Startup, Entrepreneurship and Certification. You will also find the trending articles

2010
Twitter Facebook

Cisco Certified Network Associate - CCNA Labs
Network Engineering

(Updated from real CCNA exam on 19-Feb-2009)
Question:
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This does not require any configuration.
To answer the multiple-choice questions, click on the numbered boxes in the right panel.
There are five multiple-choice questions with this task. Be sure to answer all five questions before leaving this item.
ccna_vtp_sim_question
-->Notice: All the images in this VTP LAB are used for demonstration only, you will see slightly different images in the real CCNA exam
Question 1:

What interface did Sw-AC3 associate with source MAC address 0010.5a0c.ffba ?
a) Fa0/1
b) Fa0/3
c) Fa0/6
d) Fa0/8
e) Fa0/9
f) Fa0/12
Answer: Fa 0/8
Explanation: to find out which interface associated with a given MAC address, use the show mac-address-table command. It shows the learned MAC addresses and their associated interfaces. After entering this command, you will see a MAC address table like this:
ccna_vtp_sim_answer_1
From this table we can figure out that the MAC address 0010.5a0c.ffba is associated with interface Fa0/8
Question 2:
What ports on Sw-AC3 are operating has trunks (choose three)?
a) Fa0/1
b) Fa0/3
c) Fa0/4
d) Fa0/6
e) Fa0/9
f) Fa0/12
Answer: Fa0/3, Fa0/9 and Fa0/12
Explanation: Use the show interface trunk command to determine the trunking status of a link and VLAN status. This command lists port, its mode, encapsulation and whether it is trunking. The image below shows how it works:
ccna_vtp_sim_answer_2
(This image is used for demonstration only)
Question 3:

What kind of router is VLAN-R1?
a) 1720
b) 1841
c) 2611
d) 2620
Answer: 2620
Explanation: VLAN-R1 is the router directly connected to Sw-Ac3 switch, so we can use the show cdp neighbors command to see:
1. Neighbor Device ID : The name of the neighbor device;
2. Local Interface : The interface to which this neighbor is heard
3. Capability: Capability of this neighboring device - R for router, S for switch, H for Host etc.
4. Platform: Which type of device the neighbor is
5. Port ID: The interface of the remote neighbor you receive CDP information
6. Holdtime: Decremental hold time in seconds
Sample output of show cdp neighbors command:
ccna_vtp_sim_answer_3_2
One thing I want to notice you is "Local Intrfce" in the image above refers to the local interface on the device you are running the "show cdp neighbors" command
Question 4: Which switch is the root bridge for VLAN 1?
Answer: Sw-DS1
Explanation: First we use the show spanning-tree vlan 1 to view the spanning-tree information of VLAN 1
ccna_vtp_sim_answer_4
From the "Cost 19", we learn that the root switch is directly connected to the Sw-Ac3 switch over a 100Mbps Ethernet link
Notice that if you see all of the interface roles are Desg (designated) then you can confirm Sw-Ac3 switch is the root bridge for this VLAN (VLAN 1).
If you see there is at least one Root port in the interface roles then you can confirm Sw-Ac3 is not the root bridge because root bridge does not have root port. In this case, we notice that the root port on Sw-Ac3 switch is FastEthernet0/12, so we have to figure out which switch is associated with this port -> it is the root bridge. You can verify it with the show cdp neighbors command:
ccna_vtp_sim_answer_4_2
The "Local Intrfce" column refers to the interface on the switch running "show cdp neighbors" command. In this case, Sw-DS1 is associated with interface FastEthernet0/12 -> Sw-DS1 is the root bridge
Question 5: What address should be configured as the default-gateway for the host connected to interface fa 0/4 of SW-Ac3?
Answer: 192.168.44.254
Explanation:
First we have to identify which VLAN interface Fa0/4 belongs to by the show vlan command
ccna_vtp_sim_answer_4_show_vlan
From the exhibit we know that VLAN 44 is configured on router using sub-interface Fa0/0.44 with IP address 192.168.44.254/24
ccna_vtp_sim_answer_4_part_exhibit
Therefore the default gateway of the host should be 192.168.44.254
Question 6: From which switch did Sw-Ac3 receive VLAN information ?
Answer: Sw-AC2
Explanation: to view the VTP configuration information, use the show vtp status command
ccna_vtp_sim_answer_4_show_vtp_status
So we knew Sw-Ac3 received VLAN information from 163.5.8.3 (notice:the IP address may be different). Finally we use the show cdp neighbors detail to find out who 163.5.8.3 is:
ccna_vtp_sim_answer_4_show_cdp_neighbors_detail

Question 7: Refer to the exibit, SwX was taken out of the production network for maintenance. It will be reconnected to the Fa 0/16 port of Sw-Ac3. What happens to the network when it is reconnected and a trunk exists between the two switches?
ccna_vtp_sim_answer_7_new_switch
A - All VLANs except the default VLAN win be removed from all switches
B - All existing switches will have the students, admin, faculty, Servers, Management, Production, and no-where VLANs
C - The VLANs Servers, Management, Production and no-where will replace the VLANs on SwX
D - The VLANs Servers, Management, Production and no-where will be removed from existing switches
Answer and Explanation:
First we should view the VTP configuration of switch Sw-Ac3 by using the show vtp status command on Sw-Ac3
ccna_vtp_sim_answer_7_new_switch_answer_2
Notice that its configuration revision number is 5 and VTP Domain Name is home-office
Next, from the exhibit we know that SwX has a revision number of 6, which is greater than that of Sw-Ac3 switch, and both of them have same VTP Domain Name called "home-office".
ccna_vtp_sim_answer_7_new_switch_answer_1
Therefore SwX will replace vlan information on other switches with its own information. We should check vlan information of Sw-Ac3 switch with show vlan command
ccna_vtp_sim_answer_7_new_switch_answer_3
So the correct answer is D - The VLANs Servers, Management, Production and no-where will be removed from existing switches
Please remember that in the real CCNA exam you may see a different configuration revision of Sw-Ac3 or of SwX. In general, which switch has a higher revision number it will become the updater and other switches will overwrite their current databases with the new information received from the updater (provided that they are on the same domain and that switch is not in transparent mode)
Question 8:
Out of which ports will a frame be forwarded that has source mac-address 0010.5a0c.fd86 and destination mac-address 000a.8a47.e612? (Choose three)
A - Fa0/8
B - Fa0/3
C - Fa0/1
D - Fa0/12

Answer: B C D
Explanation:
First we check to see which ports the source mac-address and the destination mac-address belong to by using show mac-address-table command
ccna_vtp_sim_answer_8_1
We notice that the source mac-address 0010.5a0c.fd86 is listed in the table and it belongs to Vlan 33 but we can't find the destination mac-address 000a.8a47.e612 in this table. In this case, the switch will flood to all ports of Vlan 33 and flood to all the trunk links, except the port it received this frame (port Fa0/6). Therefore from the output above, we can figure out it will flood this frame to Fa0/1, Fa0/3 and Fa0/12.
Please notice that the "show mac-address-table" command just lists information that was learned by the switch, it means that there can be other ports besides Fa0/1, Fa0/3 and Fa0/12 belong to Vlan 33. You can use the show vlan command to see which ports belong to vlan 33
ccna_vtp_sim_answer_8_2
And we found other ports which belong to vlan 33, they are Fa0/2, Fa0/5 and Fa0/7. Our switch will flood the frame to these ports, too.
And we can check which trunk ports will receive this frame by the show interface trunk command
ccna_vtp_sim_answer_8_3
-> Port Fa0/9 will also receive this frame!
Question 9:
If one of the host connected to Sw-AC3 wants to send something for the ip 190.0.2.5 (or any ip that is not on the same subnet) what will be the destination MAC address
Answer and Explanation:
Because the destination address is not on the same subnet with the switch, it will forward the packet to its default gateway. So we have to find out who is the default gateway of this switch by using the show running-config command
ccna_vtp_sim_answer_9_1
From the output, we notice that its default-gateway is 192.168.1.254. In fact, we can easily guess that its default gateway should be a layer 3 device like a router; and in this case, the VLAN-R1 router. To verify our theory, use the show cdp neighbor detail command and focus on the description of VLAN-R1 router
ccna_vtp_sim_answer_9_2
From this output, we can confirm the switch's default gateway is VLAN-R1 router (with the IP address of 192.168.1.254). And "the interface: FastEthernet0/3" tells us that the switch is connected to VLAN-R1 router through Fa0/3 port (Fa0/3 is the port on the switch).
Finally we just need to use the show mac-address-table command to find out which MAC address is associated with this interface
ccna_vtp_sim_answer_9_3
(Notice that in the real CCNA exam the MAC address or port may be different)
And we find out the corresponding MAC address is 000a.b7e9.8360. Although there are some entries of port Fa0/3 with different Vlan but they have the same MAC address

April 20, 2010
Twitter Facebook

Cisco Certified Network Associate - CCNA Labs
Network Engineering

(Updated from real CCNA exam on 19-Feb-2009)
Question:
To configure the router (R2-RC) click on the console host icon that is connected to a router by a serial console cable (shown in the diagram as a dashed black line)
ccna__configuration_sim_lab_4
Central Florida Widgets recently installed a new router in their office. Complete the network installation by performing the initial router configurations and configuring RIPV2 routing using the router command line interface (CLI) on the R2-RC.
Name of the router is R2-RC
Enable-secret password is cisco1
The password to access user EXEC mode using the console is cisco2
The password to allow telnet access to the router is cisco3
IPV4 addresses must be configured as follows:
Ethernet network 209.165.202.128/27 - router has last assignable host address in subnet
Serial network is 192.0.2.16/28 - router has last assignable host address in the subnet. Interfaces should be enabled.
Router protocol is RIP V2
Attention :
In practical examinations, please note the following, the actual information will prevail.
s1. Name of the router is xxx
2. Enable-secret password is xxx
3. Password to access user EXEC mode using the console is xxx
4. The password to allow telnet access to the router is xxx
5. IP information
Solution:
-->1) Name the router:
Router>enable
Router#configure terminal
Router(config)#hostname R2-RC
2) Set secret password:
R2-RC(config)# enable secret cisco1
3) Set password for the console:
R2-RC(config)#line console 0
R2-RC(config-line)#password cisco2
R2-RC(config-line)#login
R2-RC(config-line)#exit
4) Set the Telnet password:
R2-RC(config)#line vty 0 4
R2-RC(config-line)#password cisco3
R2-RC(config-line)#login
R2-RC(config-line)#exit
5) Assign IP address for Ethernet interface (Fa0/0):
The Ethernet network 209.165.202.128/27 has:
Increment:32 (/27 = 255.255.255.224 or 1111 1111.1111 1111.1111 1111.1110 0000)
Network address: 209.165.202.128
Broadcast address: 209.165.202.159 (because 128 + 32 - 1 = 159)
Therefore the last assignable host address in this subnet is 209.165.202.158 and we will assign it to Fa0/0 interface with these commands:
R2-RC(config)# interface fa0/0
R2-RC(config-if)#ip address 209.165.202.158 255.255.255.224
R2-RC(config-if)#no shutdown
R2-RC(config-if)#exit
6) Assign IP address for Serial interface (S0/0/0):
Serial network 192.0.2.16/28 has:
Increment:16 (/28 = 255.255.255.240 or 1111 1111.1111 1111.1111 1111.1111 0000)
Network address: 192.0.2.16
Broadcast address: 192.0.2.31 (because 16 + 16 - 1 = 31)
So the last assignable host address in this subnet is 192.0.2.30. Finally we assign it to s0/0/0 interface:
R2-RC(config)# interface s0/0/0
R2-RC(config-if)#ip address 192.0.2.30 255.255.255.240
R2-RC(config-if)#no shutdown
R2-RC(config-if)#exit
7) Configure RIP v2 routing protocol:
R2-RC(config)#router rip
R2-RC(config-router)#version 2
R2-RC(config-router)#network 209.165.202.128
R2-RC(config-router)#network 192.0.2.16
R2-RC(config-router)#end
R2-RC#copy running-config startup-config

April 20, 2010
Twitter Facebook

Cisco Certified Network Associate - CCNA Labs
Network Engineering

(Updated from real CCNA exam on 07-March-2009)
Question:
accesslist_sim
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U.
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 ...
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
-->Answer and Explanation:
sFor this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
accesslist_sim_showrun1
accesslist_sim_showrun2
accesslist_sim_showrun3
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A - Correctly assign an IP address to interface fa0/1
B - Change the ip access-group command on fa0/0 from "in" to "out"
C - Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D - Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E - Remove access-group 106 in from interface fa0/0 and add access-group 104 in

Answer: E

Explanation:
Let's have a look at the access list 104:
accesslist_sim_answer1
The question does not ask about ftp traffic so we don't care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line "access-list 104 deny icmp any any echo-reply" will not affect our icmp traffic because the "echo-reply" message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A - Attempts to telnet to the router would fail
B - It would allow all traffic from the 10.4.4.0 network
C - IP traffic would be passed through the interface but TCP and UDP traffic would not
D - Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface

Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A - No host could connect to Router through s0/0/1
B - Telnet and ping would work but routing updates would fail.
C - FTP, FTP-DATA, echo, and www would work but telnet would fail
D - Only traffic from the 10.4.4.0 network would pass through the interface

Answer: A
Explanation:
First let's see what was configured on interface S0/0/1:
accesslist_sim_answer3
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!

April 20, 2010
Twitter Facebook

Cisco Certified Network Associate - CCNA Labs
Network Engineering

Updated from latest CCNA exam (updated 08-26-2008)
-->Question:
ccna_nat_sim_lab_3
You work as a network technician at 9tut.com. Study the exhibit carefully. You are required to perform configurations to enable Internet access. The Router ISP has given you six public IP addresses in the 198.18.32.65 198.18.32.70/29 range.
9tut.com has 62 clients that needs to have simultaneous internet access. These local hosts use private IP addresses in the 192.168.6.65 - 192.168.6.126/26 range.
You need to configure Router1 using the PC1 console.
You have already made basic router configuration. You have also configured the appropriate NAT interfaces; NAT inside and NAT outside respectively.
Now you are required to finish the configuration of Router1.
Solution:
The company has 62 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.32.65 to 198.18.32.70/29 => we have to use NAT overload (or PAT)
Double click on PC1 to access Router1's command line interface
Router1>enable
Router1#configure terminal
Create a NAT pool of global addresses to be allocated with their netmask (notice that /29 = 248)
sss
Router1(config)#ip nat pool mypool 198.18.32.65 198.18.32.70 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Router1(config)#access-list 1 permit 192.168.6.64 0.0.0.63

Establish dynamic source translation, specifying the access list that was defined in the prior step
Router1(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.6.65 to 192.168.6.126, into an address from the pool named mypool (the pool contains addresses from 198.18.32.65 to 198.18.32.70)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Router1(config)#interface fa0/0
Router1(config-if)#ip nat inside
Router1(config-if)#exit
Router1(config)#interface s0/0
Router1(config-if)#ip nat outside

Before leaving Router1, you should save the configuration:
Router1(config)#end (or Router1(config-if)#end)
Router1#copy running-config startup-config
Check your configuration by going to PC2 and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114

April 20, 2010
Twitter Facebook

Cisco Certified Network Associate - CCNA Labs
Network Engineering

Here you will find answers to SIMULATION Questions
Question:
A network associate is configuring a router for the weaver company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.
The following have already been configured on the router:
- The basic router configuration
- The appropriate interfaces have been configured for NAT inside and NAT outside
- The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.)
- All passwords have been temporarily set to "cisco"
ccna_nat_sim_lab1
ccna_nat_sim_lab2
Solution:
-->The company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT)
Double click on the Weaver router to open it
Router>enable
Router#configure terminal

First you should change the router's name to Weaver
Router(config)#hostname Weaver
Create a NAT pool of global addresses to be allocated with their netmask.

Weaver(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Create a standard access control list that permits the addresses that are to be translated
Weaver(config)#access-list 1 permit 192.168.100.16 0.0.0.15

Establish dynamic source translation, specifying the access list that was defined in the prior step
Weaver(config)#ip nat inside source list 1 pool mypool overload
This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110)
Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements.
This is how to configure the NAT inside and NAT outside, just for your understanding:
Weaver(config)#interface fa0/0
Weaver(config-if)#ip nat inside
Weaver(config-if)#exit
Weaver(config)#interface s0/0
Weaver(config-if)#ip nat outside
Weaver(config-if)#end
Finally, we should save all your work with the following command:
Weaver#copy running-config startup-config

Check your configuration by going to "Host for testing" and type:
C:\>ping 192.0.2.114
The ping should work well and you will be replied from 192.0.2.114

April 20, 2010

Mr.16x9 blog

Contact Form

Name

Email *

Message *

Theme images by Jason Morrow. Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget