鸿鹄论坛_CCNP.642-813-lab.V200

培训大讲堂官方 YY频道：3660 鸿鹄论坛：bbs.hh010.com CCNPCCNPCCNPCCNP题库 考试代号： 642-813642-813642-813642-813 考试时间： 120120120120分钟 通过分数： 790790790790 题库版本： V200V200V200V200 【优惠】CCNPCCNPCCNPCCNP官方正规报名考试仅需 1500150015001500元((((团报更优惠)))) 1111 附赠价值 500500500500元的 FTPFTPFTPFTP账号，1000G1000G1000G1000G视频教程无限制下载 2222 加入 CCNPCCNPCCNPCCNP题库战报群，天天更新新题，天天有战报！ 3333 负责考前考后所有注册，避免非技术性因素失误。 鸿鹄大讲堂：http://bbs.hh010.com/thread-46172-1-1.htmlhttp://bbs.hh010.com/thread-46172-1-1.htmlhttp://bbs.hh010.com/thread-46172-1-1.htmlhttp://bbs.hh010.com/thread-46172-1-1.html 培训大讲堂官方 YYYYYYYY频道：3660366036603660 CCNPCCNPCCNPCCNP题库战报交流 QQQQQQQQ群：83412107834121078341210783412107 （500500500500人超级群） CCNPCCNPCCNPCCNP题库战报交流区： http://bbs.hh010.com/forum-26http://bbs.hh010.com/forum-26http://bbs.hh010.com/forum-26http://bbs.hh010.com/forum-263333-1.html-1.html-1.html-1.html 1000100010001000 GGGG视频教程免费下载：http://bbs.hh010.com/forum-228-1.htmlhttp://bbs.hh010.com/forum-228-1.htmlhttp://bbs.hh010.com/forum-228-1.htmlhttp://bbs.hh010.com/forum-228-1.html AAAAAAAAAAAA Question:Question:Question:Question: Acme is a small shipping company that has an existing enterprise network comprised of 2 switches;DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 40 is a new VLAN that will be used to provide the shipping personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner: – Users connecting to ASW1’s port must be authenticate before they are given access to the network. Authentication is to be done via a Radius server: – Radius server host: 172.120.39.46 – Radius key: rad123 – Authentication should be implemented as close to the host device possible. – Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24. – Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20. – Packets from devices in any other address range should be dropped on VLAN 20. – Filtering should be implemented as close to the server farm as possible. The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features.b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com AnswerAnswerAnswerAnswer andandandand Explanation:Explanation:Explanation:Explanation: 1)configure ASW1 ASW1(config)#aaa new-model ASW1(config)#aaa authentication dot1x default group radius ASW1(config)#radius-server host 172.120.39.46 key rad123 ASW1(config)#dot1x system-auth-control ASW1(config)#interface fastEthernet 0/1 ASW1(config-if)#switchport mode access ASW1(config-if)#dot1x port-control auto ASW1(config-if)#exit ASW1#copy running-config startup-config 2) Configure DSW1: Define an access-list: DSW1(config)#ip access-list standard 10 DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255 DSW1(config-ext-nacl)#exit Define an access-map which uses the access-list above: DSW1(config)#vlan access-map MYACCMAP 10 DSW1(config-access-map)#match ip address 10 DSW1(config-access-map)#action forward DSW1(config-access-map)#exit DSW1(config)#vlan access-map MYACCMAP 20 DSW1(config-access-map)#action drop DSW1(config-access-map)#exit Apply a vlan-map into a vlan: DSW1(config)#vlan filter MYACCMAP vlan-list 20 DSW1#copy running-config startup-config 端口 f0/1一定要 up，启用 dotx时，命令缩写不恰当会报错。不要以为是系统的 bug。 请用完整命令配置或修改缩写长度到被系统接受。pacl一定要应用到 vlan20上。 MLSMLSMLSMLS andandandand EIGRPEIGRPEIGRPEIGRP simsimsimsim Question:Question:Question:Question: I am still not sure about the question but we need to configure the Multilayer Switch so that PCs from VLAN 2 and VLAN 3 can communicate with the Server. b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com AnswerAnswerAnswerAnswer andandandand ExplanationExplanationExplanationExplanation mls>enable mls# configure terminal mls(config)# int gi0/1 mls(config-if)#no switchport mls(config-if)# ip address 10.10.10.2 255.255.255.0 mls(config-if)# no shutdown mls(config-if)# exit mls(config)# int vlan 2 mls(config-if)# ip address 190.200.250.33 255.255.255.224 mls(config-if)# no shutdown mls(config-if)# int vlan 3 mls(config-if)# ip address 190.200.250.65 255.255.255.224 mls(config-if)# no shutdown mls(config-if)#exit mls(config)# ip routing mls(config)# router eigrp 650 mls(config-router)# network 10.10.10.0 0.0.0.255 mls(config-router)# network 190.200.250.32 0.0.0.31 mls(config-router)# network 190.200.250.64 0.0.0.31 b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com SpanningSpanningSpanningSpanning treetreetreetree Question:Question:Question:Question: Acme is a small export company that has an existing enterprise network comprised of 5 switches; CORE,DSW1,DSW2,ASW1 and ASW2. The topology diagram indicates their desired pre-VLAN spanning tree mapping. Previous configuration attempts have resulted in the following issues: – CORE should be the root bridge for VLAN 20; however, DSW1 is currently the root bridge for VLAN 20. – Traffic for VLAN 30 should be forwarding over the gig 1/0/6 trunk port between DSW1 and DSW2. However VLAN 30 is currently using gig 1/0/5. – Traffic for VLAN 40 should be forwarding over the gig 1/0/5 trunk port between DSW1 and DSW2. However VLAN 40 is currently using gig 1/0/6. You have been tasked with isolating the cause of these issuer and implementing the appropriate solutions. You task is complicated by the fact that you only have full access to DSW1, with isolating the cause of these issues and implementing the appropriate solutions. Your task is complicated by the fact that you only have full access to DSW1, with the enable secret password cisco. Only limited show command access is provided on CORE, and DSW2 using the enable 2 level with a password of acme. No configuration changes will be possible on these routers. No access is provided to ASW1 or ASW2.b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com AnswerAnswerAnswerAnswer andandandand Explanation:Explanation:Explanation:Explanation: DSW1>enable DSW1#show spanning-tree DSW1#configure terminal DSW1(config)#spanning-tree vlan 20 priority 61440 将 DSW1的优先级调高，让 CORE成为 root DSW1(config)#interface g1/0/6 DSW1(config-if)#spanning-tree vlan 30 port-priority 64 DSW1(config-if)#exit DSW1(config)#interface g1/0/5 DSW1(config-if)#spanning-tree vlan 40 cost 1 b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com DSW1(config-if)#end DSW1#show spanning-tree Save the configuration: DSW1#copy running-config startup-config VTP lab Question:Question:Question:Question: The headquarter offices for a book retailer are enhancing their wiring closets with Layer3 switches. The new distribution-layer switch has been installed and a new access-layer switch cabled to it. Your task is to configure VTP to share VLAN information from the distribution-layer switch to the access-layer devices. Then, it is necessary to configure interVLAN routing on the distribution layer switch to route traffic between the different VLANs that are configured on the access-layer switches; however, it is not necessary for you to make the specific VLAN port assignments on the access-layer switches. Also, because VLAN database mode is being deprecated by Cisco, all VLAN and VTP configurations are to be completed in the global configuration mode. Please reference the following table for the VTP and VLAN information to be configured: Requirements:Requirements:Requirements:Requirements: b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com VTP Domain name cisco VLAN Ids 20 21 IP Addresses 172.16.71.1/24 172.16.132.1/24 These are your specific tasks: 1. Configure the VTP information with the distribution layer switch as the VTP server 2. Configure the VTP information with the access layer switch as a VTP client 3. Configure VLANs on the distribution layer switch 4. Configure inter-VLAN routing on the distribution layer switch 5. Specific VLAN port assignments will be made as users are added to the access layer switches in the future. 6. All VLANs and VTP configurations are to completed in the global configuration. To configure the switch click on the host icon that is connected to the switch be way of a serial console cable. DLSwitch#configure terminal DLSwitch(config)#vtp mode server DLSwitch(config)#vtp domain cisco (use cisco, not CISCO because it is case sensitive) (Requirement 2 will be solved later) 3)3)3)3) ConfigureConfigureConfigureConfigure VLANsVLANsVLANsVLANs onononon thethethethe distributiondistributiondistributiondistribution layerlayerlayerlayer switchswitchswitchswitch To create VLANs on a switch, use the vlan vlanID# command: DLSwitch(config)#vlan 20 DLSwitch(config)#vlan 21 ConfigureConfigureConfigureConfigure IpIpIpIp addressesaddressesaddressesaddresses forforforfor Vlans:Vlans:Vlans:Vlans: DLSwitch(config)#interface vlan 20 DLSwitch(if-config)#ip address 172.16.71.1 255.255.255.0 DLSwitch(if-config)#no shutdown DLSwitch(if-config)#interface vlan 21 DLSwitch(if-config)#ip address 172.16.132.1 255.255.255.0 DLSwitch(if-config)#no shutdown DLSwitch(if-config)#exit 4)4)4)4) ConfigureConfigureConfigureConfigure inter-VLANinter-VLANinter-VLANinter-VLAN routingroutingroutingrouting onononon thethethethe distributiondistributiondistributiondistribution layerlayerlayerlayer switchswitchswitchswitch DLSwitch(config)#ip routing DLSwitch(config)#exit DLSwitch#copy running-config startup-config 2)2)2)2) ConfigureConfigureConfigureConfigure thethethethe VTPVTPVTPVTP informationinformationinformationinformation withwithwithwith thethethethe accessaccessaccessaccess layerlayerlayerlayer switchswitchswitchswitch asasasas aaaa VTPVTPVTPVTP clientclientclientclient ALSwitch#configure terminal ALSwitch(config)#vtp mode client ALSwitch(config)#vtp domain cisco ALSwitch(config)#exit ALSwitch#copy running-config startup-config b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com STP Question:Question:Question:Question: The headquarter office for a cement manufacturer is installing a temporary Catalyst 3550 in an IDF to connect 24 additional users. To prevent network corruption, it is important to have the correct configuration prior to connecting to the production network. It will be necessary to ensure that the switch does not participate in VTP but forwards VTP advertisements that are received on trunk ports. Because of errors that have been experienced on office computers, all nontrunking interfaces should transition immediately to the forwarding state of Spanning tree. Also, configure the user ports (all FastEthernet ports) so that the ports are permanently nontrunking. Requirements:Requirements:Requirements:Requirements: You will configure FastEthernet ports 0/12 through 0/24 for users who belong to VLAN 20. Also, all VLAN and VTP configurations are to be completed in global configuration mode as VLAN database mode is being deprecated by Cisco. You are required to accomplish the following tasks: 1. Ensure the switch does not participate in VTP but forwards VTP advertisements received on trunk ports. 2. Ensure all non-trunking interfaces (Fa0/1 to Fa0/24) transition immediately to the forwarding state of Spanning-Tree. 3. Ensure all FastEthernet interfaces are in a permanent non-trunking mode. 4. Place FastEthernet interfaces 0/12 through 0/24 in VLAN 20. Switch>enable Switch#configure terminal b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com Switch(config)#interface range fa0/1 – 24 Switch(config-if-range)#switchport mode access Switch(config-if-range)#spanning-tree portfast Next, we need to assign FastEthernet ports 0/12 through 0/24 to VLAN 20. By default, all ports on the switch are in VLAN 1. To change the VLAN associated with a port, you need to go to each interface (or a range of interfaces) and tell it which VLAN to be a part of. Switch(config-if-range)#interface range fa0/12 – 24 Switch(config-if-range)#switchport access vlan 20 Switch(config-if-range)#exit Switch(config)#vtp mode transparent Switch(config)#exit Switch#copy running-config startup-config LACPLACPLACPLACP withwithwithwith STPSTPSTPSTP QuestionQuestionQuestionQuestion (not sure about the requirement, I will try to update soon!) Each of these vlans has one host each on its port SVI on vlan 1 – ip 192.168.1.11 with snm Switch B – Ports 3, 4 connected to ports 3 and 4 on Switch A Port 15 connected to Port on Router. b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com Tasks to do 1. Use non proprietary mode of aggregation with Switch B being the initiator — Assumed use LACP with B being in Active mode 2. Use non proprietary trunking and no negotiation — Assumed use switchport mode trunk and switchport trunk encapsulation dot1q 3. Restrict only to vlans needed — Assumed either vtp pruning or allowed vlan list. vtp pruning command did not seem to work on the simulator so landed using allowed vlan list 4. SVI on vlan 1 with some ip and subnet given 5. Configure switch A so that nodes other side of Router C are accessible — Assumed this to mean that on switch A default gatway has to be configured. 6. Make switch B the root — Could not get this to work. Exam hung when I tried the command spanning-tree vlan 1,21-23 priority 4096 So passed on this configuration. Anyone else got this correct Answer and Explanation: Switch B conf t vlan 21 name RDT vlan 22 name SST vlan 23 name TST vlan 99 name TrunkNative b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com int range fa0/9 – 10 switchport mode access switchport access vlan21 spanning-tree portfast no shut exit int range fa0/13 – 14 switchport mode access swicthport access vlan22 spanning-tree portfast no shut exit int range fa0/15 – 16 switchport mode access switchport access vlan23 spanning-tree portfast no shut exit int vlan1 ip address 192.168.1.11 no shut ip default-gateway 192.168.1.10 exit spanning-tree vlans 1,21-23,99 priority 61440 int range fa0/3 – 4 switchport trunk encapsulation dot1Q switchport mode trunk switchport trunk allowed vlan 1,21-23 switchport trunk native vlan 99 channel-protocol lacp channel group 1 mode passive no shut int port-channel 1 no shut switchport trunk native vlan 99 no shut Switch A conf t vlan 21 name RDT vlan 22 name SST b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com vlan 23 name TST vlan 99 name native vlan int range fa0/3 -4 no switchport access vlan 98 switchport mode trunk switchport trunk allowed vlan 1,21-23,99 switchport trunk native vlan 99 channel-protocol lacp channel-group 1 mode active int port-channel 1 no shut switchport trunk native vlan 99 copy run start 最近813中的 LACP实验有部分变化 1) Distribution Switch (SwitchB) 1) Do not change VTP and STP settings 2) Switch needs to be spanning-tree root for VLAN 11-13,21-23. Other VLAN’s can have default STP priority 3) VLAN’s allowed on the trunk are 1,21-23 Access Switch (SwitchA) 1) STP and VTP settings should be identical to SwitchB 2) Configure VLAN’s as per diagram 3) VLAN 1,21-23 needs to be tagged when traversing the link 4) No routing needed on SwitchA 5) VLAN 1 needs to be configured with IP – 192.168.1.11/24 Answer and Explanation: 真实考试环境中接入层交换机与汇聚层交换机位置是颠倒的 SwitchB#show cdp neighbors detail —> Get the IP address of the Router (needed to ping at the end-192.168.1.1) SwitchB#show vtp status —>Write down the VTP mode (was set to Transparent) SwitchB#show spanning-tree —>Write down the STP mode (was set to RSTP) b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com SwitchB#show vlan —> Check if any VLAN is assigned to FastEthernet 0/3 and 0/4 (VLAN 98 was assigned) SwitchB#show vlan —>Check whats the native VLAN (can be identified by the name “TrunkNative”, VLAN 99) SwitchB(config)#vlan 21 SwitchB(config-vlan)#name Marketing SwitchB(config)#vlan 22 SwitchB(config-vlan)#name Sales SwitchB(config)#vlan 23 SwitchB(config-vlan)#name Engineering SwitchB(config)#spanning-tree vlan 11-13,21-23 root primary ***This completes VLAN configuration*** SwitchB(config)#int range fa0/3 – 4 –> Make sure you put a space between “3 – 4″ for it to accept the command SwitchB(config-int-range)#no shutdown（这步一定要最后打，要不然会一直报错，直到 交换机 A的配置完成报错才会停止） SwitchB(config-int-range)#no switchport access vlan 98 —> remove VLAN 98 SwitchB(config-int-range)#switchport mode trunk SwitchB(config-int-range)#switchport trunk encapsulation dot1q —> System might not accept this command, but type it anyway SwitchB(config-int-range)#switchport trunk native vlan 99 SwitchB(config-int-range)#switchport trunk allowed vlan 1,21-23 SwitchB(config-int-range)#channel-protocol lacp SwitchB(config-int-range)#channel-group 1 mode active –> Distribution switch needs to be ACTIVE SwitchB(config-int-range)#exit SwitchB(config-if)#int port-channel 1 SwitchB(config-if)#switchport mode trunk —> System might not accept this command, but type it anyway SwitchB(config-if)#switchport trunk encapsulation dot1q SwitchB(config-if)#switchport trunk native vlan 99 SwitchB(config-if)#switchport trunk allowed vlan 1,21-23 ***This complete’s Etherchannel configuration*** Move on to SwitchA (Access Switch) SwitchA#show vlan —> check if any of the required VLAN’s are pre-configured (Need to configure 21-23,99) SwitchA#show vtp status —> Check VTP mode of switch (Switch is in Server mode, need to change to Transparent) SwitchA#show spanning-tree —> Check STP mode (Change to RSTP)（考试时无法修 改，查看模式为 IEEE） SwitchA(config)#vtp mode transparent SwitchA(config)#spanning-tree mode rstp ***This complete’s STP and VTP configuration*** SwitchA(config)#vlan 21 b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com SwitchA(config-vlan)#name Marketing (This are the actual Vlan names I got on my test) SwitchA(config)#vlan 22 SwitchA(config-vlan)#name Sales SwitchA(config)#vlan 23 SwitchA(config-vlan)#name Engineering SwitchA(config)#vlan 99 SwitchA(config-vlan)#name TrunkNative ***This completes VLAN configuration*** SwitchA(config)#int range fa 0/9 – 10 SwitchA(config-int-range)#switchport mode access SwitchA(config-int-range)#switchport access vlan 21（考试时都要打两次命令才能进入） SwitchA(config-int-range)#spanning-tree portfast SwitchA(config-int-range)#no shutdown SwitchA(config)#int range fa 0/13 – 14 SwitchA(config-int-range)#switchport mode access SwitchA(config-int-range)#switchport access vlan 22 SwitchA(config-int-range)# spanning-tree portfast SwitchA(config-int-range)#no shutdown SwitchA(config)#int range fa 0/15 – 16 SwitchA(config-int-range)#switchport mode access SwitchA(config-int-range)#switchport access vlan 23 SwitchA(config-int-range)# spanning-tree portfast SwitchA(config-int-range)#no shutdown SwitchA(config)#int vlan 1 SwitchA(config-if)#ip address 192.168.1.11 255.255.255.0 SwitchA(config)#ip default-gateway 192.1.68.1.1 —> You shouldn’t require this command, but i typed it anyway ***This completes access ports configuration*** SwitchA(config)#int range fa0/3 – 4 SwitchA(config-int-range)#no shutdown SwitchA(config-int-range)#switchport mode trunk SwitchA(config-int-range)#switchport trunk encapsulation dot1q SwitchA(config-int-range)#switchport trunk native vlan 99 SwitchA(config-int-range)#switchport trunk allowed vlan 1,21-23 SwitchA(config-int-range)#channel-protocol lacp SwitchA(config-int-range)#channel-group 1 mode passive –> Access switch needs to be PASSIVE SwitchA(config-int-range)#exit SwitchA(config-if)#int port-channel 1 SwitchA(config-if)#switchport mode trunk —> System might not accept this command, but type it anyway SwitchA(config-if)#switchport trunk encapsulation dot1q b b s .h h 01 0. c o m ???????YY??：3660 ????：bbs.hh010.com SwitchA(config-if)#switchport trunk native vlan 99 SwitchA(config-if)#switchport trunk allowed vlan 1,21-23 ***This complete’s Etherchannel configuration*** SwitchA#ping 192.168.1.1 最后别忘了保存 b b s .h h 01 0.