- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒
|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!' }! X2 y( ]/ ~8 C1 L6 R
对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!1 B9 s0 q8 T7 B( Z* c
8 l0 {+ C# a3 Q! d! U首先比较感谢
: Z2 ?6 O- Q' | WNP642-832备考QQ群:105918054 $ s, S* K( n$ {- }. {" f
的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版)0 w* u0 ?7 D& }& m5 s* r9 V( J
给我提供了类似CCIE排错考试的.net文件 3 L7 w% y0 Z* X! F, p' m$ p9 x
autostart = False1 ?" [6 m; S6 L0 x
[localhost]8 i8 Q5 X" l4 A8 f
port = 7200
7 c" l0 m6 @. s ~* @6 K$ D. D) k udp = 10000+ ]7 I3 M8 c' s/ Y0 V& [. ^ h
workingdir = ..\tmp\" w, V' a# E4 `" P' G6 }
, X- u! w! F- x+ D' w
[[3725]]
% [6 u/ z9 G+ j* y/ k8 m image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin9 o( o. j1 K8 _% s% B4 G. |
ram = 128
1 H& u7 f& l% |3 [; ^* `$ L confreg = 0x2102
: F R, r" J* ]1 r; G1 E exec_area = 64$ V# _0 b; E7 X
mmap = False
! F7 e+ b) L$ P* K" V5 @! x slot1 = NM-16ESW
$ s* |$ f% [+ {5 t [[2621]]
# v! }9 g: \ R4 \4 K7 x image = ..\ios\unzip-c2600-i-mz.121-3.T.bin" u1 Q/ y; L2 E8 [$ e5 g8 y% v
ram = 20- ?$ I( `+ T! p5 |+ t
mmap = False
1 a( a+ }' X; {7 w4 i. _# D( l confreg = 0x21028 ~8 l- m+ ]& O, z* C+ l D& {
ghostios = true& ?! w3 z6 S, y9 q5 i) y' Z, t
sparsemem = true
5 D x+ Z$ n" f* n/ B; f# [[2691]]+ `+ j6 t5 e* d7 C+ P. _/ f+ Z
# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin( U: k6 V/ D- x" Y! ?6 a
# ram = 100
, k2 O: _; U8 _& D0 x7 E$ @# confreg = 0x2142
" ~ I# y b. y; L5 l6 F' d- }# exec_area = 64
* b) V" A$ E8 S# mmap = False# i2 ~- n& y" u7 q0 [5 V
# slot1 = NM-4T8 M$ G2 j' x- R. |: S) y2 e2 c
[[7200]]
7 f, n- J2 R5 i, I image = ..\IOS\unzip-c7200-js-mz.123-20.bin
' E! o' J ~6 `) |- G0 z j J9 y+ K npe = npe-400$ L3 D$ Q) }8 I, g% t% {
ram = 96
0 G6 p# J) b( Y7 x j) r2 {/ ^8 [2 X confreg = 0x2102
5 B0 I! Q* a) v- {5 f exec_area = 64* o: U" e2 m, B9 G2 m, f
mmap = False9 m( U; t9 ?6 h0 r3 l
slot0 = PA-C7200-IO-2FE: Y: g' n5 [% a6 j
slot1 = PA-4T
" R G' H2 P$ }3 T0 O, q [[router Client1]] r" j: z7 ^1 i3 s$ i" o7 |
model = 2621 G7 r2 x5 j) h" I9 {. q
console = 3011
3 g% ~0 i+ m: p4 M f0/0 = ASW1 F1/1 7 ]/ H4 z M8 p% d9 c: w& H2 h( i! C
[[router Client2]], B" b2 g& c$ J! o$ n
model = 2621
3 _7 q% g5 P! |; h$ S console = 3012
( A" D) g4 Q7 O }. E f0/0 = ASW1 F1/2 : r8 D$ f p- }8 U3 r
[[router FTP]]
1 u& m1 F0 c" T+ P2 \0 y2 p7 l/ N/ x model = 2621
; i# R6 V0 I% c! G5 x0 y8 l console = 30135 M# n( k2 f4 ^) L
f0/0 = ASW2 F1/1 , ^ N5 [9 L% l! ~7 b' \% U2 Q
[[router WEB]]
$ Z! F7 X+ g! |- ~- s, d! S# ` model = 2621
- z# N( [8 f% m' q: w) S console = 3014
1 K( y8 _2 {3 t+ r& c f0/0 = Cloud F0/0
! n8 }1 |5 `* {5 Q [[router ASW1]]
E+ p& Y8 J V8 C3 a: i model = 3725
/ i! L: g6 n4 {& i4 X5 m console = 2001( n1 U8 |8 V4 A# C
f1/10 = DSW1 f1/10) j/ a/ N/ S; ?- e
f1/11 = DSW1 f1/11
: @( H) o$ y- k4 c4 B f1/12 = DSW2 f1/12
/ B# b; d- z) n! t: Y f1/13 = DSW2 f1/13* A: A# V2 Y, |. `- e! t% z
[[router ASW2]]+ e- D0 } X% f. k& I' L8 z
model = 3725
7 X/ w# {; V4 `# H console = 2002& T' D8 D& M$ h, r5 C8 C' Z8 f
f1/10 = DSW2 f1/10
3 P9 d2 r+ y0 w/ a; R f1/11 = DSW2 f1/11; E8 Q6 Q& H1 g
f1/12 = DSW1 f1/121 y! p4 x- e- R5 Z
f1/13 = DSW1 f1/13
( \. m( ^8 Y, X7 v) E ~- f' F' u [[router DSW1]]; o( n+ y8 [6 R
model = 3725
$ H ~9 V* C4 R- A4 a2 [$ F console = 2003
* i( X% F/ ~: M# }) V3 P f1/14 = DSW2 f1/14
8 x# k x" H5 u0 E! c* |6 f f1/15 = DSW2 f1/156 T1 c+ j. U7 q3 Z
[[router DSW2]]) o% L9 n6 }& @$ c- b
model = 3725" a1 E4 Y5 N5 k& K. m
console = 20041 q! v1 R9 H+ m, }( _' }
[[router R1]]/ Y: `- t9 o, z! ~
model = 72006 h1 Q6 @, r x0 m" M% p1 \9 Y: X
console = 3001
2 I0 m2 f. V3 P s1/0 = FR 1( P/ R- z* N6 S) r A' o. y
[[router R2]]; F, {, ~7 y' l; G) } Y
model = 7200
1 c5 Z" Y' @* E T" _/ N0 O$ P) u console = 3002" R- S" t- K% I! w- |! ?+ }& N9 e
s1/0 = FR 2
" z) T }# V7 K+ ^2 c' V [[router R3]]
8 z( y2 R5 y/ q+ K model = 7200) G4 B/ ]) W( X7 G$ g4 I
console = 3003
& @0 b+ V1 K* X. G8 V/ x s1/0 = FR 3
- W, `2 M0 D+ R1 e5 o9 e# h [[router R4]]
& q4 c, L' x; l; _: Z model = 7200" n. | V3 X, ?/ x8 @2 ?
console = 3004
4 G6 h9 ^3 d, ]. v s1/0 = FR 4, f0 f& s4 R/ `# ^# v
f0/0 = DSW1 f1/1
) Z: Y3 J7 Q! \( B. ] f0/1 = DSW2 f1/1
! X% \1 |7 ]6 a5 F# M1 ~! {4 h' Q [[router Cloud]]
. g! Z. f, z; D3 B model = 7200$ k* F/ O2 N4 e7 e P6 L
console = 3005
/ ?6 `# ]2 ~6 _/ L# h! c* J; ^( q$ O s1/1 = R1 s1/1
* C% N1 O" f' z [[FRSW FR]]
9 H: t) Y8 g5 j4 Z 1:102 = 2:201* l" d* A2 \2 Y: K: X+ `3 X
2:203 = 3:3027 E+ D! Q2 m! e" b2 R
3:304 = 4:4035 `% ]7 _0 |6 `, R* |6 Z% O
有了初始TroubleShoting!让我去排错!
: g$ {6 R4 L) l! T ?% T考试时间应该是140+20分钟
4 L6 M7 c1 J; E" N7 ~ o4 Q4 t题目数量45–55 questions) {8 r' |2 A$ {8 i3 y
16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!2 D& w% X! R1 a. V* k
然后是一个大实验排错题!(差不多30个环境排错)
6 G9 w& Y0 Y; e& L有L2 TOP /L3 TOP/IPv6 TOP p/ Y$ c- [5 g( [, n' e* m
4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的)
* A8 o" p4 ~" c! d. d+ h w1 m类似:) o- s0 ?; t E+ c1 q- U( V- ?# J f
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html% J( T5 \( B' Y2 V+ q$ B2 _ v
涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!)
8 \0 m; \& e, X, o- ]EIGRP 1 g9 d& ~' h- X# x. C4 J6 @$ ?
OSPF % k9 L( o% d7 P& ?4 Y
eBGP + h# z2 P0 o, w5 _
Redistribution
* ]/ B, {/ C _1 hDHCP Client and Server
: S$ V& X% b+ t4 g9 `1 dNAT
" O) k9 v3 E& PHSRP/VRRP/GLBP
3 I( c" r) N# Y6 p: N$ G; d9 S" IIPv6 Routing
c* H5 r; \5 g1 y7 T+ {& D8 IIPv6 Transition Techniques
; l$ G k: u, {1 l' A* Q3 Y& n8 OL2 Trunking
. A9 v9 k% g# G fL2 STP
5 f7 p* f; H9 V, c# D& [1 ~9 B( BL2 DTP 4 V4 T5 w6 |' n. \7 c- j
Private VLANs % l; }( t/ l1 u" N
Port Security 8 H. J7 V6 D4 d+ c
Switch Security
4 B* A# a/ u2 o+ g* r+ UVACLs/PACLs % b' b: |/ S4 `' v4 W
L2 SVIs
0 P7 g1 W7 O$ s" r' K5 {% A rSupervisor Redundancy
( _. n K4 Y2 hNTP
( V% ^/ ~& z2 M/ @$ ]- a: ESwitch Support of Wireless, VOIP, and Video 3 o$ v, _' @) Z: f4 x4 o
Router Security & F8 F4 F' k+ c, k
ACLs 8 {6 `# q' J$ ]
AAA
( v ]9 }. s4 m2 aIOS Service Security 3 f3 ]! d" |/ j( I3 T9 d3 k; p
我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!)
8 }! s* D" Z Y& i8 D0 x, `$ B从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!0 Q, O; P. W L. v: m
(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!, |& z8 W+ W4 T, y! n3 ^
交换机 连接路由器的单臂路由接口!& A2 N1 B ]3 V7 V) g9 c
端口安全 L2的东西 还真多% c" R) {; _, x; }* S
不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!
1 p% K! g8 K5 o) o3 Y(2)特别 注意NAT ip nat inside 打在主接口 是错误的!
( a* l# B8 k" L c$ P! Q(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!( K) P- i1 D0 h0 l& k$ U
(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证, Y# C" d- q. u5 h8 \8 ]
(5)ACL有错: @: q2 b0 i" m7 b+ w# y
(6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对& G; X! y/ O' g- P8 U/ i6 d' b. o
(7)BGP的nei 不对 一直在active状态
" c4 ]1 o4 O6 w7 ]4 j0 @. J- K(8)IPv6的OSPFv3 区域放错了!
. z& b$ L6 H: q4 d/ @0 L; j(9)HSRP的track 应该去掉!!/ C. C4 [0 ^; Z: ~1 f
Ticket
% C8 T1 C0 C6 x, R" N6 X1) Client 1 is not able to ping the server# r2 ~$ \5 Z. C' W& x' C% A
Sitution 1: Unable to ping DSW1(Use L2 Diagram)
8 _* }3 c5 V. P) m iVlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3' f' W% @) ^' S1 A, Z) u
Ans1) DSW11 Q" E9 a6 E9 Z! d1 a% P
Ans2) Scroll down and click on vlan access map
9 X r" O7 B' K! r3 P7 ]Ans3)No vlan filter 10
3 J m' y; |1 ]7 Y( }! @ A2) Client 1 is not able to ping the server' J' {* Q$ k/ a; ~' O
Situation2: Unable to ping DSW1(Use L2 Diagram)
- g& O0 B8 L: i5 F) iOn ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there' L# ?1 v5 C$ t z2 L
Ans1)ASW1
# P# G1 t6 L% ^3 M$ y0 qAns2)Access vlan
. B+ n" g* F- P- O/ O5 e: iAns3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 10% j. C* w& E0 q: V
3) Client 1 is not able to ping the server( h! T+ {1 J, n0 g! c; y9 I& V$ ]
Situation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)
5 |* a# `$ \0 b2 o: HAns1)ASW1
. j3 @; X r7 u" v, [Ans2)Switch to switch connectivity' G% _) b/ V& C& P% |
Ans3)on port channel 23 give switchport trunk allowed vlan 10,200# s' q( K4 O# ]8 O1 k
4) Client 1 is not able to ping the server
% \7 \% V( N9 D% D2 Y1 XSituation4: Unable to ping DSW1(User layer 2).
* d8 V! Q, K+ {+ l9 R, q' Junder running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002.: p w R% n8 n' m2 C
Also check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled
. a3 ?% c: ^, e, j! FAns1)ASW1& t. ^9 W8 n; K* t' V# A
Ans2)Port security
0 {1 h% u% u. R) m2 W- O4 ~8 GAns3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut.
& [# `! t Z* p+ Z o6 M3 t$ u5) Client 1 is not able to ping the server) \7 y1 T$ @/ d# i
Situation 5: Unable to ping R4 fast ethernet port from dsw1.
& V& \& o& S! Xcheck ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3)
! Y4 }% }8 v# i: h" D$ F" R1 |Ans1) R4
, ^1 N. R( Q0 ?Ans2) IP4 EIGRP: m+ f. S' n O7 E& r
Ans3) Change eigrp process no: from 1 tp 10 because DSW14 _8 J. W# p; M; h
9 @2 ]: }7 j! a$ ^; U# |" V4 z
6) Client 1 is not able to ping the server
. r& l! M3 g7 X8 B/ rSituation 6: Unable to ping serial inte**ce of R4 from the clients.
/ H- P: @7 T; O- C5 FDo show run, check the names of the route-maps. (use ipv4 Layer 3)3 L5 ?# C* s0 Q% }$ d3 \
Ans1) R49 S. \2 `+ f: E5 y) x4 S
Ans2) route redistribution8 {* s; F2 I- d* k5 w f2 l) @8 q9 J
Ans3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’.
0 J+ m& E" y, }" W7) Client 1 is not able to ping the server
- k! H- N. _9 m$ C8 f# ySituation 7: client is unable to ping R1’s serial inte**ce from the client. ) i+ e: V/ ?, P* {) A O
Check where authentication is not given under router ospf of R1. (use ipv4 Layer 3)5 s9 c8 F# \. f+ H& I
Ans1) R1/ r7 L$ w) F ]' D1 {7 n" Y+ n& u
Ans2) ipv4 OSPF" Z/ O3 S F: c6 p& X: `! r' } R
Ans3) ip ospf authentication command must be given under router OSPF
; a7 U7 |6 b9 \0 M/ u5 |! T8) Client 1 is not able to ping the server
( h. w& V1 E6 b/ |4 Z* a: P: NSituation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)" e& E* A6 o, a( |
Ans1) R1
" m) I* F& E6 Z# W' b6 ]$ m( RAns2) IPV4 NAT) z& I( Z; I! Y
Ans3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255
, V! O$ S) Y+ ?% o: S6 h0 S" }5 L
9) Client 1 is not able to ping the server5 u# ?! L6 D7 V, b
Situation 9: R1 is not able to ping 209.65.200.226. ) R% O* \* ~, \- z' m, Q0 A5 M
check bgp neighborship. / W" K3 Q3 r/ w3 \- I
The neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3), `, z( l3 m" J! V2 Z
Ans1) R1
# ?2 n# E& d. R. rAns2) BGP
# j7 k: G, L7 T) G1 G3 oAns3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)5 r' a8 j9 G7 s& d3 D( o- e) O6 ^
10) Client 1 is not able to ping the server
8 D3 o& f0 t9 G$ g9 g$ j ZSituation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)2 G3 \2 e0 c1 B( V- @' a9 m
Ans1) R1
0 a6 @1 c, v+ G) f* O9 qAns2) IPv4 Security8 `/ V4 y$ a5 v1 G( f! F
Ans3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.
% M I6 M @$ ]$ r9 B; T11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback.& o* s$ J8 G2 {# k
Situation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3)
- y# I! J5 `3 l) K' K- ]Ans1) R2
; H/ [! ^* ]* d9 W- I: k2 r7 _Ans2) IPV6 ospf4 t: U1 S. T! [9 B
Ans3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.)
9 B! ]; u1 N4 F# b: v12) HSRP: DSW1 does not become active./ ^) d8 F; n( b0 D
Situation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3)* J7 p- H1 `& }! k5 O9 ^
Ans1) DSW1) p: N( G8 T7 z7 Y1 M$ e# |3 w
Ans2) HSRP0 A8 j: D a6 E6 K
Ans3) delete the command with track 1 and enter the command with track 10.
4 ]! r1 M, A( j) f( R. Y3 B$ ^ASW1(3 TT)+ Z$ Y' p* w! u3 d% ]. o
1.Access vlan - add "switchport access vlan1"6 \! h- L' J5 J+ l3 G
2.Port Security - "no switchport port sec" and "shut" and "no sh"
. G8 F1 `* J% ?3 c _3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"
! Q! f; z/ X3 Z5 b1 K4 h# }0 `DSW1(2 TT)
5 x& `, x5 N1 p2 F z1.VACL/vlan filter - "no vlan filter ... vlan-list 10"
6 ~- P* V H8 Q( D4 x( D( O(This is on the last line, pls scroll down to see)% T8 S, M- M1 g$ h. c0 e! D. Q
2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."
& ~0 J: q5 R5 F! w) m! BR4(2 TT)
& ~ b5 l( `4 W$ e1 O' }1.IPv4 EIGRP - change as no. from 1 to 10
6 p- s' ]7 G1 j# \0 U- R# N0 D2.Redis. - change "redis ospf 1 route-map ..to" to "... ->"/ E. }: ^! y1 G' q( v. U9 X. h
Remember that no TT on R3
7 @8 B6 T5 K* V7 E/ IR2(1 TT)
/ ?3 N- B3 x) i1.IPv6 OSPF - enable ipv6 ospf on s0/0/0+ Q* v) g* d' o4 G+ v
R1(4 TT)
4 o4 }" X0 T( B8 z! D) n$ \ [1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server2 ^# ]& _. L! u: a8 P
2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP% V7 N% n: _# U
3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server
6 j1 |3 O+ ^- u+ O' i- D4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2
4 c3 C( r7 n9 e$ H
9 `% Z" z% M/ Q7 K4 T建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!0 `* C" f9 _; A; k' }2 Q. l5 s! N
* U$ p" u- E1 B
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2010-10-30 12:18:49
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2010-10-30 17:01:29
发表于 2010-10-30 21:36:01
