- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒

|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!3 @, T$ i- j. A! t6 k- v- w7 ~5 C
对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!& L0 F1 Y2 L. M) V* s
" r- a$ `" w6 p7 j首先比较感谢
Y& }, `; `' |; X; INP642-832备考QQ群:105918054 7 z; z+ |: ` U9 ]6 b) r6 E1 Y/ x1 `
的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版)- _/ j) V3 o& r2 x' S
给我提供了类似CCIE排错考试的.net文件
5 U4 T* F# q! e" x( M8 V: zautostart = False
2 p8 c% J y* l2 d6 Y[localhost]
5 O+ D+ r) v6 |4 K" l7 u$ L6 k port = 72006 f. h; L- I+ K+ r( R- @! u
udp = 10000
2 g- l5 u p6 u workingdir = ..\tmp\
; A" `5 `/ n" [& [' k8 R * r4 R5 g: I u; f6 D2 a
[[3725]]* ?+ ?5 @1 U z; v5 W) ^
image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin: [9 f1 h, _, w+ B
ram = 128
' X4 \8 M1 Z7 A' F1 k) A confreg = 0x21029 W: b/ y, E* Y9 S
exec_area = 64. P' x* C; C, \$ ?* |( M
mmap = False
+ e+ B3 _& X4 Q, ^- G. {( _% \ slot1 = NM-16ESW. M* q& |6 r/ ]! `+ Z
[[2621]]* k" V- E6 Z1 c% t# C3 E# }6 a9 n
image = ..\ios\unzip-c2600-i-mz.121-3.T.bin
/ z, B3 P7 q% o1 L" @; C" |1 C ram = 206 x# c- b7 r9 w
mmap = False
* A B. N; m" y$ t confreg = 0x2102
% B3 k9 R# }& ~! K D1 a! f2 R ghostios = true2 G( {4 g9 v! \# @. a
sparsemem = true
' S" E/ {2 J8 w5 T4 c( _4 |! \# [[2691]]/ l/ X" |# b' \# c [
# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin
& O2 M" n4 u" p9 l0 ?3 ^# ram = 100
# c/ b" |, a1 D& a7 W# d3 j$ m" \# confreg = 0x21428 i' j: r: z4 z- A8 v, s; v# W; U
# exec_area = 64% k7 ~4 w$ `( t I' R: X! a
# mmap = False
" q& V( b+ q* {/ Y# slot1 = NM-4T# j% u3 n5 I/ C/ a" |+ J- K
[[7200]]3 [! p8 Q+ p8 ~9 B
image = ..\IOS\unzip-c7200-js-mz.123-20.bin4 q7 X8 `( a! O3 m5 h
npe = npe-400$ o. e' P7 R" x
ram = 96
* N: c" [. {" p9 _ confreg = 0x2102/ @8 V9 d% D6 C* u& d' F- Z; j# K
exec_area = 64; b; M$ `4 d% S1 k5 b
mmap = False( E2 x5 _8 T7 Y4 N5 D' u+ g
slot0 = PA-C7200-IO-2FE6 ]0 A- `. {4 R6 i/ |5 K: S& d2 T
slot1 = PA-4T
& Z% r) W3 M9 o% \ [[router Client1]]4 R- ~9 X. q' y7 p8 h- ^
model = 26211 C. [3 m+ |1 e' \+ e5 _
console = 30115 N! Y5 A) W6 \8 i) H
f0/0 = ASW1 F1/1
, j' V, u: V( ~+ C) v- M9 @ [[router Client2]]( D K. v$ I+ h7 {6 `
model = 2621
9 f6 y+ c( t. w0 O I* T" y0 \ console = 3012. X6 Z- }. A1 b5 O
f0/0 = ASW1 F1/2 : ], B( m b3 \6 u0 u M
[[router FTP]]
3 \: e c% a7 F, L: X- E model = 2621
: `* W, A2 G- z: i- @" Q$ r6 ^ console = 3013" g8 X' N+ g8 N8 U! W* G( a6 N) }
f0/0 = ASW2 F1/1
# w: d4 F, y2 r/ o5 \. O" N [[router WEB]]( F! H: q$ P C5 ^6 |
model = 2621
7 l! [) N# r: ~* K console = 3014
$ t& @( p) n! | f0/0 = Cloud F0/0
2 O B. K7 F! v$ ~ [[router ASW1]]5 C) Q0 v) E- t" G$ N
model = 3725
2 J) C2 {% G/ T/ S Y console = 2001) }( O# D: G$ ^* Q& j& i
f1/10 = DSW1 f1/10; h3 ]: b& u& m- {
f1/11 = DSW1 f1/11; r* P* d c! T, e# o2 O
f1/12 = DSW2 f1/126 _& ], g, S: K5 n
f1/13 = DSW2 f1/134 @% S4 \" @- P( u" P3 D, Q
[[router ASW2]]
, E d9 [$ E3 D$ M model = 3725) k7 ~0 j; i! q4 c# w, D% `
console = 20026 G. k3 f6 n5 Y6 l) ?+ M7 v( i) R
f1/10 = DSW2 f1/10; G: W) G1 U$ V# ~, B7 c& K; I4 l+ H
f1/11 = DSW2 f1/11/ T( ?7 y' L& y
f1/12 = DSW1 f1/12
}; D- |! { e- ~9 S f1/13 = DSW1 f1/13
2 Z* z) V& ]; G( H+ A [[router DSW1]], ]1 C8 i/ R+ ~' R e3 _+ m, K+ p7 i
model = 37257 X s( U! m5 k2 f: P9 _ y5 ^
console = 2003# e2 ^/ D# G/ J
f1/14 = DSW2 f1/14
4 F6 J& r7 P* n4 B, f, @5 u4 H7 S f1/15 = DSW2 f1/15& j0 \' z; @ m+ o) `
[[router DSW2]]! |, {# f5 G6 ~$ T. N( o& o
model = 3725' r x1 _& g% C3 r0 g8 a8 y2 c
console = 2004
. B5 a9 x% h# o$ S& T! U5 u [[router R1]]+ u- \ `' J) x. N4 x+ z
model = 7200
! S2 E5 ~7 l c7 S5 u console = 3001
, Q/ z) l7 h1 u& {& [5 x5 s s1/0 = FR 1
/ c- u* X5 T9 n5 O: X+ n/ l8 } [[router R2]]
" h, w4 m$ `$ `1 i- @2 ^" B( f# H model = 7200
9 @) D7 s' Q) [! ?; U5 d# X" s console = 3002% [, q/ H3 ^! @ l B+ ?# K e
s1/0 = FR 2! }' M# C% s; b ?
[[router R3]]* Q3 @" ? i% h7 v. |4 y
model = 72007 o* I0 `1 r! D0 O, u
console = 3003: c0 Z( q D5 T: ^6 |- o
s1/0 = FR 3
& p8 e. N8 D. f* Y [[router R4]]& q9 Z* o8 \ P- B/ s3 ?
model = 7200
/ T; h& _ ?' r' t console = 3004) x$ E7 x$ g) E9 ~
s1/0 = FR 4; V0 z8 w7 D* q3 C2 q( ~
f0/0 = DSW1 f1/1
& A2 C F3 e; s f0/1 = DSW2 f1/1! n3 I, X6 r# ~5 ~7 ~5 p t
[[router Cloud]]
- e1 N2 i4 Y, [7 N% l model = 7200
' u; g K3 w! [* H: @' E console = 3005
" C( W2 M+ J& A. A+ H6 T, i s1/1 = R1 s1/1
6 G. e" W6 e7 C) x& {& } [[FRSW FR]]8 M! Y) a9 u. \7 v# i
1:102 = 2:201
7 J) y0 t X/ n: e% l5 B 2:203 = 3:302' M) k% f7 A3 T- M2 V
3:304 = 4:403
. G' s$ f9 W. Z1 H, k6 c+ }" G4 e有了初始TroubleShoting!让我去排错!& F$ Y% {0 B) i7 |, I0 M
考试时间应该是140+20分钟
- M, G3 l c4 |4 w- w题目数量45–55 questions8 I' v+ [( G; Q, |) W( ^8 N1 O
16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!
$ v- X: ]. ^8 H) \6 N1 B然后是一个大实验排错题!(差不多30个环境排错)& ~, M# W* O) c
有L2 TOP /L3 TOP/IPv6 TOP) S" w; d3 N8 V, p8 o* j: K$ f
4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的)
3 W* z" A; ^+ c- R( u类似:
( t4 o4 z4 E( ehttp://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html
% j" o$ R/ e) o! g t e0 @涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!)0 Z/ D7 a% V0 F0 o; R9 m9 q
EIGRP
5 Z' C1 o* u/ TOSPF : @: Q$ b6 C+ W+ r
eBGP ) W0 Q0 Y {6 P" O5 X) F
Redistribution 3 ^9 M1 J+ a% L* e1 V' q4 S) }4 _
DHCP Client and Server
4 V$ i# G T: YNAT
$ I* S- ]: h7 g) c% KHSRP/VRRP/GLBP
( y; p% |; S ?) @! D# HIPv6 Routing 1 l9 n7 M, L" y* E
IPv6 Transition Techniques
3 t# y5 S% x8 M% T: ?0 v3 N: m" uL2 Trunking 8 [; W1 Y; m1 P. i1 f. _
L2 STP
- w9 y7 V# g6 j7 R3 [5 ML2 DTP 9 E% r& O2 \" @
Private VLANs 0 X6 P1 ?! G4 j
Port Security % n8 ]) |+ N* [; c! }0 W
Switch Security
6 [1 i% W" o6 `- ]VACLs/PACLs 4 }: a/ A0 O0 P1 Z
L2 SVIs ; i9 T: c0 n) G9 g
Supervisor Redundancy
2 ^0 R/ F9 O5 ~- Z8 fNTP; j. O! J4 C* A' i- d+ q4 W) M, d
Switch Support of Wireless, VOIP, and Video
1 C/ E, H" `9 s" G8 |! xRouter Security & d! W; b0 S ^# y7 K
ACLs $ a; E2 S) k3 X4 ]
AAA & i: O5 S( i: a5 r& h3 ~2 m
IOS Service Security
/ M' ~ v6 f) _ Q3 Y我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!)2 }4 V4 B' u( r+ d( m! m6 Q
从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!- k/ ^: p! X0 u
(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!" k5 }% h, ?7 L/ |+ t
交换机 连接路由器的单臂路由接口!2 \/ d7 ~8 p3 g2 x- R
端口安全 L2的东西 还真多5 D" b2 m& {9 z
不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!! Q6 R v v4 u! i4 Z3 N+ T
(2)特别 注意NAT ip nat inside 打在主接口 是错误的!
N5 t) R; b; s% {' f' x! h, p7 M(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!
3 u$ M' t2 ^& v) U1 `- t6 P- P' m* @(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证5 U) g1 m% m( G* K" ^! |
(5)ACL有错5 x8 K7 o* c( W- h3 O
(6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对! c* y# W! D3 O. J
(7)BGP的nei 不对 一直在active状态
7 ^, l5 ^! G V* p% T(8)IPv6的OSPFv3 区域放错了!% M( ?+ f$ `- \% f1 f5 ^
(9)HSRP的track 应该去掉!!
4 q( P0 @9 {) w) U# S% t" J7 H: xTicket
7 r& ]* A, U3 s& a( a+ G2 L: ?1) Client 1 is not able to ping the server$ h; y( n0 ?; N% i5 i; z
Sitution 1: Unable to ping DSW1(Use L2 Diagram); W# s0 q6 g1 K( z) `
Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.38 |/ G7 ~3 c+ Y) R- i
Ans1) DSW1% {( i# @' b3 [$ {
Ans2) Scroll down and click on vlan access map: w1 A! z" u2 T- k4 ~# V0 g. h9 G x
Ans3)No vlan filter 10
, y( F& e: R! E3 ^% p2) Client 1 is not able to ping the server9 e2 r" Y) @8 a
Situation2: Unable to ping DSW1(Use L2 Diagram)$ G5 U1 E2 O, f! c
On ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there" h/ F. d( r. D. b
Ans1)ASW1
; P s) E Q0 \" X: k6 NAns2)Access vlan5 ~* m# h$ @8 A3 {- N% B! J" q
Ans3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 10
5 n" W6 \- j# t0 \# ~$ l3) Client 1 is not able to ping the server& H* F1 z5 c1 p& B; ]/ h
Situation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)0 h& q) P' K" W, H7 l2 c
Ans1)ASW1
" L0 M& V- R5 d' I+ L P( wAns2)Switch to switch connectivity) t8 E$ n& s, q1 Y2 T* b3 Q
Ans3)on port channel 23 give switchport trunk allowed vlan 10,200
8 }( m; ?* B; _. D! L8 }# v6 v, r4) Client 1 is not able to ping the server
& V- I; }) _ VSituation4: Unable to ping DSW1(User layer 2).
9 O% J& h r4 ?9 Ounder running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002.2 c8 V* p+ g7 D7 m. {) w' T+ h
Also check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled
$ F5 u' t, L$ r3 c" S' G; W7 O+ ~Ans1)ASW1
4 F* {- I$ S7 f/ Z$ m w( H+ ?Ans2)Port security
3 h' {9 ^: W4 k) g# RAns3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut.( @8 G: j! e! {, f6 F
5) Client 1 is not able to ping the server
5 d: m" z! ^! Q, `Situation 5: Unable to ping R4 fast ethernet port from dsw1.% W2 [6 U1 U d! K$ e$ {- s
check ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3) }3 O E" N5 {
Ans1) R4
5 U: t1 Y5 s: U% H; L; gAns2) IP4 EIGRP
4 m3 Q. R7 f) vAns3) Change eigrp process no: from 1 tp 10 because DSW1
9 U e5 B4 S( t3 B9 {
+ l C$ ?" c9 K5 e8 ]6) Client 1 is not able to ping the server
5 h6 j5 P, B# @4 I3 c9 i; ^$ }8 ~: [Situation 6: Unable to ping serial inte**ce of R4 from the clients.
) d& h# S5 I- ^8 DDo show run, check the names of the route-maps. (use ipv4 Layer 3)
" M5 A |+ \# s: f$ c; {1 Z* gAns1) R4
) s2 i! d' U2 L/ {+ [* E1 dAns2) route redistribution! ^2 D- @7 N/ R
Ans3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’.2 O5 [ _, k: Y/ _. E
7) Client 1 is not able to ping the server; x# j8 K8 C0 K9 o' ^" I3 Z( I$ q
Situation 7: client is unable to ping R1’s serial inte**ce from the client. 3 B4 a$ I0 n; T+ W
Check where authentication is not given under router ospf of R1. (use ipv4 Layer 3)" C% S" Y' P! c* ^3 J( Y9 _
Ans1) R1. ]3 K$ w7 Y. g8 b: R' W5 C3 r
Ans2) ipv4 OSPF
6 {! j# |0 W9 F9 j. IAns3) ip ospf authentication command must be given under router OSPF. m) ^3 a& S0 I
8) Client 1 is not able to ping the server5 a2 w: p; F1 w4 \! j4 d! a' |/ u: y
Situation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)
5 M$ i# u% e8 C* t! a, b& E5 FAns1) R1
& M/ A0 K, a5 Q. G2 [( rAns2) IPV4 NAT' b; R+ a; Y3 V u
Ans3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255
6 `$ P8 Q% B+ f
0 C9 X# q, z+ Y, O2 `; M- g9) Client 1 is not able to ping the server
9 n1 g4 M6 C0 a. v. @/ c3 nSituation 9: R1 is not able to ping 209.65.200.226.
# {, H. A% L$ H. wcheck bgp neighborship.
5 k" j6 q- }, cThe neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)% x) @- G: i5 {( c$ l, W
Ans1) R1
& ~( X$ k5 j: _5 A' l7 IAns2) BGP
# x- w" d0 V& ]) yAns3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)
3 k0 s1 K( {8 f# }8 V10) Client 1 is not able to ping the server
: K. g$ t! Z. i& E. V$ }& t/ Y. vSituation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)
5 u) ^" v8 E4 YAns1) R1% d3 Z. U7 o) K& v G
Ans2) IPv4 Security( ~6 R# [! h9 j& X
Ans3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.
& z, R L+ J- R& `11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback." R- u6 h& r* J0 q3 v2 b
Situation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3). j2 E/ }2 V0 Z) z; c9 o. s
Ans1) R24 O3 g4 ~6 e* V. }
Ans2) IPV6 ospf; M' z0 Z, ?" l+ q5 M
Ans3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.)
! }5 o" ]6 F' a% [12) HSRP: DSW1 does not become active.
0 [, k1 B, t( U& J0 [+ QSituation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3)
: S- D4 Y' P& D* S; D( WAns1) DSW1
. ]. @" Y5 B5 DAns2) HSRP) _6 Q. L0 u$ X3 F: G
Ans3) delete the command with track 1 and enter the command with track 10.
+ I' G# B7 K' |ASW1(3 TT)' c! l9 M6 }7 t) Q0 [
1.Access vlan - add "switchport access vlan1"5 `0 @) H; e* {8 `1 a/ @& D+ |
2.Port Security - "no switchport port sec" and "shut" and "no sh"9 D/ j- P. b7 ?) }) ^& U8 W# X% n
3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"/ q9 `8 K. _% e' V
DSW1(2 TT)
0 _4 I8 n/ K( W! P: l+ Y8 A7 A1.VACL/vlan filter - "no vlan filter ... vlan-list 10" : F) B! r! [- @% N6 p3 N9 E0 a
(This is on the last line, pls scroll down to see)
0 [8 w! z5 e( N2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."
% ^; `: |: N# u( B4 CR4(2 TT)% h, M" Q; b7 Z) z0 c
1.IPv4 EIGRP - change as no. from 1 to 10) B/ V! L9 c( f% K$ y# s
2.Redis. - change "redis ospf 1 route-map ..to" to "... ->"
' Q! Z' a, G$ X# o% ORemember that no TT on R3/ o( q% n' K0 \: U- p3 T
R2(1 TT)
& u' S( h5 B( ?& X5 V( t1 i) v' P1.IPv6 OSPF - enable ipv6 ospf on s0/0/05 l8 |; m3 l& k4 e3 `4 O% C
R1(4 TT)
. r' K" D2 J, V8 o4 E1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server
& b2 X" K. e- W& Z2 b2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP& e- \. _6 d1 e ?* c' o* Y* ]
3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server
5 p' A2 W; \7 S4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2
" r3 a0 n+ c4 G1 l+ d
- j3 k7 T# H n8 b5 {; X2 [" x建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!+ A. T3 k0 |: ]$ \$ [. |& D
5 w. I( A. m: e# u |
|