- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒
|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!$ p; _9 z2 ^$ {, _! @
对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!
. k* V1 T( J& B& ^: e; c: y) P
9 }; ?; B% B, o7 |首先比较感谢
5 |( }( `8 @" qNP642-832备考QQ群:105918054
$ ?0 V( @4 L3 m% ?& `9 C的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版)1 u- C; S M! y/ [
给我提供了类似CCIE排错考试的.net文件
) I: r; g/ |; f6 v5 s# i/ bautostart = False1 P4 I8 U4 ~/ M7 E8 x; F8 S' R
[localhost]
$ {" S- W' L* _. M port = 7200
" P0 Y8 Y9 |# L8 K w; x udp = 10000) o1 Q/ a! q# s+ @
workingdir = ..\tmp\5 U; D6 @4 ~ ]5 [0 }/ y' F
0 b; V' |4 o: L! w
[[3725]]5 z8 S$ Z" A# E7 M+ b
image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin
& T9 j4 O9 j1 _6 q ram = 128
9 C( ^* x, q/ t confreg = 0x2102
M& [) v2 |; `& u4 t exec_area = 64, Y1 n8 w$ g" }% v. S) q6 y' F% A/ T7 Q
mmap = False
! L. e3 ?; p3 }( e5 A- j: Q slot1 = NM-16ESW
8 Z, B9 I7 U% H) w2 h: ` [[2621]], R( h6 e3 e2 U0 y& _- N
image = ..\ios\unzip-c2600-i-mz.121-3.T.bin
B ~) z/ z8 E9 N9 T ram = 20% q; v+ u- K/ O5 ]) u/ {8 c3 j
mmap = False6 }6 `' Q2 q2 P( z+ T
confreg = 0x2102
* Z) W$ _; y1 y. |3 Z9 ` ghostios = true
! I5 `# w( }2 z [) h# A sparsemem = true( s/ ?; D: k5 V q9 B
# [[2691]]+ r: u6 [: b ]* j& S
# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin
. U1 M+ i, E& P& @, P) M: I# ram = 100
* o a5 Y: d7 E5 K; Z$ c# confreg = 0x2142
3 `- e- x Q. T! o& \ G# W# exec_area = 64
# G3 e; C+ t$ e @4 l! H/ Y5 ]# mmap = False* } r& E+ Q4 C r: e F
# slot1 = NM-4T
3 s5 o- q: [) q [[7200]]
. i m1 }) N/ Y! X5 K. L- }; A image = ..\IOS\unzip-c7200-js-mz.123-20.bin1 x/ M! L: M+ d' j8 K6 ?
npe = npe-400
1 d) {; {& R/ Y( ?& Y/ t ram = 96
5 `! O3 d( |! p K confreg = 0x2102( ?" `5 j o$ `* z
exec_area = 64' W% w& O) F" V
mmap = False
7 J+ b3 c2 \$ Y& Y slot0 = PA-C7200-IO-2FE4 K4 s0 d7 R C7 Y+ `
slot1 = PA-4T2 @( ^7 l5 {- v
[[router Client1]]2 x( k" s( c' Y
model = 2621. \' J5 `7 @2 T0 y
console = 3011
+ Y ~' V: i7 M1 w9 | f0/0 = ASW1 F1/1 2 J8 i6 K5 ^( Z
[[router Client2]]8 F4 c5 Z# S* H' Y' b
model = 2621
" J1 G1 g4 e \+ r console = 3012
+ Q4 u+ c; @# n4 t f0/0 = ASW1 F1/2
: x. l! ?$ [3 m9 A0 f1 U, O) C; W [[router FTP]]
( [7 d3 C' i; Z9 O5 T9 v5 U model = 26211 W7 y# j* U2 q
console = 3013
( w1 ]7 y3 O! ?/ ?- n& T- ^ f0/0 = ASW2 F1/1 3 a9 I6 a6 m& q7 c6 U# U* m
[[router WEB]]
5 Z( ?% Q/ G+ ?7 ` model = 26219 \. c' x- X4 |
console = 3014, v, d/ z. u+ O+ X! ]7 {, ?, r
f0/0 = Cloud F0/0 $ J7 R" v8 d+ _, J5 ~
[[router ASW1]]7 T& M3 s. w* n/ q# n* S
model = 3725
( J/ g" S, @/ t% P console = 2001% n6 C! }& Q% k! R) c
f1/10 = DSW1 f1/10
" Y! E4 M1 Z- ]/ y; ` f1/11 = DSW1 f1/11, }+ F! p) i$ O; V8 s ^. u
f1/12 = DSW2 f1/12. l0 |/ G) V" l+ Q- b
f1/13 = DSW2 f1/13
3 v* |! z8 F. }8 a; B [[router ASW2]]1 S2 [) d' j) O {. a4 O9 E4 X( X
model = 3725
& b' j1 j7 W$ H! f0 \$ Y+ p console = 2002
$ }3 I4 F8 e/ m; f1 r, \ f1/10 = DSW2 f1/10 Q: S5 d* r7 r! B& j
f1/11 = DSW2 f1/11
$ A/ \0 {/ @; S# w% L f1/12 = DSW1 f1/12
% @! M, W0 l$ W) S8 m f1/13 = DSW1 f1/13: o5 j2 _7 Z; Y& [ d
[[router DSW1]]
3 l Z: u$ v8 Z0 t* \6 e( q4 v& S+ a9 S% V model = 3725; T0 R" t$ S1 E$ {5 ?- r+ h
console = 2003
8 L5 \, F; {5 o f1/14 = DSW2 f1/14
; P0 i' {/ K! A; J4 ] f1/15 = DSW2 f1/15& x* S, U, U/ r! r5 b* h, I
[[router DSW2]]
; A: v; u$ N* \- O# K$ ?3 E7 b% f% B model = 37254 c, V( j/ `) c7 A+ _8 T( p1 @
console = 2004
* }7 P& \) @5 @2 U6 g. L [[router R1]]% T* c6 ^& \! g' V5 a: ]% @
model = 7200
% D, N w% N2 Z7 X+ E* z: O) c, K b console = 3001" z$ p1 w; g. F$ p$ f$ b" ]) ]
s1/0 = FR 1, U8 O$ C8 Q7 K
[[router R2]]
. F G- ^+ h; C0 `7 i8 i model = 7200, g% F( E3 H G
console = 3002 f+ O3 s2 C) }% `/ a' m
s1/0 = FR 2+ X) S4 d8 _; }; c8 \1 X6 P# p6 j
[[router R3]]
3 b0 q# @6 s& j! v! q5 V model = 7200
# B# D5 S% F, N1 M4 }" z console = 3003+ V: p( \/ S! X: O" F
s1/0 = FR 3
: E, E& `; }7 j- [+ w0 D% Y [[router R4]]
2 Y' P5 W! Y8 h0 h* A1 X! `2 I1 k model = 7200( b' O; v1 l' S+ S/ u- r
console = 3004+ m: r0 n3 N- l: k" w
s1/0 = FR 4
0 O) t/ j8 V- z# f- x- k f0/0 = DSW1 f1/1
( t2 i Z5 O* a% c `0 D8 K4 y- h! w: p f0/1 = DSW2 f1/11 c, l" X; Z x9 D& A& \& S& y) h
[[router Cloud]]
; h! I. R+ ^0 q4 W/ l* \" o3 u* o model = 7200+ o; \+ F5 ~) y( h
console = 3005
* @! b6 o' U; Z: `& f s1/1 = R1 s1/1$ W2 y5 T) i* y5 j1 E7 ^+ l9 M( g6 z8 a
[[FRSW FR]]
, t# x: v# ?1 O 1:102 = 2:201
' c) e" ~5 C3 R0 Q2 D. Q9 j) k 2:203 = 3:302
9 G( M& S% Z5 I0 V 3:304 = 4:403
. ~% a- \. M/ v! s有了初始TroubleShoting!让我去排错!9 o' n( P, N8 E
考试时间应该是140+20分钟
0 U- Q% n3 C5 ]( z) A. t1 G! [1 b. x题目数量45–55 questions
$ r1 }& X D& Z: {. t1 D+ w16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!. {8 C, Q, h/ x$ v
然后是一个大实验排错题!(差不多30个环境排错)) z3 L+ P5 a0 L {4 m2 O
有L2 TOP /L3 TOP/IPv6 TOP6 Q* d( A( P) I# R' ]3 M
4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的): }2 h; D0 ]) Y; k- S
类似:: K/ U! _3 b# c* i/ |% z6 j: N5 ^
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html
" F. _2 x3 w+ \% l/ g" C* ~, r涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!)
, K: u; X! P- t9 ~! i4 G3 P( lEIGRP
# P4 D0 F3 @1 A9 u* G' d# h/ SOSPF 9 u3 s3 O& F% F+ d
eBGP
% h" V9 ]5 a& {/ Q2 R* [! VRedistribution : f( o- ?; g- \4 X
DHCP Client and Server 7 V) r5 G3 l @, n! u& @0 n
NAT ' e, p/ g$ l+ R# \
HSRP/VRRP/GLBP
+ ]7 c+ I0 G w7 {IPv6 Routing
% v- m% v3 ?+ l C1 [, H( p7 g1 gIPv6 Transition Techniques 3 F- U2 J" \! A
L2 Trunking
' E6 r2 i5 P, G/ d- t0 c# A5 Q) FL2 STP
6 x+ S5 }( h( l8 M4 n! R2 i8 D iL2 DTP 3 W$ M, L5 _# A% ]2 k s
Private VLANs - u. I) e: Z' K8 L! w
Port Security $ x7 w% b- ?3 d2 _
Switch Security
0 P% W- b: I, v1 o2 \VACLs/PACLs
" U z% N, m( y& xL2 SVIs : } a7 X0 Q5 s
Supervisor Redundancy
& z( p3 V' t: N: g" l+ aNTP4 F5 Q" {5 O* j+ |: P2 R7 f* x
Switch Support of Wireless, VOIP, and Video * l' c2 B7 b! ^' e' w) h& j
Router Security - p! m" V2 Z3 h1 U* _
ACLs & n: M0 h$ Q- t8 k
AAA n3 W3 d# W$ g, S- b1 W: m3 |! G7 P
IOS Service Security : f, v" S; |% [. @4 A
我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!)0 s2 p8 Y" l& A3 f: {
从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!* v, j* L- U3 Q; {
(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!
2 [6 C2 N4 N* I; D/ ]交换机 连接路由器的单臂路由接口!
8 @3 L+ y/ \: j* i4 R$ j端口安全 L2的东西 还真多
L) |$ J) D* o F; x不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!( O- D9 S. b# l/ J6 L5 X
(2)特别 注意NAT ip nat inside 打在主接口 是错误的!1 [3 {9 Z$ q7 `; `3 k' T
(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!5 a5 G, x4 `% h# W
(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证
% ]; }( z& \4 U( ^& @(5)ACL有错
9 ]% l" P# h G7 X/ b" E2 U: a3 F' g(6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对4 z/ ~8 t! K) G: M" `: Y$ X+ W
(7)BGP的nei 不对 一直在active状态
: f- }& R$ [" y) k+ R& p(8)IPv6的OSPFv3 区域放错了!3 U# Z, U) `& o7 U1 e
(9)HSRP的track 应该去掉!!, Z/ W8 E- I* g
Ticket# j& K5 L5 s9 y" U3 |+ X
1) Client 1 is not able to ping the server
. P8 u% I- \' [* RSitution 1: Unable to ping DSW1(Use L2 Diagram)- r" Y' i$ f, Z! d9 U
Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.35 _ u8 q* F$ l1 A( ^
Ans1) DSW1+ H! H$ V6 H; E9 g
Ans2) Scroll down and click on vlan access map
+ A7 C' E5 ?( aAns3)No vlan filter 10
. j. c. }3 h8 G; M X2) Client 1 is not able to ping the server3 n% X5 h8 F& m& P/ W; j
Situation2: Unable to ping DSW1(Use L2 Diagram)
2 v; ]4 n; a% ?/ WOn ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there
# @% U S/ l& v) U' BAns1)ASW1* |" s7 B' \, G: B" [* m' p
Ans2)Access vlan$ n" b3 E6 j) F+ i7 h! Y
Ans3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 10
& P3 x+ H* ?' _0 n2 i3) Client 1 is not able to ping the server
$ G2 a* B3 w' ?3 K# pSituation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)
; X( L T1 ?" {/ Q* | \Ans1)ASW1
$ v& W4 N- Q. z* m8 BAns2)Switch to switch connectivity
$ l) ^, r+ h$ `/ A) D% B. \Ans3)on port channel 23 give switchport trunk allowed vlan 10,200
* s O, G! E& I, S) L* a4 h0 T4) Client 1 is not able to ping the server! T- t# B* Y( O6 a7 q# o' ^
Situation4: Unable to ping DSW1(User layer 2).8 V) R) N$ [& H. m
under running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002.
0 X% c M3 X! I' X. s+ jAlso check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled$ x# s; n$ B; T- R5 v% r# `- b
Ans1)ASW1
/ M6 Y X+ Z- k5 A% u+ T% sAns2)Port security& @ U' P1 K) B. }* A
Ans3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut.
1 ^1 n* r+ w2 A. F" O5 a4 [. _5) Client 1 is not able to ping the server! {) ^6 y0 w9 E/ n/ q
Situation 5: Unable to ping R4 fast ethernet port from dsw1.# E2 {6 s( H! t9 q
check ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3)0 h: i: j% T) F% [" m
Ans1) R4
( x- ]5 E' p5 j( IAns2) IP4 EIGRP* ^2 G4 ~4 u% e
Ans3) Change eigrp process no: from 1 tp 10 because DSW1
8 m g1 {$ x9 p
2 l) O4 b/ [$ T/ c( L0 ]6) Client 1 is not able to ping the server
; M4 t5 E. r$ U" |Situation 6: Unable to ping serial inte**ce of R4 from the clients. . b8 Q/ Q8 `4 A0 h3 C5 Q( j n- n U
Do show run, check the names of the route-maps. (use ipv4 Layer 3)$ w' Z9 ~) S4 h J- Z" {$ |
Ans1) R45 l: O3 K+ t: o& I9 P* y- z
Ans2) route redistribution" b" V2 }+ r7 w! `
Ans3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’.
: K- O% H! Q6 k: F- J. a7 u7) Client 1 is not able to ping the server
8 K! ]& h0 x$ H& }$ qSituation 7: client is unable to ping R1’s serial inte**ce from the client.
, i! v' m3 C/ w- W, pCheck where authentication is not given under router ospf of R1. (use ipv4 Layer 3)) a1 L5 D" G7 o
Ans1) R1
. ~) {+ }) n* F7 I F( }: b2 @5 tAns2) ipv4 OSPF! i" ], Q. C" c; O& |
Ans3) ip ospf authentication command must be given under router OSPF
1 A) d) e" \& d8) Client 1 is not able to ping the server Q- h+ T8 T" a0 M ]6 t& F
Situation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)9 W' y7 y ?8 }1 }" L" \! s
Ans1) R1
: |( f( ~. K% b, f b8 v8 dAns2) IPV4 NAT
3 O, |& B5 _- jAns3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255
, G1 [9 V T, ^! w" L: T' |
6 k8 z9 x4 M8 f9) Client 1 is not able to ping the server7 a" A9 N4 Z" _9 x! ]4 h
Situation 9: R1 is not able to ping 209.65.200.226. 1 m! p+ V- t; y' C" q3 U: ?! F
check bgp neighborship. 7 u2 i, R+ r/ b3 M5 w0 Y
The neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)
: ?6 U+ [* P9 kAns1) R1' W% r& M7 g# G% J! M
Ans2) BGP
4 r# T6 C& B' Y a' @Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)/ g! H8 f8 ^: C" O3 d3 L! {
10) Client 1 is not able to ping the server
$ q1 [) e3 [0 E3 c+ B0 L6 _Situation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)0 @" |; p( x5 a8 ^( B* _
Ans1) R1$ _& k D& k- i l
Ans2) IPv4 Security! ?2 S) Q7 B/ A8 i
Ans3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.
' f. u6 k$ p1 v$ q: Q* t11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback.
& y* S7 L$ i: t: z5 C% m ~* \9 K, vSituation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3)# L: k/ H- ?! y5 h) _/ t% F
Ans1) R28 _7 N. o# m% j: L7 v6 c( y
Ans2) IPV6 ospf
3 G2 K( S" Z" M* L" EAns3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.)- k4 m4 U% R, q9 D; \ c
12) HSRP: DSW1 does not become active.0 w( w4 x n) G1 C7 ]! f% C3 s# }
Situation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3)
2 T0 I& f3 V/ v% o% T9 m4 P \Ans1) DSW1
- o0 k6 l5 Z% P9 fAns2) HSRP, w% _# o. N" J4 ^# b
Ans3) delete the command with track 1 and enter the command with track 10.
* ?" S8 e( b. XASW1(3 TT)1 N7 C) A" t) Y# y
1.Access vlan - add "switchport access vlan1"& }& V5 [& I/ K7 H2 V
2.Port Security - "no switchport port sec" and "shut" and "no sh"
) E) g( ?* i1 |! S3 [; v3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"
2 |0 x" b$ @3 ]DSW1(2 TT)5 H8 j) V9 z: L. k9 {
1.VACL/vlan filter - "no vlan filter ... vlan-list 10" $ b; u4 ] ~, W2 R/ E
(This is on the last line, pls scroll down to see)
) y8 k' F* n% R2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."/ D& I" X" v4 J8 ]* ~3 m4 P7 C
R4(2 TT)
) |. p( q; z( b4 Q# \" X* x1.IPv4 EIGRP - change as no. from 1 to 10 W8 Z8 |$ _4 o8 r! \3 w! q
2.Redis. - change "redis ospf 1 route-map ..to" to "... ->"
# i1 A# g9 H" ^7 jRemember that no TT on R3' F3 q, [2 k3 I4 C5 G: [
R2(1 TT)$ p) o) n0 E3 o$ v% L
1.IPv6 OSPF - enable ipv6 ospf on s0/0/0$ c* U' s# m2 W. d' A! |
R1(4 TT)' F5 a( ~) `- t, c
1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server
) a/ h P" w5 O8 a- q7 f" z2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP
$ G( c* x) n7 `/ f3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server5 m$ c" P x. {2 B
4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2
5 _* D0 ]: z" O: U3 K1 y% j; o- i# x o( N# T2 q0 \9 [$ e. a
建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!
$ E9 X5 ^# D2 U0 H, t5 C- ]8 ]: y5 x9 y
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2010-10-30 12:18:49
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2010-10-30 17:01:29
发表于 2010-10-30 21:36:01
