ccna考试必考实验题ACLEIGRPVTP吉祥三宝.docx
《ccna考试必考实验题ACLEIGRPVTP吉祥三宝.docx》由会员分享,可在线阅读,更多相关《ccna考试必考实验题ACLEIGRPVTP吉祥三宝.docx(21页珍藏版)》请在冰豆网上搜索。
ccna考试必考实验题ACLEIGRPVTP吉祥三宝
ACL实验题
Question
AnetworkassociateisaddingsecuritytotheconfigurationoftheCorp1router.TheuseronhostCshouldbeabletouseawebbrowsertoaccessfinancialinformationfromtheFinanceWebServer.NootherhostsfromtheLANnortheCoreshouldbeabletouseawebbrowsertoaccessthisserver.SincetherearemultipleresourcesforthecorporationatthislocationincludingotherresourcesontheFinance
WebServer,allothertrafficshouldbeallowed.
Thetaskistocreateandapplyanaccess-listwithnomorethanthreestatementsthatwillallowONLYhostCwebaccesstotheFinanceWebServer.NootherhostswillhavewebaccesstotheFinanceWebServer.Allothertrafficispermitted.注:
红色关键单词记住,代表只允许C主机访问FinanceWeb服务器
AccesstotherouterCLIcanbegainedbyclickingontheappropriatehost.
Allpasswordshavebeentemporarilysetto"cisco".
TheCoreconnectionusesanIPaddressof198.18.196.65←Corp1路由器的S口的IP,考试时要show下IP对不对,不对就改
ThecomputersintheHostsLANhavebeenassignedaddressesof192.168.33.1-192.168.33.254
HostA192.168.33.1
HostB192.168.33.2
HostC192.168.33.3
HostD192.168.33.4
TheserversintheServerLANhavebeenassignedaddressesof172.22.242.17-172.22.242.30
TheFinanceWebServerisassignedanIPaddressof172.22.242.23.
AnswerandExplanation
Corp1>enable(youmayenter"cisco"asitpasswordshere)
Weshouldcreateanaccess-listandapplyittotheinterfacewhichisconnectedtotheServerLAN
becauseitcanfilterouttrafficfrombothSw-2andCorenetworks.TheServerLANnetworkhasbeen
assignedaddressesof172.22.242.17-172.22.242.30sowecanguesstheinterfaceconnectedtothem
hasanIPaddressof172.22.242.30(.30isthenumbershowninthefigure).Usethe"showrunningconfig"
commandtocheckwhichinterfacehastheIPaddressof172.22.242.30.
Corp1#showrunning-config
WelearnthatinterfaceFastEthernet0/1istheinterfaceconnectedtoServerLANnetwork.Itisthe
interfacewewillapplyouraccess-list(foroutbounddirection).
Corp1#configureterminal
Ouraccess-listneedstoallowhostC-192.168.33.3totheFinanceWebServer172.22.242.23viaweb
(port80)
Corp1(config)#access-list100permittcphost192.168.33.3host172.22.242.23eq80
DenyotherhostsaccesstotheFinanceWebServerviaweb
Corp1(config)#access-list100denytcpanyhost172.22.242.23eq80
Allothertrafficispermitted
Corp1(config)#access-list100permitipanyany
Applythisaccess-listtoFa0/1interface(outbounddirection)
Corp1(config)#interfacefa0/1
Corp1(config-if)#ipaccess-group100out
Notice:
Wehavetoapplytheaccess-listtoFa0/1interface(notFa0/0interface)sothattheaccess-list
canfiltertrafficcomingfromtheCorenetwork.
ClickonhostCandopenitswebbrowser.Intheaddressboxtypehttp:
//172.22.242.23tocheckifyou
areallowedtoaccessFinanceWebServerornot.Ifyourconfigurationiscorrectthenyoucanaccessit.
Clickonotherhosts(A,BandD)andchecktomakesureyoucan'taccessFinanceWebServerfrom
thesehosts.
Finally,savetheconfiguration
Corp1(config-if)#end
Corp1#copyrunning-configstartup-config
(ThisconfigurationonlypreventshostsfromaccessingFinanceWebServerviawebbutifthisserver
supportsothertraffic-likeFTP,SMTP...thenotherhostscanaccessit,too.)
命令讲解在下面
实验命令讲解:
紫色的代表要敲的命令
1.Corp1(config)#access-list100permittcphost192.168.33.3host172.22.242.23eq80
创建一条扩展列表,允许TCP流量从源主机为IP:
192.168.33.3到目的主机IP为:
172.22.252.34的80端口。
eq的意思是等于
这里不必要纠结扩展列表使用的数字100还是128,只要是100-199范围内的都可以使用。
2.Corp1(config)#access-list100denytcpanyhost172.22.242.23eq80
创建一条扩展列表,禁止TCP流量从所有源主机访问目的主机IP为:
172.22.242.23的80端口
3.Corp1(config)#access-list100permitipanyany
创建一条扩展列表,允许IP流量从所有源主机到所有目的主机。
意思就是所有的机子都可以互相ping。
4.Corp1#showrunning-config
Showrun是为了找出.30的IP是在哪个接口,图里给出了.30只要showrun找出IP为.30的接口就OK了
然后把ACL的列表应用到接口上。
5.Corp1(config)#interfacefa0/1
Corp1(config-if)#ipaccess-group100out
最后就是这2条命令了,上面已经Showrun找出来.30的IP为172.22.242.30,是在f0/1口上。
直接进入F0/1口
把创建的扩展列表应用进去,最后千万记得Copyrunning-configStartup-config不然你就拿着那成绩单哭去了
总结来说还是挺简单的,考试的时候实验题会变的就是IP地址和主机,他可能会叫你只允许B主机去访问WEB服务器的80端口
还有就是IP变掉就是,其他的不会改变的,看好题就OK了。
懂英语的可以忽略!
!
预祝大家PASS。
EIGRP实验题
Question:
AfteraddingR3router,noroutingupdatesarebeingexchangedbetweenR3andthenewlocation.All
otherinterconnectivityandInternetaccessfortheexistinglocationsofthecompanyareworking
properly.
Thetaskistoidentifythefault(s)andcorrecttherouterconfigurationtoprovidefullconnectivitybetween
therouters.
AccesstotherouterCLIcanbegainedbyclickingontheappropriatehost.Allpasswordsonallrouters
arecisco.
IPaddressesarelistedinthechartbelow.
Answerandexplanation:
Weshouldchecktheconfigurationofthenewaddedrouterfirstbecauseitdoesnotfunctionproperlywhileothersworkwell.FromthecommandlineinterfaceofR3router,entertheshowrunning-configcommand
Fromtheoutputabove,weknowthatthisrouterwaswronglyconfiguredwithanautonomousnumber
(AS)of22.WhentheASnumbersamongroutersaremismatched,noadjacencyisformed.
(YoushouldchecktheASnumbersonotherroutersforsure)
Tosolvethisproblem,wesimplyre-configurerouterR3withthefollowingcommands:
R3>enable(youhavetoenterciscoasitspasswordhere)
R3#configureterminal
R3(config)#noroutereigrp22
R3(config)#routereigrp212
R3(config-router)#network192.168.60.0
R3(config-router)#network192.168.77.0
R3(config-router)#noauto-summary
R3(config-router)#end
R3#copyrunning-configstartup-config
CheckR1routerwiththeshowrunning-configcommand:
NoticethatitismissingadefinitiontothenetworkR3.Thereforewehaveto
AdditsothatitcanrecognizeR3router
R1>enable(youhavetoenterciscoasitspasswordhere)
R1#configureterminal
R1(config)#routereigrp212
R1(config-router)#network192.168.77.0
R1(config-router)#end
R1#copyrunning-configstartup-config
Nowthewholenetworkwillworkwell.Youshouldcheckagainwithping
CommandfromrouterR3tootherrouters!
考试总结:
EIGRP这题实验题主要是排错,找出4台路由器宣告的AS号和网段是否错误,按照图里给出的自己Showrun查看下。
有错误宣告的就把它改正,按照第二个图里给的网段宣告,AS号在第一个图里。
做完后记得ping一下每个网段是否通,最后记得
Copyrunning-configStartup-config不然就白做了
考试的时候不管他AS号还是网段号宣告错误不错误,上去直接NO掉EIGRP,先showrun查看下每个路由器宣告的EIGRPAS号,然后NO掉他,重新按照图里给的AS号和网段自己宣告,记得敲Noauto-summary关闭自动汇总
VTP实验题
Question
ThistaskrequiresyoutousetheCLIofSw-AC3toanswerfivemultiple-choicequestions.Thisdoesnotrequireanyconfiguration.
Toanswerthemultiple-choicequestions,clickonthenumberedboxesintherightpanel.Therearefivemultiple-choicequestionswiththistask.Besuretoanswerallfivequestionsbeforeleavingthisitem.
Question1:
WhatinterfacedidSw-AC3associatewithsourceMACaddress0010.5a0c.ffba?
a)Fa0/1
b)Fa0/3
c)Fa0/6
d)Fa0/8
e)Fa0/9
f)Fa0/12
Answer:
Fa0/8
Explanation:
tofindoutwhichinterfaceassociatedwithagivenMACaddress,usetheshowmacaddress-
tablecommand.ItshowsthelearnedMACaddressesandtheirassociatedinterfaces.After
enteringthiscommand,youwillseeaMACaddresstablelikethis:
FromthistablewecanfigureoutthattheMACaddress0010.5a0c.ffbaisassociatedwithinterface
Fa0/8
Question2:
WhatportsonSw-AC3areoperatinghastrunks(choosethree)?
a)Fa0/1
b)Fa0/3
c)Fa0/4
d)Fa0/6
e)Fa0/9
f)Fa0/12
Answer:
Fa0/3,Fa0/9andFa0/12
Explanation:
Usetheshowinterfacetrunkcommandtodeterminethetrunkingstatusofalinkand
VLANstatus.Thiscommandlistsport,itsmode,encapsulationandwhetheritistrunking.Theimage
belowshowshowitworks:
Question3:
WhatkindofrouterisVLAN-R1?
a)1720
b)1841
c)2611
d)2620
Answer:
2620
Explanation:
VLAN-R1istherouterdirectlyconnectedtoSw-Ac3switch,sowecanusetheshowcdp
neighborscommandtosee:
1.NeighborDeviceID:
Thenameoftheneighbordevice;
2.LocalInterface:
Theinterfacetowhichthisneighborisheard
3.Capability:
Capabilityofthisneighboringdevice-Rforrouter,Sforswitch,HforHostetc.
4.Platform:
Whichtypeofdevicetheneighboris
5.PortID:
TheinterfaceoftheremoteneighboryoureceiveCDPinformation
6.Holdtime:
Decrementalholdtimeinseconds
Sampleoutputofshowcdpneighborscommand:
OnethingIwanttonoticeyouis"LocalIntrfce"intheimageabovereferstothelocalinterfaceonthedeviceyouarerunningthe"showcdpneighbors"command
Question4:
WhichswitchistherootbridgeforVLAN1?
Answer:
Sw-DS1
Explanation:
Firstweusetheshowspanning-treevlan1toviewthespanning-treeinformationof
VLAN1
Fromthe"Cost19",welearnthattherootswitchisdirectlyconnectedtotheSw-Ac3switchovera100MbpsEthernetlink
NoticethatifyouseealloftheinterfacerolesareDesg(designated)thenyoucanconfirmSw-Ac3switchistherootbridgeforthisVLAN(VLAN1).
IfyouseethereisatleastoneRootportintheinterfacerolesthenyoucanconfirmSw-Ac3isnottherootbridgebecauserootbridgedoesnothaverootport.Inthiscase,wenoticethattherootportonSw-Ac3switchisFastEthernet0/12,sowehavetofigureoutwhichswitchisassociatedwiththisport->itistherootbridge.Youcanverifyitwiththeshowcdpneighborscommand:
The"LocalIntrfce"columnreferstotheinterfaceontheswitchrunning"showcdpneighbors"command.Inthiscase,Sw-DS1isassociatedwithinterfaceFastEthernet0/12->Sw-DS1istherootbridge
Question5:
Whataddressshouldbeconfiguredasthedefault-gatewayforthehostconnectedtointerfacefa0/4ofSW-Ac3?
Answer:
192.168.44.254
Explanation:
FirstwehavetoidentifywhichVLANinterfaceFa0/4belongs
升级会员 