you work as a network administrator at testking.com....
TRANSCRIPT
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
1
1
You work as a network administrator at TestKing.com. You are configuring a
router to provide Internet access. The ISP has provided TestKing.com with six
public IP addresses of 198.18.158.97, 198.18.158.97, 198.18.158.98, 198.18.158.99,
198.18.158.100, 198.18.158.101, and 198.18.158.102. TestKing.com has 62 hosts that
need access to the Internet simultaneously. The hosts in the TestKing.com LAN have
been assigned private space addresses in the range of 192.168.98.65 - 192.168.98.126.
The following have already been configured on the router:
1. The basic router configuration
2. The appropriate interfaces have been configured for NAT inside an NAT outside.
3. The appropriate static routes have also been configured (since the company will
be a stub network, no routing protocol will be required) 4. All passwords have been temporarily set to "testking"
The task is to complete the NAT configuration using all IP addresses assigned by the
ISP to provide Internet access to the hosts in the TestKing1 LAN. Functionality can
be tested by clicking on the host provided for testing.
Configuration information:
Router name: TestKing1
inside global addresses: 198.18.158.97 198.18.158.102/29
inside local addresses: 192.168.98.65 - 192.168.98.126/26
Number of inside hosts: 62
inside local addresses: 192.168.2.33 - 192.168.2.62/27
Number of inside hosts: 30
TestKing1>enable
TestKing1# configure terminal
TestKing1(config)# ip nat pool testking 198.18.169.121
198.18.169.126 netmask 255.255.255.248
TestKing1(config)# ip nat inside source list 1 pool
testking overload
TestKing1(config)# ip access-list 1 permit
192.168.2.33 0.0.0.31 Variation #2:
Router name: TestKing1
inside global addresses: 198.18.169.121 198.18.169.126/29
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
password: testking
Simulation.
Answer:
Explanation: TestKing1(config)#ip nat inside source list 1 pool nat-pool overload
TestKing1(config)#access-list 1 permit 192.168.98.64 0.0.0.63
TestKing1(config)#ip nat pool nat-pool 198.18.158.97 198.18.158.102 netmask 255.255.255.248
TestKing1(config)#int e0
TestKing1(config-if)#ip nat inside
TestKing1(config-if)#exit
TestKing1(config)#int s0
TestKing1(config-if)#ip nat outside
TestKing1(config-if)#end
TestKing1#copy run start
Previously the ip nat pool nat-pool was configured with /26 which is 255.255.255.192
which is incorrect because we are configuring inside global and it's /29 which is
255.255.255.248.
Note:
Variation #1:
Router name: TestKing1
inside global addresses: 198.18.32.217 192.18.32.222/29
inside local addresses: 192.168.57.33 - 192.168.57.62/27
Number of inside hosts: 30
TestKing1>enable
TestKing1# configure terminal
TestKing1(config)# ip nat pool testking 198.18.32.217
198.18.32.222 netmask 255.255.255.248
TestKing1(config)# ip nat inside source list 1 pool
testking overload
TestKing1(config)# ip access-list 1 permit
192.168.57.33 0.0.0.31
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
You work as a network technician at TestKing.com. A new switch named TestKing2 is
being added to TestKing.com LAN. You will work to complete this process by
first configuring the TestKing2 switch with IP address and default gateway. For the
switch host address you should use the first available IP address on the management
subnet. In addition, the switch needs o be configure to be in the same VTP domain
as the TestKing1 switch, and also needs to be configured as a VTP client.
Assume that the IP configuration and VTP configuration or completed and
working.
You must accomplish the following-
1. Determine and configure the IP host address of the new switch
2. Determine and configure the default gateway of the switch
3. Determine and configure the correct VTP domain name for the new switch
4. Configure the new switch as a VTP Client
Answer: Step 1: Determine & Configure the IP hot address for the New switch
TestKing2 (config-line)# interface vlan 1
TestKing2 (config-line)# ip address A.D.C.D 255.255.255.0
TestKing2 (config-line)# no shutdown
Step 2: Configure the default gateway
TestKing2 (config)# ip default-gateway A.B.C.D
Step 3 & 4: Configure the TestKing 2 switch as VTP Client and configure the correct
VTP domain
TestKing2 (config)# vtp mode client
TestKing2 (config-line)# vtp domain TestKing
TestKing2 (config-line)# vtp password testking
TestKing2 (config-line)# vtp pruning
Explanation: Even though we don't have enough information to deduce the IP address but at least we know
the step by step procedure to configure the switch TestKing 2
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
QUESTION NO: 14 SIMULATION
You are the administrator of the TestKing network which is composed of three
routers connected together via a WAN as shown in the diagram. Your assignment is
to configure and apply an access control list that will block telnet access to the
TestKing1 router without inhibiting all other traffic. The access list won't need
more then 3 statements and it should be applied to the TestKing3 router. The three
routers are already connected and configured as follows:
* The routers are named: TestKing1, TestKing2, and TestKing3 respectively.
* All three of them are using RIP as the routing protocol.
* The serial 0 interfaces are providing clocking.
* The default subnet mask is used on every interface.
* The IP addresses and passwords are listed below.
TestKing1
E0 192.168.1.1
S0 192.168.118.1
Secret password: testking
TestKing2
E0 192.168.121.1
S0 192.168.5.1
S1 192.168.118.2
Secret password: testking
TestKing3
E0 192.168.134.1
S1 192.168.5.2
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
To configure the router click on the host icon that is connected to a router by a
serial console cable.
Answer:
Explanation: TestKing3>enable
:password TestKing3#show access-lists (** redundant **)
TestKing3#config t
.Enter configuration commands, one per line. End with END
TestKing3(config)#access-list 101 deny tcp any 192.168.1.1 0.0.0.0 eq 23
TestKing3(config)#access-list 101 deny tcp any 192.168.118.0 0.0.0.0 eq 23
TestKing3(config)#access-list 101 permit ip any any
TestKing3(config)#interface Ethernet 0
TestKing3(config-if)#ip access-group 101 in
TestKing3(config-if)#exit
TestKing3(config)#interface serial 0
TestKing3(config-if)#ip access-group 101 in
TestKing3(config-if)#<CTRL-Z
TestKing3#copy running-config startup-config
You should deny access to telnet to the tesking1 router and the access list should be
applied in testking3 router (if the wording is correct). The destination addresses of
TestKing1, namely 192.181.1.1 0.0.0.0 and 192.168.118.0, should be used.
QUESTION NO: 18 SIMULATION
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
You work as a network engineer at TestKing.com. Three TestKing stores have
established network connectivity. The routers are named TestKing1, TestKing2, and
TestKing3. The manager at the TestKing site, Tess King, has decided to deny the
ability of anyone from any other network to connect to the TestKing3 router with
the ping command. Implment an access list on the TestKing3 router to deny this
detection but allow all other types of traffic to pass. The access list should contain no
more than three statements. The routers have been configured with the following
specifications:
* The routers are named TestKing1, TestKing2, and TestKing3.
* RIP is the routing protocol.
* Clocking signal is provided on the serial 0 interfaces.
* The password on each router is "testking".
* The subnet mask on all interfaces is the default mask.
* The IP addresses are listed in the chart below.
TestKing1
E0 192.168.49.1
S0 192.168.51.1.
TestKing2
E0 192.168.53.1
S0 192.168.55.1
S1 192.168.51.2
TestKing3
E0 192.168.57.1
S1 192.168.55.2
To configure the router click on the host icon that is connected to a router by a
serial console cable.
Answer: Explanation:
Click on Host 6 to connect to and configure TestKing3. configure terminal
access-list 101 deny icmp any 192.168.57.1 0.0.0.0
access-list 101 deny icmp any 192.168.55.2 0.0.0.0
access-list 101 permit ip any any Interface s1
Ip access-group 101 in
interface ethernet0
ip access-group 101 out
ctrl z
copy running-config startup-config
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
VTP SIM
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
This a slightly tricky question and can be faced for two situations,one mentioned by you already (vtp server)
and other for root bridge.This is the possible solution to both.
If Sw-AC1 was root bridge,look at topology,Sw-Ac3 with the console access has only 2 switches connected to
it Sw-DS1 and Sw-AC2.These would show as cdp neighbors.Also if Sw-AC1 were the root both its ports
would be designated hence forwarding ports.
1.show spanning-tree vlan 1 will give the root bridge mac-address and the root port.note them
2.show mac-address-detail will give mac-address to port mapping
3.Now type cdp neighbor detail.This will give Sw-AC2 and SW-DS1 as neighbors with their IP adresses.Note
them down
4.Now do a show ip arp
5.The mac-address of Sw-AC1 and Sw-Ac2 will be learnt on the same port if Sw-AC1 is the root bridge.You
have the Ip address of Sw-AC2 and Sw-DS1 from show neighbor detail.You also have mac-address of root
bridge.If ip address in the show arp does not corresspond to mac-address of root bridge,then Sw-AC2/Sw-DS1
is not the root and hence Sw-AC1 must be the root bridge.
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
Ok.If Sw-AC1 was the vtp server
Step1.show vtp status will give the Ip address of updater
Step 2.do a show ip arp.This will give IP to mac to port binding
Step3.Now do a show cdp neighbor detail.This will give IP address of Sw-AC2 and SW-DS1.
Step4.If IP address learnt in step 1 does not corresspond to Sw-AC2 or Sw-DS1,the updater has to be Sw-AC1
since there is no other switch in the topology.
The Old VTP SIM by routerman !
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
The Old VTP SIM by Spacyfreak !
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
P4S - page 277- TELNET SIM
1- sh run
2- you will see the serial
interface without a ip
3- sh cdp neighbors
4 see the ip of the neighbor
serial and add a ip of same
range
5- telnet the next router
6- sh run again
7- you will see ethernet
down
8- conf t, interface fa0, no
shut
9- now u can ping...
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }
OSPF
The document was prepared by sadikhov member amol0009in_7 for thanking www.sadikhov.com website .
Prepared on { DATE \@ "M/d/yyyy" } { TIME \@ "h:mm AM/PM" } { NUMPAGES }