CCNA题库实验题

思科认证CCNA认证试题与答案中文版思科认证CCXA认证试题与答案中文版21、一个B类网络，有5位掩码加入缺省掩码用来划分子网，每个子网最多()台主机(A)510(B)512(C)1022(D)2046答案：D22、在路由器中，能用以下命令察看路由器的路由表()(A)arp-a(B)traceroute(C)routeprint(D)displayiprouting-table答案：D23、DHCP客户端是使用地址()来中请一个新的IP地址的(A)0. 0. 0. 0(B)10. 0. 0. 1(0127. 0. 0. 1(D)255. 255. 255. 255答案：D注释:255. 255. 255. 255是全网广播,DHCP客户端发送全网广播来查找DHCP服务器.24、下而有关NAT叙述正确的是()(A)NAT是英文“地址转换”的缩写，又称地址翻译(B)XAT用来实现私有地址与公用网络地址之间的转换(C)当内部网络的主机访问外部网络的时候，一定不需要NAT(D)地址转换的提出为解决IP地址紧张的问题提供了一个有效途径答案:ABD25、以下属于正确的主机的IP地址的是()(A)224. 0. 0.5(B)127. 32. 5. 62(0202. 112.5.0(D) 162. 111. 111. Ill答案：D注释:这个题目不是太严谨,应该加上子网掩码.A:224. 0. 0. 5是多播地址B: 127. 0.0. 0保留作为测试使用C:网络地址26、设置主接口由up转down后延迟30秒切换到备份接口，主接口由down转up后60秒钟切换回主接口的配置为()(A)standbytimer3060(B)standbytimer6030(C)standbytimerenable-delay60disable-delay30(D)standbytimerenable-delay30disable-delay60答案：D27、在一个以太网中，30台pc通过QuidwayR2501路由器s0 口连接internet, QuidwayR2501路由器配置如下：[Quidway-EthernetO] ipaddressl92. 168. 1. 1255. 255. 255. 0[Quidway-EthernetO]quit[Quidway]interfacesO[Quidway-SerialOJ ipaddress211. 136. 3. 6255. 255. 255. 252[Quidway-Serial0」link-protocolppp一台PC机默认网关为192. 168. 2.1,路由器会怎样处理发自这台PC 的数据包？(A)路由器会认为发自这一台PC的数据包不在同一网段，不转发数据包(B)路由器会自动修正这一台PC机的IP地址，转发数据包(C)路由器丢弃数据包，这时候需要重启路由器，路由器自动修正误配(D)路由器丢弃数据包，不做任何处理，需要重配PC网关为192. 168. 1. 1答案：D注释:PC的'默认网关要指向路由器的以太网口的IP地址.28、ISDNB信道速率是()(A)16kbps(B)64kbps(C)144kbps(D)2048kbps答案:B参考知识点：综合数字业务网(ISDN)由数字电话和数据传输服务两部分组成，一般由电话局提供这种服务。

Question:This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This does not require any configuration.To answer the multiple-choice questions, click on the numbered boxes in the right panel.There are five multiple-choice questions with this task. Be sure to answer all five questions before leaving this item.Question 1:What interface did Sw-AC3 associate with source MAC address 0010.5a0c.ffba ? a) Fa0/1 b) Fa0/3 c) Fa0/6 d) Fa0/8 e) Fa0/9 f) Fa0/12Answer: Fa 0/8Explanation: to find out which interface associated with a given MAC address, use the show mac-address-table command. It shows the learned MAC addresses and their associated interfaces. After entering this command, you will see a MAC address table like this:讲解 By XiXiSmiLeFrom this table we can figure out that the MAC address 0010.5a0c.ffba is associated with interface Fa0/8Question 2:What ports on Sw-AC3 are operating has trunks (choose three)? a) Fa0/1 b) Fa0/3 c) Fa0/4 d) Fa0/6 e) Fa0/9 f) Fa0/12Answer: Fa0/3, Fa0/9 and Fa0/12Explanation: Use the show interface trunk command to determine the trunking status of a link and VLAN status. This command lists port, its mode, encapsulation and whether it is trunking. The image below shows how it works:Question 3:What kind of router is VLAN-R1? a) 1720 b) 1841 c) 2611 d) 2620Answer: 2620Explanation: VLAN-R1 is the router directly connected to Sw-Ac3 switch, so we can use the show cdp neighbors command to see:1. Neighbor Device ID : The name of the neighbor device;2. Local Interface : The interface to which this neighbor is heard3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.4. Platform: Which type of device the neighbor is5. Port ID: The interface of the remote neighbor you receive CDP information6. Holdtime: Decremental hold time in seconds Sample output of show cdp neighbors command:One thing I want to notice you is "Local Intrfce" in the image above refers to the local interface on the device you are running the "show cdp neighbors" command Question 4: Which switch is the root bridge for VLAN 1?讲解 By XiXiSmiLeAnswer: Sw-DS1Explanation: First we use the show spanning-tree vlan 1 to view the spanning-tree information of VLAN 1From the "Cost 19", we learn that the root switch is directly connected to the Sw-Ac3 switch over a 100Mbps Ethernet linkNotice that if you see all of the interface roles are Desg (designated) then you can confirm Sw-Ac3 switch is the root bridge for this VLAN (VLAN 1).If you see there is at least one Root port in the interface roles then you can confirm Sw-Ac3 is not the root bridge because root bridge does not have root port. In this case, we notice that the root port on Sw-Ac3 switch is FastEthernet0/12, so we have to figure out which switch is associated with this port -> it is the root bridge. You can verify it with the show cdp neighbors command:The "Local Intrfce" column refers to the interface on the switch running "show cdp neighbors" command. In this case, Sw-DS1 is associated with interface FastEthernet0/12 -> Sw-DS1 is the root bridge Question 5: What address should be configured as the default-gateway for the host connected to interface fa 0/4 of SW-Ac3? Answer: 192.168.44.254 Explanation:First we have to identify which VLAN interface Fa0/4 belongs to by the show vlan commandFrom the exhibit we know that VLAN 44 is configured on router using sub-interface Fa0/0.44 with IP address 192.168.44.254/24讲解 By XiXiSmiLe讲解 By XiXiSmiLeTherefore the default gateway of the host should be 192.168.44.254Question 6: From which switch did Sw-Ac3 receive VLAN information ?Answer: Sw-AC2Explanation: to view the VTP configuration information, use the show vtp status commandSo we knew Sw-Ac3 received VLAN information from 163.5.8.3 (notice:the IP address may be different). Finally we use the show cdp neighbors detail to find out who 163.5.8.3 is:Question 7: Refer to the exibit, SwX was taken out of the production network for maintenance. It will be reconnected to the Fa 0/16 port of Sw-Ac3. What happens to the network when it is reconnected and a trunk exists between the two switches?A - All VLANs except the default VLAN win be removed from all switchesB - All existing switches will have the students, admin, faculty, Servers, Management, Production, and no-where VLANsC - The VLANs Servers, Management, Production and no-where will replace the VLANs on SwXD - The VLANs Servers, Management, Production and no-where will be removed from existing switches Answer and Explanation:First we should view the VTP configuration of switch Sw-Ac3 by using the show vtp status command on Sw-Ac3Notice that its configuration revision number is 5 and VTP Domain Name is home-officeNext, from the exhibit we know that SwX has a revision number of 6, which is greater than that of Sw-Ac3 switch, and both of them have same VTP Domain Name called "home-office".Therefore SwX will replace vlan information on other switches with its own information. We should check vlan information of Sw-Ac3 switch with show vlan commandSo the correct answer is D - The VLANs Servers, Management, Production and no-where will be removed from existing switchesPlease notice that in the real CCNA exam you may see a different configuration revision of Sw-Ac3 or of SwX. In general, which switch has a higher revision number it will become the updater and other switches will overwrite their current databases with the new information received from the updater (provided that they are on the same domain and that switch is not in transparent mode). Question 8:讲解 By XiXiSmiLeOut of which ports will a frame be forwarded that has source mac-address 0010.5a0c.fd86 and destination mac-address 000a.8a47.e612? (Choose three) A - Fa0/8 B - Fa0/3 C - Fa0/1 D - Fa0/12Answer: B C D Explanation:First we check to see which ports the source mac-address and the destination mac-address belong to by using show mac-address-table commandWe notice that the source mac-address 0010.5a0c.fd86 is listed in the table and it belongs to Vlan 33 but we can't find the destination mac-address 000a.8a47.e612 in this table. In this case, the switch will flood to all ports of Vlan 33 and flood to all the trunk links, except the port it received this frame (port Fa0/6). Therefore from the output above, we can figure out it will flood this frame to Fa0/1, Fa0/3 and Fa0/12.Please notice that the "show mac-address-table" command just lists information that was learned by the switch, it means that there can be other ports besides Fa0/1, Fa0/3 and Fa0/12 belong to Vlan 33. You can use the show vlan command to see which ports belong to vlan 33And we found other ports which belong to vlan 33, they are Fa0/2, Fa0/5 and Fa0/7. Our switch will flood the frame to these ports, too.And we can check which trunk ports will receive this frame by the show interface trunk command-> Port Fa0/9 will also receive this frame!讲解 By XiXiSmiLeQuestion 9:If one of the host connected to Sw-AC3 wants to send something for the ip 190.0.2.5 (or any ip that is not on the same subnet) what will be the destination MAC address Answer and Explanation:Because the destination address is not on the same subnet with the switch, it will forward the packet to its default gateway. So we have to find out who is the default gateway of this switch by using the show running-config commandFrom the output, we notice that its default-gateway is 192.168.1.254. In fact, we can easily guess that its default gateway should be a layer 3 device like a router; and in this case, the VLAN-R1 router. To verify our theory, use the show cdp neighbor detail command and focus on the description of VLAN-R1 routerFrom this output, we can confirm the switch's default gateway is VLAN-R1 router (with the IP address of 192.168.1.254). And "the interface: FastEthernet0/3" tells us that the switch is connected to VLAN-R1 router through Fa0/3 port (Fa0/3 is the port on the switch).Finally we just need to use the show mac-address-table command to find out which MAC address is associated with this interface讲解 By XiXiSmiLe讲解 By XiXiSmiLe(Notice that in the real CCNA exam the MAC address or port may be different)And we find out the corresponding MAC address is 000a.b7e9.8360. Although there are some entries of port Fa0/3 with different Vlans but they have the same MAC address。

完整版CCNA测试题库及答案描述载波侦听多路由访问/冲突检测（CSMA/CD）的工作原理。

CSMA/CD是一种帮助设备均衡共享带宽的协议，可避免两台设备同时在网络介质上传输数据。

虽然他不能消除冲突，但有助于极大的减少冲突，进而避免重传，从而提高所的设备的数据传输效率。

区分半双工和全双工通信。

并指出两种方法的需求。

与半双工以太网使用一对导线不同，全双工以太网使用两队导线，全双工使用不同的导线来消除冲突，从而允许同时发送和接收数据，而半双工可接收或发送数据，但不能同时接收和发送数据，且仍会出现冲突。

要使用全双工，电缆两端的设备都必须支持全双工，并配置成一全双模式运行。

描述MAC地址的组成部分以及各部分包含的信息。

MAC（硬件）地址时一种使用十六进制表示的地址，长48位（6B）。

其中前24位（3B）称为OUI（Organizationally Unique Idebtifier,组织唯一表示符），有IEEE分配给NIC制造商；余下的部分呢唯一地标识了NIC识别十进制数对应的二进制值和十六进制值。

用这三种格式之一表示的任何数字都可以转换为其他两种格式，能够执行这种转换对理解IP地址和子网划分至关重要。

识别以太网帧中与数据链路层相关的字段。

在以太网中，与数据链路层相关的字段包括前导码，帧其实位置分隔符，目标MAC地址，源MAC地址，长度或者类型以及帧校验序列。

识别以太网布线相关的IEEE标准。

这些标准描述了各种电缆类型的功能和物理特征，包括（但不限于）10Base2、10Base5和10BaseT。

区分以太网电缆类型及其用途。

以太网电缆分3种：直通电缆，用于将PC或路由器的以太网接口连接到集线器或交换机；交叉电缆。

用于将集线器连接到集线器，集线器连接到交换机，交换机连接到交换机以及PC连接到PC；反转电缆，用于PC和路由器或交换机之间建立控制台连接。

描述数据封装过程及其在分组创建中的作用。

数据封装指的是在OSI模型各层给数据添加信息的过程，也成为分组创建。

C C N A考试题(总9页) -CAL-FENGHAI.-(YICAI)-Company One1-CAL-本页仅作为文档封面，使用请直接删除第一部分：选择题1：提供可靠数据传输、流控的是OSI的第几层（）A、表示层B、网络层C、传输层D、会话层E、链路层2：子网掩码产生在那一层（）A、表示层B、网络层C、传输层D、会话层3：当路由器接收的IP报文的目的地址不是本路由器的接口IP地址，并且在路由表中未找到匹配的路由项，采取的策略是（）A、丢掉该分组B、将该分组分片C、转发该分组D、以上答案均不对4：当一台主机从一个网络移到另一个网络时，以下说法正确的是（）A、必须改变它的IP地址和MAC地址B、必须改变它的IP地址，但不需改动MAC地址C、必须改变它的MAC地址，但不需改动IP地址D、MAC地址、IP地址都不需改动5：ISO提出OSI的关键是（）A、系统互联B、提高网络速度C、为计算机制定标准D、经济利益6：OSI参考模型按顺序有哪些层（）A、应用层、传输层、网络层、物理层B、应用层、表示层、会话层、网络层、传输层、数据链路层、物理层C、应用层、表示层、会话层、传输层、网络层、数据链路层、物理层D、应用层、会话层、传输层、物理层7：LAN的拓扑形式一般以（）为主。

A、总线型B、环型C、令牌环D、载波侦听与冲突检测CSMA/CD8：网段地址154.27.0.0的网络，若不做子网划分，能支持（）台主机A、254B、1024C、65,534D、16,777,2069：路由器网络层的基本功能是（）。

A、配置IP地址B、寻找路由和转发报文C、将MAC地址解释成IP地址10：选出基于TCP协议的应用程序（）。

A、PINGB、TFTPC、TELNETD、OSPF11：某公司申请到一个C类IP地址，但要连接6个的子公司，最大的一个子公司有26台计算机，每个子公司在一个网段中，则子网掩码应设为（）。

A、255.255.255.0B、255.255.255.128C、255.255.255.192D、255.255.255.22412：B类地址的缺省掩码是（）。

CCNA认证试题一（附答案和解析）中文版(一)1、目前，我国应用最为广泛的LAN标准是基于（）的以太网标准.(A) IEEE 802.1(B) IEEE 802.2(C) IEEE 802.3(D) IEEE 802.5答案：C参考知识点：现有标准：IEEE 802.1 局域网协议高层IEEE 802.2 逻辑链路控制IEEE 802.3 以太网IEEE 802.4 令牌总线IEEE 802.5 令牌环IEEE 802.8 FDDIIEEE 802.11 无线局域网记住IEEE802.1-------IEEE802.5的定义以太网是一种计算机局域网组网技术。

IEEE制定的IEEE 802.3标准给出了以太网的技术标准。

它规定了包括物理层的连线、电信号和介质访问层协议的内容。

以太网是当前应用最普遍的局域网技术。

它很大程度上取代了其他局域网标准，如令牌环、FDDI和ARCNET。

以太网的标准拓扑结构为总线型拓扑，但目前的快速以太网（100BASE-T、1000BASE-T标准）为了最大程度的减少冲突，最大程度的提高网络速度和使用效率，使用交换机（Switch）来进行网络连接和组织，这样，以太网的拓扑结构就成了星型，但在逻辑上，以太网仍然使用总线型拓扑的C***A/CD介质访问控制方法。

电气电子工程师协会或IEEE（Institute of Electrical and Electronics Engineers）是一个国际性的电子技术与信息科学工程师的协会。

建会于1963年1月1日。

总部在美国纽约市。

在150多个国家中它拥有300多个地方分会。

目前会员数是36万。

专业上它有35个专业学会和两个联合会。

IEEE发表多种杂志，学报，书籍和每年组织300多次专业会议。

IEEE 定义的标准在工业界有极大的影响。

下面列出：IEEE802．3以太网标准802.3--------- 10Base以太网标准802.3u-------- 100Base-T（快速以太网）802.3z-------- 1000Base-X（光纤吉比特以太网）802.3ab-------- 1000Base-T（双绞线吉比特以太网）2、对于这样一个地址,192.168.19.255/20,下列说法正确的是: （）(A) 这是一个广播地址(B) 这是一个网络地址(C) 这是一个私有地址(D) 地址在192.168.19.0网段上(E) 地址在192.168.16.0网段上(F) 这是一个公有地址答案：CE注：IP地址中关键是看她的主机位，将子网掩码划为二进制，1对应上面的地址是网络位，0对应的地址是主机位192.168.19.255/20划为二进制为：11000000.10101000.00010011.1111111111111111.11111111.11110000.00000000主机位变成全0表示这个IP的网络地址主机槐涑扇?表示这个IP的广播地址RFC1918文件规定了保留作为局域网使用的私有地址：10.0.0.0 - 10.255.255.255 (10/8 prefix)172.16.0.0 - 172.31.255.255 (172.16/12 prefix)192.168.0.0 - 192.168.255.255 (192.168/16 prefix)3、Quidway系列路由器在执行数据包转发时，下列哪些项没有发生变化（假定没有使用地址转换技术）？（）(A) 源端口号(B) 目的端口号(C) 源网络地址(D) 目的网络地址(E) 源MAC地址(F) 目的MAC地址答案：ABCD参考知识点：路由功能就是指选择一条从源网络到目的网络的路径，并进行数据包的转发。

A. The link between Company1 and Company2 is down.B. Interface Fa0/0 on Company2 is shutdown.C. The link between Company2 and Company3 is down.D. The default gateway on Company-PC1 is incorrect.Answer: C383.Refer to the exhibit.Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table?A. Switch1 will add 192.168.23.4 to the switching table.B. Switch1 will add 192.168.23.12 to the switching table.C. Switch1 will add 000A.8A47.E612 to the switching table.D. Switch1 will add 000B. DB95.2EE9 to the switching table.Answer: CL a b-E I G R PQuestion#After adding RTR_2 router, no routing updates are being exchanged between RTR_1 and the new location. All other inter connectivity and internet access for the existing locations of thecompany are working properly.The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers. Access to the router CLI can be gained by clicking on the appropriate host.All passwords on all routers are cisco .IP addresses are listed in the chart below.RTR_A#show run!!interface FastEthernet0/0ip address 192.168.60.97 255.255.255.240!interface FastEthernet0/1ip address 192.168.60.113 255.255.255.240!interface Serial0/0ip address 192.168.36.14 255.255.255.252clockrate 64000!router eigrp 212network 192.168.36.0network 192.168.60.0no auto-summary!RTR_A#show ip route192.168.36.0/30 is subnetted, 1 subnetsC 192.168.36.12 is directly connected, Serial 0/0192.168.60.0/24 is variably subnetted, 5 subnets, 2 masksC 192.168.60.96/28 is directly connected, FastEthernet0/0C 192.168.60.112/28 is directly connected, FastEthernet0/1D 192.168.60.128/28 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0 D 192.168.60.144/28 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0 D 192.168.60.24/30 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0 D* 198.0.18.0 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0********************************************************************************RTR_2#show run!!interface FastEthernet0/0ip address 192.168.77.34 255.255.255.252!interface FastEthernet0/1ip address 192.168.60.65 255.255.255.240!interface FastEthernet1/0ip address 192.168.60.81 255.255.255.240!!router eigrp 22network 192.168.77.0network 192.168.60.0no auto-summary!RTR_2#show ip route192.168.60.0/28 is variably subnetted, 2 subnetsC 192.168.60.80 is directly connected, FastEthernet1/0C 192.168.60.64 is directly connected, FastEthernet0/1192.168.77.0/30 is subnetted, 1 subnetsC 192.168.77.32 is directly connected, FastEthernet0/0**********************************************************RTR_B#show run!interface FastEthernet0/0ip address 192.168.60.129 255.255.255.240!interface FastEthernet0/1ip address 192.168.60.145 255.255.255.240!interface Serial0/1ip address 192.168.60.26 255.255.255.252!router eigrp 212network 192.168.60.0!RTR_B#show ip route192.168.60.0/24 is variably subnetted, 5 subnets, 2 masksC 192.168.60.24/30 is directly connected, Serial0/1C 192.168.60.128/28 is directly connected, FastEthernet0/0C 192.168.60.144/28 is directly connected, FastEthernet0/1D 192.168.60.96/28 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1 D 192.168.60.112/28 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1 192.168.36.0/30 is subnetted, 1 subnetsD 192.168.36.12 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1 D* 198.0.18.0 [ 90/21026560 ] via 192.168.60.25, 00:00:57, Serial 0/1**************************************************************************RTR_1#show run!!interface FastEthernet0/0ip address 192.168.77.33 255.255.255.252!interface Serial1/0ip address 198.0.18.6 255.255.255.0!!interface Serial0/0ip address 192.168.36.13 255.255.255.252clockrate 64000!interface Serial0/1ip address 192.168.60.25 255.255.255.252clockrate 64000!!router eigrp 212network 192.168.36.0network 192.168.60.0network 192.168.85.0network 198.0.18.0no auto-summary!ip classlessip default-network 198.0.18.0ip route 0.0.0.0 0.0.0.0 198.0.18.5ip http serverRTR_1#show ip route192.168.36.0/30 is subnetted, 1 subnetsC 192.168.36.12 is directly connected, Serial 0/0192.168.60.0/24 is variably subnetted, 5 subnets, 2 masksC 192.168.60.24/30 is directly connected, Serial0/1D 192.168.60.128/28 [ 90/21026560 ] via 192.168.60.26, 00:00:57, Serial 0/1D 192.168.60.144/28 [ 90/21026560 ] via 192.168.60.26, 00:00:57, Serial 0/1D 192.168.60.96/28 [ 90/21026560 ] via 192.168.36.14, 00:00:57, Serial 0/0192.168.77.0/30 is subnetted, 1 subnetsC 192.168.77.32 is directly connected, FastEthernet0/0C 192.0.18.0/24 is directly connected, Serial 1/0*S 0.0.0.0 via 198.0.18.5Explanation:Step1:Identify the faults in configuration on RTR_1 and RTR_2. As the SIM specifies all other inter connectivity and internet access for the existing locations of the company are working properly.Routing Protocols used in the SIM is EIGRP with AS 212 as provided by exhibit.Faults Identified:1. Wrong AS (EIGRP 22) provided at RTR_2 (New router)2. RTR_1 does not advertise the new network between RTR_1 and RTR_2 into EIGRP.We need to correct the above two configuration mistakes to have full connectivityStep2:Correcting the EIGRP AS to 212Wrong AS (EIGRP 22) provided at RTR_2 (New router)All routers that want to exchange routes within EIGRP needs to be in same Autonomous System.Step 2.1:First we need to remove the current wrong EIGRP AS 22 from Router RTR_2Click on Host-F to get CLI of RTR_2RTR_2>enablePassword : cisco(Provided by SIM Q )RTR_2#conf tRTR_2(conf)#Step 2.2:Removing the wrong EIGRP routing process with AS 22RTR_2(conf)#no router eigrp 22The above statement removes all the EIGRP configuration configured for AS 22 .Step 2.3:Adding the correct EIGRP configurationStart the EIGRP routing process with AS 212RTR_2(conf)#router eigrp 212Step 2.4:Advertise the directly connected networks into EIGRP on RTR_2Fa 0/0 - 192.168.77.34Fa 1/0 - 192.168.60.81Fa 0/1 - 192.168.60.65RTR_2(config-router)#network 192.168.60.0RTR_2(config-router)#network 192.168.77.0RTR_2(config-router)#no auto-summaryRTR_2(config-router)#endStep 2.5:Important save the changes made to router RTR_2RTR_2#copy run startStep 3:RTR_1 does not advertise the new network between RTR_1 and RTR_2 into EIGRP. Click on Host-G to get CLI of RTR_1The network192.168.77.0 is used between RTR_1Fa0/0- RTR_2Fa 0/0This network needs to be advertise into EIGRP routing process at RTR_1RTR_1>enablePassword : cisco(Provided by SIM Q )RTR_1#conf tRTR_1(conf)#Step 3.1:Enter EIGRP routing process for AS 212RTR_1(conf)#router eigrp 212Step 3.2:The network192.168.77.0is used between RTR_1 Fa0/0- RTR_2 Fa 0/0 . Advertise this network into EIGRPRTR_1(config-router)#network 192.168.77.0RTR_1(config-router)#endStep 3.3:Important save the changes made to router RTR_1RTR_1#copy run startVerification:From RTR_2 CLIping RTR_1 Serial 1/0 IP address 198.0.18.6RTR_2#ping 198.0.18.6!!!!!A successful ping shows the new RTR_2 will have full connectivity with other routers. Any Questions are welcomed!!!!!L a b-A C LCorp1>enable (you may enter "cisco" as it passwords here)We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 -172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the "show running-config" command to check which interface has the IP address of 172.22.242.30. Corp1#show running-configWe learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).Corp1#configure terminalOur access-list needs to allow host C - 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80All other traffic is permittedCorp1(config)#access-list 100 permit ip any anyApply this access-list to Fa0/1 interface (outbound direction)Corp1(config)#interface fa0/1Corp1(config-if)#ip access-group 100 outNotice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from the Core network.Click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can't access Finance Web Server from these hosts.Finally, save the configurationCorp1(config-if)#endCorp1#copy running-config startup-configL a b-V T PThis task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This does not require any configuration.To answer the multiple-choice questions, click on the numbered boxes in the right panel.There are five multiple-choice questions with this task. Be sure to answer all five questions before leaving this item.Question 1:What interface did Sw-AC3 associate with source MAC address 0010.5a0c.ffba ?a) Fa0/1b) Fa0/3c) Fa0/6d) Fa0/8e) Fa0/9f) Fa0/12Answer: Fa 0/8Explanation: to find out which interface associated with a given MAC address, use the show mac-address-table command. It shows the learned MAC addresses and their associated interfaces. After entering this command, you will see a MAC address table like this:From this table we can figure out that the MAC address 0010.5a0c.ffba is associated with interface Fa0/8 Question 2:What ports on Sw-AC3 are operating has trunks (choose three)?a) Fa0/1b) Fa0/3c) Fa0/4d) Fa0/6e) Fa0/9f) Fa0/12Answer: Fa0/3, Fa0/9 and Fa0/12Explanation: Use the show interface trunk command to determine the trunking status of a link and VLAN status. This command lists port, its mode, encapsulation and whether it is trunking. The image below shows how it works:(This image is used for demonstration only)Question 3:What kind of router is VLAN-R1?a) 1720b) 1841c) 2611d) 2620Answer: 2620Explanation: VLAN-R1 is the router directly connected to Sw-Ac3 switch, so we can use the show cdp neighbors command to see:1. Neighbor Device ID : The name of the neighbor device;2. Local Interface : The interface to which this neighbor is heard3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.4. Platform: Which type of device the neighbor is5. Port ID: The interface of the remote neighbor you receive CDP information6. Holdtime: Decremental hold time in secondsSample output of show cdp neighbors command:One thing I want to notice you is "Local Intrfce" in the image above refers to the local interface on the device you are running the "show cdp neighbors" commandQuestion 4: Which switch is the root bridge for VLAN 1?Answer: Sw-DS1Explanation: First we use the show spanning-tree vlan 1 to view the spanning-tree information of VLAN 1From the "Cost 19", we learn that the root switch is directly connected to the Sw-Ac3 switch over a 100Mbps Ethernet linkNotice that if you see all of the interface roles are Desg (designated) then you can confirm Sw-Ac3 switch is the root bridge for this VLAN (VLAN 1).If you see there is at least one Root port in the interface roles then you can confirm Sw-Ac3 is not the root bridge because root bridge does not have root port. In this case, we notice that the root port on Sw-Ac3 switch is FastEthernet0/12, so we have to figure out which switch is associated with this port -> it is the root bridge. You can verify it with the show cdp neighbors command:The "Local Intrfce" column refers to the interface on the switch running "show cdp neighbors" command. In this case, Sw-DS1 is associated with interface FastEthernet0/12 -> Sw-DS1 is the root bridgeQuestion 5: What address should be configured as the default-gateway for the host connected to interface fa 0/4 of SW-Ac3?Answer: 192.168.44.254Explanation:First we have to identify which VLAN interface Fa0/4 belongs to by the show vlan commandFrom the exhibit we know that VLAN 44 is configured on router using sub-interface Fa0/0.44 with IP address 192.168.44.254/24Therefore the default gateway of the host should be 192.168.44.254Question 6: From which switch did Sw-Ac3 receive VLAN information ?Answer: Sw-AC2Explanation: to view the VTP configuration information, use the show vtp status commandSo we knew Sw-Ac3 received VLAN information from 163.5.8.3 (notice:the IP address may be different). Finally we use the show cdp neighbors detail to find out who 163.5.8.3 is:Question 7: Refer to the exibit, SwX was taken out of the production network for maintenance. It will be reconnected to the Fa 0/16 port of Sw-Ac3. What happens to the network when it is reconnected and a trunk exists between the two switches?A - All VLANs except the default VLAN win be removed from all switchesB - All existing switches will have the students, admin, faculty, Servers, Management, Production, and no-where VLANsC - The VLANs Servers, Management, Production and no-where will replace the VLANs on SwXD - The VLANs Servers, Management, Production and no-where will be removed from existing switchesAnswer and Explanation:First we should view the VTP configuration of switch Sw-Ac3 by using the show vtp status command on Sw-Ac3Notice that its configuration revision number is 5 and VTP Domain Name is home-officeNext, from the exhibit we know that SwX has a revision number of 6, which is greater than that of Sw-Ac3 switch, and both of them have same VTP Domain Name called "home-office".Therefore SwX will replace vlan information on other switches with its own information. We should check vlan information of Sw-Ac3 switch with show vlan commandSo the correct answer is D - The VLANs Servers, Management, Production and no-where will be removed from existing switchesPlease notice that in the real CCNA exam you may see a different configuration revision of Sw-Ac3 or of SwX. In general, which switch has a higher revision number it will become the updater and other switches will overwrite their current databases with the new information received from the updater (provided that they are on the same domain and that switch is not in transparent mode). Also, some recent comments have said that the new switch's VTP Operating Mode is Server but the answer is still the same.Question 8:Out of which ports will a frame be forwarded that has source mac-address 0010.5a0c.fd86 and destination mac-address 000a.8a47.e612? (Choose three)A - Fa0/8B - Fa0/3C - Fa0/1D - Fa0/12Answer: B C DExplanation:First we check to see which ports the source mac-address and the destination mac-address belong to by using show mac-address-table commandWe notice that the source mac-address 0010.5a0c.fd86 is listed in the table and it belongs to Vlan 33 but we can't find the destination mac-address 000a.8a47.e612 in this table. In this case, the switch will flood to all ports of Vlan 33 and flood to all the trunk links, except the port it received this frame (port Fa0/6). Therefore from the output above, we can figure out it will flood this frame to Fa0/1, Fa0/3 and Fa0/12.Please notice that the "show mac-address-table" command just lists information that was learned by the switch, it means that there can be other ports besides Fa0/1, Fa0/3 and Fa0/12 belong to Vlan 33. You can use the show vlan command to see which ports belong to vlan 33And we found other ports which belong to vlan 33, they are Fa0/2, Fa0/5 and Fa0/7. Our switch will flood the frame to these ports, too.And we can check which trunk ports will receive this frame by the show interface trunk command-> Port Fa0/9 will also receive this frame!Question 9:If one of the host connected to Sw-AC3 wants to send something for the ip 190.0.2.5 (or any ip that is not on the same subnet) what will be the destination MAC addressAnswer and Explanation:Because the destination address is not on the same subnet with the switch, it will forward the packet to its default gateway. So we have to find out who is the default gateway of this switch by using the show running-config commandFrom the output, we notice that its default-gateway is 192.168.1.254. In fact, we can easily guess that its default gateway should be a layer 3 device like a router; and in this case, the VLAN-R1 router. To verify our theory, use the show cdp neighbor detail command and focus on the description of VLAN-R1 routerFrom this output, we can confirm the switch's default gateway is VLAN-R1 router (with the IP address of 192.168.1.254). And "the interface: FastEthernet0/3" tells us that the switch is connected to VLAN-R1 router through Fa0/3 port (Fa0/3 is the port on the switch).Finally we just need to use the show mac-address-table command to find out which MAC address is associated with this interface(Notice that in the real CCNA exam the MAC address or port may be different)And we find out the corresponding MAC address is 000a.b7e9.8360. Although there are some entries of port Fa0/3 with different Vlans but they have the same MAC addressL a b-R I P(o l d-l a b)Answer:Router>enableRouter#config terminalRouter(config)#hostname GothaGotha(config)#enable secret mi222keGotha(config)#line console 0Gotha(config-line)#password G8tors1Gotha(config-line)#exitGotha(config)#line vty 0 4Gotha(config-line)#password dun63labGotha(config-line)#loginGotha(config-line)#exitGotha(config)#interface fa0/0Gotha(config-if)#ip address 209.165.201.1 255.255.255.224Gotha(config)#interface s0/0/0Gotha(config-if)#ip address 192.0.2.176 255.255.255.240Gotha(config-if)#no shutdownGotha(config-if)#exitGotha(config)#router ripGotha(config-router)#version 2Gotha(config-router)#network 209.165.201.0Gotha(config-router)#network 192.0.2.176Gotha(config-router)#endGotha#copy run start ——————————————————————————————————————————————————————————LAB: RIP V2Question#Central Florida Widgets recently installed a new router in their office (NEW_RTR). Complete the network installation by performing the initial router configurations and configuring RIP V2 routing using the router Command Line Interface (CLI) on the NEW_RTR .Click on image for larger pictureConfigure the router per the following requirements:1) Name of the router is NEW_RTR2) Enable-secret password is cisco3) The password to access user EXEC mode using the console is class4) The password to allow telnet access to the router is class5) IPV4 addresses must be configured as follows:5.1) Ethernet network 209.165.202.128 /27 – Router has the last assignable hostaddress in subnet.5.2) Serial Network is 192.0.2.16 /28 - Router has the last assignable hostaddress in subnet.6) Interfaces should be enabled.7) Router protocol is RIPv2Explanation:Step1:Click on the console host, you will get a pop-up screen CLI of Router.Router>Configure the new router as per the requirements provided in Lab questionRequirement 1:Name of the router is NEW_RTRStep2:To change the hostname of the router to NEW_RTR follow the below stepsRouter>Router>enableRouter# configure terminalRouter (config)# hostname NEW_RTRNEW_RTR(config)#Requirement 2:Enable-secret password is ciscoStep3:To set the enable secret password to cisco use the following commandNEW_RTR(config)#enable secret ciscoRequirement 3:The password to access user EXEC mode using the console is classStep 4:We need to configure the line console 0 with the password classAlso remember to type login command after setting up the password on line con 0 which allows router to accept logins via console.NEW_RTR(config)# line con 0NEW_RTR(config-line)#password classNEW_RTR(config-line)#loginNEW_RTR(config-line)# exitNEW_RTR(config)#Requirement 4:The password to allow telnet access to the router is classStep 5:To allow telnet access we need to configure the vty lines 0 4 with the password classAlso remember to type login command after setting up the password on line vty 0 4 which allows router to accept logins via telnet.NEW_RTR(config)# line vty 0 4NEW_RTR(config-line)#password classNEW_RTR(config-line)#loginNEW_RTR(config-line)# exitNEW_RTR(config)#Requirement 5:5.1) Ethernet network 209.165.202.128 /27 – Router has the last assignable hostaddress in subnet.5.2) Serial Network is 192.0.2.16 /28 - Router has the last assignable hostaddress in subnet.Step 6:Ethernet network 209.165.202.128 /27 – Router has the last assignable host address in subnet.Ethernet Interface on router NEW_RTR is Fast Ethernet 0/0 as per the exhibitFirst we need to identify the subnet maskNetwork: 209.165.202.128 /27Subnet mask: /27: 27 bits = 8 + 8 + 8 + 3=8(bits).8(bits).8(bits) .11100000 (3bits)=255.255.255.11100000=11100000 = 128+64+32+0+0+0+0+0= 224Subnet mask: 255.255.255.224Different subnet networks and there valid first and last assignable host address range for above subnet mask are Subnet Networks :::::: Valid Host address range :::::: Broadcast address209.165.202.0 :::::: 209.165.202.1 - 209.165.202.30 ::::: 209.165.202.31209.165.202.32 :::::: 209.165.202.33 - 209.165.202.62 ::::: 209.165.202.63209.165.202.64 :::::: 209.165.202.65 - 209.165.202.94 :::::: 209.165.202.95209.165.202.96 :::::: 209.165.202.97 - 209.165.202.126 :::::: 209.165.202.127209.165.202.128 :::::: 209.165.202.129 - 209.165.202.158 :::::: 209.165.202.159209.165.202.160 :::::: 209.165.202.161 - 209.165.202.190 :::::: 209.165.202.191209.165.202.192 :::::: 209.165.202.193 - 209.165.202.222 :::::: 209.165.202.223209.165.202.224 :::::: 209.165.202.225 - 209.165.202.254 :::::: 209.165.202.255Use above table information for network 209.165.202.128 /27 to identifyFirst assignable host address: 209.165.202.129Last assignable host address: 209.165.202.158This IP address (209.165.202.158) which we need to configure on Fast Ethernet 0/0 of the router using the subnet mask 255.255.255.224NEW_RTR(config)#interface fa 0/0NEW_RTR(config-if)#ip address 209.165.202.158 255.255.255.224Requirement 6:To enable interfacesUse no shutdown command to enable interfacesNEW_RTR(config-if)#no shutdownNEW_RTR(config-if)#exitStep 7:Serial Network is 192.0.2.16 /28 - Router has the last assignable host address in subnet.Serial Interface on NEW_RTR is Serial 0/0/0 as per the exhibitFirst we need to identify the subnet maskNetwork: 192.0.2.16 /28Subnet mask: /28: 28bits = 8bits+8bits+8bits+4bits=8(bits).8(bits).8(bits) .11110000 (4bits)=255.255.255.11100000=11100000 = 128+64+32+16+0+0+0+0= 240Subnet mask: 255.255.255.240Different subnet networks and there valid first and last assignable host address range for above subnet mask are Subnet Networks ::::: Valid Host address ::::::::::: Broadcast address192.0.2.0 :::::: 192.0.2.1 - 192.0.2.14 ::::::: 192.0.2.15192.0.2.16 ::::::: 192.0.2.17 - 192.0.2.30 ::::::: 192.0.2.31192.0.2.32 :::::::: 192.0.2.33 - 192.0.2.46 :::::: 192.0.2.47and so on ….Use above table information for network 192.0.2.16 /28 to identifyFirst assignable host address: 192.0.2.17Last assignable host address: 192.0.2.30We need to configure Last assignable host address (192.0.2.30) on serial 0/0/0 using the subnet mask 255.255.255.240NEW_RTR(config)#interface serial 0/0/0NEW_RTR(config-if)#ip address 192.0.2.30 255.255.255.240Requirement 6:To enable interfacesUse no shutdown command to enable interfacesNEW_RTR(config-if)#no shutdownNEW_RTR(config-if)#exitRequirement 7:Router protocol is RIPv2Step 8:Need to enable RIPv2 on router and advertise its directly connected networksNEW_RTR(config)#router ripTo enable RIP v2 routing protocol on router use the command version 2NEW_RTR(config-router)#version 2Optional:no auto-summary (Since LAB networks do not have discontinuous networks)RIP v2 is classless, and advertises routes including subnet masks, but it summarizes routes by default.So the first things we need to do when configuring RIP v2 is turn off auto-summarization with the router command noauto-summary if you must perform routing between disconnected subnets.NEW_RTR (config-router) # no auto-summaryAdvertise the serial 0/0/0 and fast Ethernet 0/0 networks into RIP v2 using network commandNEW_RTR(config-router)#network 192.0.2.16NEW_RTR(config-router)#network 209.165.202.128NEW_RTR(config-router)#endStep 9:Important please do not forget to save your running-config to startup-configNEW_RTR# copy run startAny questions are welcomed on above LAB... Best of Luck!!!!!L a b-N A T(o l d-l a b) NAT-LABAnswers:Bomar(Config)#access-list 1 permit 192.168.16.33 0.0.0.15Bomar(Config)#access-list 1 deny anyBomar(Config)#ip nat pool TestKiss 198.18.237.225 198.18.237.230 prefix-length 29Bomar(Config)#ip nat inside source list 1 pool TestKiss overloadBomar(Config)#interface fa0/0BomarConfig-if)#ip nat insideBomar(Config)#interface S0/0Bomar(Config-if)#ip nat outsideBomar(Config-if)#exitBomar#Copy run start-------------------------------------------------------------------------------Question:A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30 .CLICK ON IMAGE TO VIEWClick Knowledge Base for NAT SIM to learn the concepts before attempting or learning this SIM QuestionNAT SIM Configuration:The following configuration translates between inside hosts (Weaver LAN) addressed from 192.168.100.16 /28 network (192.168.100.17 – 192.168.100.30) to the globally unique pool of address provided by ISP 198.18.184.105 – 198.18.184.110 /29.Weaver>enableWeaver#configure terminalBefore starting the NAT configuration verify that router hostname currently configured is weaver. If not change hostname to Weaver using the commandRouter(config)#hostname WeaverStep1:Create an access-list to match all the Weaver LAN address that need to be the candidates for NAT translationsWeaver(config)#access-list 10 permit 192.168.100.16 0.0.0.15Step2:Create a NAT Pool with pool name isp_adr and specify the pool address range provided by ISP with their netmask.Weaver(config)#ip nat pool TestKiss 198.18.184.105 198.18.184.110 netmask 255.255.255.248Step3:Packets that match access-list 10 will be translated to an address from the pool called "TestKiss".Overload keyword specify to use Port based NATing to support all the Weaver LAN address range.Weaver(config)#ip nat inside source list 10 pool TestKiss overloadSIM Question already provides that appropriate interfaces have been configured for NAT Inside and NAT Outside statements.For your information configuration would have been like thisWeaver(config)#interface fastethernet 0/0Weaver(config-if)#ip nat insideWeaver(config)#interface serial 0/0Weaver(config-if)#ip nat outsideWeaver#copy run start。

技术与您相伴，远大在您身边！！EIGRP实验题Question:After adding R3router,no routing updates are being exchanged between R3and the new location.All other inter connectivity and Internet access for the existing locations of the company are working properly.The task is to identify the fault(s)and correct the router configuration to provide full connectivity between the routers.Access to the router CLI can be gained by clicking on the appropriate host.All passwords on all routers are cisco.IP addresses are listed in the chart below.技术与您相伴，远大在您身边！！考试总结：EIGRP这题实验题主要是排错，找出4台路由器宣告的AS号和网段是否错误，按照图里给出的自己Show run查看下。

有错误宣告的就把它改正，按照第二个图里给的网段宣告，AS号在第一个图里。

做完后记得ping一下每个网段是否通，最后记得Copy running-config Startup-config不然就白做了考试的时候不管他AS号还是网段号宣告错误不错误，上去直接NO掉EIGRP，先show run查看下每个路由器宣告的EIGRP AS号，然后NO掉他，重新按照图里给的AS号和网段自己宣告，记得敲No auto-summary关闭自动汇总Answer and explanation:We should check the configuration of the new added router first because it does not function properly while others work well.From the command line interface of R3router,enter the show running-config command技术与您相伴，远大在您身边！！From the output above,we know that this router was wrongly configured with an autonomous number(AS)of22.When the AS numbers among routers are mismatched,no adjacency is formed. (You should check the AS numbers on other routers for sure)To solve this problem,we simply re-configure router R3with the following commands:R3>enable(you have to enter cisco as its password here)R3#configure terminalR3(config)#no router eigrp22R3(config)#router eigrp212R3(config-router)#network192.168.60.0技术与您相伴，远大在您身边！！R3(config-router)#network192.168.77.0R3(config-router)#no auto-summaryR3(config-router)#endR3#copy running-config startup-configCheck R1router with the show running-config command:Notice that it is missing a definition to the network R3.Therefore we have toAdd it so that it can recognize R3routerR1>enable(you have to enter cisco as its password here)R1#configure terminalR1(config)#router eigrp212R1(config-router)#network192.168.77.0R1(config-router)#end技术与您相伴，远大在您身边！！R1#copy running-config startup-configNow the whole network will work well.You should check again with pingCommand from router R3to other routers!Top的另外一种但是错误点和网络结构与前者完全相同只是as号和网络地址有些许变化请注意ACL实验题QuestionA network associate is adding security to the configuration of the Corp1router.The user on host C should be able to use a web browser to access financial information from the Finance Web Server.No other hosts from the LAN nor the Core should be able to use a web browser to access this server.Since there are multiple resources for the corporation at this location技术与您相伴，远大在您身边！！including other resources on the FinanceWeb Server,all other traffic should be allowed.The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server.No other hosts will have web access to the Finance Web Server.All other traffic is permitted.注:红色关键单词记住，代表只允许C主机访问Finance Web服务器Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to"cisco".The Core connection uses an IP address of198.18.196.65←Corp1路由器的S口的IP，考试时要show下IP对不对，不对就改The computers in the Hosts LAN have been assigned addresses of192.168.33.1-192.168.33.254Host A192.168.33.1Host B192.168.33.2Host C192.168.33.3Host D192.168.33.4The servers in the Server LAN have been assigned addresses of172.22.242.17-172.22.242.30The Finance Web Server is assigned an IP address of172.22.242.23.技术与您相伴，远大在您身边！！技术与您相伴，远大在您身边！！Answer and ExplanationCorp1>enable(you may enter"cisco"as it passwords here)We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2and Core networks.The Server LAN network has been assigned addresses of172.22.242.17-172.22.242.30so we can guess the interface connected to them has an IP address of172.22.242.30(.30is the number shown in the figure).Use the"show runningconfig"command to check which interface has the IP address of172.22.242.30.Corp1#show running-config技术与您相伴，远大在您身边！！确定连接服务器的接口为F0/1Corp1#configure terminalCorp1(config)#access-list100permit tcp host192.168.33.3host172.22.242.23eq80 Corp1(config)#access-list100deny tcp any host172.22.242.23eq80Corp1(config)#access-list100permit ip any anyCorp1(config)#interface fa0/1Corp1(config-if)#ip access-group100outCorp1(config-if)#endCorp1#copy running-config startup-configCorp1路由器的S口的IP，考试时要show下IP对不对，不对就改，修改IP命令Corp1#configure terminalCorp1(config)#int s0/0(具体端口号自己show run看一下)Corp1(config-if)#ip add198.18.196.65255.255.255.252(ip改为题目给的，掩码用show run得到的原先错误IP的掩码)Corp1(config-if)#end这里不用删掉错误的IP地址，直接输入新的可以将旧IP覆盖，最后别忘记保存最近ACL题目要求出现变动:技术与您相伴，远大在您身边！！1允许host c通过浏览器访问Finance web server2不允许host c的其他类型访问Finance web server3不许其他主机访问Finance web server（没有说明访问类型）4允许所有主机访问public web server（没有说明访问类型）可进行以下配置：Corp1#configure terminalCorp1(config)#access-list100permit tcp host192.168.33.3host172.22.242.23eq80Corp1(config)#access-list100deny ip any host172.22.242.23Corp1(config)#access-list100permit ip any anyCorp1(config)#interface fa0/1Corp1(config-if)#ip access-group100outCorp1(config-if)#endCorp1#copy running-config startup-config命令讲解在下面实验命令讲解：紫色的代表要敲的命令1.Corp1(config)#access-list100permit tcp host192.168.33.3host172.22.242.23eq80创建一条扩展列表，允许TCP流量从源主机为IP：192.168.33.3到目的主机IP为：172.22.252.34的80端口。

----------------------------文档来源百度文库..花了俺20virtual$下载的不共享出来让更多的人看到俺心里那个坑就是填不平…里面包含了CCNA的一些基础实验题，其中有个别题目的配置部分有小错误，留给大家去排错了~希望大家能够喜欢！最后，祝大家学习愉快~！实验一路由器基本配置一、实验设备一台路由器，一台PC，配置线一条。

二、实验要求1.更改路由器名称为RA2.设置password为cisco1,secret为cisco2,vty为cisco3,并要求所有密码都加密。

3.关闭域名查找，命令输入同步。

4.配置以太网口的IP为202.119.249.2195.设置登陆提示信息6.对串行口进行描述（描述信息为：welcome to lixin lab）7.将上述信息保存到tftp server8.将实验过程配置写在记事本中进行粘贴。

9.配置VTY访问权限。

10.禁止路由器进行域名解析。

三、实验步骤Router>enableRouter#configure terminalRouter(config)#hostname RA 设置路由器名RA(config)#enable password cisco1 设置密码RA(config)#enable secret cisco2 设置加密密码RA (config)#no ip domain-lookup关闭域名查找（当我们打错命令时，不会去查找DNS，造成延时）RA (config)#line console 0RA (config-line)#logging synchronous命令输入达到同步（信息提示不会打断你的输入）RA (config-line)#exec-timeout 0 0 设置永久不超时RA (config-line)#exitRA(config)#line vty 0 4RA(config-line)#（enable）password cisco3 设置vty密码RA(config-line)#exitRA(config)#service password-encryption 对密码加密RA(config)#int fastEthernet 0/0RA(config-if)#ip address 202.119.249.1 255.255.255.0 对以太网口fa0/0配置IP RA(config-if)#no shutdown 开启端口RA(config-if)#exitRA(config)#banner motd & welcome welcome to ccna lab!!! & 设置登陆提示信息RA(config)#int fa0/1RA(config-if)#description this is a fast port 描述端口信息RA(config-if)#exitRA(config)#copy running-config tftp 把信息保存到tftp实验二静态路由一、实验设备两台28系列型号路由器通过串口相连。