|
|
发表于 2019-4-24 16:07:24
|
显示全部楼层
本帖最后由 夜半歌声 于 2019-4-24 16:49 编辑 - N+ w5 w7 a" {
N K# m5 f* G' F; k7 o3 n* EQuestion 6
9 B2 Y3 Q, e- V' XRefer to the exhibit
% R" {' ~. W7 }2 VR1#show access-list$ \: {2 G0 S$ G) e8 Z$ l& s1 y4 c
IP access-list extended Super_User3 ?% N4 M) c9 k6 q! l
1 permit ip host xxxx host xxxxx/ x' ]$ z( }2 q. m2 f V
2 permit ip host xxxx host xxxxx
& ]2 Q- h" \/ k( h+ K4 O6 e3 permit ip host xxxx host xxxxx1 W* [6 z# H& J
4 permit ip host xxxx host xxxxx2 m! I( y5 |" o
5 permit ip host xxxx host xxxxx% O9 c) `" I: ~
6 permit ip host xxxx host xxxxx * }% N$ U9 t8 V2 F) I# U
7 permit ip host xxxx host xxxxx
6 N/ j& W, i" c0 B- M. d$ _8 permit ip host xxxx host xxxxx
0 j4 p' Q0 q6 q' \' b2 R7 E9 m9 permit ip host xxxx host xxxxx
6 s4 g8 g, h# w" X5 y, s+ f* I/ @
Which of the following commands inserts five additional lines to the ACL Entry Sequence between lines 3 and 4 without changing the existing configuration?
^& W; p, H6 B* @6 d# B, B3 ~A R(conf)# ip access-list resequence Super_User 1 6; [2 h* X) B$ Q. r9 v/ I- V4 N4 K
B R(conf)# ip access-list resequence Super_User 1 5* }) g/ F+ W% P; Q! ]
C R(conf-nacl)# ip access-list resequence Super_User 1 65 N! y J7 Y* U" ^0 Q3 U
D R(conf-nacl)# ip access-list resequence Super_User 1 5. _* Y' w8 b! t) {: M! b+ [! z
4 o" g* d, P ?
这道题目,我的答案是 A
# t9 `7 e0 z9 B2 B. z; `! y% {- w5 l; `4 ?+ }) N1 V
以下为测试环境展示
8 F3 M! g& B5 d l- f2 E- R1#sh access-lists
: Z8 o& ^3 q( k* b4 @ @" {' Z0 k - Extended IP access list super_user/ H! f- d6 Z/ p7 u: F( C; c; Y; N
- 1 permit ip host 1.1.1.1 host 10.1.1.1, V# p5 a, A7 v$ V
- 2 permit ip host 1.1.1.1 host 10.2.2.2. Q5 @; j+ C, _7 O
- 3 permit ip host 1.1.1.1 host 10.3.3.37 F/ m" i& p- h# w1 z0 o
- 4 permit ip host 1.1.1.1 host 10.4.4.4
' H1 V8 w& [$ e! H3 g$ b3 `% g - 5 permit ip host 1.1.1.1 host 10.5.5.5
. d8 N& f" t' d3 L) \. J2 C - 6 permit ip host 1.1.1.1 host 10.6.6.6
, B; |, v) v9 W6 ]" W - 7 permit ip host 1.1.1.1 host 10.7.7.7% Z) @' i5 D/ ]& d: |3 C
- 8 permit ip host 1.1.1.1 host 10.8.8.8
% P" ]: ^/ C7 h& m8 l2 h - 9 permit ip host 1.1.1.1 host 10.9.9.9
* F9 i* @) c, s; g8 C首先验证答案 A: {8 m4 X& D: n# u9 M) D
9 e' X) g' @7 x
- R1(config)#ip access-list resequence super_user 1 6' ^% t) ~, T) r
- + e) ~4 s5 h: X+ C# B2 R+ ~' h
- 验证结果如下:4 V) |8 m8 s2 Y3 y; ? M2 n
' K8 g2 X2 s% c- R1(config)#do sh access-lists! c: q. }, k2 M4 R
- Extended IP access list super_user @5 ]+ I( T3 R( ~
- 1 permit ip host 1.1.1.1 host 10.1.1.1; y* P; i& m- |4 @; Z; M: r
- 7 permit ip host 1.1.1.1 host 10.2.2.2: {! K" {$ C0 K% e# j
- 13 permit ip host 1.1.1.1 host 10.3.3.34 R# B5 Z$ h! F& F- Y' o
- 19 permit ip host 1.1.1.1 host 10.4.4.4
2 V# q) h* @8 _$ D# c" e - 25 permit ip host 1.1.1.1 host 10.5.5.5
+ o- C( j4 R( x% }$ s7 [' B - 31 permit ip host 1.1.1.1 host 10.6.6.6* ^ [# b ?' @/ O; b# _
- 37 permit ip host 1.1.1.1 host 10.7.7.7( R5 W# ~5 _5 a" q
- 43 permit ip host 1.1.1.1 host 10.8.8.8
! v4 B, O/ d: @; s: w/ ]3 r - 49 permit ip host 1.1.1.1 host 10.9.9.9$ D& B$ ~1 k! h d4 ~. D# N; O
* {3 A8 K4 O* g# G+ n! y- 第3行与第4行之间可以插入 14/15/16/17/18 5条acl 语句
再来验证答案B* {- Y, H$ e: s( w
- R1(config)#ip access-list resequence super_user 1 5
. C. W. M1 r0 D; M+ k
" a! t$ a) J1 D6 `* C- 验证结果如下:+ u: F m$ Q/ c
- $ {3 u" b( @4 _' h7 t, |1 p8 w
- R1(config)#do sh access-lists & \6 [* _9 a, ~2 y9 ^- y* X a
- Extended IP access list super_user
5 J/ @9 v& C8 b5 l( y2 j - 1 permit ip host 1.1.1.1 host 10.1.1.1+ p' }, I5 o' u D
- 6 permit ip host 1.1.1.1 host 10.2.2.2& e6 Q* e d+ z" y& Z
- 11 permit ip host 1.1.1.1 host 10.3.3.39 {5 _5 f4 q% H+ n* g5 O5 e
- 16 permit ip host 1.1.1.1 host 10.4.4.4
1 t$ k3 j; K! J - 21 permit ip host 1.1.1.1 host 10.5.5.5 U$ Q/ d+ d* Q Q% S" Q
- 26 permit ip host 1.1.1.1 host 10.6.6.6
8 E7 A7 `1 z7 x/ a9 ~$ N/ ]; X - 31 permit ip host 1.1.1.1 host 10.7.7.7
9 o; v& t# ]$ ~; B - 36 permit ip host 1.1.1.1 host 10.8.8.8
+ X# l" ^$ f& ?9 z# P% u# Z! M& o - 41 permit ip host 1.1.1.1 host 10.9.9.9
1 V& K3 O! D( {
4 x6 g" o* y- h; R- " ^2 `, P8 x$ D4 r. M \- [+ \$ I
- 第3行与第4行之间可以插入 12/13/14/15 4条acl 语句
/ G( ?& l& x( L7 W验证答案C7 q+ n# |8 w! W% N0 r
- R1(config-ext-nacl)#ip access-list resequence super_user 1 64 M& t% Q/ z0 R3 e( E0 n. u8 ~
9 f% q- z) x& N& J' `5 S- 验证结果如下:$ [5 E+ v( Z. j* l6 Z
" @0 u: g4 L! J% f& a4 C2 Y- O4 y( C- R1(config)#do sh access-lists
; p ]9 u* N" c+ Z/ @* l - Extended IP access list super_user
5 z% h- Y3 J1 }) F$ J - 1 permit ip host 1.1.1.1 host 10.1.1.1
( ]/ F9 v, n N/ x - 7 permit ip host 1.1.1.1 host 10.2.2.28 @) T) k4 a9 t+ F1 T% c! I* B5 A
- 13 permit ip host 1.1.1.1 host 10.3.3.3, i6 U( X& U, x6 Z' l) h' h( w9 [) z" z
- 19 permit ip host 1.1.1.1 host 10.4.4.4! r5 _! G, N- U! _( e( B: t
- 25 permit ip host 1.1.1.1 host 10.5.5.5
B: g9 ~0 @8 P/ s5 s# J1 ^ - 31 permit ip host 1.1.1.1 host 10.6.6.6' w6 c2 S A; B$ ~, j/ S
- 37 permit ip host 1.1.1.1 host 10.7.7.71 D- y: t6 g' Z' I+ R2 o
- 43 permit ip host 1.1.1.1 host 10.8.8.8
9 g5 P. B- n U( s' w' C - 49 permit ip host 1.1.1.1 host 10.9.9.9
+ L/ s* K( O) Z
* _# Q4 a. Y& U! f% v3 u" }- 第3行与第4行之间可以插入 14/15/16/17/18 5条acl 语句,验证结果与A相同
) y V- p+ e4 a# I: v
8 ]& u' K3 [" Z* ^) A7 J# S3 p
验证答案D
1 s, e* p5 ~) d# A; y: t7 Q( D! \2 H, S6 q, A0 o4 z4 r
8 d( F. X& B5 o5 K9 T7 o7 D- R1(config-ext-nacl)#ip access-list resequence super_user 1 5
1 ^6 c! x* j5 @( A. U
& N1 c2 d9 [( [8 _, h$ Q5 r- 验证结果如下: o! A' p0 f/ {/ q& }
3 v$ p, T! e Q! V) }/ G: D( Q) [. J! q0 H- R1(config)#do sh access-lists
# g" \( u$ }2 F! S0 _5 N! E* K% Z - Extended IP access list super_user2 \* d; w3 N+ S- T+ Z" H
- 1 permit ip host 1.1.1.1 host 10.1.1.1: x; E5 Z4 v* P# i0 C
- 6 permit ip host 1.1.1.1 host 10.2.2.29 d! R9 Z ]" a2 b C. ?. g
- 11 permit ip host 1.1.1.1 host 10.3.3.3
0 p9 G8 E1 {6 Y9 S7 @ - 16 permit ip host 1.1.1.1 host 10.4.4.4- P X) T' E* J
- 21 permit ip host 1.1.1.1 host 10.5.5.5* e8 z& L6 G, a' T
- 26 permit ip host 1.1.1.1 host 10.6.6.6% f; I/ p4 ^# J* C# m1 K6 [
- 31 permit ip host 1.1.1.1 host 10.7.7.7
5 F1 h( Y/ q( n! m: D" B - 36 permit ip host 1.1.1.1 host 10.8.8.8$ ?) C$ K. z$ c- _: N
- 41 permit ip host 1.1.1.1 host 10.9.9.9/ @0 h9 D$ x! U" _& g
2 i2 l5 u! A, m# w$ E8 D/ c/ [# i- P- 第3行与第4行之间可以插入 12/13/14/15 4条acl 语句,验证结果与B相同
! h9 C7 h" y! }# l
- J3 c4 `- P; Z8 s& }从验证结果上来看,AC相同,BD相同(AC/BD命令其实是一样的,区别仅在于所处模式不同)。5 D+ P" l" h, y- n
% ], S! h% N) z5 y A1 w4 u
6 H6 ^& X& @ }% h3 g$ e `! ^
那么答案A和C有什么不同呢?我们继续验证: o% `% Q7 C3 P' W$ o# G+ Y2 x7 A \
验证答案A,使用?进行提示,如果如下:6 y+ ^) b' \8 ]" P S, P1 m
" C; o8 R& C2 O2 ~
- R1(config)#ip access-list ?6 i: J# e; @* I+ Z* E* _ i( i, i
- extended Extended Access List; J8 a o) p! y$ C& R
- log-update Control access list log updates6 M% l$ L: t; H" U* F
- logging Control access list logging# o; F' {9 `3 d
- resequence Resequence Access List
# g1 t4 b6 k% J, z3 s - standard Standard Access List
G+ `) v+ \* t @+ |( x' F5 I+ l - + p! Z! l8 I9 p' m
- R1(config)#ip access-list res?
8 v) ?: }0 q f7 ~. s0 p - resequence
7 C! D. y& x4 @; [; b; a4 b. D9 y
& b3 ~3 l" w2 o. j- R1(config)#ip access-list res
; U$ \! F# l' d9 s - R1(config)#ip access-list resequence ?
, L) i. E* j) w2 u! N7 R - <1-99> Standard IP access-list number
Y" Y% r2 a: g+ R - <100-199> Extended IP access-list number2 M$ ]( A' @, A$ u3 e
- <1300-1999> Standard IP access-list number (expanded range)
a; e7 w0 Y7 i2 v' L% W - <2000-2699> Extended IP access list number (expanded range)
" P1 x) D0 y2 ^- X4 ^) ^ - WORD Access-list name
" O( f; h( M# \ j0 I
: j9 b' |! D5 L0 j) { M$ R& z, w- R1(config)#ip access-list resequence super_user ?: D7 d4 k& q9 S8 w3 s' c) E
- <1-2147483647> Starting Sequence Number0 H, X0 p) H" [
) {# S B0 v9 b: e3 A3 N. `- R1(config)#ip access-list resequence super_user 1 ?0 F& ^" C0 e! S8 G! E5 n
- <1-2147483647> Step to increment the sequence number
3 G0 M5 N) r* s! ~- d8 S - 2 W# F( k) P2 g# z; t. E0 `; m5 z
- R1(config)#ip access-list resequence super_user 1 6
% G/ t2 q7 a, s2 \! k; p0 G1 z) B% |( J
验证答案C,使用?进行提示,如果如下:# [2 o6 H" `# H$ B, q( G: F, X3 [
: V3 r6 e9 b$ z
- R1(config)#ip access-list extended super_user) g# }- j& M, g! d; n$ Y
- R1(config-ext-nacl)#ip ?
8 J- Q) S& `. M2 B. B - % Unrecognized command
% L2 @- E8 Y d3 k4 \$ @ - R1(config-ext-nacl)#ip
 ,虽然我直接将完整命令打上去,并没有提示有错误,命令也能执行,但是从上面的提示来看,考试要考的答案 应该不会是这个,至于为什么能执行这个命令,也许是我使用的模拟器的IOS版本较新吧。
0 U% R* t/ _3 m8 }
2 S8 @6 b+ y" ]* k: n2 L8 |* Z/ W: c- _
经过上面的分析,我认为本题的答案是 A7 S; D: l& C2 z& R3 p$ p0 m9 U
$ S9 ^: m6 Y! o% D( I: _
! P# e4 l9 L1 {- V# t
如果分析有误,欢迎各路大神批评指正。, }& p1 Y5 t q" ]* N
6 O+ L. g# s' u# ~* f& J
|
72#
2019-4-24 16:07:24
回复(0)
收起回复
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
成长值: 32320
