7 a
(8)IPv6的OSPFv3 区域放错了!
5 ]. B/ {4 a/ {+ ~(9)HSRP的track 应该去掉!!% V' P; {# P5 i* f
Ticket) t" B( ?0 {& I A f, R
1) Client 1 is not able to ping the server
* A& L5 X6 K/ L2 j6 \Sitution 1: Unable to ping DSW1(Use L2 Diagram)
0 y" _( w- l! d/ t# Q8 g, zVlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.38 ^9 p& G' G4 G
Ans1) DSW14 \$ h. Z3 C2 R: G9 {% `9 K4 D) ~
Ans2) Scroll down and click on vlan access map7 G7 g O5 V( U0 Z
Ans3)No vlan filter 10
+ L+ x U, W% C8 w1 U' R# U6 h2) Client 1 is not able to ping the server
! t- f7 R& A8 O4 t# q4 P/ PSituation2: Unable to ping DSW1(Use L2 Diagram)
: C* |. i! P, v3 j/ J( HOn ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there: Z( d* p& |4 Q4 [( ?- ?$ g
Ans1)ASW1; i9 f3 p O7 n
Ans2)Access vlan
+ ~" o# y) }( l w( S! m0 fAns3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 10
# W+ |( Q1 L) c) j3) Client 1 is not able to ping the server
8 |8 d! E/ ]4 p/ wSituation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)5 ]6 r- ]. c, i* X* w
Ans1)ASW1
4 H( ~& d$ b' M. i% a1 \: TAns2)Switch to switch connectivity
: d( @' `4 e; x% E5 ]$ z D5 OAns3)on port channel 23 give switchport trunk allowed vlan 10,200
1 m4 g; d( }' V+ K. I4) Client 1 is not able to ping the server, u+ d n N& } x' v, e0 |' b
Situation4: Unable to ping DSW1(User layer 2).
; u% `+ g6 `, x3 |% g7 }1 Lunder running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002.
% J$ ^8 u7 R3 DAlso check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled6 m2 \3 @1 J" O9 I$ v
Ans1)ASW1; p3 u- ~# \' a% P
Ans2)Port security
. v1 ?( G& @* L; w# n4 ZAns3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut.% {( O' \: k" C( R5 L
5) Client 1 is not able to ping the server
$ T+ n# I- B% }2 }5 }& _Situation 5: Unable to ping R4 fast ethernet port from dsw1.& H0 `$ a# q# }2 n- {8 r! _9 S
check ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3)
5 p3 m6 r4 H0 AAns1) R43 Y1 P+ n+ n* a# c
Ans2) IP4 EIGRP
6 c) `6 b$ |8 q+ P3 I$ B* FAns3) Change eigrp process no: from 1 tp 10 because DSW1
8 ?( l" z# t8 d( N) _0 C3 O, ~' \/ T
- H. ?. y& i6 {) j6) Client 1 is not able to ping the server
8 W- E; {) k6 R: ^! N! h+ |' S% R" D3 cSituation 6: Unable to ping serial inte**ce of R4 from the clients.
1 C0 {; P& l2 m& {' pDo show run, check the names of the route-maps. (use ipv4 Layer 3)* r" I: g! V) x+ T1 t& k7 Z
Ans1) R4
/ Y8 h% n0 k! OAns2) route redistribution
4 Z, w5 F% ?+ M% ]/ e' ]Ans3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’.+ e# k/ k' ? u0 u% P' Y
7) Client 1 is not able to ping the server
# s( R; s K( WSituation 7: client is unable to ping R1’s serial inte**ce from the client.
2 o& I3 D0 c* a, ?Check where authentication is not given under router ospf of R1. (use ipv4 Layer 3)# p4 ?; r2 ]$ g6 j& u
Ans1) R1/ ~( i5 k0 v2 e# x6 H8 x( {" V
Ans2) ipv4 OSPF- A8 Y$ Q. ]7 y+ J* m/ g
Ans3) ip ospf authentication command must be given under router OSPF+ M1 a* C* g* n' w6 J
8) Client 1 is not able to ping the server
. ]7 F6 d) H& @6 X: sSituation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)$ y/ {$ ^" J7 j. R
Ans1) R1
+ f0 z) J4 ?! F' O4 g. uAns2) IPV4 NAT" B6 h8 C) W5 f c" W
Ans3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255
& A# K( W6 T5 d; n# @* R
: M" |2 r+ v0 Z9 z9) Client 1 is not able to ping the server
8 y2 R* Y/ g& j+ l3 }6 LSituation 9: R1 is not able to ping 209.65.200.226.
7 \& ?7 V$ ]2 K& y7 hcheck bgp neighborship.
# a% ]1 K3 ?( q7 bThe neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)1 w' o7 b. V; Q3 y/ X( U( E8 U7 Y
Ans1) R1; {0 ^7 ]7 `( Q$ Y9 q% I1 ?" F) t
Ans2) BGP
5 {9 E, f8 G) E! P" s4 PAns3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)
/ K: a1 ~* Q) q: o+ a7 v. E10) Client 1 is not able to ping the server
0 g; b5 n5 c2 [7 f9 ISituation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)0 I4 c1 G) Z1 ^* u
Ans1) R1& t" E6 v* w( e/ _
Ans2) IPv4 Security- ?$ l T3 _* K) \- ]
Ans3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.
9 m8 L9 y, ]; t+ a$ w- j# Y6 v5 T' ]11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback.( s' U* A0 ~/ q0 S5 K
Situation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3)
, Y: v5 i( ^: a$ Q- X' d% cAns1) R2. f# F2 v9 D3 J2 C$ `
Ans2) IPV6 ospf
% ^4 e" c$ Z* F1 P6 y1 b3 JAns3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.), R% d X* r: `/ I5 d( p1 J) B
12) HSRP: DSW1 does not become active.
5 z; h6 w% k0 o3 h" b7 {Situation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3)
8 Z5 e. M% }3 V5 ?2 H1 EAns1) DSW1
8 s1 e8 i1 `8 ]2 H( j9 kAns2) HSRP, B- V/ ^/ P& d1 E. t: R' c3 s
Ans3) delete the command with track 1 and enter the command with track 10.9 Y K4 e% E: Y6 j* R p
ASW1(3 TT), @% q0 z( \5 {, o5 r! p( ^/ y
1.Access vlan - add "switchport access vlan1"0 Q* _, i8 H; P7 o3 I% V8 B
2.Port Security - "no switchport port sec" and "shut" and "no sh"
/ t, S, f' F, k3 A0 s V3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"
& I& q1 `6 g! Y. D3 v9 L8 YDSW1(2 TT)
8 B7 g, S4 Z6 Q' ]( s( {1.VACL/vlan filter - "no vlan filter ... vlan-list 10"
7 d9 K A0 j3 x(This is on the last line, pls scroll down to see)! v' S4 I" `2 f
2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."- f( b, D* H/ _, F. Y# ^9 @
R4(2 TT). Z1 \' Q) h4 `$ x
1.IPv4 EIGRP - change as no. from 1 to 10
# V3 s& p7 G8 `4 E, O/ L9 H& r2.Redis. - change "redis ospf 1 route-map ..to" to "... ->", i3 E: D5 D8 u7 ?# }! ?# ]7 s
Remember that no TT on R37 n2 d8 {/ a# c, N ?' v2 r
R2(1 TT)7 f* V) u) K6 N; e6 K5 J
1.IPv6 OSPF - enable ipv6 ospf on s0/0/0
% w) e& ]$ H5 e- N4 f F6 p2 ZR1(4 TT)
7 N L I( i' h6 T1 A, ^( G1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server2 ?* f' q4 g& T6 m% p% R
2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP
$ C( c4 ?! h2 _: w5 R$ G+ d3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server6 |0 r, E( `- l3 C4 M$ l
4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2
2 S- x$ d: }+ o+ h! B/ E. d+ O4 q, j$ Q' U3 ]
建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!- ^8 C9 _ K, B& O$ V/ d+ M9 d
/ M) e5 r& n2 u4 C |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2010-10-30 12:18:49
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2010-10-30 17:01:29
发表于 2010-10-30 21:36:01
