|
发表于 2019-4-24 16:07:24
|
显示全部楼层
本帖最后由 夜半歌声 于 2019-4-24 16:49 编辑
& k5 A. J, E) C* z6 x7 |$ o9 v( g" A4 Y# T2 k3 b9 M- R
Question 6+ |2 C( C$ x4 F5 D
Refer to the exhibit
4 K) r( _, A3 r8 t+ _R1#show access-list
$ G# R2 y5 t& `9 a" f. BIP access-list extended Super_User! Y# Q8 y4 d$ K( G9 @
1 permit ip host xxxx host xxxxx
5 C( r) l% y: p4 h4 N& F2 permit ip host xxxx host xxxxx8 s0 ?! d( D0 w% x
3 permit ip host xxxx host xxxxx" J1 r1 @1 Z4 z' n# X
4 permit ip host xxxx host xxxxx- @ a" h) q t( w
5 permit ip host xxxx host xxxxx
: F5 B7 ]* {# O- R* U( h' V! i6 permit ip host xxxx host xxxxx ( l3 z# v: h5 Z( ~# G/ l7 B8 i
7 permit ip host xxxx host xxxxx d7 p8 N( [8 v# ?
8 permit ip host xxxx host xxxxx
q7 E% I% e% n7 W1 A9 permit ip host xxxx host xxxxx0 `, J8 z" j( ]) o
" x- d( m4 T! }9 RWhich of the following commands inserts five additional lines to the ACL Entry Sequence between lines 3 and 4 without changing the existing configuration?
6 |4 C n) I: O* d& u9 s9 ]A R(conf)# ip access-list resequence Super_User 1 6
1 d: E9 Y* D" q) o6 ?" G3 s9 f0 OB R(conf)# ip access-list resequence Super_User 1 5
6 k/ B4 Y" K5 C5 c3 ~0 QC R(conf-nacl)# ip access-list resequence Super_User 1 68 P. G3 } r( A" H! l) d9 s
D R(conf-nacl)# ip access-list resequence Super_User 1 5 F( ]9 v# r( W! }9 F* x, g
1 {( _( S/ V) l" E' j) `# q
这道题目,我的答案是 A
9 N) T" j5 F1 l- I- u7 p6 {2 y7 @/ m* U( G; A
以下为测试环境展示, g9 m0 B. }" ~9 t' E
- R1#sh access-lists $ c7 }0 P. d+ Q$ J% S3 [+ z! j
- Extended IP access list super_user
* n) ^; Z+ u0 ?. c' w - 1 permit ip host 1.1.1.1 host 10.1.1.1+ y1 B" j% a+ a& B$ n2 k: }8 x
- 2 permit ip host 1.1.1.1 host 10.2.2.2
4 v7 J7 X1 f, f# @9 M6 u F0 B - 3 permit ip host 1.1.1.1 host 10.3.3.3
8 z u/ E- X3 z) L% \, w - 4 permit ip host 1.1.1.1 host 10.4.4.40 O6 V$ J4 {' o0 j+ f E: s" z
- 5 permit ip host 1.1.1.1 host 10.5.5.5, H* r! \( ]4 y( `5 C" B
- 6 permit ip host 1.1.1.1 host 10.6.6.6
- Y O, {5 a G" q# u - 7 permit ip host 1.1.1.1 host 10.7.7.7
3 {! K1 g! ?3 {, B2 a - 8 permit ip host 1.1.1.1 host 10.8.8.8
* K0 T4 n' v' o( M6 K - 9 permit ip host 1.1.1.1 host 10.9.9.9
复制代码
8 M) S$ R+ R6 ^/ p+ Q
* K- W( j% q. S+ ^" g首先验证答案 A
8 K: X% N0 J/ j
/ ]: u' o9 w( }5 u& D5 [+ Q- R1(config)#ip access-list resequence super_user 1 6$ \3 Z1 ?4 O* `5 M" c8 V* J
( }, M3 e. d6 V3 c. O. F- 验证结果如下:
2 l; p: w' F% [' g( m" S; k - ; q) Y. L5 }3 ]
- R1(config)#do sh access-lists
3 \1 {6 }3 I, S9 v6 q - Extended IP access list super_user6 V R/ t* _! x9 @* x+ ~. P2 y. o5 f& T
- 1 permit ip host 1.1.1.1 host 10.1.1.1
- L+ J1 X+ c& D - 7 permit ip host 1.1.1.1 host 10.2.2.2
) G+ H6 B' ^6 b. C' l. J - 13 permit ip host 1.1.1.1 host 10.3.3.3
* ~( T( ^6 z0 f! D' |# D - 19 permit ip host 1.1.1.1 host 10.4.4.4' k% u% }( P: z) s& \: t3 F$ T
- 25 permit ip host 1.1.1.1 host 10.5.5.50 y0 `% R' g+ ?; B! p& K
- 31 permit ip host 1.1.1.1 host 10.6.6.6' a' Q1 _# a3 w( I J
- 37 permit ip host 1.1.1.1 host 10.7.7.7# f# ?8 b7 u) e5 L
- 43 permit ip host 1.1.1.1 host 10.8.8.8
2 j) k& ?2 P1 _: V - 49 permit ip host 1.1.1.1 host 10.9.9.95 x2 ~4 T5 x# ^8 u
- : F1 U# P! m. }7 Q/ T0 F. L
- 第3行与第4行之间可以插入 14/15/16/17/18 5条acl 语句
复制代码
3 P2 h' q7 n6 q1 A; N9 r# \8 ?4 e再来验证答案B& Q7 ?# N: u7 O+ ^/ \4 W
- R1(config)#ip access-list resequence super_user 1 5
9 @+ L5 u) e3 s7 L% z0 |
4 r, t' O) Z3 L/ m. T- 验证结果如下:
' i3 Y% R" R9 u
- V7 E3 ~' n! x; W. w5 m- R1(config)#do sh access-lists * E$ F6 u4 ^* a; u6 S% H
- Extended IP access list super_user
: M. R% B$ {* w# {' Q* ^ - 1 permit ip host 1.1.1.1 host 10.1.1.1
$ I ^ `. f/ e4 {/ i3 p - 6 permit ip host 1.1.1.1 host 10.2.2.2
4 U7 X; P0 S7 {" W0 B; f6 S; q' v* N B - 11 permit ip host 1.1.1.1 host 10.3.3.3
+ ?8 ?8 e+ N3 L5 V/ D - 16 permit ip host 1.1.1.1 host 10.4.4.4# @! o4 T* i& [
- 21 permit ip host 1.1.1.1 host 10.5.5.5
" a5 y* J- r9 [ - 26 permit ip host 1.1.1.1 host 10.6.6.6
" z4 D& F9 M$ l) H6 f$ ^ - 31 permit ip host 1.1.1.1 host 10.7.7.7
& u0 k! N$ |7 b. ?$ P% d4 G$ Y - 36 permit ip host 1.1.1.1 host 10.8.8.8
* F q8 |/ Y f+ t# Z - 41 permit ip host 1.1.1.1 host 10.9.9.9! s# \, ~7 O u& O2 o( u5 b& Q G- V
, Y u2 a; c! |- O- : R p9 ^5 t9 ?; b* g; e
- 第3行与第4行之间可以插入 12/13/14/15 4条acl 语句
复制代码 : W% ?2 k9 g' ` n
0 }& I0 R; |. r- h$ J+ |4 ~验证答案C% W* g# w+ q3 Q7 Q$ \2 j$ A- d
- R1(config-ext-nacl)#ip access-list resequence super_user 1 6
7 @. b$ r0 b7 W; s' W - ; N" d4 w+ \6 J* a' p# m6 L, P6 [
- 验证结果如下:
6 ]0 B$ ]' H% [$ l1 W* J" v+ q - s' {# H k" ~0 ^0 U) j' _
- R1(config)#do sh access-lists6 U- o1 e: V( G5 K2 y2 c+ y
- Extended IP access list super_user
9 p+ I4 _( F) d - 1 permit ip host 1.1.1.1 host 10.1.1.1
. H# _* k, r. s" } q+ F% K - 7 permit ip host 1.1.1.1 host 10.2.2.2
$ m5 ]- N' Z h# g5 j* C - 13 permit ip host 1.1.1.1 host 10.3.3.3
% z. s. X& f3 S - 19 permit ip host 1.1.1.1 host 10.4.4.4# r- S2 f. Q' M+ B/ s) [$ @
- 25 permit ip host 1.1.1.1 host 10.5.5.5
' t# m5 q9 ?+ W - 31 permit ip host 1.1.1.1 host 10.6.6.6
& E( d4 {: u# u, O - 37 permit ip host 1.1.1.1 host 10.7.7.7! I4 k; c$ H4 H, @" l+ ~- b
- 43 permit ip host 1.1.1.1 host 10.8.8.8
% k% L& O* l9 B$ p5 Z" t: z - 49 permit ip host 1.1.1.1 host 10.9.9.9
4 G/ a6 R. c; j' P& H" o
: n- |7 C& G" v& P: G! x+ x- 第3行与第4行之间可以插入 14/15/16/17/18 5条acl 语句,验证结果与A相同* D7 E% b1 l; S5 k
复制代码
, F2 z; s8 A# B* r4 ~
2 ^: f% j5 i2 S3 C* ^验证答案D
6 k* ~: y' y* j5 }2 J8 K' C
( i4 _% _+ U+ n8 X7 B, c$ V! u6 f0 S2 [; q( `+ e
- R1(config-ext-nacl)#ip access-list resequence super_user 1 5
1 v+ S; ^; o( z+ V - ; b! Q u' ` ^4 A, ^3 g8 k
- 验证结果如下:
# [2 n* q# R! \ - 9 R- r- c4 ?5 w1 J( x
- R1(config)#do sh access-lists
9 q5 y* r& P+ A# R& z2 r - Extended IP access list super_user! c4 b# y& k* c' O/ _( L9 z
- 1 permit ip host 1.1.1.1 host 10.1.1.1 }+ g @, M8 [ z9 G. X
- 6 permit ip host 1.1.1.1 host 10.2.2.23 e9 L+ o4 A7 y! l
- 11 permit ip host 1.1.1.1 host 10.3.3.3/ ?0 G' T4 r0 k" ?% A
- 16 permit ip host 1.1.1.1 host 10.4.4.4+ ^8 a0 X# c/ [# P3 n9 w+ K
- 21 permit ip host 1.1.1.1 host 10.5.5.5
) s) R& |6 H6 H' F% s - 26 permit ip host 1.1.1.1 host 10.6.6.6
! X5 o7 x+ C" y& ]: ?& j% G - 31 permit ip host 1.1.1.1 host 10.7.7.76 I4 T- l5 q" Z
- 36 permit ip host 1.1.1.1 host 10.8.8.8
! A! H, i5 X$ y. U- a8 D1 V - 41 permit ip host 1.1.1.1 host 10.9.9.9! z, M# g. u1 C8 b
I5 O" I1 M, X1 d- 第3行与第4行之间可以插入 12/13/14/15 4条acl 语句,验证结果与B相同
复制代码
$ Q; N, A- l' F; T1 P$ K! j" ~
r7 q+ }8 M9 i1 I: z5 P4 o4 Y `
从验证结果上来看,AC相同,BD相同(AC/BD命令其实是一样的,区别仅在于所处模式不同)。
( j6 F u! i) n) T$ n9 \% a; ]8 N% m8 b* j
: S3 @: R, ^: @6 Y2 A2 @' H那么答案A和C有什么不同呢?我们继续验证& _/ V0 j8 a3 t0 S- ]
验证答案A,使用?进行提示,如果如下:+ g; F3 y# w5 J: y
1 i& O3 G, i ]: n' U/ Z
- R1(config)#ip access-list ?0 m7 g2 S! K% K. {
- extended Extended Access List- o. b* W: u2 E/ a
- log-update Control access list log updates
7 r1 V1 q- ~! {2 _- l: j - logging Control access list logging
& c5 R4 W H2 u _! ~$ o$ s+ o - resequence Resequence Access List
8 J/ H6 `9 f% G: _$ o" `% h) g - standard Standard Access List- A) f8 S! \: }7 F/ }" O
2 I9 v8 b. V" \" C& E( D$ R- R1(config)#ip access-list res? # C" Z! Y' r+ F0 ~: g+ o, ?! W
- resequence
, a4 A+ V l! I* Q( v
% w4 u0 o' E- a3 R& D9 O* _- R1(config)#ip access-list res9 }+ C9 a' i1 q# m/ u
- R1(config)#ip access-list resequence ?
$ |* m* _- q2 T% x2 @' ]; J - <1-99> Standard IP access-list number, E" W& o5 X- M! ?
- <100-199> Extended IP access-list number1 ^$ R: {; Q3 t9 T
- <1300-1999> Standard IP access-list number (expanded range)
! s" h2 I8 ?' d8 H2 t! A - <2000-2699> Extended IP access list number (expanded range)
$ R$ B: ^# E& y( J, o" x - WORD Access-list name6 J6 X4 q7 t* I% S5 {$ C
- ' D5 b6 w/ `, v9 b
- R1(config)#ip access-list resequence super_user ?
- @% U$ o |; Z7 l% P3 V - <1-2147483647> Starting Sequence Number
0 u' D) T E8 z s5 M& u
9 o! L% o( W8 {- R1(config)#ip access-list resequence super_user 1 ?
1 ]5 ^# ?: ^+ A6 w0 ^ d - <1-2147483647> Step to increment the sequence number
! b. T) S, a1 V
6 C$ ?# p9 L/ K8 c3 E- R1(config)#ip access-list resequence super_user 1 6
复制代码 , R D' {4 c9 p! p- ^4 v/ D* M
2 V/ F, ?: ~( P! N+ y% A' R/ ]" d
6 Z" f3 p {& g) [验证答案C,使用?进行提示,如果如下:
; D: _: k9 E$ x6 @% L- a) x; y8 ~6 S# H9 s9 @' T. y0 G5 M, c
- R1(config)#ip access-list extended super_user9 {3 B9 D2 j6 d$ i0 ^6 g( U6 `
- R1(config-ext-nacl)#ip ?
% V/ S) N6 D! p5 h/ m - % Unrecognized command
: k$ K0 P. b3 t# U - R1(config-ext-nacl)#ip
复制代码 提示命令不正确了, ,虽然我直接将完整命令打上去,并没有提示有错误,命令也能执行,但是从上面的提示来看,考试要考的答案 应该不会是这个,至于为什么能执行这个命令,也许是我使用的模拟器的IOS版本较新吧。; B; f! r% f" }1 ~
: r/ h3 F" U6 X% L3 a' s) G4 o3 Y, `3 v& N- F
经过上面的分析,我认为本题的答案是 A7 E }$ f8 w9 F3 Z( C" U) @
) I7 B# y F1 E# {: |
, g9 T; m8 [7 {1 Z如果分析有误,欢迎各路大神批评指正。
$ C; }' b* v2 v$ K5 @, j- c2 Z! A2 p6 e7 \1 ?; A. J
|
|