- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒

|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!
& d* n. ]/ N9 Q" z7 T对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!
9 n6 v! K# J2 c! {" M b
! J/ a: b3 m& e3 G8 C首先比较感谢
) @* f! X% A2 h/ {5 \# A* [NP642-832备考QQ群:105918054
% I9 P+ d$ M% J! a0 q6 y* u4 [* \的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版)
. L- c! ?8 c8 e$ W8 ^2 u给我提供了类似CCIE排错考试的.net文件
+ ^/ W; M3 N Y; g0 D. K, T$ kautostart = False/ \6 `, W; F: x, ^/ e9 P% G
[localhost]
! Z3 q/ \* K! _ D port = 7200, W# X" z! g4 u& m. M) m# p! W2 y
udp = 10000
! b# U( \; ^- k workingdir = ..\tmp\
$ ]# `- D" N$ r" w i , g! D# y, p9 ~2 V# m& y% W
[[3725]]- W9 D/ c+ o3 G7 O3 Q! R1 p
image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin! x% x' Z4 [8 i# t0 \5 d
ram = 128
2 J$ i2 c- S4 e0 W7 r: E+ r confreg = 0x2102" M' E5 F- a! l' [5 k2 d! V( J& y6 g
exec_area = 64
0 P! l) o8 L1 k# ? mmap = False
( S+ G b5 c! X9 |& A slot1 = NM-16ESW
; |6 D5 z8 `/ c* R c. o* T [[2621]]
6 z* `) n) X% O image = ..\ios\unzip-c2600-i-mz.121-3.T.bin6 l9 |6 E3 V: }1 Q' ^
ram = 20
# M! |& _- H3 Z# I7 _ mmap = False: A S4 ?/ i: d; f) E) Y+ \3 F0 E5 F' Y
confreg = 0x2102
* r. t' ~. K: u- `+ G3 ^ ghostios = true+ A: a( j1 U n( R9 e8 l
sparsemem = true
9 y5 e$ ^: Y/ L& ]* `7 H4 `# [[2691]] i9 k9 f: i i5 z
# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin
" r% M. w8 a8 A1 p# ram = 100& `3 ^ G( H( l; X1 T
# confreg = 0x2142. B$ Y4 F& }) z' H6 c. F$ r
# exec_area = 64
& |' v3 U4 B1 j7 W3 D+ k( F( J# mmap = False- M6 N+ g! c& \& `3 `
# slot1 = NM-4T7 O5 H; ]5 w H, [
[[7200]]2 U3 @" `- R' o3 w" m! D" Y
image = ..\IOS\unzip-c7200-js-mz.123-20.bin
& V& \" k, m6 T+ r$ L8 z5 d5 X npe = npe-400$ x. G. x! I2 s8 _: M c2 y* H2 C
ram = 96
. U( Y- @3 f1 `3 S/ a" ` confreg = 0x2102
8 w2 i: h/ l, }# w0 O% [ exec_area = 644 Q+ }2 u \+ N
mmap = False! R$ L$ ~4 A1 a* T; w ^; \; r
slot0 = PA-C7200-IO-2FE u9 a5 T) x8 ^/ l8 E1 f
slot1 = PA-4T
* K9 ]$ i- I0 s6 I [[router Client1]]
* x) q& @3 c( c' _+ a model = 2621; u* w6 D* V' l
console = 3011
6 I$ _$ _- d3 U; G8 I! Z! g K8 \ f0/0 = ASW1 F1/1 8 U1 o8 G, A6 v, M0 K( s* c: }
[[router Client2]] T1 K* Y. h; r2 J. k
model = 2621
( L3 P1 F- X% x3 x1 M console = 3012
. r6 v9 x6 |3 w f0/0 = ASW1 F1/2 8 q4 f( G9 M9 l8 n/ H/ C s9 ~
[[router FTP]]+ |8 l& n5 @. c' K, O2 Q4 W# i# v
model = 2621
; ~" d) @; A: q$ M7 b+ x3 S console = 3013
8 T0 G4 V& @ C4 c9 `$ v5 v f0/0 = ASW2 F1/1 ) m- H$ i8 Q1 W: t0 m2 \1 T- h
[[router WEB]]% P$ g$ h# ?- c5 r7 y5 l9 ]
model = 2621
5 l3 M: P" G5 p+ n9 J3 w* E4 a8 w console = 3014
" M1 Y6 B& p: x% H! }# f f0/0 = Cloud F0/0 ; s! P' a" ]' V: Y4 i
[[router ASW1]]
' r/ V+ V, f/ a" ?$ x& m/ b model = 3725
. v, G3 Z* e/ t9 B7 D console = 2001
9 p" W: ^3 ~+ G) T5 ?1 e2 N$ q f1/10 = DSW1 f1/105 A; Q* z7 g- p* s9 m& ?
f1/11 = DSW1 f1/11
9 d! a4 [- s Z; Q f1/12 = DSW2 f1/128 o u7 Z' _6 F8 H+ [! d
f1/13 = DSW2 f1/139 f& `8 E' |& f
[[router ASW2]]
9 I. I. k6 ?1 \3 p4 H# v model = 3725; c8 R/ B; b6 k2 Z0 C
console = 2002+ X4 c* H: B. P
f1/10 = DSW2 f1/10+ I& u3 S& S! c0 [: M; }
f1/11 = DSW2 f1/11
9 s( `) E: u4 c4 H0 g7 L f1/12 = DSW1 f1/120 ?! s/ u. x5 Q& P& J( |1 a
f1/13 = DSW1 f1/13# W2 Q$ @, S7 i# T
[[router DSW1]]
/ P: z) c! t* |+ B* M6 [ model = 3725+ _- @# q5 Z$ k* g6 {! B0 m
console = 2003
" C& q4 x2 l4 r3 e) X% X; T; X f1/14 = DSW2 f1/14
; R) v' o8 A/ R5 I f1/15 = DSW2 f1/15
4 K" o$ f$ i: F4 S4 | [[router DSW2]]
4 Q9 e. ?; S5 E" { model = 3725
2 r3 M* r2 H* g- y7 v console = 2004
K/ J/ \+ ]9 H; @8 y. N [[router R1]]
5 J. x+ W Q/ ]" U model = 7200
& V; ~0 w% w8 A# R1 P' q console = 3001
/ }" c9 `- }4 [ s1/0 = FR 1
; d+ t" j4 ~9 y5 {/ d% ` [[router R2]]
. ?4 K$ a( B6 e" n" w" r model = 7200
: n; V0 _2 m& o) ?9 ?( _; h3 r console = 30020 ?& f1 i3 V, _
s1/0 = FR 2
* p) W2 Z7 Y2 m8 Y [[router R3]]
9 P" [! a8 S3 V+ e* k model = 7200
( c2 m7 c1 G- P9 ^% l9 }- w; [$ Q console = 3003
/ Q+ ?' Z1 Q7 I s1/0 = FR 3 v# ]/ F* Z7 d- _0 N
[[router R4]]2 n6 L& }2 X+ z+ Z& R
model = 7200
, N0 f( L' ~, o1 G console = 3004
5 T% ^0 Q# N4 l, T. A s1/0 = FR 4
+ d5 z; _* R* q* ^% P6 P' _% T f0/0 = DSW1 f1/1
6 s" O. Y- {8 C: [3 L f0/1 = DSW2 f1/1. J' A* I: M, Z! U$ `2 d; y$ V
[[router Cloud]]
1 \. g0 h4 Q; ^* s model = 7200" p" \; @% \8 G# ]
console = 3005
1 |" G" O- d0 P" v s1/1 = R1 s1/1
+ U! [* ~: I' i: T: e+ b [[FRSW FR]]
% l, }+ P/ C) l$ Z, m+ s" C 1:102 = 2:201
* b( u; f. U0 D& L 2:203 = 3:302/ v$ y* y- a. V) f+ x, M
3:304 = 4:403
* x. l/ ^, s8 j有了初始TroubleShoting!让我去排错!3 c, t" }' q F( d( d" r9 Z, o
考试时间应该是140+20分钟# ^+ d: V# M- K1 o, l, E5 }/ J
题目数量45–55 questions/ \7 x9 U/ e' ~6 z! V9 C& D
16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!5 ?& b4 \+ N5 a1 c! h$ D
然后是一个大实验排错题!(差不多30个环境排错)
9 W1 b2 i7 [1 \0 e) g2 o' R有L2 TOP /L3 TOP/IPv6 TOP5 ^) o. D' l7 v5 \
4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的)
1 e \: D l# @类似:' w" G3 I1 s9 I/ q
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html
% H& R; N' O% F0 }2 }涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!)
) L6 B; R6 v! |EIGRP
0 L" o) }- I d5 POSPF / ~ F3 ?2 S0 o) G4 ^+ q* ^
eBGP l# u( ~5 x& }1 l, c4 ?# ^
Redistribution ( V) `8 i. l* u+ ^8 r0 R
DHCP Client and Server
( _; R4 L; _. v3 n% ONAT 3 v( ]9 t, l0 H8 T
HSRP/VRRP/GLBP
. B- I9 o* o e" zIPv6 Routing
3 n9 k4 ]2 O5 t* A! J- x! b; | m2 XIPv6 Transition Techniques 6 v4 s5 l* X4 H5 d% x
L2 Trunking
+ c6 I, V" C: U8 V* j6 w0 YL2 STP - Y6 ] D Z8 r$ Y) ^/ c; O, j
L2 DTP " |; o* E4 y# @2 w6 y9 v: V
Private VLANs
: ] I0 S% q# p. T, j$ E7 ~" vPort Security
2 q5 c6 @6 z. P1 hSwitch Security ; `9 B' U, V/ i, [* J
VACLs/PACLs * L" f) |- M9 q7 z5 K3 m( r+ ^! [
L2 SVIs ' ^; C$ b/ ]1 R7 F# h3 N
Supervisor Redundancy
' t W2 R# q# sNTP' _0 c- O, Z4 \1 [/ F# P
Switch Support of Wireless, VOIP, and Video
- V7 b% g2 E8 v9 Q: uRouter Security 3 s0 Q0 E. c A ?% m
ACLs
" m# `: j' d$ C$ o# X" i8 HAAA
r# R, E" c5 j! ~7 T8 w, @" DIOS Service Security
7 ^1 s. U) h/ I" }; i我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!)
& H9 M+ Q) c" g. B从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!
' t- S0 Q2 I: W0 ~; p2 a(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!2 A. r4 ?! q9 o. l7 L) U
交换机 连接路由器的单臂路由接口!. W) z- g. v. C5 e8 o6 c: x# V
端口安全 L2的东西 还真多
! N ~) n0 Y% _( c) B不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!- `( V4 T5 Q0 c+ S
(2)特别 注意NAT ip nat inside 打在主接口 是错误的!
) J( |# f8 ]/ V! Y(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!' ]5 v+ U6 [$ J' B3 h5 B
(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证; q2 v% ^* i1 x8 o; z* E5 ?1 X
(5)ACL有错/ E0 ^8 Y5 V7 H! H/ t+ m, }
(6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对
' Y8 A- \4 T* G: q& }3 H, n: L4 K(7)BGP的nei 不对 一直在active状态
) D% ]2 B/ H5 j; H(8)IPv6的OSPFv3 区域放错了!
8 U' `6 A+ F! P. K. ^& Y. F1 b(9)HSRP的track 应该去掉!!4 r: V$ a$ j4 C
Ticket
. v1 l" f; B" X3 I) ~. L( ]1) Client 1 is not able to ping the server
! z/ V1 P/ Z* E' Q8 S2 _Sitution 1: Unable to ping DSW1(Use L2 Diagram)9 B4 ]% A" Z q/ C) \
Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3
: N5 e) |* W5 R( i0 {Ans1) DSW1) z+ V$ P9 s+ F7 Z
Ans2) Scroll down and click on vlan access map; N# F( }: ^6 L F) ~: \
Ans3)No vlan filter 10& ~5 X: m, l& c+ D
2) Client 1 is not able to ping the server
+ Z, E8 f* p% u6 G$ J; t( LSituation2: Unable to ping DSW1(Use L2 Diagram)
8 k7 o* B+ p6 g5 B. tOn ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there
6 ?, X) h! m) V* O" l/ q9 E2 CAns1)ASW1; z/ p0 @0 M1 H6 x2 j, z2 W
Ans2)Access vlan
6 p9 \" ~: q- |& A# e: DAns3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 10
. {1 h* V+ N. ^" o9 z# N3) Client 1 is not able to ping the server
$ c F4 p2 ?0 k0 X7 ?' |% dSituation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram) b* g8 @1 c2 v3 p
Ans1)ASW1
& W* c3 f: L$ N% w( G% x. Z1 ?Ans2)Switch to switch connectivity, Q3 X" S$ T$ @
Ans3)on port channel 23 give switchport trunk allowed vlan 10,200
) F9 R9 s( F" d5 X4) Client 1 is not able to ping the server
. \" k6 z0 n% m+ n% K5 n$ MSituation4: Unable to ping DSW1(User layer 2).
2 ?$ {+ ]( s2 d- M) Y/ hunder running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002.
- M4 Q1 `+ l% N/ y/ ~Also check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled
- c7 U5 P, S7 E0 P( j* mAns1)ASW1
! q1 A( l' W: gAns2)Port security' y7 ?# ]+ m2 I- ?1 ^: I: c
Ans3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut.. R, {2 R, K% L8 [# w
5) Client 1 is not able to ping the server
: T5 p% | X, k" f1 tSituation 5: Unable to ping R4 fast ethernet port from dsw1.
/ Y* Y1 o# h/ P# u$ n& H2 jcheck ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3)5 o- j% D ~' o! C$ `9 O% Z
Ans1) R4
$ @% M. H7 f& S3 MAns2) IP4 EIGRP9 [3 q& d- @& t. ]/ C
Ans3) Change eigrp process no: from 1 tp 10 because DSW15 @* l+ \7 D5 |8 @
5 d1 j& V% ]: G' p" W N
6) Client 1 is not able to ping the server+ l, J+ M. a5 X- J0 e u( U
Situation 6: Unable to ping serial inte**ce of R4 from the clients. % C5 R: W4 ^( Y) b
Do show run, check the names of the route-maps. (use ipv4 Layer 3)
) h/ l8 G8 N& H& V) uAns1) R4
; S$ z; M2 S0 z4 Q3 |7 ?1 TAns2) route redistribution
7 _& Y( E8 `# i; {$ C2 a" W FAns3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’.+ h. J" u/ C+ v! W: F
7) Client 1 is not able to ping the server4 x, I4 x& |3 {/ O" _% m9 }. F
Situation 7: client is unable to ping R1’s serial inte**ce from the client. % i' ~% N9 N3 o+ L V5 s+ P0 O5 D% B
Check where authentication is not given under router ospf of R1. (use ipv4 Layer 3); F, t/ Y7 F5 ^0 M" s# |, D
Ans1) R1; C; Y E, W3 m: J3 M
Ans2) ipv4 OSPF5 Y0 V5 J. Z; f4 z5 m v& ~
Ans3) ip ospf authentication command must be given under router OSPF; v j# [+ I, _, ~* @
8) Client 1 is not able to ping the server
8 s! k+ ^, R+ C2 O6 YSituation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)
8 c# z3 \0 _4 x* M' P7 U" tAns1) R1& \& V0 d" }& M( d
Ans2) IPV4 NAT
) Z: F+ V3 f8 tAns3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255( T5 l! C- B) H9 e
5 t7 G# y5 o9 ?& i; A# p9) Client 1 is not able to ping the server
T* G$ I+ ]- }2 E7 T, FSituation 9: R1 is not able to ping 209.65.200.226.
. T, @4 L$ _ n# l5 [check bgp neighborship.
* v) ^: r9 _6 v6 H. ^0 k( h9 DThe neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)6 j) A9 n5 I/ \2 t4 y
Ans1) R1
6 b+ t; l+ {- w$ A5 p! e" b# hAns2) BGP* u3 g8 u3 x5 f' |6 \, d$ z1 t
Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)( r/ e$ D) L9 o
10) Client 1 is not able to ping the server$ }9 u/ s# _" S8 z' w* t
Situation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)
/ B4 w/ o* @; v+ o* XAns1) R1: u/ |! _+ I) t' ]2 S
Ans2) IPv4 Security
7 d& d* p! h) LAns3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.
8 q7 ^* x- j$ {9 s3 z9 c+ ^# l11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback.! _' }( v1 _8 s' t1 K, @
Situation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3)5 ]/ F7 P3 L! a& w4 P" a
Ans1) R2) Q7 {9 U: i. r4 v8 v1 i* C
Ans2) IPV6 ospf) I7 V7 X7 j+ X6 |, h0 Q6 _
Ans3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.)9 d! S3 H" O! w4 C0 v6 {: o
12) HSRP: DSW1 does not become active.* |. X# C& u, B8 [" z4 O" B
Situation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3), A+ i" y' Y" o7 e
Ans1) DSW1) _+ Q8 n6 m- H5 ^! Z
Ans2) HSRP% p5 s4 e5 g3 D! G
Ans3) delete the command with track 1 and enter the command with track 10.
6 j4 G0 E4 n( ]( |ASW1(3 TT); v5 w/ E) W+ i0 W2 g: Y/ D
1.Access vlan - add "switchport access vlan1"% ?% U' d5 K- C* V. ]# g" S, X3 Y6 X) f9 e
2.Port Security - "no switchport port sec" and "shut" and "no sh"
. C$ {8 f0 w2 {8 Z0 z) U3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"
9 b- J7 r+ j* `8 n; bDSW1(2 TT)5 O4 d, O! t$ F K/ f( l
1.VACL/vlan filter - "no vlan filter ... vlan-list 10" ) ^* n; m6 H( i. U* Q
(This is on the last line, pls scroll down to see)
- {& [7 @0 U& m2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."# E# |# u1 C/ y, n
R4(2 TT)4 {. w T! C# A O
1.IPv4 EIGRP - change as no. from 1 to 10
/ M5 a, o4 Z& t8 |: o! \! F: k% `2.Redis. - change "redis ospf 1 route-map ..to" to "... ->"
0 U! J$ Y. |, q$ }Remember that no TT on R38 K! L) Q3 F _/ K: D
R2(1 TT)0 E; W& S$ r- q! X
1.IPv6 OSPF - enable ipv6 ospf on s0/0/0) V& F8 @2 ^8 y- `! d" v. H# d
R1(4 TT)/ ]; Q' D i2 Q0 X' C
1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server G4 e. Z/ v$ Q. I
2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP
4 P' k) T1 f8 m i+ J7 p N" E1 I3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server8 }# E# o2 t9 n1 p9 C
4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2$ v! D) }* O6 i" P6 w& G+ ]0 j
6 n* ~3 Q; r- Z2 C6 O; f建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!+ X: M& m9 v+ v* p8 S7 R
, p* S% M" m3 g- Z7 v8 a' W6 M |
|