- 积分
- 26
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 10
- 听众
- 收听
网络小学徒
|
今天下午 考完!由于公司只报销一次200美元的考试费,所以比较认真做题!差不多把考试时间耗光光!4 D. L) h; K* C( V
对于不会使用show debug ping 等命令来排错的兄弟(没有任何中小型网络设计 经验的兄弟 就不要去送钱了)! 估计3个小时时间 不够用的!!!
5 ]- B# V9 ?5 r/ z/ J ^- Z& E: i( w: A: o4 q6 F* X
首先比较感谢. d0 F% `8 o# B$ |2 {6 T
NP642-832备考QQ群:105918054
7 D* d# v8 ^) i. h的群主及兄弟姐妹 (注意网上的题库不可信,那都是假的!群主说那些网上832题库是05年CIT考试题库的改版)! V: O, p6 w4 z5 j& P; y/ C
给我提供了类似CCIE排错考试的.net文件
. C7 a! M; V4 t3 S6 W0 o0 pautostart = False
3 ]* X7 R% m0 B[localhost], G. j# Q8 [7 @/ G- A& |+ m
port = 7200& u) T. q7 h! t9 b
udp = 10000
: Z, p- o+ r. l0 u4 Q2 x4 L workingdir = ..\tmp\/ a. u) ~" J( R" W# O) L/ J
; X( W% }+ H, n, G [[3725]]) L8 L* ]/ T u) X. v
image = ..\ios\unzip-c3725-adventerprisek9-mz.124-15.T5.bin7 s9 _+ P2 d; _" ?
ram = 128
% v( x. s U0 h% R confreg = 0x2102/ q: b/ {: r# o
exec_area = 64
" B8 a7 ^; h# T mmap = False1 R- O: A& b* ]; m! s* k
slot1 = NM-16ESW
2 K& [+ V+ B! t# ^9 K [[2621]]
+ I7 I, x7 }1 w% x image = ..\ios\unzip-c2600-i-mz.121-3.T.bin4 r4 d6 [! l4 O# V3 g
ram = 207 y! b0 ^, A3 H& s7 V
mmap = False3 E+ S% i9 b0 G1 z2 c! @
confreg = 0x2102
! c) w9 K- I1 Z9 J8 { ghostios = true
0 q8 d0 c( t8 m( x sparsemem = true
- Y, D4 M" e+ `6 C1 h# [[2691]]
: ~% _" b2 J6 G$ s1 }8 o* L* _# image = ..\ios\unzip-c2691-advsecurityk9-mz.124-11.T2.bin/ R Q) L( p: L) a& u% f% y
# ram = 100- _; k( s: C9 t
# confreg = 0x2142
" S( {' ^, G H0 w5 S# exec_area = 64
8 `6 x# S. _0 a# mmap = False1 S9 O: W& w% e
# slot1 = NM-4T2 n# ]' C. |0 n' b4 _+ _, I
[[7200]]
( @, @" v4 ~$ E9 _* A image = ..\IOS\unzip-c7200-js-mz.123-20.bin
: d' Q8 e7 m9 D) O% V: W npe = npe-400' W1 v: z* E, G! k
ram = 96
0 Q5 t$ m* z$ p0 { confreg = 0x2102% e1 C7 k# f' w5 `+ r
exec_area = 64$ u! E3 t( _; p/ K! r8 x; l( G
mmap = False
0 [) h. c# O6 i slot0 = PA-C7200-IO-2FE, @! k* {# l0 P6 L# Z
slot1 = PA-4T
5 x1 e/ W0 P* D [[router Client1]], I: |; E8 v \1 o# s( l
model = 2621" ]4 S5 \: J) x' ~* t4 b
console = 30112 w+ ?! e: `4 k! q2 Y3 y' O# b
f0/0 = ASW1 F1/1
" _( L& d- j' v& o [[router Client2]]9 u. b) t2 {8 V6 R9 {4 R
model = 26217 i a. K' g, h& m9 _
console = 3012
, S; J/ P2 t* O7 V) ?9 y' m1 Z f0/0 = ASW1 F1/2 ' C6 {1 N' u9 _7 x5 H; ^
[[router FTP]]
0 g- k$ s7 ?+ P& d& f2 h" Q3 D model = 2621
2 }5 |9 X7 m) n* c/ p console = 3013
* O! U7 u" Q# f' S9 x' @" b f0/0 = ASW2 F1/1
( a/ h6 r# b+ N5 g [[router WEB]]* _3 z- Z& Y" m6 ~& Y l! L
model = 2621
- k+ q% n* N8 Y' p3 A! X( m$ q" F console = 3014- \" n% B" q- U i; H' _! X
f0/0 = Cloud F0/0 8 @$ C, B8 A' Z& a% `$ l' i6 q
[[router ASW1]]2 f2 Z# Z4 A+ r9 d
model = 3725: K* C {5 _7 V' T8 W
console = 2001
. }' w$ B2 ]' q1 F6 S f0 ` f1/10 = DSW1 f1/10; S3 \# m9 \9 c2 ?2 s
f1/11 = DSW1 f1/11/ P" F, q2 N3 {( x5 e
f1/12 = DSW2 f1/12
1 ~$ _$ o' y9 e. z, ]& P; \ f1/13 = DSW2 f1/13
4 O; |7 u" J& Z% A$ W [[router ASW2]]1 [& X* R8 h9 t3 a, Y
model = 3725
6 Z3 y& t/ g9 a4 g console = 2002! n5 e4 B' z6 ~( ]
f1/10 = DSW2 f1/10
2 i' m2 [1 G' U% {0 f/ B f1/11 = DSW2 f1/11
2 n6 p0 ^; n! \! o; Q3 x f1/12 = DSW1 f1/12
8 O% W* r# q/ m" Y f1/13 = DSW1 f1/13/ b% o# E# J* o- o8 k7 I
[[router DSW1]]
2 E. Y( b% V- Q$ e% W model = 3725
& R+ t4 S7 K" e9 t console = 20036 s8 ?6 G3 r! @' z, {
f1/14 = DSW2 f1/14
s1 M! Q; V# Y4 o: o f1/15 = DSW2 f1/15
! y, o" @) q* {1 l [[router DSW2]]1 ]: }9 f' Q; c
model = 37250 N3 j: c7 z' }2 y* H/ r
console = 20049 b5 d/ @: f g: m6 k
[[router R1]]& I6 u8 a, j+ ~+ \1 x7 y
model = 7200/ n/ h+ w7 `8 ~* ^ K7 a
console = 3001$ Q( U& p; o6 X' g
s1/0 = FR 1/ G2 \3 A2 {# D- D4 }5 @
[[router R2]]% S% o" ^1 W4 o3 ^6 T! G/ L9 g
model = 7200* L4 F% \* Q& [5 ^* `1 I
console = 3002
) g( E8 K- |8 v" F s1/0 = FR 2
+ u- y* u; r Y' d! f7 h [[router R3]]% W7 g1 f( u: D7 M: Q! O
model = 7200& `. k7 K9 A m
console = 3003: E- c0 X% z) k" c6 w$ R$ a
s1/0 = FR 33 k: X, t# j" @" R
[[router R4]]& ?) X- T, ^# {& c6 z7 B; T
model = 7200
* R7 t6 W3 f/ S" D% i4 w+ t, D console = 3004' f8 y3 l) z& V5 J; \
s1/0 = FR 41 L+ n& z' ` j% u
f0/0 = DSW1 f1/18 y( m5 p4 W$ J: g P
f0/1 = DSW2 f1/1
$ j' f8 A% I! g, [7 ` [[router Cloud]]( O- U& k) I, {" ~
model = 7200
" Y5 l+ D: H0 P console = 3005
) H" }6 U% E5 k2 P% q s1/1 = R1 s1/17 W4 C1 d' V) O/ `* z
[[FRSW FR]]! |+ {# p3 F' \
1:102 = 2:201
0 w. b- f" D0 o9 F" f- h 2:203 = 3:302* U" T3 _. N; K% q. n$ `
3:304 = 4:403/ M: B$ |( C, ]+ o5 v
有了初始TroubleShoting!让我去排错!
A6 _2 J# R' C( B考试时间应该是140+20分钟
5 k" K9 S1 r$ l+ T' K题目数量45–55 questions2 N f# ]/ Q' d8 H6 u! R
16个选择(包括多项)和2-3个拖拽(拖图)题! 这部分只能使用show debug ping trancer等排错命令来完成!!!
( I9 v* [0 J/ [0 J2 B9 g3 X然后是一个大实验排错题!(差不多30个环境排错)
# Q2 ^! T5 i! N9 r2 `' N有L2 TOP /L3 TOP/IPv6 TOP
: i# o& P/ f3 f6 ~* R; _0 j4台交换机(其中2台是3层交换机 2台2层交换) 4台路由器 2个PC属于不同的VLAN 2台服务器(一个是外网的)1 {7 F& k; V W: i
类似:* a- B. L' q0 C' O) p! r
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html
* |5 t+ Q1 Q8 g5 m, U* c6 F4 d涉及的知识比较多:(毕竟工作排错的场景 可能比这个还困难 所以大部分的题 都能排出来!)
( k9 {* ^* M$ Y p8 q# r: ^( NEIGRP : x. G$ x. T' e/ ]3 K9 J9 R v
OSPF * a3 Q2 s( s) G
eBGP
; g" N) Q+ o3 BRedistribution % A3 U5 N. x+ t* `$ r, ~# R
DHCP Client and Server 4 C1 C# P6 z! k- C# c2 T
NAT 1 l& Z) [; B( |! `$ q4 \* A
HSRP/VRRP/GLBP : p; L) Y* i# l, q- Y8 l
IPv6 Routing
' i6 j. x5 w* f, dIPv6 Transition Techniques . L8 g4 x7 ]+ C
L2 Trunking
' U$ }/ E5 l( E+ q7 sL2 STP $ ?/ x( i, }0 A) N! @
L2 DTP
* {2 F G+ c9 l) r6 rPrivate VLANs : x8 C E" h- X, Z K1 Z; p
Port Security
; U% a9 N, O' q3 G! s4 zSwitch Security $ V+ V$ s0 P4 M" P
VACLs/PACLs
: Q5 m) n8 Y1 u# K, yL2 SVIs 6 S3 ?* e+ k! T' p7 V' [ z
Supervisor Redundancy
& P/ f2 @, Q: i/ T$ zNTP/ r3 C: Z4 H5 ]9 i# f% l
Switch Support of Wireless, VOIP, and Video # V0 C$ f9 d2 ]
Router Security
: J& B: m* r: A& {6 W1 i4 p' S+ C; xACLs 8 F0 A* c: h' \
AAA
) A6 Y n# F: W% E) VIOS Service Security / r# Q6 E" E& t/ }) o, v/ _
我的排错思路 一定要有强大的路由和交换的理论知识及排错经验,除非有题库了!!!): A# I) g7 }, a3 B- f: Q
从2层开始 排错 然后到IGP BGP IPv6 NAT !!后面就是一些高级服务的排错!
! N7 T- p& y( _7 T. x6 r(1)首先 2边 Trunk的封装类型 不一样(一边ISL 一边是802.1q),VLNA 接入端口,本征VLAN是否一样!
% H4 \: w1 G1 m3 h交换机 连接路由器的单臂路由接口!
- J" ?% J8 S3 S端口安全 L2的东西 还真多
% k: D) k( J9 w$ r% p3 U9 Q不记得 是不是跳过一个 Etherchannel题目! 好像是这个以太网信道没起作用的!
: l, x) Q* j- ?- n(2)特别 注意NAT ip nat inside 打在主接口 是错误的!8 C+ x, ^2 x& H# H7 K( ~+ c8 V
(3)EIGRP的邻居建立不起来 这个比较简单 K值不一样!
6 @7 o" [" m( ^. w- p3 s% V9 f" @(4)OSPF NSSA区域 导致邻居不起来 还有OSPF的认证
7 O* Q4 Q9 d, m% t8 }5 R(5)ACL有错$ _3 Y3 U9 g6 {" b: V0 A' n
(6)重发布route-map控制的时候有错 ,要特别注意有空语句 那个才对' n( ^+ |, j7 w2 ~
(7)BGP的nei 不对 一直在active状态
: P& U1 o7 _2 `/ s(8)IPv6的OSPFv3 区域放错了!
4 }$ R: v; M8 t(9)HSRP的track 应该去掉!!
; |9 {- c( _2 ?3 c4 B7 f& c& G! ^0 nTicket
% u' U7 C; t" g4 y1) Client 1 is not able to ping the server
' p3 j1 Z+ v( l' M) A/ xSitution 1: Unable to ping DSW1(Use L2 Diagram), P6 q5 @3 I* m+ t8 Y
Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3
# v% ~2 ^& v- u& kAns1) DSW1 X- T3 C2 w% i% ]0 e
Ans2) Scroll down and click on vlan access map
% k3 ~/ v4 n# k, CAns3)No vlan filter 10( H% C) s7 {% I5 T
2) Client 1 is not able to ping the server
4 W" N8 C& H) R1 SSituation2: Unable to ping DSW1(Use L2 Diagram)
! Y8 W4 t4 ?& `1 C8 rOn ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there
6 E2 \& u4 |5 }! f# |Ans1)ASW1* Z) _3 M/ x8 D- |" \5 i
Ans2)Access vlan
& |; n! ^. s4 lAns3)give command: inte**ce range fa1/0/1-/2 switchport access vlan 10
" [* X. p# J! w8 ^& ~3) Client 1 is not able to ping the server8 F% W! Z( K$ F' W$ g
Situation3: Unable to ping DSW1 in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)
/ s* T- P0 k _' I, Q% `Ans1)ASW11 f( c5 z/ q( d
Ans2)Switch to switch connectivity
4 A X" \/ Y O6 X2 _ c* iAns3)on port channel 23 give switchport trunk allowed vlan 10,200# a# Y0 g' c7 K# }
4) Client 1 is not able to ping the server5 E! A) V, n+ h9 U
Situation4: Unable to ping DSW1(User layer 2).; p: ~) v1 J4 N% S; M/ K7 b9 b( x) S
under running config the mac address for fa0/1 is 0000.0000.0000.0001 and fa0/2 it 0002.! b7 A, i2 ~0 t e- e) K! E
Also check show inte**ces fa1/0/1 and fa1/0/2, u will c that the inte**ce is in error disabled4 u7 ]$ T5 b8 B( l& t6 m. |% ]
Ans1)ASW1
3 F( g$ f6 A: p8 F& iAns2)Port security
7 x/ \# S$ i; iAns3) On fa1/0/1 and fa1/0/2 do disable port security and do shut ,no shut.
+ @( o9 Z! K( R6 c' W1 o9 r5) Client 1 is not able to ping the server# m1 u9 T U- n+ e5 w
Situation 5: Unable to ping R4 fast ethernet port from dsw1.( z7 M9 q2 w( W
check ip eigrp neighbors from DSW1 u willnot c R4 as neighbor.(use ipv4 Layer 3)% k0 r) C+ L) |
Ans1) R4
" Y0 j9 ~0 I- r: \) CAns2) IP4 EIGRP
L) C' Z4 v2 K9 W2 _# W% j+ e9 n' oAns3) Change eigrp process no: from 1 tp 10 because DSW1
% v/ k) ^9 E8 @6 o, \
! b4 m- P" g9 D6) Client 1 is not able to ping the server
; x& b' w9 E; }% }& I# bSituation 6: Unable to ping serial inte**ce of R4 from the clients.
, [; G' @+ P8 s% J, hDo show run, check the names of the route-maps. (use ipv4 Layer 3)( ]2 E) R( T3 |5 T- O
Ans1) R4
( j+ d, Q% C# |: m# M f4 s5 u2 iAns2) route redistribution: n b4 M6 u# V3 l$ C
Ans3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’ to ‘->’.
@0 {6 V3 z6 ^" ^# ?7) Client 1 is not able to ping the server
: s0 j; i5 h9 a6 r/ eSituation 7: client is unable to ping R1’s serial inte**ce from the client.
9 [6 \& p) W4 p5 k2 D/ MCheck where authentication is not given under router ospf of R1. (use ipv4 Layer 3)( W: \. `6 F8 M" `
Ans1) R17 C8 p' S) j. _% ~4 Z" A
Ans2) ipv4 OSPF
9 j; t! {# A, L$ r6 BAns3) ip ospf authentication command must be given under router OSPF
( J9 H( g5 O' j9 T6 \& j! H8) Client 1 is not able to ping the server: W! [; p" q" z8 g( D
Situation 8: client is not able to ping the web server, but the routers can ping the server. NAT problem. (use ipv4 Layer 3)2 {9 P: J, o7 B8 w3 ]1 W
Ans1) R18 g0 ?1 ]" j* V
Ans2) IPV4 NAT0 @4 c. ~; c, Y# ^. F
Ans3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255
# ]3 o$ m- k) z# i6 J2 h
, N! e2 G, S# f. @' J9) Client 1 is not able to ping the server* b5 K; a$ }$ p. W& D! \
Situation 9: R1 is not able to ping 209.65.200.226.
. f. B& e5 `- \ X3 f6 Wcheck bgp neighborship.
! Y. ~; t+ }1 K0 wThe neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)
/ s% x# E% @. l1 Y7 t! HAns1) R1$ F4 o# V/ d5 r+ v7 N6 r
Ans2) BGP& y- b/ c8 y, p* v0 v
Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)
; }4 b8 f! l6 f) I& v* B) Q10) Client 1 is not able to ping the server9 U1 @8 v& R* S# z; r9 W8 k
Situation 10: client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3): E) H7 M9 {9 H/ A
Ans1) R1
0 G8 g O* m8 W, |5 v4 T7 U" v' ?: BAns2) IPv4 Security- d5 \" m9 \; n6 ?
Ans3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL.1 I6 i ]! @( f7 k- l7 I2 r; N
11) IPV6 loopback of R2 cannot be pinged from DSW1’s loopback." k- J/ J+ e6 R; D% [, s3 s
Situation 11: ipv6 ospf was not enabled on R2’s serial inte**ce connecting to R3. (use ipv6 Layer 3)( J, E+ S3 Z3 }: `6 |, y( c
Ans1) R2: |& _9 d8 A1 e& T
Ans2) IPV6 ospf
1 y& q5 w2 z2 w; P! eAns3) on the serial inte**ce of R2, enter the command, ipv6 ospf 6 area 0 (check the IPV6 topology.)
% Q5 K0 b3 y! k12) HSRP: DSW1 does not become active./ O+ I0 g( Q+ j6 o3 ?- \0 H7 l
Situation 12: under the standby configuration of DSW1, the command standby 10 track 1 decrement 60 is given, this has to be changed to track 10. (use ipv4 Layer 3)
7 m' i. J7 ?3 b( gAns1) DSW1
3 B; _/ t, u9 [Ans2) HSRP
3 l0 x7 r- c& @1 X4 W' u T1 nAns3) delete the command with track 1 and enter the command with track 10., t0 E% g* V- `
ASW1(3 TT); w& A/ h/ O: n
1.Access vlan - add "switchport access vlan1", u8 |: d$ Z6 N' ~% b" [6 d* t
2.Port Security - "no switchport port sec" and "shut" and "no sh"
& L2 [: _5 |3 c3.Sw-to-Sw connection - in Po23 (in exam really write as this), "no switchport trunk allow vlan 20,200" and "switchport trunk allow vlan 10,200"
. Q3 h7 j2 H* j% Z2 XDSW1(2 TT)1 z/ a! ]6 i- F K$ `9 S' H8 L" v
1.VACL/vlan filter - "no vlan filter ... vlan-list 10" 7 N f0 [, H& W
(This is on the last line, pls scroll down to see)
/ O: z9 f; C, D1 x; e2.HSRP - int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."
0 g b$ h9 y* i' M0 [R4(2 TT)
* Z$ R5 u Q( |1.IPv4 EIGRP - change as no. from 1 to 10
- j m C- G! s. O# x) T2.Redis. - change "redis ospf 1 route-map ..to" to "... ->"
\: G& N0 n- e) @+ d* G" q5 Z; RRemember that no TT on R3; [ V& H( C' }# M8 ^$ J1 D
R2(1 TT)
# [0 l- ^. p$ r t5 H1.IPv6 OSPF - enable ipv6 ospf on s0/0/0
5 e8 _; h& |) P0 ^; i: k7 fR1(4 TT)
1 J a" }0 Q! b% ^* P1.NAT - add "permit 10.2.0.0 0.0.255.255" to let client1 ping server
. a: P: T3 a6 }* w6 s2.BGP - change nei from "202.56..." to "202.65..." to form nei with ISP
3 Z+ ~+ v% x t3.Access list - in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server
1 ~" x5 M8 d& Z1 _. `! ^# O4.IPv4 OSPF - add "ip ospf authen" on s0/0/0 to form nei with R2
. }. b! |" n! P9 P* a& t4 I. j' h! |
. O, d" @4 a5 A0 M* s+ e+ J" }建议:没有准备充足的兄弟 还没有题库的情况下! 就不要去考了!除非你钱多!!!!4 m+ x4 y/ B* R; S( C: v/ D
0 f! B) z, ]) `% T; `
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2010-10-30 12:18:49
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2010-10-30 17:01:29
发表于 2010-10-30 21:36:01
