CCNA题库实验题
- 格式:pdf
- 大小:1.44 MB
- 文档页数:21
思科认证CCNA认证试题与答案中文版思科认证CCXA认证试题与答案中文版21、一个B类网络,有5位掩码加入缺省掩码用来划分子网,每个子网最多()台主机(A)510(B)512(C)1022(D)2046答案:D22、在路由器中,能用以下命令察看路由器的路由表()(A)arp-a(B)traceroute(C)routeprint(D)displayiprouting-table答案:D23、DHCP客户端是使用地址()来中请一个新的IP地址的(A)0. 0. 0. 0(B)10. 0. 0. 1(0127. 0. 0. 1(D)255. 255. 255. 255答案:D注释:255. 255. 255. 255是全网广播,DHCP客户端发送全网广播来查找DHCP服务器.24、下而有关NAT叙述正确的是()(A)NAT是英文“地址转换”的缩写,又称地址翻译(B)XAT用来实现私有地址与公用网络地址之间的转换(C)当内部网络的主机访问外部网络的时候,一定不需要NAT(D)地址转换的提出为解决IP地址紧张的问题提供了一个有效途径答案:ABD25、以下属于正确的主机的IP地址的是()(A)224. 0. 0.5(B)127. 32. 5. 62(0202. 112.5.0(D) 162. 111. 111. Ill答案:D注释:这个题目不是太严谨,应该加上子网掩码.A:224. 0. 0. 5是多播地址B: 127. 0.0. 0保留作为测试使用C:网络地址26、设置主接口由up转down后延迟30秒切换到备份接口,主接口由down转up后60秒钟切换回主接口的配置为()(A)standbytimer3060(B)standbytimer6030(C)standbytimerenable-delay60disable-delay30(D)standbytimerenable-delay30disable-delay60答案:D27、在一个以太网中,30台pc通过QuidwayR2501路由器s0 口连接internet, QuidwayR2501路由器配置如下:[Quidway-EthernetO] ipaddressl92. 168. 1. 1255. 255. 255. 0[Quidway-EthernetO]quit[Quidway]interfacesO[Quidway-SerialOJ ipaddress211. 136. 3. 6255. 255. 255. 252[Quidway-Serial0」link-protocolppp一台PC机默认网关为192. 168. 2.1,路由器会怎样处理发自这台PC 的数据包?(A)路由器会认为发自这一台PC的数据包不在同一网段,不转发数据包(B)路由器会自动修正这一台PC机的IP地址,转发数据包(C)路由器丢弃数据包,这时候需要重启路由器,路由器自动修正误配(D)路由器丢弃数据包,不做任何处理,需要重配PC网关为192. 168. 1. 1答案:D注释:PC的'默认网关要指向路由器的以太网口的IP地址.28、ISDNB信道速率是()(A)16kbps(B)64kbps(C)144kbps(D)2048kbps答案:B参考知识点:综合数字业务网(ISDN)由数字电话和数据传输服务两部分组成,一般由电话局提供这种服务。
Question:This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This does not require any configuration.To answer the multiple-choice questions, click on the numbered boxes in the right panel.There are five multiple-choice questions with this task. Be sure to answer all five questions before leaving this item.Question 1:What interface did Sw-AC3 associate with source MAC address 0010.5a0c.ffba ? a) Fa0/1 b) Fa0/3 c) Fa0/6 d) Fa0/8 e) Fa0/9 f) Fa0/12Answer: Fa 0/8Explanation: to find out which interface associated with a given MAC address, use the show mac-address-table command. It shows the learned MAC addresses and their associated interfaces. After entering this command, you will see a MAC address table like this:讲解 By XiXiSmiLeFrom this table we can figure out that the MAC address 0010.5a0c.ffba is associated with interface Fa0/8Question 2:What ports on Sw-AC3 are operating has trunks (choose three)? a) Fa0/1 b) Fa0/3 c) Fa0/4 d) Fa0/6 e) Fa0/9 f) Fa0/12Answer: Fa0/3, Fa0/9 and Fa0/12Explanation: Use the show interface trunk command to determine the trunking status of a link and VLAN status. This command lists port, its mode, encapsulation and whether it is trunking. The image below shows how it works:Question 3:What kind of router is VLAN-R1? a) 1720 b) 1841 c) 2611 d) 2620Answer: 2620Explanation: VLAN-R1 is the router directly connected to Sw-Ac3 switch, so we can use the show cdp neighbors command to see:1. Neighbor Device ID : The name of the neighbor device;2. Local Interface : The interface to which this neighbor is heard3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.4. Platform: Which type of device the neighbor is5. Port ID: The interface of the remote neighbor you receive CDP information6. Holdtime: Decremental hold time in seconds Sample output of show cdp neighbors command:One thing I want to notice you is "Local Intrfce" in the image above refers to the local interface on the device you are running the "show cdp neighbors" command Question 4: Which switch is the root bridge for VLAN 1?讲解 By XiXiSmiLeAnswer: Sw-DS1Explanation: First we use the show spanning-tree vlan 1 to view the spanning-tree information of VLAN 1From the "Cost 19", we learn that the root switch is directly connected to the Sw-Ac3 switch over a 100Mbps Ethernet linkNotice that if you see all of the interface roles are Desg (designated) then you can confirm Sw-Ac3 switch is the root bridge for this VLAN (VLAN 1).If you see there is at least one Root port in the interface roles then you can confirm Sw-Ac3 is not the root bridge because root bridge does not have root port. In this case, we notice that the root port on Sw-Ac3 switch is FastEthernet0/12, so we have to figure out which switch is associated with this port -> it is the root bridge. You can verify it with the show cdp neighbors command:The "Local Intrfce" column refers to the interface on the switch running "show cdp neighbors" command. In this case, Sw-DS1 is associated with interface FastEthernet0/12 -> Sw-DS1 is the root bridge Question 5: What address should be configured as the default-gateway for the host connected to interface fa 0/4 of SW-Ac3? Answer: 192.168.44.254 Explanation:First we have to identify which VLAN interface Fa0/4 belongs to by the show vlan commandFrom the exhibit we know that VLAN 44 is configured on router using sub-interface Fa0/0.44 with IP address 192.168.44.254/24讲解 By XiXiSmiLe讲解 By XiXiSmiLeTherefore the default gateway of the host should be 192.168.44.254Question 6: From which switch did Sw-Ac3 receive VLAN information ?Answer: Sw-AC2Explanation: to view the VTP configuration information, use the show vtp status commandSo we knew Sw-Ac3 received VLAN information from 163.5.8.3 (notice:the IP address may be different). Finally we use the show cdp neighbors detail to find out who 163.5.8.3 is:Question 7: Refer to the exibit, SwX was taken out of the production network for maintenance. It will be reconnected to the Fa 0/16 port of Sw-Ac3. What happens to the network when it is reconnected and a trunk exists between the two switches?A - All VLANs except the default VLAN win be removed from all switchesB - All existing switches will have the students, admin, faculty, Servers, Management, Production, and no-where VLANsC - The VLANs Servers, Management, Production and no-where will replace the VLANs on SwXD - The VLANs Servers, Management, Production and no-where will be removed from existing switches Answer and Explanation:First we should view the VTP configuration of switch Sw-Ac3 by using the show vtp status command on Sw-Ac3Notice that its configuration revision number is 5 and VTP Domain Name is home-officeNext, from the exhibit we know that SwX has a revision number of 6, which is greater than that of Sw-Ac3 switch, and both of them have same VTP Domain Name called "home-office".Therefore SwX will replace vlan information on other switches with its own information. We should check vlan information of Sw-Ac3 switch with show vlan commandSo the correct answer is D - The VLANs Servers, Management, Production and no-where will be removed from existing switchesPlease notice that in the real CCNA exam you may see a different configuration revision of Sw-Ac3 or of SwX. In general, which switch has a higher revision number it will become the updater and other switches will overwrite their current databases with the new information received from the updater (provided that they are on the same domain and that switch is not in transparent mode). Question 8:讲解 By XiXiSmiLeOut of which ports will a frame be forwarded that has source mac-address 0010.5a0c.fd86 and destination mac-address 000a.8a47.e612? (Choose three) A - Fa0/8 B - Fa0/3 C - Fa0/1 D - Fa0/12Answer: B C D Explanation:First we check to see which ports the source mac-address and the destination mac-address belong to by using show mac-address-table commandWe notice that the source mac-address 0010.5a0c.fd86 is listed in the table and it belongs to Vlan 33 but we can't find the destination mac-address 000a.8a47.e612 in this table. In this case, the switch will flood to all ports of Vlan 33 and flood to all the trunk links, except the port it received this frame (port Fa0/6). Therefore from the output above, we can figure out it will flood this frame to Fa0/1, Fa0/3 and Fa0/12.Please notice that the "show mac-address-table" command just lists information that was learned by the switch, it means that there can be other ports besides Fa0/1, Fa0/3 and Fa0/12 belong to Vlan 33. You can use the show vlan command to see which ports belong to vlan 33And we found other ports which belong to vlan 33, they are Fa0/2, Fa0/5 and Fa0/7. Our switch will flood the frame to these ports, too.And we can check which trunk ports will receive this frame by the show interface trunk command-> Port Fa0/9 will also receive this frame!讲解 By XiXiSmiLeQuestion 9:If one of the host connected to Sw-AC3 wants to send something for the ip 190.0.2.5 (or any ip that is not on the same subnet) what will be the destination MAC address Answer and Explanation:Because the destination address is not on the same subnet with the switch, it will forward the packet to its default gateway. So we have to find out who is the default gateway of this switch by using the show running-config commandFrom the output, we notice that its default-gateway is 192.168.1.254. In fact, we can easily guess that its default gateway should be a layer 3 device like a router; and in this case, the VLAN-R1 router. To verify our theory, use the show cdp neighbor detail command and focus on the description of VLAN-R1 routerFrom this output, we can confirm the switch's default gateway is VLAN-R1 router (with the IP address of 192.168.1.254). And "the interface: FastEthernet0/3" tells us that the switch is connected to VLAN-R1 router through Fa0/3 port (Fa0/3 is the port on the switch).Finally we just need to use the show mac-address-table command to find out which MAC address is associated with this interface讲解 By XiXiSmiLe讲解 By XiXiSmiLe(Notice that in the real CCNA exam the MAC address or port may be different)And we find out the corresponding MAC address is 000a.b7e9.8360. Although there are some entries of port Fa0/3 with different Vlans but they have the same MAC address。
完整版CCNA测试题库及答案描述载波侦听多路由访问/冲突检测(CSMA/CD)的工作原理。
CSMA/CD是一种帮助设备均衡共享带宽的协议,可避免两台设备同时在网络介质上传输数据。
虽然他不能消除冲突,但有助于极大的减少冲突,进而避免重传,从而提高所的设备的数据传输效率。
区分半双工和全双工通信。
并指出两种方法的需求。
与半双工以太网使用一对导线不同,全双工以太网使用两队导线,全双工使用不同的导线来消除冲突,从而允许同时发送和接收数据,而半双工可接收或发送数据,但不能同时接收和发送数据,且仍会出现冲突。
要使用全双工,电缆两端的设备都必须支持全双工,并配置成一全双模式运行。
描述MAC地址的组成部分以及各部分包含的信息。
MAC(硬件)地址时一种使用十六进制表示的地址,长48位(6B)。
其中前24位(3B)称为OUI(Organizationally Unique Idebtifier,组织唯一表示符),有IEEE分配给NIC制造商;余下的部分呢唯一地标识了NIC识别十进制数对应的二进制值和十六进制值。
用这三种格式之一表示的任何数字都可以转换为其他两种格式,能够执行这种转换对理解IP地址和子网划分至关重要。
识别以太网帧中与数据链路层相关的字段。
在以太网中,与数据链路层相关的字段包括前导码,帧其实位置分隔符,目标MAC地址,源MAC地址,长度或者类型以及帧校验序列。
识别以太网布线相关的IEEE标准。
这些标准描述了各种电缆类型的功能和物理特征,包括(但不限于)10Base2、10Base5和10BaseT。
区分以太网电缆类型及其用途。
以太网电缆分3种:直通电缆,用于将PC或路由器的以太网接口连接到集线器或交换机;交叉电缆。
用于将集线器连接到集线器,集线器连接到交换机,交换机连接到交换机以及PC连接到PC;反转电缆,用于PC和路由器或交换机之间建立控制台连接。
描述数据封装过程及其在分组创建中的作用。
数据封装指的是在OSI模型各层给数据添加信息的过程,也成为分组创建。
C C N A考试题(总9页) -CAL-FENGHAI.-(YICAI)-Company One1-CAL-本页仅作为文档封面,使用请直接删除第一部分:选择题1:提供可靠数据传输、流控的是OSI的第几层()A、表示层B、网络层C、传输层D、会话层E、链路层2:子网掩码产生在那一层()A、表示层B、网络层C、传输层D、会话层3:当路由器接收的IP报文的目的地址不是本路由器的接口IP地址,并且在路由表中未找到匹配的路由项,采取的策略是()A、丢掉该分组B、将该分组分片C、转发该分组D、以上答案均不对4:当一台主机从一个网络移到另一个网络时,以下说法正确的是()A、必须改变它的IP地址和MAC地址B、必须改变它的IP地址,但不需改动MAC地址C、必须改变它的MAC地址,但不需改动IP地址D、MAC地址、IP地址都不需改动5:ISO提出OSI的关键是()A、系统互联B、提高网络速度C、为计算机制定标准D、经济利益6:OSI参考模型按顺序有哪些层()A、应用层、传输层、网络层、物理层B、应用层、表示层、会话层、网络层、传输层、数据链路层、物理层C、应用层、表示层、会话层、传输层、网络层、数据链路层、物理层D、应用层、会话层、传输层、物理层7:LAN的拓扑形式一般以()为主。
A、总线型B、环型C、令牌环D、载波侦听与冲突检测CSMA/CD8:网段地址154.27.0.0的网络,若不做子网划分,能支持()台主机A、254B、1024C、65,534D、16,777,2069:路由器网络层的基本功能是()。
A、配置IP地址B、寻找路由和转发报文C、将MAC地址解释成IP地址10:选出基于TCP协议的应用程序()。
A、PINGB、TFTPC、TELNETD、OSPF11:某公司申请到一个C类IP地址,但要连接6个的子公司,最大的一个子公司有26台计算机,每个子公司在一个网段中,则子网掩码应设为()。
A、255.255.255.0B、255.255.255.128C、255.255.255.192D、255.255.255.22412:B类地址的缺省掩码是()。
CCNA认证试题一(附答案和解析)中文版(一)1、目前,我国应用最为广泛的LAN标准是基于()的以太网标准.(A) IEEE 802.1(B) IEEE 802.2(C) IEEE 802.3(D) IEEE 802.5答案:C参考知识点:现有标准:IEEE 802.1 局域网协议高层IEEE 802.2 逻辑链路控制IEEE 802.3 以太网IEEE 802.4 令牌总线IEEE 802.5 令牌环IEEE 802.8 FDDIIEEE 802.11 无线局域网记住IEEE802.1-------IEEE802.5的定义以太网是一种计算机局域网组网技术。
IEEE制定的IEEE 802.3标准给出了以太网的技术标准。
它规定了包括物理层的连线、电信号和介质访问层协议的内容。
以太网是当前应用最普遍的局域网技术。
它很大程度上取代了其他局域网标准,如令牌环、FDDI和ARCNET。
以太网的标准拓扑结构为总线型拓扑,但目前的快速以太网(100BASE-T、1000BASE-T标准)为了最大程度的减少冲突,最大程度的提高网络速度和使用效率,使用交换机(Switch)来进行网络连接和组织,这样,以太网的拓扑结构就成了星型,但在逻辑上,以太网仍然使用总线型拓扑的C***A/CD介质访问控制方法。
电气电子工程师协会或IEEE(Institute of Electrical and Electronics Engineers)是一个国际性的电子技术与信息科学工程师的协会。
建会于1963年1月1日。
总部在美国纽约市。
在150多个国家中它拥有300多个地方分会。
目前会员数是36万。
专业上它有35个专业学会和两个联合会。
IEEE发表多种杂志,学报,书籍和每年组织300多次专业会议。
IEEE 定义的标准在工业界有极大的影响。
下面列出:IEEE802.3以太网标准802.3--------- 10Base以太网标准802.3u-------- 100Base-T(快速以太网)802.3z-------- 1000Base-X(光纤吉比特以太网)802.3ab-------- 1000Base-T(双绞线吉比特以太网)2、对于这样一个地址,192.168.19.255/20,下列说法正确的是: ()(A) 这是一个广播地址(B) 这是一个网络地址(C) 这是一个私有地址(D) 地址在192.168.19.0网段上(E) 地址在192.168.16.0网段上(F) 这是一个公有地址答案:CE注:IP地址中关键是看她的主机位,将子网掩码划为二进制,1对应上面的地址是网络位,0对应的地址是主机位192.168.19.255/20划为二进制为:11000000.10101000.00010011.1111111111111111.11111111.11110000.00000000主机位变成全0表示这个IP的网络地址主机槐涑扇?表示这个IP的广播地址RFC1918文件规定了保留作为局域网使用的私有地址:10.0.0.0 - 10.255.255.255 (10/8 prefix)172.16.0.0 - 172.31.255.255 (172.16/12 prefix)192.168.0.0 - 192.168.255.255 (192.168/16 prefix)3、Quidway系列路由器在执行数据包转发时,下列哪些项没有发生变化(假定没有使用地址转换技术)?()(A) 源端口号(B) 目的端口号(C) 源网络地址(D) 目的网络地址(E) 源MAC地址(F) 目的MAC地址答案:ABCD参考知识点:路由功能就是指选择一条从源网络到目的网络的路径,并进行数据包的转发。
A. The link between Company1 and Company2 is down.B. Interface Fa0/0 on Company2 is shutdown.C. The link between Company2 and Company3 is down.D. The default gateway on Company-PC1 is incorrect.Answer: C383.Refer to the exhibit.Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table?A. Switch1 will add 192.168.23.4 to the switching table.B. Switch1 will add 192.168.23.12 to the switching table.C. Switch1 will add 000A.8A47.E612 to the switching table.D. Switch1 will add 000B. DB95.2EE9 to the switching table.Answer: CL a b-E I G R PQuestion#After adding RTR_2 router, no routing updates are being exchanged between RTR_1 and the new location. All other inter connectivity and internet access for the existing locations of thecompany are working properly.The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers. Access to the router CLI can be gained by clicking on the appropriate host.All passwords on all routers are cisco .IP addresses are listed in the chart below.RTR_A#show run!!interface FastEthernet0/0ip address 192.168.60.97 255.255.255.240!interface FastEthernet0/1ip address 192.168.60.113 255.255.255.240!interface Serial0/0ip address 192.168.36.14 255.255.255.252clockrate 64000!router eigrp 212network 192.168.36.0network 192.168.60.0no auto-summary!RTR_A#show ip route192.168.36.0/30 is subnetted, 1 subnetsC 192.168.36.12 is directly connected, Serial 0/0192.168.60.0/24 is variably subnetted, 5 subnets, 2 masksC 192.168.60.96/28 is directly connected, FastEthernet0/0C 192.168.60.112/28 is directly connected, FastEthernet0/1D 192.168.60.128/28 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0 D 192.168.60.144/28 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0 D 192.168.60.24/30 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0 D* 198.0.18.0 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0********************************************************************************RTR_2#show run!!interface FastEthernet0/0ip address 192.168.77.34 255.255.255.252!interface FastEthernet0/1ip address 192.168.60.65 255.255.255.240!interface FastEthernet1/0ip address 192.168.60.81 255.255.255.240!!router eigrp 22network 192.168.77.0network 192.168.60.0no auto-summary!RTR_2#show ip route192.168.60.0/28 is variably subnetted, 2 subnetsC 192.168.60.80 is directly connected, FastEthernet1/0C 192.168.60.64 is directly connected, FastEthernet0/1192.168.77.0/30 is subnetted, 1 subnetsC 192.168.77.32 is directly connected, FastEthernet0/0**********************************************************RTR_B#show run!interface FastEthernet0/0ip address 192.168.60.129 255.255.255.240!interface FastEthernet0/1ip address 192.168.60.145 255.255.255.240!interface Serial0/1ip address 192.168.60.26 255.255.255.252!router eigrp 212network 192.168.60.0!RTR_B#show ip route192.168.60.0/24 is variably subnetted, 5 subnets, 2 masksC 192.168.60.24/30 is directly connected, Serial0/1C 192.168.60.128/28 is directly connected, FastEthernet0/0C 192.168.60.144/28 is directly connected, FastEthernet0/1D 192.168.60.96/28 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1 D 192.168.60.112/28 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1 192.168.36.0/30 is subnetted, 1 subnetsD 192.168.36.12 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1 D* 198.0.18.0 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1**************************************************************************RTR_1#show run!!interface FastEthernet0/0ip address 192.168.77.33 255.255.255.252!interface Serial1/0ip address 198.0.18.6 255.255.255.0!!interface Serial0/0ip address 192.168.36.13 255.255.255.252clockrate 64000!interface Serial0/1ip address 192.168.60.25 255.255.255.252clockrate 64000!!router eigrp 212network 192.168.36.0network 192.168.60.0network 192.168.85.0network 198.0.18.0no auto-summary!ip classlessip default-network 198.0.18.0ip route 0.0.0.0 0.0.0.0 198.0.18.5ip http serverRTR_1#show ip route192.168.36.0/30 is subnetted, 1 subnetsC 192.168.36.12 is directly connected, Serial 0/0192.168.60.0/24 is variably subnetted, 5 subnets, 2 masksC 192.168.60.24/30 is directly connected, Serial0/1D 192.168.60.128/28 [ 90/21026560 ] via 192.168.60.26, 00:00:57, Serial 0/1D 192.168.60.144/28 [ 90/21026560 ] via 192.168.60.26, 00:00:57, Serial 0/1D 192.168.60.96/28 [ 90/21026560 ] via 192.168.36.14, 00:00:57, Serial 0/0192.168.77.0/30 is subnetted, 1 subnetsC 192.168.77.32 is directly connected, FastEthernet0/0C 192.0.18.0/24 is directly connected, Serial 1/0*S 0.0.0.0 via 198.0.18.5Explanation:Step1:Identify the faults in configuration on RTR_1 and RTR_2. As the SIM specifies all other inter connectivity and internet access for the existing locations of the company are working properly.Routing Protocols used in the SIM is EIGRP with AS 212 as provided by exhibit.Faults Identified:1. Wrong AS (EIGRP 22) provided at RTR_2 (New router)2. RTR_1 does not advertise the new network between RTR_1 and RTR_2 into EIGRP.We need to correct the above two configuration mistakes to have full connectivityStep2:Correcting the EIGRP AS to 212Wrong AS (EIGRP 22) provided at RTR_2 (New router)All routers that want to exchange routes within EIGRP needs to be in same Autonomous System.Step 2.1:First we need to remove the current wrong EIGRP AS 22 from Router RTR_2Click on Host-F to get CLI of RTR_2RTR_2>enablePassword : cisco(Provided by SIM Q )RTR_2#conf tRTR_2(conf)#Step 2.2:Removing the wrong EIGRP routing process with AS 22RTR_2(conf)#no router eigrp 22The above statement removes all the EIGRP configuration configured for AS 22 .Step 2.3:Adding the correct EIGRP configurationStart the EIGRP routing process with AS 212RTR_2(conf)#router eigrp 212Step 2.4:Advertise the directly connected networks into EIGRP on RTR_2Fa 0/0 - 192.168.77.34Fa 1/0 - 192.168.60.81Fa 0/1 - 192.168.60.65RTR_2(config-router)#network 192.168.60.0RTR_2(config-router)#network 192.168.77.0RTR_2(config-router)#no auto-summaryRTR_2(config-router)#endStep 2.5:Important save the changes made to router RTR_2RTR_2#copy run startStep 3:RTR_1 does not advertise the new network between RTR_1 and RTR_2 into EIGRP. Click on Host-G to get CLI of RTR_1The network192.168.77.0 is used between RTR_1Fa0/0- RTR_2Fa 0/0This network needs to be advertise into EIGRP routing process at RTR_1RTR_1>enablePassword : cisco(Provided by SIM Q )RTR_1#conf tRTR_1(conf)#Step 3.1:Enter EIGRP routing process for AS 212RTR_1(conf)#router eigrp 212Step 3.2:The network192.168.77.0is used between RTR_1 Fa0/0- RTR_2 Fa 0/0 . Advertise this network into EIGRPRTR_1(config-router)#network 192.168.77.0RTR_1(config-router)#endStep 3.3:Important save the changes made to router RTR_1RTR_1#copy run startVerification:From RTR_2 CLIping RTR_1 Serial 1/0 IP address 198.0.18.6RTR_2#ping 198.0.18.6!!!!!A successful ping shows the new RTR_2 will have full connectivity with other routers. Any Questions are welcomed!!!!!L a b-A C LCorp1>enable (you may enter "cisco" as it passwords here)We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 -172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the "show running-config" command to check which interface has the IP address of 172.22.242.30. Corp1#show running-configWe learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).Corp1#configure terminalOur access-list needs to allow host C - 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80All other traffic is permittedCorp1(config)#access-list 100 permit ip any anyApply this access-list to Fa0/1 interface (outbound direction)Corp1(config)#interface fa0/1Corp1(config-if)#ip access-group 100 outNotice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from the Core network.Click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can't access Finance Web Server from these hosts.Finally, save the configurationCorp1(config-if)#endCorp1#copy running-config startup-configL a b-V T PThis task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This does not require any configuration.To answer the multiple-choice questions, click on the numbered boxes in the right panel.There are five multiple-choice questions with this task. Be sure to answer all five questions before leaving this item.Question 1:What interface did Sw-AC3 associate with source MAC address 0010.5a0c.ffba ?a) Fa0/1b) Fa0/3c) Fa0/6d) Fa0/8e) Fa0/9f) Fa0/12Answer: Fa 0/8Explanation: to find out which interface associated with a given MAC address, use the show mac-address-table command. It shows the learned MAC addresses and their associated interfaces. After entering this command, you will see a MAC address table like this:From this table we can figure out that the MAC address 0010.5a0c.ffba is associated with interface Fa0/8 Question 2:What ports on Sw-AC3 are operating has trunks (choose three)?a) Fa0/1b) Fa0/3c) Fa0/4d) Fa0/6e) Fa0/9f) Fa0/12Answer: Fa0/3, Fa0/9 and Fa0/12Explanation: Use the show interface trunk command to determine the trunking status of a link and VLAN status. This command lists port, its mode, encapsulation and whether it is trunking. The image below shows how it works:(This image is used for demonstration only)Question 3:What kind of router is VLAN-R1?a) 1720b) 1841c) 2611d) 2620Answer: 2620Explanation: VLAN-R1 is the router directly connected to Sw-Ac3 switch, so we can use the show cdp neighbors command to see:1. Neighbor Device ID : The name of the neighbor device;2. Local Interface : The interface to which this neighbor is heard3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.4. Platform: Which type of device the neighbor is5. Port ID: The interface of the remote neighbor you receive CDP information6. Holdtime: Decremental hold time in secondsSample output of show cdp neighbors command:One thing I want to notice you is "Local Intrfce" in the image above refers to the local interface on the device you are running the "show cdp neighbors" commandQuestion 4: Which switch is the root bridge for VLAN 1?Answer: Sw-DS1Explanation: First we use the show spanning-tree vlan 1 to view the spanning-tree information of VLAN 1From the "Cost 19", we learn that the root switch is directly connected to the Sw-Ac3 switch over a 100Mbps Ethernet linkNotice that if you see all of the interface roles are Desg (designated) then you can confirm Sw-Ac3 switch is the root bridge for this VLAN (VLAN 1).If you see there is at least one Root port in the interface roles then you can confirm Sw-Ac3 is not the root bridge because root bridge does not have root port. In this case, we notice that the root port on Sw-Ac3 switch is FastEthernet0/12, so we have to figure out which switch is associated with this port -> it is the root bridge. You can verify it with the show cdp neighbors command:The "Local Intrfce" column refers to the interface on the switch running "show cdp neighbors" command. In this case, Sw-DS1 is associated with interface FastEthernet0/12 -> Sw-DS1 is the root bridgeQuestion 5: What address should be configured as the default-gateway for the host connected to interface fa 0/4 of SW-Ac3?Answer: 192.168.44.254Explanation:First we have to identify which VLAN interface Fa0/4 belongs to by the show vlan commandFrom the exhibit we know that VLAN 44 is configured on router using sub-interface Fa0/0.44 with IP address 192.168.44.254/24Therefore the default gateway of the host should be 192.168.44.254Question 6: From which switch did Sw-Ac3 receive VLAN information ?Answer: Sw-AC2Explanation: to view the VTP configuration information, use the show vtp status commandSo we knew Sw-Ac3 received VLAN information from 163.5.8.3 (notice:the IP address may be different). Finally we use the show cdp neighbors detail to find out who 163.5.8.3 is:Question 7: Refer to the exibit, SwX was taken out of the production network for maintenance. It will be reconnected to the Fa 0/16 port of Sw-Ac3. What happens to the network when it is reconnected and a trunk exists between the two switches?A - All VLANs except the default VLAN win be removed from all switchesB - All existing switches will have the students, admin, faculty, Servers, Management, Production, and no-where VLANsC - The VLANs Servers, Management, Production and no-where will replace the VLANs on SwXD - The VLANs Servers, Management, Production and no-where will be removed from existing switchesAnswer and Explanation:First we should view the VTP configuration of switch Sw-Ac3 by using the show vtp status command on Sw-Ac3Notice that its configuration revision number is 5 and VTP Domain Name is home-officeNext, from the exhibit we know that SwX has a revision number of 6, which is greater than that of Sw-Ac3 switch, and both of them have same VTP Domain Name called "home-office".Therefore SwX will replace vlan information on other switches with its own information. We should check vlan information of Sw-Ac3 switch with show vlan commandSo the correct answer is D - The VLANs Servers, Management, Production and no-where will be removed from existing switchesPlease notice that in the real CCNA exam you may see a different configuration revision of Sw-Ac3 or of SwX. In general, which switch has a higher revision number it will become the updater and other switches will overwrite their current databases with the new information received from the updater (provided that they are on the same domain and that switch is not in transparent mode). Also, some recent comments have said that the new switch's VTP Operating Mode is Server but the answer is still the same.Question 8:Out of which ports will a frame be forwarded that has source mac-address 0010.5a0c.fd86 and destination mac-address 000a.8a47.e612? (Choose three)A - Fa0/8B - Fa0/3C - Fa0/1D - Fa0/12Answer: B C DExplanation:First we check to see which ports the source mac-address and the destination mac-address belong to by using show mac-address-table commandWe notice that the source mac-address 0010.5a0c.fd86 is listed in the table and it belongs to Vlan 33 but we can't find the destination mac-address 000a.8a47.e612 in this table. In this case, the switch will flood to all ports of Vlan 33 and flood to all the trunk links, except the port it received this frame (port Fa0/6). Therefore from the output above, we can figure out it will flood this frame to Fa0/1, Fa0/3 and Fa0/12.Please notice that the "show mac-address-table" command just lists information that was learned by the switch, it means that there can be other ports besides Fa0/1, Fa0/3 and Fa0/12 belong to Vlan 33. You can use the show vlan command to see which ports belong to vlan 33And we found other ports which belong to vlan 33, they are Fa0/2, Fa0/5 and Fa0/7. Our switch will flood the frame to these ports, too.And we can check which trunk ports will receive this frame by the show interface trunk command-> Port Fa0/9 will also receive this frame!Question 9:If one of the host connected to Sw-AC3 wants to send something for the ip 190.0.2.5 (or any ip that is not on the same subnet) what will be the destination MAC addressAnswer and Explanation:Because the destination address is not on the same subnet with the switch, it will forward the packet to its default gateway. So we have to find out who is the default gateway of this switch by using the show running-config commandFrom the output, we notice that its default-gateway is 192.168.1.254. In fact, we can easily guess that its default gateway should be a layer 3 device like a router; and in this case, the VLAN-R1 router. To verify our theory, use the show cdp neighbor detail command and focus on the description of VLAN-R1 routerFrom this output, we can confirm the switch's default gateway is VLAN-R1 router (with the IP address of 192.168.1.254). And "the interface: FastEthernet0/3" tells us that the switch is connected to VLAN-R1 router through Fa0/3 port (Fa0/3 is the port on the switch).Finally we just need to use the show mac-address-table command to find out which MAC address is associated with this interface(Notice that in the real CCNA exam the MAC address or port may be different)And we find out the corresponding MAC address is 000a.b7e9.8360. Although there are some entries of port Fa0/3 with different Vlans but they have the same MAC addressL a b-R I P(o l d-l a b)Answer:Router>enableRouter#config terminalRouter(config)#hostname GothaGotha(config)#enable secret mi222keGotha(config)#line console 0Gotha(config-line)#password G8tors1Gotha(config-line)#exitGotha(config)#line vty 0 4Gotha(config-line)#password dun63labGotha(config-line)#loginGotha(config-line)#exitGotha(config)#interface fa0/0Gotha(config-if)#ip address 209.165.201.1 255.255.255.224Gotha(config)#interface s0/0/0Gotha(config-if)#ip address 192.0.2.176 255.255.255.240Gotha(config-if)#no shutdownGotha(config-if)#exitGotha(config)#router ripGotha(config-router)#version 2Gotha(config-router)#network 209.165.201.0Gotha(config-router)#network 192.0.2.176Gotha(config-router)#endGotha#copy run start ——————————————————————————————————————————————————————————LAB: RIP V2Question#Central Florida Widgets recently installed a new router in their office (NEW_RTR). Complete the network installation by performing the initial router configurations and configuring RIP V2 routing using the router Command Line Interface (CLI) on the NEW_RTR .Click on image for larger pictureConfigure the router per the following requirements:1) Name of the router is NEW_RTR2) Enable-secret password is cisco3) The password to access user EXEC mode using the console is class4) The password to allow telnet access to the router is class5) IPV4 addresses must be configured as follows:5.1) Ethernet network 209.165.202.128 /27 – Router has the last assignable hostaddress in subnet.5.2) Serial Network is 192.0.2.16 /28 - Router has the last assignable hostaddress in subnet.6) Interfaces should be enabled.7) Router protocol is RIPv2Explanation:Step1:Click on the console host, you will get a pop-up screen CLI of Router.Router>Configure the new router as per the requirements provided in Lab questionRequirement 1:Name of the router is NEW_RTRStep2:To change the hostname of the router to NEW_RTR follow the below stepsRouter>Router>enableRouter# configure terminalRouter (config)# hostname NEW_RTRNEW_RTR(config)#Requirement 2:Enable-secret password is ciscoStep3:To set the enable secret password to cisco use the following commandNEW_RTR(config)#enable secret ciscoRequirement 3:The password to access user EXEC mode using the console is classStep 4:We need to configure the line console 0 with the password classAlso remember to type login command after setting up the password on line con 0 which allows router to accept logins via console.NEW_RTR(config)# line con 0NEW_RTR(config-line)#password classNEW_RTR(config-line)#loginNEW_RTR(config-line)# exitNEW_RTR(config)#Requirement 4:The password to allow telnet access to the router is classStep 5:To allow telnet access we need to configure the vty lines 0 4 with the password classAlso remember to type login command after setting up the password on line vty 0 4 which allows router to accept logins via telnet.NEW_RTR(config)# line vty 0 4NEW_RTR(config-line)#password classNEW_RTR(config-line)#loginNEW_RTR(config-line)# exitNEW_RTR(config)#Requirement 5:5.1) Ethernet network 209.165.202.128 /27 – Router has the last assignable hostaddress in subnet.5.2) Serial Network is 192.0.2.16 /28 - Router has the last assignable hostaddress in subnet.Step 6:Ethernet network 209.165.202.128 /27 – Router has the last assignable host address in subnet.Ethernet Interface on router NEW_RTR is Fast Ethernet 0/0 as per the exhibitFirst we need to identify the subnet maskNetwork: 209.165.202.128 /27Subnet mask: /27: 27 bits = 8 + 8 + 8 + 3=8(bits).8(bits).8(bits) .11100000 (3bits)=255.255.255.11100000=11100000 = 128+64+32+0+0+0+0+0= 224Subnet mask: 255.255.255.224Different subnet networks and there valid first and last assignable host address range for above subnet mask are Subnet Networks :::::: Valid Host address range :::::: Broadcast address209.165.202.0 :::::: 209.165.202.1 - 209.165.202.30 ::::: 209.165.202.31209.165.202.32 :::::: 209.165.202.33 - 209.165.202.62 ::::: 209.165.202.63209.165.202.64 :::::: 209.165.202.65 - 209.165.202.94 :::::: 209.165.202.95209.165.202.96 :::::: 209.165.202.97 - 209.165.202.126 :::::: 209.165.202.127209.165.202.128 :::::: 209.165.202.129 - 209.165.202.158 :::::: 209.165.202.159209.165.202.160 :::::: 209.165.202.161 - 209.165.202.190 :::::: 209.165.202.191209.165.202.192 :::::: 209.165.202.193 - 209.165.202.222 :::::: 209.165.202.223209.165.202.224 :::::: 209.165.202.225 - 209.165.202.254 :::::: 209.165.202.255Use above table information for network 209.165.202.128 /27 to identifyFirst assignable host address: 209.165.202.129Last assignable host address: 209.165.202.158This IP address (209.165.202.158) which we need to configure on Fast Ethernet 0/0 of the router using the subnet mask 255.255.255.224NEW_RTR(config)#interface fa 0/0NEW_RTR(config-if)#ip address 209.165.202.158 255.255.255.224Requirement 6:To enable interfacesUse no shutdown command to enable interfacesNEW_RTR(config-if)#no shutdownNEW_RTR(config-if)#exitStep 7:Serial Network is 192.0.2.16 /28 - Router has the last assignable host address in subnet.Serial Interface on NEW_RTR is Serial 0/0/0 as per the exhibitFirst we need to identify the subnet maskNetwork: 192.0.2.16 /28Subnet mask: /28: 28bits = 8bits+8bits+8bits+4bits=8(bits).8(bits).8(bits) .11110000 (4bits)=255.255.255.11100000=11100000 = 128+64+32+16+0+0+0+0= 240Subnet mask: 255.255.255.240Different subnet networks and there valid first and last assignable host address range for above subnet mask are Subnet Networks ::::: Valid Host address ::::::::::: Broadcast address192.0.2.0 :::::: 192.0.2.1 - 192.0.2.14 ::::::: 192.0.2.15192.0.2.16 ::::::: 192.0.2.17 - 192.0.2.30 ::::::: 192.0.2.31192.0.2.32 :::::::: 192.0.2.33 - 192.0.2.46 :::::: 192.0.2.47and so on ….Use above table information for network 192.0.2.16 /28 to identifyFirst assignable host address: 192.0.2.17Last assignable host address: 192.0.2.30We need to configure Last assignable host address (192.0.2.30) on serial 0/0/0 using the subnet mask 255.255.255.240NEW_RTR(config)#interface serial 0/0/0NEW_RTR(config-if)#ip address 192.0.2.30 255.255.255.240Requirement 6:To enable interfacesUse no shutdown command to enable interfacesNEW_RTR(config-if)#no shutdownNEW_RTR(config-if)#exitRequirement 7:Router protocol is RIPv2Step 8:Need to enable RIPv2 on router and advertise its directly connected networksNEW_RTR(config)#router ripTo enable RIP v2 routing protocol on router use the command version 2NEW_RTR(config-router)#version 2Optional:no auto-summary (Since LAB networks do not have discontinuous networks)RIP v2 is classless, and advertises routes including subnet masks, but it summarizes routes by default.So the first things we need to do when configuring RIP v2 is turn off auto-summarization with the router command noauto-summary if you must perform routing between disconnected subnets.NEW_RTR (config-router) # no auto-summaryAdvertise the serial 0/0/0 and fast Ethernet 0/0 networks into RIP v2 using network commandNEW_RTR(config-router)#network 192.0.2.16NEW_RTR(config-router)#network 209.165.202.128NEW_RTR(config-router)#endStep 9:Important please do not forget to save your running-config to startup-configNEW_RTR# copy run startAny questions are welcomed on above LAB... Best of Luck!!!!!L a b-N A T(o l d-l a b) NAT-LABAnswers:Bomar(Config)#access-list 1 permit 192.168.16.33 0.0.0.15Bomar(Config)#access-list 1 deny anyBomar(Config)#ip nat pool TestKiss 198.18.237.225 198.18.237.230 prefix-length 29Bomar(Config)#ip nat inside source list 1 pool TestKiss overloadBomar(Config)#interface fa0/0BomarConfig-if)#ip nat insideBomar(Config)#interface S0/0Bomar(Config-if)#ip nat outsideBomar(Config-if)#exitBomar#Copy run start-------------------------------------------------------------------------------Question:A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30 .CLICK ON IMAGE TO VIEWClick Knowledge Base for NAT SIM to learn the concepts before attempting or learning this SIM QuestionNAT SIM Configuration:The following configuration translates between inside hosts (Weaver LAN) addressed from 192.168.100.16 /28 network (192.168.100.17 – 192.168.100.30) to the globally unique pool of address provided by ISP 198.18.184.105 – 198.18.184.110 /29.Weaver>enableWeaver#configure terminalBefore starting the NAT configuration verify that router hostname currently configured is weaver. If not change hostname to Weaver using the commandRouter(config)#hostname WeaverStep1:Create an access-list to match all the Weaver LAN address that need to be the candidates for NAT translationsWeaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15Step2:Create a NAT Pool with pool name isp_adr and specify the pool address range provided by ISP with their netmask.Weaver(config)#ip nat pool TestKiss 198.18.184.105 198.18.184.110 netmask 255.255.255.248Step3:Packets that match access-list 10 will be translated to an address from the pool called "TestKiss".Overload keyword specify to use Port based NATing to support all the Weaver LAN address range.Weaver(config)#ip nat inside source list 10 pool TestKiss overloadSIM Question already provides that appropriate interfaces have been configured for NAT Inside and NAT Outside statements.For your information configuration would have been like thisWeaver(config)#interface fastethernet 0/0Weaver(config-if)#ip nat insideWeaver(config)#interface serial 0/0Weaver(config-if)#ip nat outsideWeaver#copy run start。
技术与您相伴,远大在您身边!!EIGRP实验题Question:After adding R3router,no routing updates are being exchanged between R3and the new location.All other inter connectivity and Internet access for the existing locations of the company are working properly.The task is to identify the fault(s)and correct the router configuration to provide full connectivity between the routers.Access to the router CLI can be gained by clicking on the appropriate host.All passwords on all routers are cisco.IP addresses are listed in the chart below.技术与您相伴,远大在您身边!!考试总结:EIGRP这题实验题主要是排错,找出4台路由器宣告的AS号和网段是否错误,按照图里给出的自己Show run查看下。
有错误宣告的就把它改正,按照第二个图里给的网段宣告,AS号在第一个图里。
做完后记得ping一下每个网段是否通,最后记得Copy running-config Startup-config不然就白做了考试的时候不管他AS号还是网段号宣告错误不错误,上去直接NO掉EIGRP,先show run查看下每个路由器宣告的EIGRP AS号,然后NO掉他,重新按照图里给的AS号和网段自己宣告,记得敲No auto-summary关闭自动汇总Answer and explanation:We should check the configuration of the new added router first because it does not function properly while others work well.From the command line interface of R3router,enter the show running-config command技术与您相伴,远大在您身边!!From the output above,we know that this router was wrongly configured with an autonomous number(AS)of22.When the AS numbers among routers are mismatched,no adjacency is formed. (You should check the AS numbers on other routers for sure)To solve this problem,we simply re-configure router R3with the following commands:R3>enable(you have to enter cisco as its password here)R3#configure terminalR3(config)#no router eigrp22R3(config)#router eigrp212R3(config-router)#network192.168.60.0技术与您相伴,远大在您身边!!R3(config-router)#network192.168.77.0R3(config-router)#no auto-summaryR3(config-router)#endR3#copy running-config startup-configCheck R1router with the show running-config command:Notice that it is missing a definition to the network R3.Therefore we have toAdd it so that it can recognize R3routerR1>enable(you have to enter cisco as its password here)R1#configure terminalR1(config)#router eigrp212R1(config-router)#network192.168.77.0R1(config-router)#end技术与您相伴,远大在您身边!!R1#copy running-config startup-configNow the whole network will work well.You should check again with pingCommand from router R3to other routers!Top的另外一种但是错误点和网络结构与前者完全相同只是as号和网络地址有些许变化请注意ACL实验题QuestionA network associate is adding security to the configuration of the Corp1router.The user on host C should be able to use a web browser to access financial information from the Finance Web Server.No other hosts from the LAN nor the Core should be able to use a web browser to access this server.Since there are multiple resources for the corporation at this location技术与您相伴,远大在您身边!!including other resources on the FinanceWeb Server,all other traffic should be allowed.The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server.No other hosts will have web access to the Finance Web Server.All other traffic is permitted.注:红色关键单词记住,代表只允许C主机访问Finance Web服务器Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to"cisco".The Core connection uses an IP address of198.18.196.65←Corp1路由器的S口的IP,考试时要show下IP对不对,不对就改The computers in the Hosts LAN have been assigned addresses of192.168.33.1-192.168.33.254Host A192.168.33.1Host B192.168.33.2Host C192.168.33.3Host D192.168.33.4The servers in the Server LAN have been assigned addresses of172.22.242.17-172.22.242.30The Finance Web Server is assigned an IP address of172.22.242.23.技术与您相伴,远大在您身边!!技术与您相伴,远大在您身边!!Answer and ExplanationCorp1>enable(you may enter"cisco"as it passwords here)We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2and Core networks.The Server LAN network has been assigned addresses of172.22.242.17-172.22.242.30so we can guess the interface connected to them has an IP address of172.22.242.30(.30is the number shown in the figure).Use the"show runningconfig"command to check which interface has the IP address of172.22.242.30.Corp1#show running-config技术与您相伴,远大在您身边!!确定连接服务器的接口为F0/1Corp1#configure terminalCorp1(config)#access-list100permit tcp host192.168.33.3host172.22.242.23eq80 Corp1(config)#access-list100deny tcp any host172.22.242.23eq80Corp1(config)#access-list100permit ip any anyCorp1(config)#interface fa0/1Corp1(config-if)#ip access-group100outCorp1(config-if)#endCorp1#copy running-config startup-configCorp1路由器的S口的IP,考试时要show下IP对不对,不对就改,修改IP命令Corp1#configure terminalCorp1(config)#int s0/0(具体端口号自己show run看一下)Corp1(config-if)#ip add198.18.196.65255.255.255.252(ip改为题目给的,掩码用show run得到的原先错误IP的掩码)Corp1(config-if)#end这里不用删掉错误的IP地址,直接输入新的可以将旧IP覆盖,最后别忘记保存最近ACL题目要求出现变动:技术与您相伴,远大在您身边!!1允许host c通过浏览器访问Finance web server2不允许host c的其他类型访问Finance web server3不许其他主机访问Finance web server(没有说明访问类型)4允许所有主机访问public web server(没有说明访问类型)可进行以下配置:Corp1#configure terminalCorp1(config)#access-list100permit tcp host192.168.33.3host172.22.242.23eq80Corp1(config)#access-list100deny ip any host172.22.242.23Corp1(config)#access-list100permit ip any anyCorp1(config)#interface fa0/1Corp1(config-if)#ip access-group100outCorp1(config-if)#endCorp1#copy running-config startup-config命令讲解在下面实验命令讲解:紫色的代表要敲的命令1.Corp1(config)#access-list100permit tcp host192.168.33.3host172.22.242.23eq80创建一条扩展列表,允许TCP流量从源主机为IP:192.168.33.3到目的主机IP为:172.22.252.34的80端口。
----------------------------文档来源百度文库..花了俺20virtual$下载的不共享出来让更多的人看到俺心里那个坑就是填不平…里面包含了CCNA的一些基础实验题,其中有个别题目的配置部分有小错误,留给大家去排错了~希望大家能够喜欢!最后,祝大家学习愉快~!实验一路由器基本配置一、实验设备一台路由器,一台PC,配置线一条。
二、实验要求1.更改路由器名称为RA2.设置password为cisco1,secret为cisco2,vty为cisco3,并要求所有密码都加密。
3.关闭域名查找,命令输入同步。
4.配置以太网口的IP为202.119.249.2195.设置登陆提示信息6.对串行口进行描述(描述信息为:welcome to lixin lab)7.将上述信息保存到tftp server8.将实验过程配置写在记事本中进行粘贴。
9.配置VTY访问权限。
10.禁止路由器进行域名解析。
三、实验步骤Router>enableRouter#configure terminalRouter(config)#hostname RA 设置路由器名RA(config)#enable password cisco1 设置密码RA(config)#enable secret cisco2 设置加密密码RA (config)#no ip domain-lookup关闭域名查找(当我们打错命令时,不会去查找DNS,造成延时)RA (config)#line console 0RA (config-line)#logging synchronous命令输入达到同步(信息提示不会打断你的输入)RA (config-line)#exec-timeout 0 0 设置永久不超时RA (config-line)#exitRA(config)#line vty 0 4RA(config-line)#(enable)password cisco3 设置vty密码RA(config-line)#exitRA(config)#service password-encryption 对密码加密RA(config)#int fastEthernet 0/0RA(config-if)#ip address 202.119.249.1 255.255.255.0 对以太网口fa0/0配置IP RA(config-if)#no shutdown 开启端口RA(config-if)#exitRA(config)#banner motd & welcome welcome to ccna lab!!! & 设置登陆提示信息RA(config)#int fa0/1RA(config-if)#description this is a fast port 描述端口信息RA(config-if)#exitRA(config)#copy running-config tftp 把信息保存到tftp实验二静态路由一、实验设备两台28系列型号路由器通过串口相连。
培训大讲堂官方YY 频道:3660mCCNA题库考试代号:640-802考试时间:英文110+30=140分钟通过分数:825题库版本:V104.4鸿鹄论坛招募CCNA、CCNP答疑讲师答疑地点:鸿鹄官方YY频道3660CCNA(640-802)题库V104.4CCNA(640-802)题库V104.4(情人节版)V104系列是官方的终结版本,以后不会再出V105 V106 V108等等========================================更新内容:V104.1修正V104中错误题目,确定经典争议题目答案;V104.2增加拖图题并可完美模拟考试,VCE题库增加中文注释;V104.3针对思科CCNA考试变题,更新考试新增题目93Q,更新V104.2实验题;V104.4增加全文中文注释,汇总V104.3九次更新,删除部分旧题目,为目前最新官方正版题库;2011.8.1 增加每日新题,修订部分错误。
增加5道新题,分别是519、520、521、522、523题修改176题、375题、443题、482题答案错误修改59题、88题、453题、107题、270题注释错误增加个别疑难拖图题注释,优化实验题=============================================QUESTION 1When you are logged into a switch, which prompt indicates that you are in privileged mode?(当您登录到交换机,哪种提示表明你在特权模式?)A. %B. @C. >D. $E. #Answer: ESection: Chapter 4: Introduction to Cisco IOSExplanation/Reference:特权模式就是#提示符QUESTION 2Which command shows system hardware and software version information?(哪些命令显示系统硬件和软件的版本信息?)A. show configurationB. show environmentC. show inventoryD. show platformE. show versionAnswer: ESection: Chapter 4: Introduction to Cisco IOSExplanation/Reference:查看系统的软件和硬件信息使用的命令是show versionQUESTION 3Cisco Catalyst switches CAT1 and CAT2 have a connection between them using ports FA0/13. An 802. 1Q trunk is configured between the two switches. On CAT1, VLAN 10 is chosen as native, but on CAT2 the native VLAN is not specified.What will happen in this scenario?(思科Catalyst 交换机CAT1 和CAT2 有它们之间的连接使用端口FA0/13。
ccna考试题及答案1. 以下哪项是网络层的功能?A. 路由选择B. 错误检测C. 流量控制D. 封装数据包答案:A2. 在OSI模型中,哪一层负责在网络中传输数据?A. 应用层B. 传输层C. 会话层D. 网络层答案:D3. 以下哪个协议是用于在IP网络中发现网络设备的?A. ARPB. RARPC. ICMPD. OSPF答案:A4. 在TCP/IP模型中,哪一层与OSI模型的传输层相对应?A. 应用层B. 互联网层C. 网络接口层D. 传输层答案:D5. 以下哪个地址是一个有效的IPv4地址?A. 192.168.1.256B. 192.168.1.1C. 10.0.0.0D. 172.16.300.1答案:B6. 在配置路由器时,以下哪个命令用于进入全局配置模式?A. enableB. configure terminalC. privileged execD. user exec答案:B7. 以下哪个命令用于在Cisco设备上显示当前配置?A. show running-configB. show startup-configC. show configD. show current-config答案:A8. 在Cisco设备上,以下哪个命令用于保存当前的配置到启动配置文件?A. copy running-config startup-configB. copy startup-config running-configC. save running-configD. save startup-config答案:A9. 以下哪个命令用于在Cisco设备上查看所有接口的状态?A. show interfacesB. show ip interface briefC. show interface statusD. show running-config interface答案:B10. 在Cisco设备上,以下哪个命令用于关闭接口?A. shutdownB. no shutdownC. disableD. no enable答案:A11. 以下哪个命令用于在Cisco设备上启用接口?A. shutdownB. no shutdownC. disableD. no enable答案:B12. 在配置静态路由时,以下哪个命令用于指定下一跳地址?B. ip static-routeC. route ipD. static-route ip答案:A13. 以下哪个命令用于在Cisco设备上清除ARP表?A. clear arp-cacheB. clear arpC. clear arp tableD. clear ip arp答案:D14. 在配置动态路由协议时,以下哪个命令用于在接口上启用RIP?A. ip rip enableB. ip rip receiveD. network rip答案:C15. 以下哪个命令用于在Cisco设备上查看RIP路由表?A. show ip ripB. show ip route ripC. show ripD. show ip protocols答案:B16. 在配置EIGRP时,以下哪个命令用于指定自动汇总?A. metric weightsB. auto-summaryC. network auto-summaryD. no auto-summary答案:B17. 以下哪个命令用于在Cisco设备上查看EIGRP邻居?A. show ip eigrp neighborsB. show eigrp neighborsC. show ip eigrpD. show eigrp interfaces答案:A18. 在配置OSPF时,以下哪个命令用于指定路由器ID?A. router-idB. router ospfC. networkD. area答案:A19. 以下哪个命令用于在Cisco设备上查看OSPF路由表?A. show ip ospfB. show ip ospf databaseC. show ospfD. show ip route ospf答案:D20. 在配置VLAN时,以下哪个命令用于创建一个新的VLAN?A. vlan databaseB. configure terminalC. vlan [vlan-id]D. new-vlan答案:C21. 以下哪个命令用于将接口分配给VLAN?A. switchport mode accessB. switchport mode trunkC. switchport access vlan [vlan-id]D. switchport trunk vlan [vlan-id]答案:C22. 在配置交换机时,以下哪个命令用于将接口设置为Trunk 模式?A. switchport mode accessB. switchport mode trunkC. switchport access vlan [vlan-id]D. switchport trunk vlan [vlan-id]答案:B23. 以下哪个命令用于在Cisco设备上查看VLAN配置?A. show vlanB. show vlan briefC. show vlan detailD. show vlan all答案:B24. 在配置VTP时,以下哪个命令用于将交换机设置为VTP服务器模式?A. vtp mode serverB. vtp mode clientC. vtp mode transparentD. vtp mode off答案:A25. 以下哪个命令用于在Cisco设备上查看VTP状态?A. show vtp statusB. show vtp statisticsC. show vtp passwordD. show vtp configuration答案:A26. 在配置STP时,以下哪个命令用于设置根桥?A. spanning-tree root primaryB. spanning-tree root secondaryC. spanning-tree root primary [priority]D. spanning-tree root secondary [priority]答案:C27. 以下哪个命令用于在Cisco设备上查看STP状态?A. show spanning-treeB. show spanning-tree detailC. show spanning-tree summaryD. show spanning-tree interface答案:A28. 在配置VLAN Trunking Protocol (VTP) 时,以下哪个命令用于设置VTP域名?A. vtp domain [domain-name]B. vtp password [password]C. vtp mode [mode]D. vtp version [version]答案:A29. 以下哪个命令用于在Cisco设备上查看当前的VTP版本?A. show vtp statusB. show vtp statisticsC. show vtp passwordD. show vtp configuration答案:A30. 在配置端口安全时,以下哪个命令用于限制接口上可以学习到的最大MAC地址数量?A. switchport port-security maximum [mac-count]B. port-security maximum [mac-count]C. switchport port-security violation restrictD. port-security violation shutdown答案:A这些题目和答案仅供学习和参考之用,实际的CCNA考试内容和形式可能会有所不同。
ccna测试题及答案CCNA测试题及答案一、选择题1. 在Cisco设备上,以下哪个命令用于查看当前的路由表?A. show ip routeB. show running-configC. show interface statusD. show version答案:A2. 以下哪个协议用于在网络中自动发现其他设备?A. ARPB. CDPC. ICMPD. TCP答案:B3. 以下哪个命令用于配置Cisco设备上的接口?A. configure terminalB. interfaceC. ip addressD. hostname答案:A二、填空题4. 在Cisco设备上,使用命令_________可以查看接口的配置信息。
答案:show interface5. 静态路由配置中,_________命令用于指定下一跳地址。
答案:ip route6. 动态路由协议可以自动适应网络变化,其中_________是最常见的一种。
答案:RIP(路由信息协议)三、简答题7. 请简述VLAN(虚拟局域网)的作用。
答案:VLAN是一种将局域网内不同物理位置的设备划分为同一逻辑网络的技术,主要用于隔离广播域,提高网络的安全性和效率。
8. 描述交换机和路由器在网络中的基本功能。
答案:交换机主要用于局域网内部,通过MAC地址表来转发数据帧,实现数据包在局域网内的快速交换。
路由器则工作在网络层,使用IP地址来转发数据包,连接不同的网络,并进行路径选择。
四、计算题9. 假设一个子网掩码为255.255.255.192,计算这个子网的可用IP地址范围。
答案:可用IP地址范围为192.168.1.0到192.168.1.62(包含两端)。
五、实验题10. 请根据以下配置文件,列出Router1的接口配置信息。
```Router1show running-configinterface FastEthernet0/0ip address 192.168.1.1 255.255.255.0duplex autospeed auto!interface FastEthernet0/1no ip addressshutdown!interface Serial0/0/0ip address 10.0.0.1 255.255.255.252clock rate 64000!router ospf 1network 192.168.1.0 0.0.0.255 area 0network 10.0.0.0 0.0.0.3 area 0!```答案:- FastEthernet0/0: IP地址为192.168.1.1,子网掩码为255.255.255.0,双工模式和速度均为自动。
题目一、静态路由实验要求:1、掌握路由器的用户模式、特权模式、配置模式的却换。
2、配置R1、R2、R3的设备主机名(主机名分别就为R1、R2、R3)。
3、配置路由器特权密码为cisco,明文。
4、配置路由器远程登录用户名为admin,密码为admin@123,密码为密文,启用本地验证。
5、在路由器R1、R2、R3上的接口(F0/0、F0/1、Loopback0)下配置相应的IP地址、子网掩码,并开启相应端口,保证直连IP地址之间可以ping通,配置R1连接终端的IP地址、子网掩码、网关。
6、在R1、R2、R3上分别配置静态路由,使三台路由器当中的任意一台对另外两台路由器上的全部网段都可以访问。
7、修改R1和R2的部分配置,使两台路由器都能正确转发到172.16.0.0/24---172.16.3.0/24,尝试用一条静态路由包含上述四个网段。
8、保存配置,并将配置文档拷贝一份出来。
测试1、通过console口登录R1,通过相应命令对路由器进行用户模式、特权模式、配置模式的切换。
2、在R1上ping 20.20.20.20,在R2上ping30.30.30.30,在R3上ping 10.10.10.10以及20.20.20.20,记录测试结果。
3、在R1所接终端上对172.16.1.1、172.16.2.1、172.16.3.1、172.16.4.1分别进行ping测,记录测试结果。
题目二、RIP实验要求:1、掌握路由器的用户模式、特权模式、配置模式的却换。
2、配置R1、R2的设备主机名(主机名分别就为R1、R2)。
3、配置路由器特权密码为cisco,明文。
4、配置路由器远程登录用户名为admin,密码为admin@123,密码为密文,启用本地验证。
5、在路由器R1、R2上的接口(F0/0、F0/1、Loopback0)下配置相应的IP地址、子网掩码,6、并开启相应端口,配置R1、R2所连接终端的IP地址、子网掩码、网关。
CCNA综合实验题一一.公司拓扑图二.需求1.A公司一共有200左右接入点(分两部门),公司总部大概有100台接入点,分部1有40多个接入点,分部2有10台PC。
公司内部访问,指定网段为192.168.1.0/24。
为了充分使用IP地址,请您合理规划IP地址。
2. 总部和分部之间用专线连接,使用PPP协议的PAP进行双向认证,总部和分部都用R1访问外网。
但只申请了一个公网IP ,IP地址为13.1.1.1/30 汪涛3. 总部内部有两个部门,分别属于两个VLAN(VLAN10,VLAN20)。
SW1为VTP 服务器,SW2为VTP 客户,要求内部VLAN间能相互通信。
4.分部1和分部2之间(R4和R2之间)运行RIP协议,总部和分部之间运行OSPF,要求全网能互通。
5. 总部访问公网使用帧中继技术,静态指定邻居。
6. 允许分部1访问总部,但分部2只能访问总部的HTTP服务器(IP地址:192.168.1.1《自己划分》),注意:HTTP服务器放在VLAN 10里。
分部1和分部2之间不能互访。
7.不影响其他流量的情况下,开启R2,R4的TELNET服务,只允许总部访问。
分部1和分部2不能互访,也不能访问总部。
CCNA综合实验题二该企业的具体环境如下:1、企业具有2个办公地点,且相距较远,公司总共大约有200台主机。
2、A办公地点具有的部门较多,例如业务部、财务部、综合部等,为主要的办公场所,因此这部分的交换网络对可用性和可靠性要求较高3、B办公地点只有较少办公人员,但是Internet的接入点在这里4、公司只申请到了一个公网IP地址,供企业内网接入使用5、公司内部使用私网地址【网络拓补】【需求分析】需求1:采取一定方式分隔广播域。
分析1:在交换机上划分VLAN可以实现对广播域的分隔。
划分业务部VLAN10、财务部VLAN20、综合部VLAN30,并分配接口。
需求二:核心交换机采用高性能的三层交换机,且采用双核心互为备份的形势,接入层交换机分别通过2条上行链路连接到2台核心交换机,由三层交换机实现VLAN之间的路由。
CCNA考题:ACL配置实验实验要求标准访问控制列表:只允许网段1和网段2之间互相访问扩展访问控制列表:只允许网段1(10.10.1.0/24)访问R2路由器内部的WWW服务和PING服务,拒绝访问该服务器上的其他服务;只允许网段2(10.10.2.0/24)访问R3路由器内部的TFTP服务和PING服务,拒绝访问该服务器上的其他服务。
做访问控制列表实验之前已经在各个路由器上配置了动态路由协议,使整个网络拓扑是连通的。
所以,大家在做访问控制列表实验之前,先配置好路由(动态/静态),网络运行正常后再配置访问控制列表标准访问控制列表配置:只允许网段1和网段2之间互相访问R1配置:R1#conf tR1(config)#access-list 1 deny 10.10.1.0 0.0.0.255R1(config)#access-list 1 deny 10.10.2.0 0.0.0.255R1(config)#access-list 1 permit anyR1(config)#int f0/0R1(config-if)#ip access-group 1 out测试:在PC1上ping PC2(10.10.2.1)PC1#ping 10.10.2.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.2.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 108/227/312ms测试结果为可以访问在PC1上PING R2路由器的内部网络(172.16.1.1)PC1#ping 172.16.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:U.U.USuccess rate is 0 percent (0/5)测试结果是不能访问在PC2上PING PC1(10.10.1.1)PC2#ping 10.10.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 72/176/216ms测试结果为可以访问在PC2上PING R3路由器的内部网络(172.16.5.1)PC2#ping 172.16.5.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.5.1, timeout is 2 seconds:U.U.USuccess rate is 0 percent (0/5)测试结果为不能访问扩展访问控制列表配置:只允许网段1(10.10.1.0/24)访问R2路由器内部的WWW服务和PING服务,拒绝访问该服务器上的其他服务;只允许网段2(10.10.2.0/24)访问R3路由器内部的TFTP服务和PING服务,拒绝访问该服务器上的其他服务。
CCNA大综合实验环境背景中小型企业.有两个部门,销售部(vlan 10)与行政部(vlan 20).同部门之间采用二层交换网络相连;不同部门之间采用单臂路由方式互访.企业有一台内部web服务器,承载着内部网站,方便员工了解公司的即时信息.局域网路由器启用多种路由协议(静态路由、动态路由协议),并实施路由控制、负载均衡、链路认证、访问限制等功能.企业有一条专线接到运营商用以连接互联网,采用Frame-Relay封装,需要手工设置DLCI与IP的映射.由于从运营商只获取到一个公网IP地址,所以企业员工上网需要做NAT网络地址转换.PS:由于实验需要涵盖CCNA所有知识点,所以设计的验环境与现实工程考虑并不完全一致.一.Basic基础配置按照拓扑搭建网络:1.为R1/R2/R3/R4/Sw1/Sw2命名.2.在Sw1/Sw2上设置特权密文密码cisco.关闭远程访问登陆密码.3.配置R1的F0/0,S0/0接口.4.配置R2的F0/0,S0/0接口.5.配置R3的F0/0,F0/1接口.6.配置R4的F0/0,F0/1接口.7.配置PC1/PC2/PC3/PC4/Server的IP地址以及默认网关.(R4/R5的S0/0接口、R1的、R3的接口先不配置)二、交换部分1. [Trunk]Sw1与Sw2的F0/11,F0/12接口封装为Trunk.2. [STP]观察生成树:指出哪个Switch是根桥;哪个接口是根端口;哪个接口是指定端口;哪个接口是非指定端口.请用PT的注释功能在拓扑相应地方标记.(标记题)3. [Etherchannel]做Etherchannel捆绑Sw1与Sw2的F0/11,F0/12接口.要求使用Cisco PAGP协议中的主动协商模式.4. [VTP]在Sw1与Sw2上配置VTP, 域名为作为Server;Sw2作为Client,设置密码为cisco.5. [VLAN]创建vlan 10,命名为sales; vlan 20,命名为Admin.并把相应的接口划分到所属vlan中.6. [管理vlan/访问控制]在Sw1上设置管理vlan 10,地址为192.168.1.10/24; 管理vlan 20,地址为做ACL访问控制,要求只有PC1/PC2可以远程访问Sw1.7.[单臂路由]配置单臂路由:vlan 10以R1的作为出口网关;vlan 20以R3的作为出口网关.三.路由部分[路由部分必须每完成一步检查现象]1. [默认路由]在R4上配置默认路由,出口指向运营商.2. [RIP]在R1/R2/R3/R4上配置RIPv2(关闭自动汇总),使得全网互通[R4与运营商R5的S0/0接口不宣告].3. [等价负载均衡]在R1上观察去往网络的等价负载均衡现象,请写出实现RIP负载均衡的条件,RIP的Metric是什么.(简答题1)4. [路由控制/浮动静态路由]在R1上为网络配置浮动静态路由,权值为119,要求所走路径为R1-R4-R3.5. [OSPF]在R1/R2/R3/R4上配置单区域(area 0)OSPF,使得全网互通[R4与运营商R5的S0/0接口不宣告].6. [OSPF]观察R1/R2/R3/R4路由表协议标识:现在是通过什么协议学习到路由信息?为什么?请写出.(简答题2)7. [OSPF]在R1/R2的串行链路上做OSPF链路认证,密码为cisco.8. [OSPF]在R1上观察去往网络只有一条路径.指出是哪一条路径?为什么只有这一条路径?OSPF的Metric是什么?(简答题3)9. [OSPF]在R1上实现去往网络的负载均衡.10. [EIGRP]在R1/R2/R3/R4上配置EIGRP(关闭自动汇总),使得全网互通.要求使用反掩码宣告准确的接口地址[R4与运营商R5的S0/0接口不宣告].11. [EIGRP-非等价负载均衡]在R1上实现去往网络的非等价负载均衡.12. [ACL]在R1上做ACL访问限制:所有用户都可以ping通Server; 除PC1和PC4以外,其他用户都可以访问内部网站.至此:内网PC全部互联,PC2/PC3可以访问内部网站三.广域网部分1.[PPP]R1/R2的串行链路封装为PPP,做PAP认证.R1为R2创建用户名BBB,密码为222;R2为R1创建用户名AAA,密码为111.2. [Frame-Relay]在R4/R5上配置Frame-Relay.要求使用静态匹配方式.R5使用PVC 504,R4使用类型使用Ansi.3. [OSPF]在R4上做OSPF默认路由宣告(default-information originate),使得其他OSPF路由器得知有一默认路由指向运营商.4. [NAT]在R4上配置NAT,使得企业内部所有PC都能上网(ping通运营商的200.1.1.2), Server不能连接外网最终效果:内网PC全部互联,PC2/PC3可以访问内部网站.内网PC全部能上网(ping通运营商的200.1.1.2)参考答案:一.Basic基础配置1. 为R1/R2/R3/R4/Sw1/Sw2命名.(略)2. 在Sw1/Sw2上设置特权密文密码cisco.关闭远程访问登陆密码.Sw1/Sw2#config terminalSw1/Sw2(config)#enable secret cisco /密文密码Sw1/Sw2(config)#line vty 0 15Sw1/Sw2(config-line)#no login /关闭远程密码功能3. 配置R1的F0/0,S0/0接口. (略)4. 配置R2的F0/0,S0/0接口. (略)5. 配置R3的F0/0,F0/1接口. (略)6. 配置R4的F0/0,F0/1接口. (略)7. 配置PC1/PC2/PC3/PC4/Server的IP地址以及默认网关. (略)二.交换部分1. [Trunk]Sw1与Sw2的F0/11,F0/12接口封装为Trunk.Sw1/Sw2(config)#interface range f0/11 – 12Sw1/Sw2(config-if-range)#switchport mode trunk2. [STP]观察生成树:指出哪个Switch是根桥;哪个接口是根端口;哪个接口是指定端口;哪个接口是非指定端口.请用PT的注释功能在拓扑相应地方标记.(标记题)a. 根桥的条件:一个交换网络中,Bridge-ID最小的交换机成为根桥.Bridge-ID组成: 优先级+MAC地址.可以show spanning-tree查看.b. 选择根端口:根端口是非根桥去往根桥cost最小的端口,每个非根桥上有且只有一个根端口.c. 选择指定端口:指定端口是每段链路去往根桥cost最小的端口,每段链路上有且只有一个指定端口.d. 选择非指定端口:最后选剩下的就是非指定端口.非指定端口不转发数据.3. [Etherchannel]做Etherchannel捆绑Sw1与Sw2的F0/11,F0/12接口.要求使用Cisco PAGP协议中的主动协商模式.Etherchannel端口间协商使用PAGP(Port Aggregation Protocol,cisco专有)或LACP (Link Aggregation Control Protocol,802.3AD ) PAGP的三种模式:• desirable 表示该端口会主动发PAGP数据包与对端进行协商• auto 表示该端口不会主动发PAGP数据包与对端进行协商• on 表示强制将该端口加入etherchannel,不需用PAGP协议与对端进行协商LACP的两种模式:• active 表示该端口会主动发LACP数据包与对端进行协商• passive 表示该端口不会主动发LACP数据包与对端进行协商Sw1/2(config)#interface range f0/11 – 12Sw1/2(config-if-range)#channel-group 1 mode desirable检查命令:Sw1/2#show ip interface brief4. [VTP]在Sw1与Sw2上配置VTP, 域名为作为Server;Sw2作为Client,设置密码为cisco.Sw1(config)#vtp domain CCNA /VTP域名Sw1(config)#vtp mode server /VTP模式Sw1(config)#vtp password cisco /VTP密码Sw2(config)#vtp domain CCNASw2(config)#vtp mode clientSw2(config)#vtp password cisco检查命令: Sw1/2#show vtp status Sw1/2#show vtp password5. [VLAN]创建vlan 10,命名为sales; vlan20命名为Admin.并把相应的接口划分到所属vlan中.Sw1(config)#vlan 10Sw1(config-vlan)#name salesSw1(config)#vlan 20Sw1(config-vlan)#name AdminSw1/2(config)#int f0/1Sw1/2(config-if)#switchport mode accessSw1/2(config-if)#switchport access vlan 10Sw1/2(config)#int f0/2Sw1/2(config-if)#switchportmode accessSw1/2(config-if)#switchport access vlan 206. [管理vlan/访问控制]在Sw1上设置管理vlan 10,地址为192.168.1.10/24;管理vlan 20,地址为做ACL访问控制,要求只有PC1/PC2可以远程访问Sw1.Sw1(config)#interface vlan 10Sw1(config)#interface vlan 20line vty 0 15access-class 1 in7. [单臂路由]配置单臂路由:vlan 10以R1的作为出口网关;vlan 20以R3的作为出口网关.Sw1/3(config)#int f0/3Sw1/3(config-if)#switchportmode trunkR1(config)#interface f1/0R1(config-if)#no shutdownR1(config)#intR1(config-subif)#encapsulation dot1Q 10R3(config)#interface f1/0R3(config-if)#no shutdownR3(config)#int /子接口不需要开启R3(config-subif)#encapsulation dot1Q 20三.路由部分[路由部分必须每完成一步检查现象]1. [默认路由]在R4上配置默认路由,出口指向运营商.R4(config)#ip route 0.0.0.0 0.0.0.0 s0/02. [RIP]在R1/R2/R3/R4上配置RIPv2(关闭自动汇总),使得全网互通[R4与运营商R5的S0/0接口不宣告].R1(config)#router ripR1(config-router)#version 2R1(config-router)#no auto-summaryR2(config)#router ripR2(config-router)#version 2R2(config-router)#no auto-summaryR3(config)#router ripR3(config-router)#version 2R3(config-router)#no auto-summaryR4(config)#router ripR4(config-router)#version 2R4(config-router)#no auto-summary3. [等价负载均衡]在R1上观察去往网络的等价负载均衡现象,请写出实现RIP负载均衡的条件,RIP的Metric是什么. (简答题1)RIP负载均衡的条件是两条路径到达目标网络具有相同跳数.RIP的Metric是跳数.4. [路由控制/浮动静态路由]在R1上为网络配置浮动静态路由,权值为119,要求所走路径为R1-R4-R3.R1(config)#ip route 192.168.2.0 255.255.255.0 f0/0 1195. [OSPF]在R1/R2/R3/R4上配置单区域(area 0)OSPF,使得全网互通[R4与运营商R5的S0/0接口不宣告].R1(config)#router ospf 1R1(config-router)#network 10.0.0.0 0.255.255.255 area 0R1(config-router)#network 172.16.1.1 0.0.0.0 area 0R1(config-router)#network 192.168.1.0 0.0.0.255 area 0R2(config)#router ospf 1R2(config-router)#network 10.0.0.0 0.255.255.255 area 0R3(config)#router ospf 1R3(config-router)#network 10.0.0.0 0.255.255.255 area 0R3(config-router)#netowrk 172.16.2.3 0.0.0.0 area 0R3(config-router)#network 192.168.2.0 0.0.0.255 area 0R4(config)#router ospf 1R4(config-router)network 172.16.0.0 0.0.255.255 area 06. [OSPF]观察R1/R2/R3/R4路由表协议标识:现在是通过什么协议学习到路由信息?为什么?请写出. (简答题2)现在是通过OSPF学习到的路由信息.因为OSPF的管理距离是110,比RIP的120,还有浮动静态路由的119权值都要低.所以优选OSPF.7. [OSPF]在R1/R2的串行链路上做OSPF链路认证,密码为cisco.R1/2(config)#int s0/0R1/2(config-if)#ip ospf authentication-key cisco /设密码R1/2(config-if)#ip ospf authentication /启用认证8. [OSPF]在R1上观察去往网络只有一条路径.指出是哪一条?为什么只有这一条路径?OSPF的Metric是什么? (简答题3)OSPF中从R1去往网络的路径是R1-R4-R3.因为R1与R4之间链路是100M链路,而R1与R2之间的链路是的串行链路.所以R1-R4-R3的cost值要比R1-R2-R3的cost值小.因此,OSPF中R1去往网络只有一条路径,优选的Metric是cost.9. [OSPF]在R1上实现去往网络的负载均衡.OSPF只支持等价负载均衡,要想实现去往网络的负载均衡,需要把OSPF两条路径的cost值设置为相同.有两种方法:①修改接口带宽计算值.cost=参考带宽/接口带宽,参考带宽不变,修改R1S0/0的接口带宽计算值R1(config)#int s0/0R1(config-if)# bandwidth 100000 /修改带宽为100M,与F0/0接口带宽一致.注意此带宽并非修改物理带宽.只是用于计算Metric值.②直接修改接口的cost值R1(config)#int s0/0R1(config-if)#ip ospf cost 1 / F0/0口的cost值是1,所以需要把s0/0口的cost也改为1.两种方法都可以,建议使用第一种.因为以下需求所作EIGRP不等价负载均衡也需要修改接口带宽计算值.10. [EIGRP]在R1/R2/R3/R4上配置EIGRP(关闭自动汇总),使得全网互通.要求使用反掩码宣告准确的接口地址[R4与运营商R5的S0/0接口不宣告].R1(config)#router eigrp 1R1(config-router)#no auto-summaryR2(config)#router eigrp 1R2(config-router)#no auto-summaryR3(config)#router eigrp 1R3(config-router)#no auto-summaryR4(config)#router eigrp 1R4(config-router)#no auto-summaryPS:使用反掩码准确宣告接口地址.11. [EIGRP-非等价负载均衡]在R1上实现去往网络的非等价负载均衡.由于FS的FD远远大于Successor的FD,即使使用最大阀值variance 128也无法实现不等价负载均衡.所以,必须缩小FS在EIGRP拓扑表中的Metric值.可以通过修改R1的s0/0接口带宽计算值来实现.(OSPF部分已经把s0/0接口的带宽计算值改为100M)R1#show ip eigrp topology可以查看FS与Successor的FD.计算出来variance为17就可实现EIGRP不等价负载均衡.R1(config)#router eigrp 1R1(config-router)# variance 1712. [ACL]在R1上做ACL访问限制:所有用户都可以ping通Server; 除PC1和PC4以外,其他用户都可以访问内部网站.R1(config)#access-list 100 deny host 192.168.1.1 host 10.10.10.10 eq 80 /拒绝访问的TCP 80号端口.R1(config)#access-list 100 deny host 192.168.2.2 host 10.10.10.10 eq 80 /拒绝访问的TCP 80号端口.R1(config)#access-list 100 permit ip any any /允许其他所有的IP流量.R1(config)#int f0/1R1(config-if)# ip access-group 100 out有人会先写上access-list 100 permit icmp XXXXXXX, 其实没有必要,最后permit ip any any就不会影响其他流量.至此:内网PC全部互联,PC2/PC3可以访问内部网站.三.广域网部分1. [PPP]R1/R2的串行链路封装为PPP,做PAP认证.R1为R2创建用户名BBB,密码为222;R2为R1创建用户名AAA,密码为111. R1(config)#username BBB password 222R2(config)#username AAA password 111R1(config)#int s0/0R1(config-if)#encapsulation pppR1(config-if)#ppp authentication papR1(config-if)#ppp pap sent-username AAA password 111R2(config)#int s0/0R2(config-if)#encapsulation pppR2(config-if)#ppp authentication papR2(config-if)#ppp pap sent-username BBB password 2222. [Frame-Relay]在R4/R5上配置Frame-Relay.要求使用静态匹配方式.R5使用PVC 504,R4使用类型使用Ansi.R4(config)#int s0/0R4(config-if)#encapsulation frame-relayR4(config-if)#frame-relay map ip 200.1.1.2 405 broadcastR4(config-if)#frame-relay lmi-type ansiR5(config)#int s0/0R5(config-if)#encapsulation frame-relayR5(config-if)#frame-relay map ip 200.1.1.1 504 broadcastR5(config-if)#frame-relay lmi-type ansi如已存在动态map,可用clear frame-relay inarp刷新匹配表无法关闭FR的动态学习功能.3. [OSPF]在R4上做OSPF默认路由宣告(default-information originate),使得其他OSPF路由器得知有一默认路由指向运营商.R4(config)#router ospf 1R4(config-router)#default-information originate/检查R1/2/3上路由表有路由,说明默认宣告成功.4. [NA T]在R4上配置NA T,使得企业内部所有PC都能上网(ping通运营商的200.1.1.2), Server不能连接外网.R4(config)#access-list 1 permit anyR4(config)#ip nat inside source list 1 int S0/0 overloadR4(config)int range f0/0 – 1R4(config-if-range)#ip nat insideR4(config)#int s0/0R4(config-if)#ip nat outside测试:在PC1/2/3/4和Server上ping一下运营商的地址最终效果:内网PC全部互联,PC2/PC3可以访问内部网站.内网PC全部能上网(ping通运营商的200.1.1.2)。
CCNA路由部分测试题(共50题)1.当路由器接收的IP报文的目的地址不是本路由器的接口IP地址,并且在路由表中未找到匹配的路由项,采取的策略是什么?A.丢掉该分组B.将该分组分片C.转发该分组D.以上答案均不对ANSWER:A2.IGP 的作用范围是?A.区域内B.自然子网范围内C.局域网内D.自治系统内ANSWER:D3.距离矢量协议包括?(多选)A.RIPB.IS-ISC.OSPFD.EIGRPANSWER:A D4.解决路由环问题的办法是?(多选)A.定义路由权的最大值B.路由保持法C.水平分割D.路由器重启ANSWER:A B C5.在rip 中metric 等于什么值为不可达?A.8B.10C.15D.16ANSWER:D6.下列关于OSPF 协议的说法正确的是?(多选)A.OSPF 支持基于接口的报文验证B.OSPF 支持到同一目的地址的多条等值路由C.OSPF 是一个基于链路状态算法的边界网关路由协议D.OSPF 发现的路由可以根据不同的类型而有不同的优先级ANSWER:A B D7.如果一个内部网络对外的出口只有一个,那么最好配置?A.缺省路由B.主机路由C.动态路由ANSWER:A8.以下不属于动态路由协议的是?A.RIPB.ICMPC.EIGRPD.OSPFANSWER:B9.关于矢量距离算法以下哪些说法是错误的?A.矢量距离算法不会产生路由环路问题B.矢量距离算法是靠传递路由信息来实现的C.路由信息的矢量表示法是(目标网络,metric)D.使用矢量距离算法的协议只从自己的邻居获得信息ANSWER:A10.以下哪些路由表项要由网络管理员手动配置?(多选)A.静态路由B.直接路由C.缺省路由D.动态路由ANSWER:A C11.关于RIP 协议,下列说法正确的有?(多选)A.RIP 协议是一种IGPB.RIP 协议是一种EGPC.RIP 协议是一种距离矢量路由协议D.RIP 协议是一种链路状态路由协议ANSWER:A C12.下列关于链路状态算法的说法正确的是?(多选)A.链路状态是对路由的描述B.链路状态是对网络拓扑结构的描述C.链路状态算法本身不会产生自环路由D.OSPF 和RIP 都使用链路状态算法ANSWER:B C13.路由器中时刻维持着一张路由表,这张路由表可以是静态配置的,也可以是什么协议产生的?A.生成树协议B.链路控制协议C.动态路由协议D.被承载网络层协议ANSWER:C14.在路由器中,如果去往同一目的地有多条路由,则决定最佳路由的因素有?(多选)A.路由的优先级B.路由的发布者C.路由的metric 值D.路由的生存时间ANSWER:A C15.下面哪一项正确描述了路由协议?A.允许数据包在主机间转送的一种协议B.定义数据包中域的格式和用法的一种方式C.通过执行一个算法来完成路由选择的一个协议D.指定MAC 地址和IP 地址捆绑的方式和时间的一种协议ANSWER:C16.IGP 包括如下哪些协议?(多选)A.RIPB.BGPC.IS-ISD.EIGRPE.OSPFANSWER:A C D E17.RIP 协议引入路由保持机制的作用是?A.节省网络带宽B.防治网络中形成路由环路C.将路由不可达信息在全网扩散D.通知邻居路由器哪些路由是从其处得到ANSWER:B18.对路由理解正确的是?A.路由是路由器B.路由是信息在网络路径的交叉点C.路由是用以配置报文的目的地址D.路由就是指导报文发送的路径信息ANSWER:D19.路由协议RIP,OSPF和静态路由各自得到了条到达目标网络,在CISCO路由器默认情况下,最终选选定哪种路由作为最优路由?A.RIPB.OSPFC.静态路由ANSWER:C20.在RIP 协议中,计算metric 值的参数是?A.MTUB.时延C.带宽D.路由跳数ANSWER:D21.衡量路由算法好坏的原则不包括?A.快速收敛性B.灵活性,弹性C.拓扑结构先进D.选径是否是最佳ANSWER:C22.RIP 协议是基于?A.UDPB.TCPC.ICMPD.Raw IPANSWER:A23.禁止RIP 协议的路由聚合功能的命令是?A.no route ripB.summanyC.no auto summanyD.undo networkANSWER:C24.解决路由环路的方法有?(多选)A.水平分割B.抑制时间C.毒性逆转D.触发更新ANSWER:A B C D25.路由环问题会引起哪些问题?(多选)A.慢收敛B.广播风暴C.路由器重起D.路由不一致ANSWER:A D26.下列哪些路由协议存在路由自环问题?(多选)A.RIPB.IGRPC.OSPFD.IS-ISE.EIGRPANSWER:A B27.关于RIP V1 和RIP V2,下列说法哪些正确?(多选)A.RIP V1 报文支持子网掩码B.RIP V2 报文支持子网掩码C.RIP V2 缺省使用路由聚合功能D.RIP V1 只支持报文的简单口令认证,而RIP V2 支持MD5 认证ANSWER:B C28.在一个运行OSPF 的自治系统之内?(多选)A.骨干区域自身也必须连通的B.非骨干区域自身也必须连通的C.必须存在一个骨干区域(区域号为0)D.非骨干区域与骨干区域必须直接相连或逻辑上相连ANSWER:A C D29.以下关于Rip 路由聚合的说法正确的是?(多选)A.Rip V1 默认支持路由聚合,需要时可以关闭路由聚合功能B.华为Quidway 系列路由器Rip V2 的实现可以关闭路由聚合功能C.Rip V1 不支持子网路由聚合到一个非自然子网路由D.Rip V2 支持子网路由聚合到一个非自然子网路由ANSWER:B C D30.假设有这样的组网实例:两台路由器(假设为RTA 和RTB)通过串口相接,其中RTA 的串口IP 地址是,RTB 的串口IP 地址是,RTA 通过以太口连接的本地局域网的IP 地址是,RTB 通过以太口连接的本地局域网IP 地址是,在上面所有的接口上都启动RIP V1(仅仅RIP V1)协议,那么,下列说法正确的是?(多选)A.在RTA 的本地局域网上的计算机可以访问在RTB 本地局域网上的计算机B.在RTB 的本地局域网上的计算机可以访问在RTA 本地局域网上的计算机C.在RTA 的本地局域网上的计算机不能访问在RTB 本地局域网上的计算机D.在RTB 的本地局域网上的计算机不能访问在RTA 本地局域网上的计算机ANSWER:C D31.根据路由的目的地不同,路由表可被划分为?(多选)A.子网路由B.直连路由C.缺省路由D.主机路由E.静态路由ANSWER:A D32.对路由器A 配置RIP 协议,并在接口S0(IP 地址为路由协议,在全局配置模式下使用的第一条命令是?A.router ripwork allworkworkANSWER:A33.当接口运行在RIP-2 广播方式时,它可以接受的报文有?(多选)A.RIP-1 广播报文B.RIP-1 组播报文C.RIP-2 广播报文D.RIP-2 组播报文ANSWER:A C34.RIP 协议的路由项在多少时间内没有更新会变为不可达?A.90sB.120sC.180sD.240sANSWER:C35.VLSM 的含义是?A.Variable Length Subnet MaskingB.Variable Length Shortest MaskingC.Very Long/Shortest MaskingD.Variable Long Subnet MaskingE.Variable Length Short MeasurementANSWER:A36.距离矢量路由协议使用水平分割(split horizon)技术的目的是什么?(多选)A.避免在毗邻路由器之间产生路由环路B.确保路由更新数据报文沿着接收路线方向发送C.与保持间隔(holddown)机制协同工作,为保持间隔的计算提供更多的可靠性D.代替路由中毒(poison reverse)算法ANSWER:A C37.作为一个网络维护人员,对于OSPF 区域体系机构的原则必须有清楚地了解,下面的论述表达正确的是?(多选)A.所有的OSPF 区域必须通过边界路由器与区域0 相连,或采用OSPF 虚链路B.所有区域间通信必须通过骨干区域0,因此所有区域路由器必须包含到区域0 的路由C.单个区域不能包含没有物理链路的两个区域边界路由器D.虚链路可以穿越stub 区域ANSWER:A B38.支持可变长子网掩码的路由协议有?(多选)A.RIP v1B.RIP v2C.OSPFD.EIGRPANSWER:B C D39.因为在生成路由表的过程中,OSPF 协议需要进行复杂的SPF 算法来计算网络拓扑结构,所以相对距离矢量路由选择协议来说,它需要更大的开销,更多的延迟,更高的CPU 占用率。
学网络技术去鸿鹄论坛命运的改变从技术开始鸿鹄团队致力于为每一位网络技术爱好者提供帮助有事您发帖,斑竹为您跑腿,给您答疑。
CCNA题库战报交流群:65330887欢迎备考CCNA的朋友加入,一起讨论交流,通过CCNA考试!CCNA最新题库/最新战报发布区:/forum-261-1.htmlCCNA考试代号:200-120考试时间:中文110分钟英文110+30=140分钟通过分数:825题库版本:V2.01.EIGRPQuestion:After adding BLD-102router,no routing updates are being exchanged betweenBLD-102and the new location.All other inter connectivity and Internet access for the existing locations of the company are working properly.The task is to identify the fault(s)and correct the router configuration to provide full connectivity between the routers.Access to the router CLI can be gained by clicking on the appropriate host.All passwords on all routers are cisco.IP addresses are listed in the chart below.答案:EIGRP实验题是一道排错题,通过show run找出拓扑中四台路由器EIGRP的配置错误改正做到内网全通即可,错误有两种类型,一是网段宣告错误,二是AS 号错误。
注意:在Cisco Packet Tracer模拟器中可以双击路由器进入命令界面,在考试中需要点路由器console(虚线)链接的PC进入命令界面,比如上图需要点PC-D 来进入BLD-102的命令界面。
从零开始学CCNA实验视频教程配套测试从零开始学CCNA实验视频教程配套测试1.【单选题】5分| 在非标准模式下,比如接口模式下,可以使用哪一条命令才可以使用show命令?A no shutdownB doC displayD range2.【单选题】5分| 需要保存启动配置文件到TFTP服务中,应该使用哪一条命令?A copy startup-config tftp:B copytftp: startup-configC copy running-config tftp:D copytftp: running-config3.【单选题】5分| 下列哪一条命令是设置交换机的管理地址?A interfaceswitchB interfaceswitch1C interfacevlanD interfacevlan14.【单选题】5分| 路由器配置寄存器的值为0x2142的含义是?A 开机加载配置文件B 开机不加载配置文件C 删除配置文件D 选择启动IOS5.【单选题】5分| 删除交换机上所有的VLAN,应该使用哪一条命令?A deleteflash:B deletenvram:C erase startup-configD deleteflash: vlan.dat6.【判断题】5分| 可以配置思科路由器直接telnet登陆到特权模式,而不需要任何密码A对B错7.【单选题】5分| 命令switchport nonegotiate 的作用是?A 开启DTPB 关闭DTPC 设置trunkD 设置trunk为被动模式8.【单选题】5分| 下列哪一项正确的描述了STP的选举步骤?A 根桥:根端口:指定端口:非指定端口B 根桥:指定端口:根端口:非指定端口C 根桥:指定端口:非指定端口:根端口D 指定端口:非指定端口:根桥:根端口9.【单选题】5分| STP的选举过程,哪一项不会使用到端口成本?A 非指定端口B 指定端口C 根端口D 根桥10.【单选题】5分| 从配置命令switchport port-security 可以得出当前设置的端口安全违规动作是下列哪一项?A protectB restrictC shutdownD 以上都不对11.【单选题】5分| 在静态路由配置中,什么场景下推荐使用下一跳的配置方法?A 点到点网络类型B BMAC NBMAD 虚链路12.【单选题】5分| 下列哪一条命令可以查看EIGRP路由器的RID?A show ip eigrp neighborsB show ip eigrp ridC show ip routeD show ip eigrp topology13.【判断题】5分| 路由协议的管理距离,值越大越优先A对B错14.【单选题】5分| OSPF路由协议的最大跳数是多少?A 16B 224C 255D 没有跳数限制15.【单选题】5分| 下列哪一项正确的描述了access-list 1 permit 192.168.5.0 0.0.3.255?A 允许3个IP地址B 允许3个网段C 允许4个网段D 允许5个网段16.【单选题】5分| 下列哪一个IPv6地址是正确的?A ::B 1::1:1:1:1:1::1C 1111:2222:3333:4444:aaaa:bbbb:ccccD 2022:abcd:1:1::17.【判断题】5分| OSPF路由协议默认开启自动汇总,可以手工关闭A对B错18.【单选题】5分| 下列哪一项VPN技术是思科私有的?A GREB IPSECC Easy-VPND MPLS-VPN19.【判断题】5分| 在编号ACL中,任意删除某一ACL语句,会导致整个ACL被删除A对B错20.【判断题】5分| 可以把思科路由器同时配置为NAT和DHCP服务器A对B错。