您的位置:360文档中心› CCNA-实验题

CCNA-实验题

CCNA-实验题
CCNA-实验题

实验考EIGRP、ACL、VTP这三个,其余可以略过。

1. EIGRP

Question:

After adding BLD-102 router, no routing updates are being exchanged between

BLD-102 and the new location. All other inter connectivity and Internet access for the existing locations of the company are working properly.

The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers.

Access to the router CLI can be gained by clicking on the appropriate host. All passwords on all routers are cisco.

IP addresses are listed in the chart below.

答案:EIGRP 这题实验题主要是排错,找出4 台路由器宣告的AS 号和网段是否错误,按照图里给出的自己Show run 查看下,考试的时候也可能出现3处错误。有错误宣告的就把它改正,按照地址表的网段宣告,AS 号在第一个图里。做完后记得ping 一下每个网段是否通,最后记得Copy running-config

Startup-config 不然就白做了。

BLD-102>enable (需要输入密码:cisco)

BLD-102#configure terminal

BLD-102(config)#no router eigrp 22

BLD-102(config)#router eigrp 122

BLD-102(config-router)#network 192.168.22.0

BLD-102(config-router)#network 192.168.84.0

BLD-102(config-router)#no auto-summary

BLD-102(config-router)#end

BLD-102#copy running-config startup-config

Campus>enable (you have to enter cisco as its password here)

Campus#configure terminal

Campus(config)#router eigrp 122

Campus(config-router)#network 192.168.22.0

Campus(config-router)#no network 192.168.29.0

Campus(config-router)#end

Campus#copy running-config startup-config

此路由器会有passive-interface S1/0的配置,这里没有错误,不用处理

2.ACL

Question

A corporation wants to add security to its network.The requirements are:

>Host C should be able to use a web browser(HTTP)to access the Finance Web Server.

>Other types of access from host C to the Finance Web Server should be blocked.

>All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.

>All hosts in the Core and on local LAN should be to access the Public Web Server. You have been tasked to create and apply a numberd access list to a single outbound interface.They can contain no more than three statements that meets these requirements.

Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to "cisco".

The Core connection uses an IP address of 198.18.196.65←Corp1路由器的S口的IP,考试时要show下IP对不对,不对就改

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 - 192.168.33.254

Host A 192.168.33.1

Host B 192.168.33.2

Host C 192.168.33.3

Host D 192.168.33.4

The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30

The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer:

Corp1路由器的S口的IP,考试时要show下IP对不对,不对就改,修改IP命令Corp1#configure terminal

Corp1(config)#int s1/0(具体端口号自己show run看一下)

Corp1(config-if)#ip add 198.18.196.65 255.255.255.252(ip改为题目给的,掩码用show run得到的原先错误IP的掩码)

Corp1(config-if)#end

这里可以不用删掉错误的IP地址,直接输入新的可以将旧IP覆盖,最后别忘记保存。

Corp1#show running-config

确定连接服务器的接口为F0/1

Corp1#configure terminal

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 Corp1(config)#access-list 100 deny ip any host 172.22.242.23

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#copy running-config startup-config

命令解释:

1. Corp1(config)# access-list 100 permit tcp host 19

2.168.3

3.3 host 172.22.242.23 eq 80

创建一条扩展列表,允许TCP流量从源主机为IP:192.168.33.3 到目的主机IP 为:172.22.242.23 的80端口。eq 的意思是等于端口号。

这里不必要纠结扩展列表使用的数字100还是128,只要是100-199范围内的都可以使用。

2. Corp1(config)#access-list 100 deny ip any host 172.22.242.23

创建一条扩展列表,禁止所有流量从所有源主机访问目的主机IP为:

172.22.242.23 。 IP是指所有协议。

3. Corp1(config)#access-list 100 permit ip any any

创建一条扩展列表,允许IP流量从所有源主机到所有目的主机。

4. Corp1#show running-config

Show run 是为了找出 .30 的IP是在哪个接口,图里给出了 .30 只要show run 找出IP为 .30 的接口就OK了然后把 ACL 的列表应用到接口上。

5. Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

最后就是这2条命令了,上面已经 Show run 找出来 .30 的IP为 172.22.242.30, 是在 f0/1 口上。直接进入F0/1口

把创建的扩展列表应用进去,最后千万记得 Copy run Start。

总结来说还是挺简单的,考试的时候实验题会变的就是IP地址和主机,他可能会将主机C变为主机B,还有就是IP变掉就是,其他的不会改变的,看好题就OK了。3.VTP

VTP是选择题,题库里有9道题,考试考5道,这只是题型,考试不考原题,只是

知识点和做题方法不变。

在模拟器上做测试时先要在VLAN-R1上 ping 255.255.255.255,这样交换机才会学到所有的mac地址。考试的时候不需要这一步。

1. What interface did Sw-AC3 associate with MAC address 0010.5a0c.ffba ?

A.

B.

C.

D.

E.

F. Fa0/1 Fa0/3 Fa0/6 Fa0/8 Fa0/9 Fa0/12

答案:A

解释:SW-AC3交换机的哪个接口关联的MAC地址是0010.5A0C.FFBA?

注意:在Cisco Packet Tracer 5.3模拟器上可以使用缩写show mac或是全写show mac-address-table。考试时候只能使用show mac address-table来看mac地址表,并且这里不支持缩写,这条命令必须打全。

2. What ports on Sw-AC3 are operating has trunks(choose three)?

A. Fa0/1

B. Fa0/3

C. Fa0/4

D. Fa0/6

E. Fa0/9

F. Fa0/12 答案:BEF

解释:SW-AC3上的哪些接口是trunk 接口? 查看trunk 端口的命令show interfaces trunk

3. What kind of router is VLAN-R1? A.1720 B.1841 C.2611 D.2800 答案:D

解释:VLAN-R1路由器是什么型号? 使用show cdp neighbors 命令查看

4. A. B. C.

Which switch is the root bridge for vlan 1? SW-DS1 SW-AC1 SW-AC2

D. SW-AC3

答案:C

解释:哪台交换机是vlan1的根桥?

由show spanning-tree vlan 1输出信息中红框处可以得到与跟桥链接的端口是F0/9,cost是19可以确定此端口的下一条就是跟桥。

信息最后看到F0/9为根端口,由此也可以确定根端口的对端交换机肯定是跟桥。那么下一步就是根据cdp协议确定F0/9对端设备。

5. What address should be configured as the default-gateway for the host

connected to interface fa0/4 of SW-AC3?

A.192.168.1.254

B.192.168.22.254

C. 192.168.33.254

D. 192.168.44.254

答案:D

解释:SW-AC3上的f0/4下的主机应配置的网关是什么地址?

由vlan信息可以得到fa0/4属于vlan44,题目拓扑图上已经给出了每个vlan的网关,如下图:

6. From which switch did Sw-Ac3 receive VLAN information?

A. SW-DS1

B. SW-AC1

C. SW-AC2

D. SW-AC3(locally)

答案:C

解释:SW-AC3的vlan配置信息是从哪台交换机上接收到的?

Vlan信息是从VTP服务器上得到的,由show vtp status可以得到VTP服务器的IP 地址,再由show cdp neighbors detail得到此IP地址的设备型号,如下图

7. Refer to the exhibit,SWX was taken out of the production network for

maintenance.It will be reconnected to the Fa0/16 port of SW-AC3.What happens to the network when it is reconnected and a trunk exists between the two switches?

A. All VLANs except the default VLAN will be removed from all switches.

B. All exiting switches will have the

students,admin,faculty,servers,Management,Production,and no-where VLANs.

C. The VLANs Servers, Management,Production,and no-where will

replace the VLANs on SWX.

D. The VLANs Servers, Management,Production,and no-where will be

removed frome existing switches.

答案:D

解释:把交换机SW-X通过F0/16接入SW-AC3会导致什么后果?

show vtp status察看SW-AC3交换机的vtp相关信息。新交换机接入当前网络,如果vtp的修订版本号高于当前网络(vtp域名、密码相同),当前网络的vlan 配置会更新为SW-X的vlan配置,不论SW-X是vtp client还是vtp server。如果SW-X的修正版本号较小,那么SW-X的vlan配置会变为当前网络的vlan配置。

8.Out of which ports will a frame be forward that has source mac-address

00d0.d3a1.9a1b and destination mac-address 000a.8a47.e612?(choose three)

A.Fa0/1

B. Fa0/3

C. Fa0/4

D. Fa0/6

E. Fa0/9

F. Fa0/12

答案:ABF

解释:以00d0.d3a1.9a1b为源地址,以000a.8a47.e612为目的地址的数据帧会在交换机SW-AC3从哪些端口转发?

如数据帧中的目的MAC地址不在MAC地址表中,则会发生泛洪,本vlan内除发送端口外所有端口以及trunk都会收到,但是处于block状态的trunk口,收到后不会转发,所以此题F0/9不选。

00d0.d3a1.9a1b所在端口属于VLAN33

再寻找trunk

查看处于block状态的trunk

9.If one of the host connected to SW-AC3 wants to send something for the ip 190.0.2.5(or any ip that is not on the same subnet) what will be the destination MAC address?

A. 0009.e8b2.c28c

B. 000a.b7e9.8360

C. 0001.c9e5.be01

D. 0060.70ad.1603

E. 00d0.ba9c.db07

F. 00e0.a396.b701

答案:C

解释:如果SW-AC3上一个主机想要向190.0.2.5发送信息,它的目的mac地址是什么?

目的IP是外网或不在一个网段,需要先将信息交给网关,再转发,所以此题就是寻找网关的mac地址。SW-AC3上主机网关都是路由器VLAN-R1。

由上面信息看出链接VLAN-R1的本地端口是F0/3

相关主题
相关文档
最新文档