- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2009-2-15
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒
|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!* R7 F! c7 p* [, h4 e
对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!- ?1 i5 ] @, k1 H" A! k8 l
. E9 T; a* s3 a2 W7 `0 K# |+ T
首先比较感谢
8 @# W3 l+ o' gNP642-832备考QQ群:105918054 . f* K" A4 l( L; ^1 v
的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版)% \0 }6 E0 Y( I
给我提供了类似CCIE排错考试的.net文件
1 b v1 ^" u# qautostart = False
$ P' Z9 }0 g( e3 ?: z: Q[localhost]9 o* ?" f8 m9 |2 j& Q- Q2 z% C+ h7 z' I
port = 7200
1 G$ m0 g# O$ E+ l) A1 R udp = 10000
3 f# u% _2 Z# {' u, ~+ ?* l0 F8 R workingdir = ..\tmp\, _, _$ @; S. p- ]6 _( x
2 s, @( a& N1 \/ V [[3725]]
- N) Y0 g" ]( O image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin0 o, m4 |( o* o& x2 l
ram = 128
# i, i6 i# X; X confreg = 0x2102
1 {" d, w. I" `, @* S$ w2 p: Q exec_area = 64 v3 |# [& Q1 f- T$ E
mmap = False4 l4 [, C/ Y8 Q# c
slot1 = NM-16ESW, f K$ d0 O! b( [; Y) p
[[2621]]
, Y2 D( ]+ |& Q$ B, I image = ..\ios\unzip-c2600-i-mz.121-3.T.bin
\! O3 D \3 d& N: _; O0 z ram = 20
. s8 L) e! C% o2 l2 ^ mmap = False0 V* u2 c7 G5 _( J* r: M
confreg = 0x21020 T0 u0 A- [& \% @" @9 q& X
ghostios = true
( c1 x9 ]% ` [' k# C sparsemem = true8 c# ^( e0 B' L2 e m3 G; E
# [[2691]]
! _3 I: j( T$ o' }# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin
2 p+ k' D/ d! J! w# ram = 100
0 P: t5 Y( n3 Y- n s# confreg = 0x2142
6 N3 @& f# K+ e/ v, i" d# exec_area = 64
6 V! U4 U N( |# mmap = False
. l1 ^. `7 z5 A0 u# slot1 = NM-4T, S V2 ?5 j E1 \* P) y
[[7200]]* n) P, a; C5 d7 x4 u
image = ..\IOS\unzip-c7200-js-mz.123-20.bin: K- b( g( N4 t) h8 P E- r d K
npe = npe-400% g( C d* U4 u" y; _3 v( k
ram = 96
1 k% r$ j, ^6 g1 \0 y- H( g confreg = 0x2102. z, C2 G! I$ a, T2 z
exec_area = 64! e$ L; Q/ N! s1 E
mmap = False+ N+ I, i$ J6 K- f+ \8 E
slot0 = PA-C7200-IO-2FE! C; B2 m) I: G
slot1 = PA-4T* B+ @ i% E2 c( x6 K
[[router Client1]]
$ B1 `* e( [2 I. R' m model = 2621
3 a- Y; z/ o* c7 @/ ~, V% e console = 30116 d: R; s* m3 C; y5 z* T5 }
f0/0 = ASW1 F1/1
+ z2 ~) |7 C+ f$ O0 \1 p8 P" S [[router Client2]]6 g2 D4 k- `6 v5 K* b, v( Y' B9 Z
model = 2621
, S8 v2 |' X' v7 m( H% u6 @0 [3 v3 E console = 30125 @( R, C8 f) T' \, D8 n3 n
f0/0 = ASW1 F1/2 ( ~" k2 y, p# n0 o" p
[[router FTP]]
- Y' c! U7 g# O2 a5 F9 J2 J$ M model = 26210 r X" ^3 k3 X
console = 3013
# h$ j+ i* L. B+ p) q: b f0/0 = ASW2 F1/1 ; H( Q: q& |- o4 e) l, [
[[router WEB]]
" X0 [5 p. e! L- `, ^ model = 2621
/ v: {& }8 o+ \3 `* B6 v2 Q console = 3014
2 z7 s. r$ z) I* ~ f0/0 = Cloud F0/0 G2 z- v8 a8 L7 N8 B- ?0 ?* ?
[[router ASW1]]
! ?3 f8 q Y9 ^- [5 f$ E model = 37259 S! U' |; x- B; c7 D
console = 2001
; W1 H4 Q; n0 B1 e f1/10 = DSW1 f1/104 R. [- \1 ]4 L, N$ m, M0 r1 o
f1/11 = DSW1 f1/11
8 ?2 y ?9 C4 J2 H) H' y0 X f1/12 = DSW2 f1/12
0 o: Q! C; E/ X' D f1/13 = DSW2 f1/13' c+ N) ~( K* _* T; Q# p# S- [3 N
[[router ASW2]]
# \, e" }6 o5 L$ R model = 3725" O, @, M8 \6 y
console = 2002/ o, |9 [" f- G/ p5 E
f1/10 = DSW2 f1/10/ L$ g" K7 i# j1 K+ r; l% p$ Y6 Z* Z
f1/11 = DSW2 f1/11
( X, W0 T% J- {5 l f1/12 = DSW1 f1/12. l% a! K8 J% H8 X
f1/13 = DSW1 f1/13
V" G8 [% k# Z- h$ f4 T- e [[router DSW1]]
) L' W0 _1 ?2 r. n* D! ~ model = 3725
`6 p) d( S) j4 ^5 b* G1 o console = 2003
( T% J( k2 z" a. B+ G. ` f1/14 = DSW2 f1/14
, b; K1 E: h7 F6 F) `, P* g/ i& { f1/15 = DSW2 f1/15+ L2 y5 ]* s5 w+ b2 F j) N3 f! }. K
[[router DSW2]]' |$ E9 k) A5 I+ y" H x- m1 s$ h
model = 3725
3 B6 H0 B' G9 d& E5 {% S! N. o console = 2004
+ Q4 g( \( N1 i5 O: ] [[router R1]]6 W7 z# q4 r4 e4 W% X
model = 7200+ A, T$ p; T- @! K
console = 3001/ I, D# l3 p ?# K: I& ~! |- P) Y
s1/0 = FR 1
* m/ @! R. e9 U, P [[router R2]]
3 t. L+ [' f2 ~( Y. A model = 7200$ G- ~0 R/ w0 o6 o) i$ ]. y+ [1 m
console = 3002
' y1 r/ e# B' C. E# D s1/0 = FR 20 j9 O2 N# S8 I0 Z, z
[[router R3]]3 J4 o( U7 u1 e" S- K
model = 7200; M- m$ B3 n: j# {
console = 3003" W1 I% W& a+ |0 |5 k. G' l
s1/0 = FR 3
8 F2 \9 k& X/ H* U" c2 E# _ h- _ [[router R4]]
; D- M2 W3 J! ]$ K* ~& n) R& `( P; ?7 P model = 7200
1 r3 X; T! h- c$ C& J$ C9 I console = 3004
: p7 L) W) t0 }; q! n, |7 v/ k s1/0 = FR 4
8 M% ]% ^ F! p( X7 i5 U+ A- N f0/0 = DSW1 f1/1! p& e Q" T+ {; @
f0/1 = DSW2 f1/1. U2 z1 N8 w9 U- V2 B
[[router Cloud]]
& T) A B1 K2 E' Z/ t model = 72008 F& T% K: k+ L1 S3 o7 w
console = 3005
. C A# N# W0 A3 m0 v s1/1 = R1 s1/1
5 ^$ `: w$ M% f) N5 O; `- \# p) | [[FRSW FR]]
. q( T: L, t& U1 O 1:102 = 2:201/ j' a, V! ?& S5 [/ n. S; z' J: G/ ^/ }
2:203 = 3:3029 v4 k$ I* D' y2 {
3:304 = 4:403! ^( l5 S( b% D0 Y3 Z
有了初始TroubleShoting!让我去排错!' m" h) A1 v& a
考试时间应该是140+20分钟5 w; C# h" O; H0 Z3 z, h
题目数量45–55 questions
8 |1 I% F6 Q- a6 g! I8 a# h# w6 e16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!' H) ]8 W. a1 M- I3 F+ h
然后是一个大实验排错题!(差不多30个环境排错)
' [- q: P; Y7 W4 t有L2 TOP /L3 TOP/IPv6 TOP4 v: a& t3 G8 }+ M% H/ \
4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的)
# r. m+ G& C w5 g- m# \+ `" R# U* I类似:
6 B) u% N ^! `7 _2 rhttp://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html E; ~* `+ M& P0 y6 l/ v
涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!)3 n" H! ~& |: |, Z" |- i3 ?
EIGRP 3 p; t8 |' K% C8 T4 ?4 m+ N8 m# Z
OSPF ! ~ E2 w: L( b/ R6 i
eBGP ' r2 l! [ a( d1 G8 a
Redistribution
- e) V# ]1 Y) X8 G# c: |- K2 IDHCP Client and Server 0 C" p% M1 X5 X1 P/ L
NAT
" [: R$ m4 N4 F' JHSRP/VRRP/GLBP l/ w0 Y; t, f
IPv6 Routing ( R5 U2 [! y! k$ v
IPv6 Transition Techniques 8 R8 O( c' [5 O% c
L2 Trunking % N t9 ?, ^4 v2 K3 F
L2 STP
* e# R0 D+ }# I' ?! GL2 DTP 8 u1 m! Y! A* U/ C6 e) `0 J( O5 y: {
Private VLANs
' @$ X2 C9 v" @ G5 E( T7 {Port Security
$ w0 a7 U6 N: U, t! ]Switch Security % [' P2 B4 T1 `: Z
VACLs/PACLs 9 }! r: T0 g# Q4 O2 |: r4 A, T. K- f
L2 SVIs ! l1 N. C5 J2 }
Supervisor Redundancy : [1 s5 _4 n3 z% Z. f' ?
NTP' n; G3 R' b x3 E2 o" f j
Switch Support of Wireless, VOIP, and Video 4 j0 k7 F7 t' I: G# ^
Router Security 8 g+ C2 i" H% ~* T5 `% s3 V3 C! P
ACLs
/ U+ f( C4 ?( z4 G% z3 GAAA ) L8 n q5 {5 X- q3 L: p @
IOS Service Security
" B3 a& @% o1 Y4 t/ c我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!)
5 X2 A( l5 ^( W: U/ Q* w1 k1 F从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!* H7 D: ]1 o1 F+ |( h# F
(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!
$ [- m5 c" N& ]. [6 ~( w交换机 连接路由器的单臂路由接口!! |0 C" L; H$ L! v n2 C x
端口安全 L2的东西 还真多
/ Y( P6 K r& B- H. ~% n3 D4 {不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!
$ j( F: i( g& D$ Z; ^(2)特别 注意NAT ip nat inside 打在主接口 是错误的!
7 p8 B+ t0 N' u( I' [7 D(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!
6 q3 u7 l* d3 ]% s(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证
: Y! U0 E" E: X2 C0 S" [(5)ACL有错
) W }% N! H. a! P e. ](6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对
1 G, o- G" Y$ u(7)BGP的nei 不对 一直在active状态
. G1 U+ C+ ~0 V6 i, ]+ R7 W(8)IPv6的OSPFv3 区域放错了!
4 j/ X% D, E r- j& l# d(9)HSRP的track 应该去掉!!, R' b# H- W3 Y+ K+ |! ]0 `
Ticket0 R0 e' w) r: `2 B- H1 a
1) Client 1 is not able to ping the server
. [7 ?2 P3 C" CSitution 1: Unable to ping DSW1(Use L2 Diagram)
, I5 ~$ {* L Z7 p) H& L' {' ]Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3
4 s' I: L: ^, j; E7 {; }Ans1) DSW1$ M) Z2 K! E/ ?$ ]5 Y- T
Ans2) Scroll down and click on vlan access map$ F/ M8 N8 ~/ b; Y7 N! j
Ans3)No vlan filter 104 m# ?- |9 Z% a1 g& C
2) Client 1 is not able to ping the server
, N e) c' j" g) bSituation2: Unable to ping DSW1(Use L2 Diagram)
% n' t: p: g" j+ s+ M8 sOn ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there4 o' m. N+ H( D
Ans1)ASW1
3 V8 x2 s. W" r. ]Ans2)Access vlan- C- A. p3 r+ s. o
Ans3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 102 o' f; x6 \$ N/ |: }* h7 y- C
3) Client 1 is not able to ping the server
: w8 z$ @/ h( k) w4 H8 c/ iSituation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)1 D l5 C$ d' j
Ans1)ASW1& k3 M0 h1 p% N1 f5 p
Ans2)Switch to switch connectivity
7 }- T& D d* w& N; [& l) z/ a9 UAns3)on port channel 23 give switchport trunk allowed vlan 10,200
# x! J$ t/ b7 Z* f4) Client 1 is not able to ping the server4 g& N/ o1 }& w6 y- a8 d( f
Situation4: Unable to ping DSW1(User layer 2).
0 T$ d' \- ~. T9 m" k/ J% Xunder running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002.( Z; Y( p- M+ z
Also check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled
) h( N3 J, o) G' AAns1)ASW1
1 T0 H1 X u" `1 AAns2)Port security
* l& f: V8 Z1 L; D- BAns3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut.
- S8 o- J# t5 \5) Client 1 is not able to ping the server7 b' F Y1 M2 M. o
Situation 5: Unable to ping R4 fast ethernet port from dsw1.
6 X, [2 }) A4 P% ?7 [8 _* ]check ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3)
0 S) ~, L+ E7 q( Y* R4 q2 X! ~8 }Ans1) R45 x& J5 f2 T( R0 ~
Ans2) IP4 EIGRP
7 A) q% P3 [5 N' i3 R# D. z$ AAns3) Change eigrp process no: from 1 tp 10 because DSW1( F o7 u5 b5 O% g0 l
3 {5 v( e: S- V2 l. K( s- J6) Client 1 is not able to ping the server6 |* s+ h4 F3 B# w3 f! c- W" \5 X
Situation 6: Unable to ping serial inte**ce of R4 from the clients.
P# o5 ^. {7 y- S1 ~! B5 d& cDo show run, check the names of the route-maps. (use ipv4 Layer 3)
3 ^- F" g5 }% v0 z! {Ans1) R4( F) ~. G% G5 t7 i8 O4 `( ^2 _3 }1 }
Ans2) route redistribution. |. M5 M: K. Y& A% V% G
Ans3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’.
! F v' X2 J- [9 v- G7) Client 1 is not able to ping the server
* N1 l- { R: o3 cSituation 7: client is unable to ping R1’s serial inte**ce from the client. * _' s1 \" }& M6 @! p9 p
Check where authentication is not given under router ospf of R1. (use ipv4 Layer 3)
& ~! c( _' ]( m& t: f! ? fAns1) R1
1 t# R8 K1 V/ F; ]' G" g) ?Ans2) ipv4 OSPF
3 i L1 A3 V4 _$ DAns3) ip ospf authentication command must be given under router OSPF8 X- e0 o. [- R; }7 l- m! p
8) Client 1 is not able to ping the server
- E0 q+ A/ ~8 [& V$ J0 eSituation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)6 S7 _ J) P5 n _% {. I* I8 U0 F
Ans1) R1
6 u# O* z7 f# I4 jAns2) IPV4 NAT
" v' O8 j( F% C. _) z" r4 ]4 }Ans3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255( V( P$ n" t9 n' o' p; W: \3 G
. Q9 x, ^6 k0 G. p; k. B9) Client 1 is not able to ping the server
6 _ D: d" e" V+ xSituation 9: R1 is not able to ping 209.65.200.226. 7 r- N# H5 i3 l) U; u' x
check bgp neighborship.
: O# K+ W! P- N- uThe neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)
( O% d: s$ _. E* yAns1) R1
7 m9 z* A+ K' i" [" k4 pAns2) BGP
9 I$ {. I' q, {" v' `Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)
' H w; O b* L) D8 N10) Client 1 is not able to ping the server: {4 m8 l* e2 I; G; [1 f
Situation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)+ {2 ]7 a. d( y4 V# _
Ans1) R1
; T9 X/ U# K; J# R OAns2) IPv4 Security
6 n3 Y' N# c9 dAns3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.
* c% ^: M% Z4 R' ?- {5 R11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback.- l4 N+ m+ U% q# ? H
Situation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3)
- h$ q9 d: K$ t' AAns1) R2. a! w- ?; M/ o( W2 v" J0 |
Ans2) IPV6 ospf* T3 a L' }! b& O, `7 m2 A7 g
Ans3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.)& y1 Z6 k$ ?7 {/ m
12) HSRP: DSW1 does not become active.+ c) I. Y. s6 y) O1 x& ?( @$ J
Situation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3)
n' T i# r" s4 lAns1) DSW1
6 B9 P" y% d& K( L3 D* R& t/ q8 FAns2) HSRP/ a3 b6 M3 j$ }6 d0 ^ O3 `2 B% I. m
Ans3) delete the command with track 1 and enter the command with track 10.
* G' \ ]$ i: FASW1(3 TT)0 d0 j6 V6 `; J$ R6 b
1.Access vlan - add "switchport access vlan1"+ t, p8 H+ m# R! J; G; b5 S0 E
2.Port Security - "no switchport port sec" and "shut" and "no sh"
7 Q1 Z$ t! e1 T3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"
" b K. T3 [4 { EDSW1(2 TT)) `$ j8 b; r- T; o; h$ ~) E
1.VACL/vlan filter - "no vlan filter ... vlan-list 10" 9 \) |2 N$ T3 c& Q6 a
(This is on the last line, pls scroll down to see)
! H# d: w2 W2 D% R* c: z% z2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."
q$ b/ J" }, P( w) xR4(2 TT)" [: _4 `# H0 O5 ?1 m; y2 z
1.IPv4 EIGRP - change as no. from 1 to 10
- g2 U1 A- Y9 |) n$ B" k2.Redis. - change "redis ospf 1 route-map ..to" to "... ->"9 n [' i2 {6 H( @$ m1 ]. g
Remember that no TT on R3/ w y. T' [& ^7 t; V
R2(1 TT)- J X( N7 b2 h) s' Y7 @
1.IPv6 OSPF - enable ipv6 ospf on s0/0/0
( ^7 S9 N( c3 s4 A1 t! rR1(4 TT)# ^$ a( ]2 l" R! ~. o0 ?
1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server, X; ^. ~$ [; y4 X: x" p+ @
2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP* T; o6 u6 G( C+ M) J. \; n. L4 K
3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server
8 k) A* p1 U- H) ?7 A8 \" I( f N/ g! N4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2
$ [1 ]% A+ X; v9 J: \+ S
' D& Y+ n* ~9 _8 I" a! r) ?0 i, Q建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!+ R a, U# ?/ W4 I+ G, L
8 `# Z/ w/ ~6 g" L5 P/ I, p2 L
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2010-10-30 12:18:49
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2010-10-30 17:01:29
发表于 2010-10-30 21:36:01
