CCNA第四学期第7章2010

合集下载

CCNA培训讲义(44页)

CCNA培训讲义(44页)

培训讲义1培训讲义2000@1632002 年5 月上海2目录前言 (5)第一章介绍 (8)1.1 什么是 (8)1.2 学习内容及目标 (8)1.3 学习基础 (9)1.4 考试申请 (9)第二章课程介绍 (11)2.1 课程特点 (11)2.2 课程目标 (11)2.3 预备知识 (12)2.4 课程安排 (12)2.5 推荐书目 (13)第三章 (15)3.1 提出背景 (15)3.2 模型的提出意义 (16)3.3 模型 (17)3.3.1 物理层 (18)3.3.2 数据链路层 (19)3.3.3 网络层 (20)3.3.4 传输层 (21)3.3.5 会话层 (23)3.3.7 应用层 (24)3.4 数据封装 (25)3.5 模型 (26)3.6 产品选择 (26)第四章a (27)4.1 路由器 (27)4.1.1 路由器硬件构成 (28)4.2 ( ) (29)4.2.1 界面 (30)4.2.2 常用命令 (30)4.2.3 外部配置方式 (32)4.2.4 常用快捷键 (32)4.2.5 (32)4.2.6 (33)4.2.7 口令恢复 (34)32 (36)第五章1900 (36)5.1 ()技术 (37)5.2 的三个功能 (38)5.3 () (40)5.3.1 的步骤 (41)5.3.2 (42)5.3.3 的转发模式 (43)5.4 的配置 (44)5.5 虚拟局域网 (44)5.5.1 什么是? (44)5.5.2 (帧封装技术) (46)5.5.3 () (47)5.5.4 (49)5.5.5 配置 (50)3— (52)第六章 (52)6.1 概述 (52)6.2 地址划分 (56)6.2.1 基本知识 (56)6.2.2 子网划分 (59)6.2.3 一些配置 (59)第七章 (61)7.2 路由分类 (63)7.3 路由协议分类 (65)7.3.1 (65)7.3.2 最佳路由选择 (66)7.3.3 维护路由表 (66)7.3.4 的形成与克服 (67)7.3.5 配置和 (68)第八章 (70)8.1 为什么要使用 (70)8.2 分类 (70)8.3 配置原则 (71)8.4 正确使用 (71)8.5 配置 (72)8.5.1 使用控制访问 (74)4第九章 (75)9.1 广域网 (75)9.1.1 几种常用术语 (76)9.2 几种典型第二层封装协议 (76)9.3 (79)9.3.1 和 (80)9.4 配置 (81)第十章 (82)10.2 三种协议 (84)10.3 的两种接入方法 (84)10.4 配置 (84)10.5 配置按需拔号路由 (85)10.5.1 配置的步骤 (85)第十一章 a (87)11.1 (87)11.2 术语 (88)11.3 常用查看命令 (94)第十二章实验部分 (95)5前言写一本适合喜欢网络新手的培训讲义一直是我的一个想法我接触网络有7 个年头了从最初的3.1下的网络建设开始直到今天的以设备为主的大型网络中间经历了与大多数人一样的学习过程95 年在大学上计算机网络专业的研究生时由于自己本科学的是卫星通信可以说当时对计算机网络一点感觉都没有当初计算机普及率跟现在是不能相提并论的更别说网络了那时能在导师手下独用一台486已经可以在同学中招摇过市了记得有一次在实验室导师让我将一个文件从另外一台机器拷到他的机器上我折腾了半天也不会用脑子里面的计算机网络知识除了其它一点都没有帮上忙当时我就觉得为什么在书本上学的那么多的理论知识可到实际生活中却一点都用不上也许这也正是许多网络新手最初对网络的感觉――神秘不可捉摸看到许多介绍网络知识的书本感到它们要么是面广泛泛而谈看完之后原来是自己都会的东西要么就是点深讲了一大通理论和复杂的算法后除了空白还是空白98 年参加单位超大型网络建设接触了大量网络设备6尤其是路由器喜欢没有别的原因就是因为简捷好用可靠而且它也是一个将理论转换为实际的理想平台对了我不是任何形式的代理我说的只是自己摸索设备的一些心得2001 年年初与一个朋友聊天得知他已是什么了又告诉我什么是以前也了解一些认证情况但从来没有一个实际的全面的认识于是下定决心去考触摸一下认证的感觉过了之后感觉到对自己的工作确实很有帮助提高和纠正了自己在工作中的经验好吧再去考也过了我从到全部是自己学习的只是从网上了许多学习资料而且也得到了许多人的帮助细化了将许多深奥的理论以浅显的方式表述出来理顺和加深了自己对一些网络概念的理解这里我觉得看英文版书要比看中文版书好当然是我的一个目标但是费用是我的一个最大问题我相信许多网络人的共同目标就是何时拿下与朋友们煮酒论英雄!这是一句美国西点军校的名言它告诉我们要勇敢地面对明天因为最困难的日子都过去了还有什么不能坚持下去希望就在前方我想这就是我们在寒冷的冬天的最好的慰籍在此献给所有同行们7我在一个网络培训中心做过讲师用的是教材是公司的幻灯片形式的讲义它没有展开网络知识只是归纳出重要概念和纲目来从严格意义上讲它不能算是一个好的教材所以我结合自己的实际情况和已有的一些资料写了这本讲义由于网络知识涉及面广内容新其中一定有不少不当之处和表达不清的地方希望大家给我批评指正就当是给一个朋友提个醒2002 年5 月25 日上海8第一章介绍1.1 什么是认证分为三个层次分别为认证网络工程师() 初级认证—认证资深网络工程师中级认证—认证互联网工程师() 高级认证1.2 学习内容及目标从学习内容上可分为四大部分主要内容包括网络协议理论基础协议广域网协议局域网广域网解决方案涉及到的内容均为目前中小型网络解决方案中所必需的知识通过认证的工程师将具备如下技能• 安装配置以及运行500 个网络节点规模的网络系统• 能够胜任的路由器管理能力9• 已获得全球500 大企业的认可和接受• 是各跨国公司和电子商务企业所急需的人才• 移民及出国留学可获得技术加分是升职加薪寻找丰厚工作待遇的有力凭证1.3 学习基础只要具有一定的英语基础和基本的计算机应用知识拥有高中以上的学历就可开始的学习课程的特点是入门的起点不高但随着课程的逐步深入您将学习到更高层次的知识与技能最后成为计算机网络应用的高级人才因此是否具有渴望掌握先进网络知识的愿望积极的学习态度以及希望从事计算机网络行业成为高级网络人才的理想是能否学会课程的前提条件当然如果具有良好的基础会达到事半功倍的效果1.4 考试申请至少提前一天个人到考试中心申请认证考试1.5 目标人群10对产品或网络不太熟悉的客户渠道经销商对产品和服务不太了解的网络技术人员中小型企业网的网络管理员在中大型企业中执行桌面支持工作的网络技术支持人员为小型企业环境提供网络设备安装和第一线支持的网络技术人员希望获取授证的人员希望获取授证的人员11第二章课程介绍2.1 课程特点介绍在多协议互连网络中配置交换机和路由器所需的概念命令和相关实验通过讲解讨论演示练习(和实验设计)能够为中小型企业确定和推荐最佳解决方案该课程提供技术支持人员所需的关于产品安装配置以及故障排除方面的知识2.2 课程目标• 确定集线器以太网交换机或路由器的最佳使用环境• 确定多种互连的设备的网络中的地址协议以及链路连接状态• 根据给定的网络设计指标互连交换器和路由器• 在路由器上正确配置各种路由协议和广域网技术• 配置访问列表对网络设备或网段的访问权限以及常规网络流量实施控制12• 检查交换机路由器及其网络服务和协议的运作情况是否符合给定的网络指标2.3 预备知识参加课程应具有基本的网络概念并且接触过或网络建议学员最好具有网络环境里的工作经验详细的预备知识包括对如下内容的基本了解• 常用的网络术语和拓扑结构• 基本的网络设备例如集线器网桥路由器交换机)• 二进制和十六进制的运算及与十进制数字转换( 最好掌握但并非必须要求)• 网络模型• 访问或• 应用95 运行多个应用程序2.4 课程安排课程时间为5 天或10 个晚上具体如下13课次内容备注第一晚1,2 介绍第一天第二晚3,4(操作命令)课程介绍I n t e r n e t 介绍网络基础知识回顾O S I 原理T C P / I P 原理等第第三晚5(路由器组成)二天第四晚6(交换机的工作原理)网络互连配置I O S 基本命令网络环境管理的基本命令; 交换机基本概念第第五晚7()三天第六晚8 地址划分交换机V L A N T C P / I P 的配置T C P / I P 的配置续第第七晚9 路由协议四天第八晚10R I P I R G P O S P F 路由协议工作原理第九晚12,13,14(第五天第十晚实验(实验配置见图) W A N 的配置I S D N 的配置帧中继的配置等2.5 推荐书目在考试之前推荐几本好一点的学习用书结合会达到事半功倍的效果141 思科网络技术学院教程(上,下册)78 元中文版人民邮电出版社特别适合初学者内容通俗易懂3 考试认证考试(640-507)指南83 元(含光盘)中文版人民邮电出版社的考试用书内容覆盖了考试的全部内容也有许多内容已经超出了的考试要求4 因为考试是全英文的所以最好在考试之前再仔细将研读英文版用书目前较流行的英文版用书有3.0 封面有一个骑士头像5 3.1―― 路由交换模拟强烈推荐能完成学习中遇到的绝大部分命令6 3――考试模拟器强烈推荐虽然里面没有所谓的真题但试题内容全部覆盖了的内容是考前巩固已学知识的利器7 出版的学习用书推荐我是用它过的5 官方培训幻灯片15第三章知识点123 ’s 54)5)6)’s7)8)9)3.1 提出背景在70年代网络得到了迅速的发展和应用在当时的情况下已经变成一个非常巨大的网络但是由于各种原因许多网络的设计采用不同的硬件和软件造成一个必然结果就是不同的16网络之间互相不兼容互相不能通信为了解决这个问题国际标准化组织认识到只有制定一个网络模型才能让所有网络设计人员设计出的网络能够互相通信协同工作基于此于1984年提出参考模型即我们常讲到的七层协议国际标准化组织是一个代表了130个国家的标准化组织的集体总部设在瑞士的日内瓦的目标是制定国际技术标准以促进全球信息交换和无障碍贸易你可能认为该组织应被简称为但并不意味着是一个首字母缩略字实际上在希腊语中意味着平等通过这个词汇表达了组织对标准的贡献3.2 模型的提出意义模型的主要目的就是为不同的网络提供互相兼容互相通信在网络领域我们虽然看不见一个网络中两个节点是如何通信的亦可用一个模型对通信过程进行描述通常用来描述网络通信的模型称为开放系统互连模型通过的学习您知道模型的七层结构以及各层之间如何相互作用每层具有的功能当然学习模型不足以成为一个网络专家但是熟悉模型是你17成为网络专家的必要条件3.3 模型在20世纪80年代早期即开始致力于制定一套普遍适用的规范集合以使得全球范围的计算机平台可进行开放式通信创建了一个有助于开发和理解计算机的通信模型即开放系统互连模型模型将网络结构划分为七层即物理层数据链路层网络层传输层会话层表示层和应用层每一层均有自己的一套功能集并与紧邻的上层和下层交互作用在顶层应用层与用户使用的软件如字处理程序或电子表格程序进行交互在模型的底端是携带信号的网络电缆和连接器总的说来在顶端与底端之间的每一层均能确保数据以一种可读无错排序正确的格式被发送注意组成网络部件的组合方式常被描述成它的体系结构体系结构这个词在网络领域反映了这样一个事实就像一幢建筑物包括了许多不同的但被集成在一起的部件电缆服务器协议客户机应用程序网络接口卡等等模型是对发生在网络中两节点之间过程的理论化描述它并不规定支持每一层的硬件或软件的模型但你学习到的有关网络的每件事均能对应于模型中的一层因此不仅应了解各层的名字而且应了解它们的功能及层之间相互作用的方法18图3- 1 描绘了模型层结构应用层()表示层()会话层()传输层()网络层()数据链路层( )物理层()图3 1 模型层结构3.3.1 物理层物理层是模型的最低层或第一层该层定义网络连接机械电气性能定义了包括物理连网媒介如电缆连线连接器在物理层上传输的是0 或1 比特流工作在这一层的典型网络设备为集线器术语第一层协议和物理层协议均是指描述电信号如何被放大及通过电线传输的标准区别以下两个概念*,; ,.19*..连接在上所有计算机处于一个中在中采用()技术避免的发生具体见2-20页3.3.2 数据链路层数据链路层是模型的第二层控制网络层与物理层之间的通信此层数据叫作帧数据链路层的主要功能是将从网络层接收到的数据分割成特定的可被物理层传输的帧,见图3 - 2 示出了802.3的数据帧图(6B)(6B)(6B) (2B) (46-1500B)(4B)图3-2 802.3 帧结构工作在此层的网络设备有如网桥或交换机由于它们要对帧解码并使用帧将数据发送到正确的接收方所以它们工作在数据链路层的以太网()是应用数据链路层技术的一个实例20在层常会提到即地址地址固化在网卡的中所以以简称常见的写法为00-50-04243 地址分为两大部分前24字节为厂商号加上后24字节的厂商自己分配号目的就是为了保证在全世界不会出现同样地址的网卡3.3.3 网络层网络层即模型的第三层关系到子网的运行控制主要功能是将网络地址翻译成对应的物理地址并决定如何将数据从发送方路由到接收方例如一个计算机有一个地址10.34.99.12 和一个物理地址00-60-97-3973 这种编址方案就好像说某某人的姓名和他的身份证号码相对应一样即使还有其他许多人也叫某某但他们的身份证号码是唯一的我们经常提到的地址也称作就定义在网络层地址32字节长分为网络号部分和主机号两部分常见地址的写法为16.100.1.86 对地址的详细讨论见8在网络层要区别与两个概念所谓的是指路由协议如21而是指或协议网络层通过综合考虑发送优先权网络拥塞程度服务质量以及可选路由的花费来决定从一个网络中节点到另一个网络中节点的最佳路径由于网络层处理路由而路由器因为即连接网络各段并智能指导数据传送属于网络层在网络中路由是基于编址方案使用模式以及可达性来指引数据的发送网络层协议还能补偿数据发送传输以及接收的设备能力的不平衡性为完成这一任务网络层对数据包进行分段和重组分段即是指当数据从一个能处理较大数据单元的网络段传送到仅能处理较小数据单元的网络段时网络层减小数据单元的大小的过程重组过程即是重构被分段的数据单元工作在此层的网络设备有路由器或具有第三层交换功能的交换机此层数据叫作数据包3.3.4 传输层传输层负责确保数据可靠顺序无错地从网络A点到传输到网络B点A B点可能在也可能不在相同的网络段上如果没有传输层数据将不能被接受方验证或解释所以传输层常被认为是模型中最重要的一层传输协议同时进行流量控制或是基于接22收方可接收数据的快慢程度规定适当的发送速率除此之外传输层按照网络能处理的最大尺寸将较长的数据包进行强制分割例如以太网无法接收大于1500字节的数据包发送方网络节点的传输层将数据分割成较小的数据片同时对每一数据片安排一序列号以便数据到达接收方节点的传输层时能以正确的顺序重组该过程即被称为排序在网络中传输层发送一个应答信号以通知发送方数据已被正确接收如果数据有错传输层将请求发送方重新发送数据同样假如数据在一给定时间段未被应答发送方的传输层也将认为发生了数据丢失从而重新发送它们工作在传输层的一种服务是协议族中的(传输控制协议) 另一项传输层服务是协议集的在传输层引入两个重要概念面向连接服务和无连接服务即和是在通信前先建立, 这样保证了数据传输的而是不建立连接就传输所以有更少的但不能保证数据的所以我们传要用而网上听歌因为速度更重要丢几个没关系可以用的在常见的里面是,23是对于协议要经过三次握手才能建立连接再进行数据传输三次握手具体过程见图3-4图3-4 的三次握手过程3.3.5 会话层会话层负责在网络中的两节点之间建立和维持通信术语会话指在两个实体之间建立数据交换的连接常用于表示终端与主机之间的通信会话层的功能包括建立通信链接保持会话过程A B,24通信链接的畅通同步两个节点之间的对话决定通信是否被中断以及通信中断时决定从何处重新发送当通过拨号向你的请求连接到因特网时服务器上的会话层向你与你的客户机上的会话层进行协商连接若你的电话线偶然从墙上插孔脱落时你机上的会话层将检测到连接中断并重新发起连接会话层通过决定节点通信的优先级和通信时间的长短来设置通信期限3.3.6 表示层表示层如同应用程序和网络之间的翻译官在表示层数据将按照网络能理解的方案进行编码这种编码也因所使用网络的类型不同而不同表示层协议还对图片和文件格式信息进行解码和编码3.3.7 应用层模型的第七层是应用层应用层负责对软件提供接口以使程序能使用网络服务术语应用层并不是指运行在网络上的某个特别应用程序如应用层提供的服务包括文件传输文件管理以及电子邮件的信息处理程序可以独立运行而不管发送数据时目标节点是否被连接到网络上在宽带网设计中经常会遇到第七层交换机就工作在这一层它主要起到应用25程序负载均衡作用3.4 数据封装在模型中的每一层都使用它自己的协议和接收设备的对等层通信每一层通过协议数据单元交换数据包括控制信息和数据两部分在模型中将控制信息和数据绑定的过程称作封装当某一层收到上一层之后它便进行封装过程将收到的当作本层的数据部分再加上本层的控制头信息和控制尾信息形成本层的交给下一层处理如图3-5所示N发送进程接收进程010111000101010101010126图3-5 数据封装过程概括来讲数据封装的五步为1 . ( )2 ( )3 (4 ()5 . ( )3.5 模型为了简化网络设计和管理公司提出一个三层模型来描述网络这三层为2 6到2 9快速交换层高档交换机策略层2 8页路由器终端用户接入点或3.6 产品选择具体见从2-40到2-46页公司为了简化产品选择工作27编制一个软件可以到网上第四章a的第三章第四章第五章节主要讲解设备交换机和路由器以及的一些基本知识突出实践经验知识点分布得比较散乱希望大家仔细看书4.1 路由器路由器或分为固定配置和模块化两大类路由器是考试中最重要的概念路由器有多个连接多个不同的路由器通过来决定往哪边传永远不可能往两个上传万一遇到这种情况会把掉可以人工加也可以使用如或动态维护路由器工作在283 44.1.1 路由器硬件构成路由器有六大部分组成分别为1 ――主要运行和2 ――含有用于路由器的启动和维护3 ――含有相当于机的硬盘4)―― 非易失性用于储存配置文件如文件和5 ――控制路由器启动过程具体见5-226)――主要有: 本地配置端口要用( 的原装是蓝色的)一头连在上另一头连在机的口上然后用登录进行配置一般情况下路由器都是用进行配置的这种情况也叫带内配置0代表第一个: 辅助的意思就是用连接进行远程调试路由器用处不是很大在某些路由器里面都没29有这以太口或快速以太口用于连接局域网e0 代表第一个如果是第一个的话用0 来表示分为固定配置和模块化配置两种情况在模块化配置情况下还需要购买卡如( )一般用s0代表第一个用于连接路由器的接口命名规则是按从右往左从下往上的顺序排列的比如有两个左边那个就是e1 右边那个就是e0 如果这两个是上下排列的下面那个就是e0 上面那个就是e1 在有的里面一个里面会有多个这时候你可以用e1/0 e1/1 e1/2 等符号来表示4.2 ( )正如的叫的叫其实里面的都很便宜的大多数也就是486 的水平现在的也就卖几百美金为什么这个小小的就敢卖好几千的美金就应该是这个30如果说是靠垄断了市场那么说是靠来垄断了市场真是一点都不为过4.2.1 界面是( ) 的象里面的都是的而是() 的特点是比较难学但配置起来比较快现在也正在做的,但大家还是喜欢的件进行练习有两种方式和在学习命令的时候一定要记住所使用的命令处于何种提示符下在中经常会遇到以下提示符如下表提示符描述>()# 全局配置模式()# 端口配置模式()# 子端口配置模式()# 配置模式如异步拨入() # 动态路由协议配置如4.2.2 常用命令在中我们要掌握和熟记一些常用命令见下表31命令描述查看版本号显示当前在内存中运行的配置信息显示保存于中的配置信息显示内容如名称大小查看端口状态16.100.1.5 255.255.255.0 在端口上配置地址进入菜单配置模式进入全局配置模式修改路由器或交换机名称() 0()()配置进入口口令() 0 4()()配置进入口令() 进入口令() 代替口令640000 在端口设置通信速率为64K64 在命令中会表现出来它设定路由协议所能使用的带宽而非通信线路上的实际带宽() 使能一个端口0 查看某个端口的电缆类型为或为查看建立会话个数查看口是否在使用并列出所有会话有关之间的转换关系见的5-27页10.5.5.3 设定网关地址帮助命令> -> -> ->32注意在上配置只是为了利于远程管理4.2.3 外部配置方式外部配置方式有12)3)4)5)4.2.4 常用快捷键- a- a- a--( ) -( ) -( ) -( ) ---- .- a4.2.5是特有的用于收集直接相邻设备信息的管理工具工作在模型的33层采用帧结构默认情况下是的每60秒发送一次广播它的是180秒涉及的有一些命令有() ――启动() ――关闭() 30――设置广播时间() 120――设置保留时间――查看直接相邻设备五大类信息如4.2.6用于控制路由器启动过程其工作原理类似机中的在默认情况下它的值为0x2102 可以用命令来查看长为16 其中低4叫作设置不同的值可以让路由器启动到不同的工作状态具体为0x0(0000) 启动到状态提示符为或>0x1(0001) 从启动提示符为()0x2(0010)-0(1111) 正常启动到中查找命令34及其含义含义0x2102 缺省设置13=0x2000 引导失败5次后自动从引导8=0x0100 关闭键0x2 从中引导正常运行模式0x210113=0x2000 引导失败5次后自动从引导8=0x0100 关闭键0x1 进入运行模式()>0x1428=0x0040 进入运行模式>0x2 从中引导正常运行模式4.2.7 口令恢复。

ccna章节与期末答案

ccna章节与期末答案

第一章:正确答案:2.4.5解析:由于不需要使用网络设备和专用服务器,对等网络易于创建,复杂性更低,且成本更少。

而且对等网络也没有集中管理。

这种网络安全性更低,不可扩展,而且那些同时充当客户端和服务器的设备可能性能更差正确答案:1解析:正确答案:解析:选择网络介质的条件包括:所选介质可以成功传送信号的距离、要安装所选介质的环境、必须传输的数据量和速度以及介质和安装的成本。

正确答案:3和4解析:终端设备上的应用程序可以生成数据,更改数据内容并且负责启动封装过程。

正确答案:1和4解析:终端设备会发出通过网络传输的数据。

中间设备会在链路发生故障时通过备用路径传输数据,并且会过滤数据传输以增强安全性。

网络介质提供网络消息的传输通道。

正确答案:4解析:外联网是公司外部的人或企业合作伙伴访问数据的网络区域。

内部网只描述通常仅供内部人员访问的网络区域。

当设备连接到有线网络时,有线 LAN 会受 BYOD(自带设备)影响。

使用大学无线 LAN 的设备多为平板电脑和智能手机。

大学生主要使用无线 WAN 来访问他们的手机运营商网络。

.正确答案:2解析:由于通过 Internet 可以联系在线供应商,所以家庭用户通过 Internet 进行网上购物。

内联网基本上是仅供内部使用的局域网。

外联网是外部合作伙伴访问组织内部特定资源的网络。

家庭用户并不一定使用 LAN 来访问 Internet。

例如,PC 可以通过调制解调器直接连接到 ISP。

正确答案:1解析:内部网这个术语用于表示一个组织的私有局域网和广域网连接。

内部网的设计旨在仅允许该组织的成员、员工或其他获得授权的人员进行访问。

正确答案:2和4解析:电缆和 DSL 均能实现高带宽、始终联网,并提供到主机计算机或 LAN 的以太网连接。

10正确答案:2和3解析:移动电话连接需要使用移动电话网络。

卫星连接通常用于家庭或企业外部不便使用物理布线的位置。

11正确答案:2解析:当对网络资源的请求超出了可用容量时,网络就会变得拥堵。

CCNA 4 - Chapter 7

CCNA 4 - Chapter 7

CCNA 4 - Chapter 7Posted by beotron at 9:21 PM1. Why is it important to record baseline measurements of a prototype network?• Test results show security weaknesses after the baseline tests are run.• The baseline is the point at which the network is operating at its fullest potential.• Baseline measurements define a point at which network traffic has exceeded the designed capabilities of the network.• Te st results are compared to the baseline to see how the test conditions increase processor use or decrease available bandwidth.2. Refer to the exhibit. During prototype testing, verification of VLAN connectivity is being performed. Based on the information shown, what command produced the output?• show spanning-tree• show interfaces trunk*• show cdp neighbors• show interfaces• show ip interface brief3. How do designers decide which network functions need to be included in the prototype test?• They se lect the functions that align with the business goals.• They select the functions that occur at the network core.• They select the functions that do not exist in the existing network.• They select the functions from a list of generic network operations.4. Refer to the exhibit. A network administrator has been given the task of creating a design for a temporary classroom building that is to be set up outside an overcrowded school. In testing the prototype, it is found that the student PC cannot ping the teacher PC. All the switch interfaces are active and connected properly, as is interface Fa0/0 of the router. Given that only the commands shown have been added to the router configuration, what is the source of the problem?• The IP settings on the studen t PC are incorrect.• The default gateway on the teacher PC is misconfigured.• The router Fa0/0 interface has not been configured as a VLAN trunk.• The Fa0/0 physical interface has not been configured with an IP address and subnet mask.• The administrat or forgot to configure a routing protocol to allow the ping packets to reach the teacher PC subnet.5. Refer to the exhibit. What two measures can be taken to address the areas of weakness circled in the network design? (Choose two.)• Provide redundant co nnections to all end users.• Add another core switch to increase redundancy.• Add a switch in the server block connecting the server farm to each core switch.• Add an additional switch to the DMZ and direct links from the new switch to the core switches.• Provide a redundant firewall router connecting to a second ISP, the core switches, and the DMZ.6. Refer to the exhibit. After all the interfaces have stabilized, what is the spanning-tree state of all the enabled interfaces of SW11?• discarding• For warding• learning• listening7. A network engineer has decided to pilot test a portion of a new network design rather than rely on a prototype for proof-of-concept. What are two advantages of pilot testing a design concept? (Choose two.) • The test netwo rk experiences real-world network traffic.• Users within the enterprise are not affected by the test.• Network response can be tested in unplanned and unpredictable situations.• Unlikely failure conditions can be conveniently tested.• Network response can be tested in a highly controlled simulated environment.8. Refer to the exhibit. During prototype testing of the Cisco network shown, connectivity must be verified. Assuming all connections are working and CDP is enabled on all devices and interfaces, on which device was the command issued?• R1*• S1• R3• S2• R5• S39. Switch port Fa0/24 was previously configured as a trunk, but now it is to be used to connect a host to the network. How should the network administrator reconfigure switch port Fa0/24?• Use the switchport mode access command from interface configuration mode.• Enter the switchport nonegotiate command from interface configuration mode.• Administratively shut down and re-enable the interface to return it to the default.• Enter the n o switchport mode trunk command in interface configuration mode.• Use the switchport access vlanvlan number command from interface configuration mode to remove the port from the trunk and add it to a specific VLAN.10. Refer to the exhibit. A network technician is performing an initial installation of a new switch in the east wing. The technician removes the switch from the box, makes the connections to the network, and adds the configuration shown. The technician notifies the network administrator that the switch has been installed. When the network administrator at the home office attempts to telnet to the switch from host 192.168.0.1, the connection fails. What action should the network technician take?• Add an enable password to the switch.• Add a def ault gateway to the switch configuration.• Configure the switch with an IP access list to permit the host connection.• Enable the physical interfaces of the switch with the no shutdown command.11. Refer to the exhibit. The redundant paths are of equal bandwidth and EIGRP is the routing protocol in use. Which statement describes the data flow from Server to PC2?• EIGRP load balances across the R3 to R1 and R3 to R2 links.• EIGRP load balances across the R1 to Switch3 and R2 to Switch3 paths.• EIGRP lo ad balances across the Switch1 to Switch3 and Switch1 to Switch2 paths.• EIGRP does not load balance in this topology.12. In the router command encapsulation dot1q 10, what does the number 10 represent?• the metric used for a particular route• the numb er of the VLAN associated with the encapsulated subinterface• the priority number given to the device for the election process• the number that must match the Fast Ethernet subinterface number• the number used to program the router for unequal cost path load balancing13. Which protocol allows a switch port to transition directly to the forwarding state after a failure is detected?• STP*• BGP• RSTP• HSRP14. A network designer needs to determine if a proposed IP addressing scheme allows efficient route summarization and provides the appropriate amount of scalability to a design. What is useful for validating a proposed hierarchical IP addressing scheme?• NBAR• a pilot network• a route summary• a network simulator*• a physical topology map15. Refer to the exhibit. A network designer creates a test plan that includes the specification shown. In which section of the test plan would this specification be found?• Test Description• Test Procedures• Design and Topology Diagram• Actual Results and Co nclusions• Anticipated Results and Success Criteria16. While preparing a network test plan document, a network designer records all initial and modified device configurations. Which section of the document typically contains this information?• Appendix• Test Procedures• Test Description• Actual Results and Conclusions• Anticipated Results and Success Criteria17. Refer to the exhibit. The users on the 192.168.10.192 network are not allowed Internet access. The network design calls for an extended ACL to be developed and tested. Where should the ACL be placed for the least effect on other network traffic?• inbound on Fa0/0 of R3• outbound on Fa0/0 of R3• inbound on Fa0/1 of R3• outbound on Fa0/1 of R3• inbound on Fa0/1 of R2• outbound on S0/0 of R218. Refer to the exhibit. Why are interfaces Fa0/11, Fa0/23, and Fa0/24 not shown in this switch output? • Interfaces Fa0/11, Fa0/23, and Fa0/24 are trunks.*• Interfaces Fa0/11, Fa0/23, and Fa0/24 are shutdown.• Interfaces Fa0/11, Fa0/23, and Fa0/24 a re blocking.• Interfaces Fa0/11, Fa0/23, and Fa0/24 failed diagnostics.19. What OSI model Layer 2 security measure can a network engineer implement when prototyping network security?• a firewall at the network edge• port security at the access design l ayer• port security at the distribution design layer• IP access control lists at the access design layer20. Refer to the exhibit. During prototyping, Layer 2 functionality is being tested. Based on the output shown, which two pieces of information can be determined? (Choose two.)• Switch1 is the root bridge.• Interface Fa0/2 on Switch1 has no role in the operation of spanning tree.• Interface Fa0/2 on Switch1 is the alternate port used to reach the root bridge.• Based on the entries in the “Role” col umn, it can be concluded that RSTP has been implemented.• Interface Fa0/1 on Switch1 is the forwarding port selected for the entire spanning-tree topology.21. What Rapid Spanning Tree Protocol (RSTP) state is given to the forwarding port elected for every switched Ethernet LAN segment?• root• backup• alternate• Designated。

CCNA第四学期官方章节考试题之第四学期《Final_Examination》(附答案)

CCNA第四学期官方章节考试题之第四学期《Final_Examination》(附答案)

公司与AA2SSH存在不正确的访问控制列表条目。

访问列表中的必须在会防止以明文传输登录信息如果身份验证失败,则会断开PPP 会话连接会发起双向握手容易遭受回送攻击4命令show frame-relay map的输出如下:Serial 0 (up): ip 192.168.151.4 dlci 122, dynamic, broadcast, status defined, active 下列哪三种说法正确描述了所示内容的意义?(选择三项。

)192.168.151.4代表远程路由器的IP 地址192.168.151.4代表本地串行接口的IP 地址DLCI 122代表远程串行接口DLCI 122代表用于连接远程地址的本地编号broadcast表示动态路由协议(例如RIP v1)可通过此PVC 发送数据包active表明ARP 进程正在工作5路由器的SDM 主页会显示哪三点信息?(选择三项。

)ARP 缓存闪存的总容量和可用容量路由表已配置的LAN 接口的数量是否配置了DHCP 服务器该LAN 中路由器的数量6从非军事区分界点本地环路网云确保在确认确保路由器上有通向下列哪三种说法正确描述了CSU/DSU调制解调器用于端接本地数字环路。

CSU/DSU调制解调器用于端接本地模拟环路。

路由器通常被视为路由器通常被视为10在链路质量测试完毕后,路由器在协商第LCPNCP它会被丢弃。

它会被放到队列中,直到主机它会被转换,源端口号保持为它会被分配其端口范围内的第一个可用端口号。

交换虚电路的相关信息将DLCI 映射到网络地址提供流量控制提供错误通知提供拥塞通知发送keepalive 数据包以检验PVC 的工作情况14请参见图示。

下列说法中哪三项正确?(选择三项。

)启用了NAT 过载。

启用了动态NAT。

地址转换会失败。

接口配置不正确。

地址为192.168.1.255 的主机将被转换。

进入0/0/2 接口的流量先被转换,然后才流出串行接口0/0/0。

ccna 4

ccna 4

Close WindowAssessment SystemExam Viewer - EWAN Practice Final Exam - CCNA Exploration: Accessing the WAN (Version 4.0)Below you will find the assessment items as presented on the exam as well as the scoring rules associated with the item.Cisco Networking Academy content is copyrighted and the unauthorized posting, distribution or sharing of this exam content is prohibited.1 What will be the result of adding the command ip dhcp excluded-address 172.16.4.1 172.16.4.5 to the configuration o that has been configured as a DHCP server?Traffic that is destined for 172.16.4.1 and 172.16.4.5 will be dropped by the router.Traffic will not be routed from clients with addresses between 172.16.4.1 and 172.16.4.5.The DHCP server function of the router will not issue the addresses between 172.16.4.1 and 172.16.4.5.The router will ignore all traffic that comes from the DHCP servers with addresses 172.16.4.1 and 172.16.4.5.2An administrator is configuring a dual stack router with IPv6 and IPv4 using RIPng. The administrator receives an errortrying to enter the IPv4 routes into RIPng. What is the cause of the problem?RIPng is incompatible with dual-stack technology.All interfaces have been configured with the incorrect IPv4 addresses.RIPv1 or RIPv2 needs to be configured in addition to RIPng to successfully use IPv4.When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are shut down in favor of the newe3Refer to the exhibit. Which DHCP requests will R1 answer?all DHCP requests that R1 receivesrequests that are broadcast to 10.0.1.255DNS requests with a destination of 10.0.1.3requests that are received on the FastEthernet 0/0 interfacerequests that come from any networks that are not listed as excluded4Refer to the exhibit. A host connected to Fa0/0 is unable to acquire an IP address from the DHCP server. The output of theserver command shows "DHCPD: there is no address pool for 10.1.1.1". What is the problem?The 10.1.1.1 address is already configured on Fa0/0.The default router for the 10Network pool is incorrect.The ip helper-address must be added to Fa0/0 interface.The pool of addresses for the 10Network pool is incorrect.5Refer to the exhibit. The hosts in network A all have static addresses that are assigned in the 192.168.2.0./24 network. The hB are DHCP clients in the 192.168.1.0/24 network. After router R1 has been configured with the statements as shown in theDHCP clients are reporting that they cannot access any network resources. The hosts with static addresses cannot access aoutside network A. What is the problem?The DHCP scope has the wrong address pool.The interfaces on R1 are incorrectly addressed.The assignable DCHP addresses are all excluded.The DCHP clients are receiving the wrong default router address.6Refer to the exhibit. R1 is performing NAT overload for the 10.1.1.0/24 inside network. HostA has sent a packet to Web Serdestination IP address of the return packet from Web Server when it is received at the NIC on HostA?10.1.1.2:1234172.30.20.1:1234172.30.20.1:3333192.168.1.2:807At what physical location does the responsibility for a WAN connection change from the service provider to the user?DMZlocal loopCSU/DSUdemarcation point8What three statements describe the roles of devices in a WAN? (Choose three.)A CSU/DSU terminates a digital local loop.A modem terminates a digital local loop.A CSU/DSU terminates an analog local loop.A modem terminates an analog local loop.A router is commonly considered a DTE device.A router is commonly considered a DCE device.9Refer to the exhibit. Which statement is true about the WAN switch device?It uses a multiport internetworking device to switch traffic such as Frame Relay, ATM or X.25 over the WAN.It provides internetworking and WAN access interface ports that are used to connect to the service provider network.It provides termination for the digital signal and ensures connection integrity through error correction and line monitoring.It converts the digital signals produced by a computer into voice frequencies that can be transmitted over the analog lines of the pub network.10Refer to the exhibit. An administrator is trying to connect Router1, a Cisco router, to a non-Cisco router using a serial connthe connection failing?A loopback is not set.The interface has been shut down.The wrong encapsulation is being used.Queuing cannot be used when connecting to non-Cisco devices.11Which device encodes data for transmission across the WAN service provider transmission link?CPEDTEDCEUART12Refer to the exhibit. Why are the routers unable to establish a PPP session?The usernames are misconfigured.The IP addresses are on different subnets.The clock rate is configured on the wrong end of the link.The CHAP passwords must be different on the two routers.Interface serial 0/0/0 on Router1 must connect to interface serial 0/0/1 on Router2.13What are the symptoms when the s0/0/0 interface on a router is attached to an operational CSU/DSU that is generatingbut the far end router on the point-to-point link has not been activated?show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial down, line protocol doshow controllers indicates cable type DCE V.35. show interfaces s0/0/0indicates serial up, line protocol downshow controllers indicates cable type DTE V.35. show interfaces s0/0/0indicates serial up, line protocol downshow controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial down, line protocol do14Refer to the exhibit. Router1 is not able to communicate with its peer that is connected to this interface. Based on the output as shown, wh likely cause?interface resetimproper LMI typeencapsulation failurelocal cable unplugged15Which protocol is used to authenticate connections over serial links securely?CHAP HDLC SLIPPAP16Refer to the exhibit. What is placed in the address field in the header of a frame that will travel from the DC office of ABC C Orlando office?MAC address of the Orlando routerMAC address of the DC router192.168.1.25192.168.1.26DLCI 100DLCI 20017While configuring a Frame Relay connection, when should a static Frame Relay map be used?the remote router is a non-Cisco routerthe local router is configured with subinterfacesbroadcast traffic and multicast traffic over the PVC must be controlledglobally significant rather than locally significant DLCIs are being used18Refer to the exhibit. Branch A has a Cisco router and Branch B has a non-Cisco router that is using IETF encapsulation . Acommands that are shown are entered, R2 and R3 fail to establish the PVC. The R2 LMI is Cisco, and the R3 LMI is ANSI.successfully established at both locations. Why is the PVC failing?The PVC to R3 must be point-to-point.LMI types cannot be different on each end of a PVC.A single port can only support one encapsulation type.The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.19Refer to the exhibit. Which statement is true about the status of the Frame Relay connection?The Frame Relay connection is in the process of negotiation.Only packets with control bit DE set are sent over the PVC. No data traffic traverses the link.Packets marked as FECN and BECN indicate that a congestion control mechanism is enabled on the Frame Relay PVThe “DLCI USAGE = LOCAL” status indicates that the PVC link is not established between the interface S0/0/0.1 and tswitch.20Refer to the exhibit. You are a network administrator who has been tasked with completing the Frame Relay topology that intHow should the point-to-point subinterfaces be configured on HQ to complete the topology?HQ(config-subif)#frame-relay interface-dlci 103 on Serial 0/0/0.1HQ(config-subif)#frame-relay interface-dlci 203 on Serial 0/0/0.2HQ(config-subif)#frame-relay interface-dlci 301 on Serial 0/0/0.1HQ(config-subif)# frame-relay interface-dlci 302 on Serial 0/0/0.2HQ(config-subif)#frame-relay map ip 172.16.1.1 103 broadcast on Serial 0/0/0.1HQ(config-subif)#frame-relay map ip 172.16.2.2 203 broadcast on Serial 0/0/0.2HQ(config-subif)#frame-relay map ip 172.16.1.1 301 broadcast on Serial 0/0/0.1HQ(config-subif)#frame-relay map ip 172.16.2.2 302 broadcast on Serial 0/0/0.221A router in a Frame Relay network needs to forward a message received from a host. What two methods does the roidentify the correct VC to forward the message? (Choose two.)The router forwards the frame to all ports in the network and learns the address from the reply frame.The destination host IP address is embedded in the DLCI.The router searches Inverse ARP tables for maps of DLCIs to IP addresses.A table of static mappings can be searched.The router broadcasts a request for the required IP address.22A company is looking for a WAN solution to connect its headquarters site with four remote sites. What advantage wouldleased lines provide to the customer compared to a shared Frame Relay solution?lower costlower latency and jittervariable bandwidth capacityfewer physical router interfaces23Which two functions are provided by the Local Management Interface (LMI) that is used in Frame Relay networks? (Cflow controlerror notificationcongestion notificationthe mapping of DLCIs to network addressesthe sending of keepalive packets to verify operation of the PVC24A technician is talking to a colleague at a rival company and comparing DSL transfer rates between the two companiescompanies are in the same city, use the same service provider, and have the same rate/service plan. What is the expla Company A reports higher download speeds than Company B?Company B has a higher volume of POTS voice traffic than Company A.Company B shares the conection to the DSLAM with more clients than Company A.Company A only uses microfilters on branch locations.Company A is closer to the service provider.25Refer to the exhibit. A packet is being sent from Host A to Host B through the VPN tunnel between R1 and R3. When the pa at R3, what are the source and destination IP addresses of the packet?Source 192.168.1.2 - Destination 192.168.4.2Source 192.168.3.1 - Destination 192.168.3.2Source 192.168.2.1 - Destination 192.168.3.2Source 192.168.3.1 - Destination 192.168.4.226What are two characteristics of DSL technology? (Choose two.)Uploads typically offer larger transfer rates than downloads.Service providers deploy DSL in the local loop of the telephone network.DSL download rates are reduced by large volumes of POTS voice traffic.Filters and splitters allow POTS and DSL traffic to share the same medium.DSL is a shared medium that allows many users to share bandwidth available from the DSLAM.27What is a major characteristic of a worm?malicious software that copies itself into other executable programstricks users into running the infected softwarea set of computer instructions that lies dormant until triggered by a specific eventexploits vulnerabilities with the intent of propagating itself across a network28Refer to the exhibit. The network administrator is adding R1 to an existing network. As a part of the corporate IT procedures administrator attempts to back up the router Cisco IOS software of R1 and receives the output shown. The network adminisattempts unsuccessfully to ping the TFTP server from the console session. What should be done next to isolate this problemFrom R2, validate that interface Fa0/0 is operational.From the TFTP server, verify that the software on the TFTP server is operational.From the TFTP server, confirm there is enough room on the TFTP server for the Cisco IOS software.From the console session, make sure that R1 has a route to the network where the TFTP server resides.29 A technician has been asked to run the Cisco SDM one-step lockdown on the router of a customer. What will be the reprocess?The router will download the latest security patches from the specified FTP server.All security configurations that are offered by the Cisco AutoSecure feature will be automatically implemented.All traffic that enters the router is quarantined and checked against the possible security problems before being foThe existing router configurations will be examined and all potential security-related configuration changes will beimplemented.30Refer to the exhibit. A network administrator is trying to configure a router to use SDM, but the network administrator cannoSDM interface of the router. What is the cause of the problem?The VTY lines are misconfigured.The HTTP timeout policy is misconfigured.The authentication method is misconfigured.The username and password are misconfigured.31Which three statements accurately describe attributes of a security policy? (Choose three.)It creates a basis for legal action if necessary.It should not be altered once it is implemented.It defines a process for managing security violations.It focuses primarily on threats from outside of the organization.It defines acceptable and unacceptable use of network resources.It provides step-by-step procedures to harden routers and other network devices.32Where will a router operating system image be copied after the copy flash: tftp command is issued?flashDRAMNVRAMremote server33When configuring remote access to a router, what is the significance of the no password command on a VTY line?Logins are prevented on that line.No password is required to log in to that line.The remote user is not allowed to change the password for that line.The remote user is prompted to change the line password after connecting to the router.34What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when iminbound on the f0/0 interface?All TCP traffic is permitted, and all other traffic is denied.The command is rejected by the router because it is incomplete.All traffic from 172.16.4.0/24 is permitted anywhere on any port.Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.35 Which statement is true about wildcard masks?Inverting the subnet mask will always create the wildcard mask.A wildcard mask identifies a network or subnet bit by using a "1".The same function is performed by both a wildcard mask and a subnet mask.When a "0" is encountered in a wildcard mask, the IP address bit must be checked.36Refer to the exhibit. An ACL called Managers already exists on this router. What happens if the network administrator issues as shown in the exhibit?The new ACL overwrites the existing ACL.The network administrator will receive an error message.The existing ACL is modified to include the new command.A second Managers ACL is created that contains only the new command.37Refer to the exhibit. The network administrator creates a standard access control list on Router1 to prohibit traffic from thenetwork from reaching the 172.16.2.0/24 network while still permitting Internet access for all networks. On which router intewhich direction should it be applied?interface Fa0/0, inboundinterface Fa0/0, outboundinterface Fa0/1, inboundinterface Fa0/1, outbound38Refer to the exhibit. The SSH connections between the remote user and the server are failing. The correct configuration of Nverified. What is the most likely cause of the problem?SSH is unable to pass through NAT.There are incorrect access control list entries.The access list has the incorrect port number for SSH.The ip helper command is required on S0/0/0 to allow inbound connections.39Refer to the exhibit. Partial results of the show access-list and show ip interface fastethernet 0/1 commands for router R3 are shown. T ACLs in effect. Host A is unable to telnet to host B. Which action will correct the problem but still restrict other traffic between the two netwModify the second entry in the list to permit tcp host 192.168.10.10 any eq telnet .Reverse the order of the TCP protocol statements in the ACL.Apply the ACL on the FastEthernet 0/0 interface.Apply the ACL in the inbound direction.40Which protocol is implicitly denied at the end of an IPv4 access list?IPTCPUDPHTTP41What type of ACL can be used to force a user to authenticate to the router before accessing a network?standarddynamicreflexivetime-based42Refer to the exhibit. Which two statements correctly describe how Router1 processes an FTP request that enters interface S destined for an FTP server at IP address 192.168.1.5? (Choose two.)The packet does not match an access list condition.The router matches the incoming packet to the statement that is created from the access-list 201 permit ip any anycThe router matches the incoming packet to the statement that is created from the access-list 101 permit ip any 192.16command.The router matches the incoming packet to the statement that is created from the access-list 201 deny icmp 192.168.any command.The packet is allowed into Router1.43An administrator is unable to receive e-mail. While troubleshooting the problem, the administrator is able to ping the loc address successfully from a remote network and can successfully resolve the mail server name to an IP address via thnslookup command. At what layer of the OSI model is the problem most likely to be found?applicationtransportnetworkdata link44Refer to the exhibit. Router1 and Router2 each support separate areas of a data center, and are connected via a crossover Resources attached to Router1 are unable to connect to resources attached to Router2. What is the likely cause?The crossover cable is faulty.The IP addressing is incorrect.There is a Layer 2 problem with the router connection.The upper layers are experiencing an unspecified problem.One or both of the Ethernet interfaces are not working correctly.45While troubleshooting a problem with an e-mail server, an administrator observes that the switch port used by the serveline protocol up". The administrator cannot ping the server. At which layer of the OSI model is the problem most likely tapplication layernetwork layerdata link layerphysical layer46A network administrator is analyzing the data from a network performance baseline. Which condition will not be indicatebaseline data?the IP addressing scheme of the networkthe most heavily used parts of the networkcongested areas of the networkerror rates in different parts of the network47Because of a remote-procedure call failure, a user is unable to access an NFS server. At what layer of the TCP/IP mod problem occur?network layerdata link layerphysical layerapplication layer48Refer to the exhibit. Routers R1 and R2 have been configured with EIGRP in the same autonomous system. Computers PC1not able to ping each other. Further investigation has revealed that the route to 192.168.10.0 is missing from the routing tablethe cause of the problem?The networks are not correctly summarized.The FastEthernet interfaces on R1 are configured as passive.The network statements on R2 are incorrectly configured.EIGRP on R1 does not recognize the 192.168.10.0 network.49Refer to the exhibit. Routers R1 and R2 are both configured for single area OSPF. Users who are connected to switch S1 aredatabase applications that run on servers that are connected to S2. The network engineer is working remotely and only has tshown in the exhibit to direct initial troubleshooting efforts. Based on the exhibit, which OSI layer is the most appropriate to sdivide-and-conquer approach?network layerapplication layerdata-link layerphysical layer50Refer to the exhibit. An administrator has added the exhibited commands to routers A and B, but no routing updates are exchthe two routers. Based on the information that is given, what is the likely cause of the problem?Router A is advertising the wrong network.The authentication key strings do not match.The serial interfaces of routers A and B are not on the same network.The authentication key numbers do not match the EIGRP process number for both routers.Showing 1 of 1 NextClose WindowAll contents copyright ©2001-2009 Cisco Systems, Inc. All rights reserved. Privacy Statement and Trademarks.。

CCNA中文版PPT

CCNA中文版PPT

例子 Telnet SMTP HTTP FTP
JPEG
应用层 表示层 会话层
应用层作用
用户接口
• 数据表示 • 加密等特殊处理过程
保证不同应用间的数据区 分
例子 Telnet HTTP
JPEG
Operating System/ Application Access Scheduling
应用层
表示层
会话层
传输层 网络层 数据链路层 物理层
应用层作用
用户接口
• 数据表示 • 加密等特殊处理过程
保证不同应用间的数据区 分
例子 Telnet HTTP
JPEG
Operating System/ Application Access Scheduling
数据流层的作用
例子
物理层
• 设备间接收或发送比特流 • 说明电压、线速和线缆等
网络层
提供路由器用来决定路径的逻辑寻址
• 将比特组合成字节进而组合成帧
数据链路层
• 用MAC地址访问介质 • 错误发现但不能纠正
物理层
• 设备间接收或发送比特流 • 说明电压、线速和线缆等
例子
TCP UDP SPX IP IPX
802.3 / 802.2 HDLC
EIA/TIA-232 V.35
数据流层的作用
标准化组织
国际标准化组织(ISO) 电子电器工程师协会(IEEE) 美国国家标准局(ANSI) 电子工业协会(EIA / TIA) 国际电信联盟(ITU) INTERNET架构委员会(IAB)
标准化组织
在计算机网络的发展过程中有许多国际标准化组织做出了重大的贡献,他们统一了网络的标准,使各 个网络产品厂家生产的产品的可以相互通信,目前为网络的发展做出贡献的标准化组织有: ISO: 制定了大型的标准,包括与INTERNET相关的标准,ISO提出了OSI参考模型,OSI参考模型描述了网 络的工作原理,为计算机网络构建了一个易于理解的,清晰的层次模型 IEEE: 提供了网络硬件上的标准使各种不同网络硬件厂商生产的硬件设备相互通信,IEEE LAN标准是当 今居于主导地位的LAN标准,它主要定了802.X协议族,期中802.3为以太网标准协议簇,802.4为令牌总线 网(TOKEN BUS)标准,802.5为令牌环网(TOKEN RING)标准,802.11为无线局域网(WLAN)标准. ANSI: 是公司 政府 和期它组织成员组成的自愿组织,主要定义了光纤分布式数据接口FDDI的标准 EIA/TIA: 定义了网络连接线线缆,如:RS232 CAT5 HSSI V.24 同时还有线缆布放标准,如:568B ITU: 定义了作为广域边接的电信网络的标准;如:X.25 FR INTERNET架构委员会(Iab internet architectur board)

CCNA学习指南(第7版)_提要

CCNA学习指南(第7版)_提要

文体说明斜体且下划线表示该字段应被替换蓝色中括号表示该字段可选;蓝色双竖线表示选择其一,蓝色花括号表示选择范围。

除非特别说明,命令行中的所有字符、符号均为半角。

表示速率时,b代表位(bit),B代表字节。

“接口号”表示不带关键字interface,“接口”表示带除非特别说明,本文不严格区分“接口”与“端口”,可以认为二者等同。

传输层端口一般会注明。

×——— ×——— ×——— ×——— ×反掩码=255.255.255.255 –子网掩码IOS命令中,自定义的名称、用户名、密码等区分大小写,命令关键字不区分大小写。

在NA考试中,必须保存配置,且只能用copy run start,不允许用write实验环境推荐配置:(全局) no ip domain-lookup //关闭名称查询,也可用快捷键Ctrl+Shift+6line con 0 //根据实际情况进入线路,vty的具体范围可用show run查看exec-timeout 0 0 //控制台永不超时logg sync //开启显示同步,避免在命令行输入时被显示信息打断exit若不是通过console口连接设备,则需用terminal monitor命令使debug信息回显到非console口。

开启debug会使设备CPU负载大幅上升,输出信息较多也会占用输出带宽,因此使用前先看看设备负载(show process),不要在负载重的设备上启用,会死机。

尽量缩小debug内容范围。

命令undebug all关闭所有debug。

show run的结果可以复制到记事本等纯文本编辑器,用作配置信息,但是show run 的结果中已开启的端口没写no shutdown命令,需手动添加!一般情况下,除了非模块化的交换接口外,其他接口默认都是关闭状态,需手动启用。

一次选中多个接口,可以在interface关键字后加range关键字,【例】选中g0/0到2接口:interface range g0/0 - 2 //横线前后最好带空格,以适用大多数版本IOS选中g0/0和2接口:interface range g0/0,g0/2也可以上二者同时使用:inte range g0/0 - 1,g0/2在交换机上配置默认网关,用来跨网段管理该设备:(全局) ip default-gateway IP第一章网络互联交换机通过MAC地址作为通讯标识,每个端口都是一个冲突域。

ccna中文教程

ccna中文教程
数据链路层或第 2层,也称为链路层。它包含 2个子层,上一层是逻辑链路控制 (LLC),
6 CCNA学习指南
下载
表1-2 IEEE 802.3和DIX Ethernet的物理层规范
速率 Mbps 拓扑结构 介质
DIX
Ethernet 10
IEEE 802.3物理层标准
10BaseF 10
1Base5 1
1.1.2 OSI模型
在网络互连中,有两个标准可以考虑:合法的和事实的。合法的意味着用权力或法律建 立。事实的意味着用实际的事实建立,尽管没有得到官方或法律上的承认,但 TCP/IP为那个 协议创建了一个事实标准,尽管它在得到广泛接受之前并没有成为标准。 OSI(Open System Interconnection, 开放系统互连)参考模型是一个合法的标准。
10Broad36 10
10Base2 10
10Base5 10
10BaseT 10
总线 50欧姆粗 同轴电缆
星状 光纤电缆
星状 未屏蔽 双绞线
总线 75欧姆 同轴电缆
总线 5 0欧姆细 同轴电缆
总线 50欧姆粗 同轴电缆
星状 未屏蔽 双绞线
节点1
节点1和节点2监听 两个节点都没有检测到任何通信量 节点1和节点2传输 在线上发生冲突 节点1和节点2检测冲突
2 CCNA学习指南
1.1.1 网络的发展
下载
互连网络随着需要而发展。在计算机应用的早些时候 (20世纪50年代和60年代),互连网络 并不存在。计算机是独立的和私有的。然而,在 20世纪60年代,美国国防部 (DOD)对教育研 究中使用的数据包 -交换广域网设计感兴趣。“数据包”指小的数据包。“交换”指使用和基于 交换的电话系统类似的路由系统。并且“广域网” (WAN)意味着网络可以延伸其物理上互相 远离站点的。

CCNA第四学期final

CCNA第四学期final

1At what physical location does the responsibilty for a WAN connection change from the user to the service provider?demilitarized zone (DMZ)demarcation pointlocal loopcloud2Refer to the exhibit. Computers on the internal network need access to all servers in the external network. The only traffic tha from the external network must be responses to requests that are initiated on the internal network. Which security measure w this requirement?a numbered extended ACLa named standard ACLa reflexive ACLa dynamic ACL3Which Frame Relay flow control mechanism is used to signal routers that they should reduce the flow rate of frames?DEBECIRFECNCBIR4Refer to the exhibit. A network administrator is trying to backup the IOS software on R1 to the TFTP server. He receives the message that is shown in the exhibit, and cannot ping the TFTP server from R1. What is an action that can help to isolate thUse correct source file name in the command.Verify that the TFTP server software is running.Make sure that there is enough room on the TFTP server for the backup.Check that R1 has a route to the network where the TFTP server resides.5Which IP address and wildcard mask would be used in an ACL to block traffic from all hosts on the same subnet as host 192.168.16.43/28?access-list 10 deny 192.168.16.0 0.0.0.31access-list 10 deny 192.168.16.16 0.0.0.31access-list 10 deny 192.168.16.32 0.0.0.16access-list 10 deny 192.168.16.32 0.0.0.15access-list 10 deny 192.168.16.43 0.0.0.166An administrator is unable to receive e-mail. While troubleshooting the problem, the administrator is able to ping the local ma address successfully from a remote network and can successfully resolve the mail server name to an IP address via the use nslookup command. At what OSI layer is the problem most likely to be found?physical layerdata link layernetwork layerapplication layer7Refer to the exhibit. A network administrator has issued the commands that are shown on Router1 and Router2. A later revie routing tables reveals that neither router is learning the LAN network of the neighbor router. What is most likely the problem RIPng configuration?The serial interfaces are in different subnets.The RIPng process is not enabled on interfaces.The RIPng network command is not configured.The RIPng processes do not match between Router1 and Router2.8Refer to the exhibit. A network administrator is attempting to configure a Frame Relay network. The administrator enters the as shown in the exhibit on R2, but the Frame Relay PVCs are inactive. What is the problem?The incorrect DLCI numbers are being configured on R2.The S0/0/0 interface on R2 needs to be point-to-point.The frame-relay map commands are missing the cisco keyword at the end.A single router interface cannot connect to more than one Frame Relay peer at a time.9Refer to the exhibit. Based on the output as shown, which two statements correctly define how the router will treat Telnet tra comes into interface FastEthernet 0/1? (Choose two).Telnet to 172.16.10.0/24 is denied.Telnet to 172.16.20.0/24 is denied.Telnet to 172.16.0.0/24 is permitted.Telnet to 172.16.10.0/24 is permitted.Telnet to 172.16.20.0/24 is permitted.10Refer to the exhibit. A network administrator is tasked with completing the Frame Relay topology that interconnects two remo should the point-to-point subinterfaces be configured on HQ to complete the topology?frame-relay interface-dlci 103 on Serial 0/0/0.1frame-relay interface-dlci 203 on Serial 0/0/0.2frame-relay interface-dlci 301 on Serial 0/0/0.1frame-relay interface-dlci 302 on Serial 0/0/0.2frame-relay map ip 192.168.1.1 103 broadcast on Serial 0/0/0.1frame-relay map ip 192.168.2.2 203 broadcast on Serial 0/0/0.2frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.211Which option correctly defines the capacity through the local loop guaranteed to a customer by the service provider?BEDECIRCBIR12Refer to the exhibit. A network administrator notices that three VLANs created on SW1 do not show in SW3. Based on out show vtp status and show running-config commands, what is the cause of the problem in the SW3 configuration?VTP version 2 is disabled.The VTP mode is misconfigured.The configure revision number for VTP does not match.13Refer to the exhibit. In the partial router configuration that is shown, what is the purpose of access list BLOCK_XYZ?to prevent source IP address spoofing by hosts on the Fa0/0 LANto block access by Fa0/0 LAN hosts to all network services beyond the routerto prevent users on the Fa0/0 LAN from opening Telnet sessions on the routerto secure Fa0/0 hosts by allowing only locally sourced traffic into the Fa0/0 LAN14 A network technician wants to implement SSH as the means by which a router may be managed remotely. What are two prothe technician should use to successfully complete this task? (Choose two.)Configure the login banner.Configure authentication.Define the asymmetrical keys.Configure the console password.Enter the service password-encryption command.15 A company is looking for a WAN solution to connect its headquarters site to four remote sites. What are two advantages thatleased lines provide compared to a shared Frame Relay solution? (Choose two.)reduced jitterreduced costsreduced latencythe ability to burst above guaranteed bandwidththe ability to borrow unused bandwidth from the leased lines of other customers16Which statement is true about PAP in the authentication of a PPP session?PAP uses a two-way handshake.The password is unique and random.PAP conducts periodic password challenges.PAP uses MD5 hashing to keep the password secure.17An administrator is configuring a dual stack router with IPv6 and IPv4 using RIPng. The administrator receives an error mess trying to enter the IPv4 routes into RIPng. What is the cause of the problem?When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are over-written in favor of the newer tecIncorrect IPv4 addresses are entered on the router interfaces.RIPng is incompatible with dual-stack technology.IPv4 is incompatible with RIPng.18Refer to the exhibit. Which configuration command would result in the output in the exhibit?ip nat inside source static 10.1.200.254 172.16.76.3ip nat inside source static 10.1.200.254 192.168.0.10ip nat inside source static 172.16.76.3 10.1.200.254ip nat inside source static 172.16.76.3 192.168.0.10ip nat inside source static 192.168.0.10 172.16.76.3ip nat inside source static 192.168.0.10 10.1.200.25419Which option represents a best practice for applying ACLs?Named ACLs are less efficient than numbered ACLs.Standard ACLs should be applied inside the core layer.ACLs applied to outbound interfaces use fewer router resources.Extended ACLs should be applied closest to the source that is specified by the ACL. 20Refer to the exhibit. What statement is true about the core router devices?They use multiport internetworking devices to switch traffic such as Frame Relay, ATM, or X.25 over the WAN.They provide internetworking and WAN access interface ports that are used to connect to the service provider network.They provide termination for the digital signal and ensure connection integrity through error correction and line monitorinThey support multiple telecommunications interfaces of the highest speed and are able to forward IP packets at full spe those interfaces.21Which important piece of troubleshooting information can be discovered about a serial interface using the show controllersqueuing strategyserial cable typeinterface IP addressencapsulation method22Which data link layer encapsulation protocol is used by default for serial connections between two Cisco routers?ATMFrame RelayHDLCPPPSDLC23When would the multipoint keyword be used in Frame Relay PVCs configuration?when global DLCIs are in usewhen using physical interfaceswhen multicasts must be supportedwhen participating routers are in the same subnet24 A company has its headquarters office in Dallas and five branch offices located in New York, Chicago, Los Angeles, Seattle,WAN links are used for communications among offices in six sites. In planning the WAN links, the network designer is given requirements: (1) minimize cost and (2) provide a certain level of WAN link reliability with redundant links. Which topology sh network designer recommend?starfull meshhierarchicalpartial mesh25While troubleshooting a PPP link that uses PAP authentication, a network administrator notices an incorrectly configured pas running configuration. The administrator corrects the error by entering the command ppp pap sent-username ROUTER_NA password NEW_PASSWORD, but the link still does not come up.Assuming that the rest of the configuration is correct and that the link has no physical layer problems, what should the adminSave the configuration to NVRAM.Shut down the interface then re-enable it.Generate traffic by pinging the remote router.Use CHAP to ensure compatibility with the remote router.26An administrator issues the command confreg 0x2142 at the rommon 1> prompt. What is the effect when this router is rebooContents in RAM will be erased.Contents in RAM will be ignored.Contents in NVRAM will be erased.Contents in NVRAM will be ignored.27Refer to the exhibit. Results of the show vlan and show vtp status commands for switches S1 and S2 are displayed in the e11 was created on S1. Why is VLAN 11 missing from S2?There is a Layer 2 loop.The VTP domain names do not match.Only one switch can be in server mode.S2 has a higher spanning-tree priority for VLAN 11 than S1 does.28 A network administrator determines that falsified routing information is propagating through the network. What action can beaddress this threat?Update the IOS images.Change console passwords.Employ end-user authentication.Configure routing protocol authentication.29 A recently patched application server is experiencing response time problems. The network on which the application server isbeen experiencing occasional outages that the network team believes may be related to recent routing changes. Network an teams have been notified to work on their respective issues. Which statement applies to this situation?Only results from the software package should be tested as the network is designed to accommodate the proposed sof platform.Scheduling will be easy if the network and software teams work independently.It will be difficult to isolate the problem if two teams are implementing changes independently.Results from changes will be easier to reconcile and document if each team works in isolation.30Refer to the exhibit. How is the TCP/IP configuration information specified by the default-router and dns-server commands available?The TCP/IP information is forwarded to a 10.0.1.3 to be supplied to DHCP clients.The TCP/IP information is used by DNS clients to forward all data to the default gateway on R1 of 10.0.1.3.The TCP/IP information is supplied to any DHCP client on the network connected to the FastEthernet 0/0interface of R1.The TCP/IP information is applied to each packet that enters R1 through the FastEthernet 0/0 interface that are hosts on /24 network except packets from addresses 10.0.1.2, 10.0.1.16, and 10.0.1.254.31Refer to the exhibit. All devices are configured as shown in the exhibit. PC1 is unable to ping the default gateway. What is the problem?The default gateway is in the wrong subnet.STP has blocked the port that PC1 is connected to.Port Fa0/2 on S2 is assigned to the wrong VLAN.S2 has the wrong IP address assigned to the VLAN30 interface.32Refer to the exhibit. Which statement is true about the Frame Relay connection?The Frame Relay connection is in the process of negotiation.A congestion control mechanism is enabled on the Frame Relay connection.The “ACTIVE” status of the Frame Relay connection indicates that the network is expe riencing congestion.Only control FECN and BECN bits are sent over the Frame Relay connection. No data traffic traverses the link.33Which configuration on the vty lines provides the best security measure for network administrators to remotely access the co headquarters?34 A DHCP server is configured with a block of excluded addresses. What two devices would be assigned static addresses fromexcluded address range? (Choose two.)a protocol analyzerDNS server for the networknetwork printer that is used by many different usersa laptop that will get a different address each time it boots up35Which two functions are provided by the NCP during a PPP connection? (Choose two.)the identification of fault conditions for the PPP linkproviding multilink capabilities over the PPP linkbringing the network layer protocol or protocols up and downthe enhancement of security by providing callback over PPPthe negotiation of options for the IP protocolauthentication between the peer routers of the PPP link36Which address provides an example of an IPv6 link-local address?FE80::1324:ABCD2001:2345:AB12:1935::FEFF2001:1234:0000:9CA::0876/641234:ABCD:5678:EF00:9234:AA22:5527:FC3537Which combination of Layer 2 protocol and authentication should be used to establish a link without sending authentication in plain text between a Cisco and a non-Cisco router?PPP with PAPPPP with CHAPHDLC with PAPHDLC with CHAP38What will be the result of adding the command ip dhcp excluded-address 192.168.24.1 192.168.24.5 to the configuration o router that has been configured as a DHCP server?Traffic that is destined for 192.168.24.1 and 192.168.24.5 will be dropped by the router.Traffic will not be routed from clients with addresses between 192.168.24.1 and 192.168.24.5.The DHCP server will not issue the addresses ranging from 192.168.24.1 to 192.168.24.5.The router will ignore all traffic that comes from the DHCP servers with addresses 192.168.24.1 and 192.168.24.5.39Refer to the exhibit. The corporate network that is shown has been assigned network 172.16.128.0/19 for use at branch offic VLSM is used, what mask should be used for addressing hosts at Branch4 with minimal waste from unused addresses?/19/20/21/22/23/2440What are two main components of data confidentiality? (Choose two.)checksumdigital certificatesencapsulationencryptionhashing41What major benefit does Cisco HDLC provide that ISO standard HDLC lacks?flow controlerror controlmultiprotocol supportcyclic redundancy checks42When NAT is in use, what is used to determine the addresses that can be translated on a Cisco router?access control listrouting protocolinbound interfaceARP cache43 A light manufacturing company wishes to replace its DSL service with a non-line-of-sight broadband wireless solution that ofcomparable speeds. Which solution should the customer choose?Wi-FisatelliteWiMAXMetro Ethernet44Which characteristic of VPN technology prevents the contents of data communications from being read by unauthorized partQoSlatencyreliabilityconfidentiality45Refer to the exhibit. A network administrator has been asked to configure PPP with CHAP authentication over the serial link routers R1 and R2. What additional configuration should be included on both routers to complete the task?46What is the result when the command permit tcp 10.25.132.0 0.0.0.255 any eq smtp is added to a named access control lis on the inbound interface of a router?TCP traffic with a destination to the 10.25.132.0/24 is permitted.Only Telnet traffic is permitted to the 10.24.132.0/24 networkTtraffic from 10.25.132.0/24 is permitted to anywhere on using any port.Traffic using port 25 from the 10.25.132.0/24 is permitted to all destinations.47What is tunneling?using digital certificates to ensure that data endpoints are authenticcreating a hash to ensure the integrity of data as it traverses a networkusing alternate paths to avoid access control lists and bypass security measuresencapsulating an entire packet within another packet for transmission over a network48Which statement is true about wildcard masks?Inverting the subnet mask will always create the wildcard mask.The wildcard mask performs the same function as a subnet mask.A network or subnet bit is identified by a "1" in the wildcard mask.IP address bits that must be checked are identified by a "0" in the wildcard mask.49Refer to the exhibit. Partial results of the show access-lists and show ip interface FastEthernet 0/1 commands for router R shown. There are no other ACLs in effect. Host A is unable to telnet to host B. Which action will correct the problem but still re traffic between the two networks?Apply the ACL in the inbound direction.Apply the ACL on the FastEthernet 0/0 interface.Reverse the order of the TCP protocol statements in the ACL.Modify the second entry in the list to permit tcp host 172.16.10.10 any eq telnet .50 A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. Howadministrator determine how this change has affected performance and availability on the company intranet?Conduct a performance test and compare with the baseline that was established previously.Determine performance on the intranet by monitoring load times of company web pages from remote sites.Interview departmental administrative assistants and determine if they think load time for web pages has improved.Compare the hit counts on the company web server for the current week to the values that were recorded in previous w 51Which type of network attack exploits vulnerabilities in the compromised system with the intent of propagating itself across aviruswormTrojan horseman-in-the-middle52What are the symptoms when the s0/0/0 interface on a router is attached to an operational CSU/DSU that is generating a cloc the far end router on the point-to-point link has not been activated?show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial down, line protocol down.show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial up, line protocol down.show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial up, line protocol down.show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial down, line protocol down.An employee of XYZ corporation will begin working from home. The employee has a choice ofDSL or cable technology for WAN connectivity. Which connectivity characteristic is accuratelydescribed?Cable transfer rates are dependent on the length of the local loop.DSL provides a high-speed connection over existing copper phone wires.DSL download speeds are affected by high usage in the area.DSL service shares the same frequency range as voice calls.Cable connectivity usually requires new fiber installed for the local loop.Refer to the exhibit. WestSW is supposed to send VLAN information to EastSW, but that did not occur. What will force WestSW to send a VLAN update to EastSW?Change EastSW to be a VTP server.Reload both WestSW and EastSW at the same time.Erase the VLAN database on EastSW and reload the switch.Reset the configuration revision number on EastSW to zero.Reload EastSW。

思科第四学期(4)

思科第四学期(4)

CCNA第四学期(四)(2010-11-30 20:04:27)标签:分类:CCNAccnait第四学期第四章思科网络1请参见图示。

在路由器上配置完两条命令后,会出现什么情况?命令会过滤流入路由器的 UDP 和 TCP 流量。

命令会禁用由路由协议发出的任何 TCP 或 UDP 请求。

命令将禁用路由器上诸如 echo、discard 以及 chargen 等服务,以避免安全漏洞。

命令会禁用 BOOTP 和 TFTP 服务器服务,以避免安全漏洞。

2请参见图示。

配置中 "ip ospf message-digest-key 1 md5 cisco" 语句有何用途?指定对路由更新进行身份认证的密钥压缩流量,节约带宽对流量进行 SSH 加密创建 IPSec 隧道3请参见图示。

已使用 Security Device Manager (SDM) 在路由器上配置所需安全级别。

SDM 就所发现的安全问题在路由器上采取下一步措施时,会出现怎样的情况?SDM 将自动调用 AutoSecure 命令。

SDM 会生成一份报告,列出可用于应对安全问题的正确配置措施。

SDM 将创建一份配置文件,该文件可复制并粘贴至路由器中以重新配置服务。

SDM 将对图示中标记了 "fix it" (修复)的服务进行重新配置,以应用建议的安全更改。

4下列哪种防范措施是保护网络不受网络钓鱼袭击的最好方法?定期进行病毒扫描。

定期进行反间谍扫描。

定期对所有用户进行培训。

定期对操作系统进行更新。

518窗体顶端要恢复已丢失的路由器口令,必须下列哪一个执行步骤?设置配置寄存器以绕过启动配置。

将运行配置复制到启动配置。

从 ROMMON 的 TFTP 服务器重新加载 IOS。

使用设置模式重新配置路由器。

窗体底端6窗体顶端下列关于 Cisco Security Device Manager (SDM) 的说法中哪项正确?SDM 只能在 Cisco 7000 系列路由器上运行。

CCNA学习指南(第六版)

CCNA学习指南(第六版)

CCNA学习指南
18
CCNA学习指南
19
• (1)应用层 • 应用层是实际的应用程序之间的接口。比如,Microsoft Word 并不驻留在应用层,而是与应用层协议接口。而像FTP、 TFTP、HTTP、SMTP等才是实际驻留在应用层的。 • (2)表示层 • 表示层为应用层提供数据,并负责数据转换和代码的格式化。 从本质上来说,这一层是翻译器,并提供编码和转换功能。通 过提供转换(翻译)服务,表示层就可以保证从一个系统的应 用层传送过来的数据能够被另一个系统的应用层所识别。 • OSI模型的协议标准定义了标准的数据将如何被格式化。像数 据压缩、解压缩、加密和解密这些任务就与表示层有关。表示 层的一些标准中还包含了多媒体操作。
在网络中,路由器有下面4种功能:
数据包转发 数据包过滤 网络之间的通信 路径选择
CCNA学习指南 15
路由器的特点: 隔离广播域,同时也隔离冲突域 举例3:下面网络拓扑图中,共构成了多少个冲突域?多少个广播域?
接下来,复习P5、P7、P8,算出冲突域和广播域的个数。
CCNA学习指南 16
3、OSI模型的分层结构
CCNA学习指南 8
• 广播域:如果一个数据报文的目标地址是这个网段 的广播地址或者目标计算机的MAC地址是FF-FFFF-FF-FF-FF,那么这个数据报文就会被这个网段 的所有计算机接收并响应,这就叫做广播。通常广 播用来进行ARP寻址等用途,但是广播域无法控制 也会对网络健康带来严重影响,主要是带宽和网络 延迟。这种广播所能覆盖的范围就叫做广播域了, 二层的交换机是转发广播的,所以不能分割广播域, 而路由器一般不转发广播,所以可以分割或定义广 播域。
CCNA学习指南
21
TCP和UDP都工作在传输层,TCP提供可靠的服务,而UDP提供不 可靠的服务。这意味着应用程序开放在有更多的选项,当采用 TCP/IP协议时,他们可以在这两者之间做出选择。 在传输层,可以使用术语“可靠的联网”,这意味着将使用确认、 排序和流量控制。

CCNA 学习指南

CCNA 学习指南

光碟的特点: SYBEX测试引擎:用高级测试软件测试你的知识。包括所有章节的复习题和摸拟考试题! 电子闪存卡:利用能在PC机、便携PC和Palm手持机上运行的电子闪存卡加强你的理解。 视频和音频指导:作者和受欢迎的培训师Todd Lammle 提供大约1小时的额外视频指导以及30分 钟的音频指导。 另外,在选配光碟上还能找到可搜索和可打印的PDF格式的整本书的电子版。任何地点、任何 时间学习,信心十足准备考试。
目录
简介 第1章 网际互联 网际互联基础知识 网际互联模型 分层的方法 参考模型的优点 OSI参考模型 应用层 表示层 会话层 传输层 网络层 数据链路层 物理层 以太网(Ethernet)组网 半双工和全双式以太网 以太网的数据链路层 以太网的物理层 以太网电缆的连接 直通电缆 交叉电缆 反转电缆 数据封装 Cisco的3层分层模型 核心层(Core Layer)
下载后 点击此处查看完整内容
本书简介
本书CCNA应试必要的学习指南,由Cisco技术知名权威编写。CCNA考试的内容已几度变化,本书 是针对最新的考试目标而编写的,旨在帮助应试者全面复习、掌握新的考试内容。本书共11章,内 容涉及网际互联、互联网协议、IP子网划分和变长子网划分掩码(VLSM)、Cisco IOS简介、IP路由 、增强的IGRP(EIGRP)和开放最短路径优先(OSPF)、第2层交换、虚拟LAN、安全、管理 Cisco互联网络、网络地址转换、无线网络技术、IPv6和广域网。除了讲解应掌握的内容外,几乎每 章都有复习题、书写练习和实际操作实验,并附有答案。书前有一套评估考题和答案,选配的光盘 上有新CCNA考试(640-802)的大量准备工具和资料。为了有助于应试者准备Cisco模拟考试,光盘 上包含各章的复习题和模拟考试题。应试者能顺利地通过这一考试。 读者对象:CCNA#640-802考试的应试者、Cisco网络工程技术人员和销售傊、大专院校计算机 通信专业师生。

CCNA第四学期期末考试答案

CCNA第四学期期末考试答案

1、如果将命令ip dhcp excluded-address 10.10.4.1 10.10.4.5添加到配置为DHCP 服务器的本地路由器配置中,结果是什么?该路由器将丢弃发往10.10.4.1 和10.10.4.5 的流量。

不会路由地址处于10.10.4.1 到10.10.4.5 之间的客户端所发出的流量。

DHCP 服务器不会分配10.10.4.1 到10.10.4.5 之间的地址。

该路由器将忽略来自地址处于10.10.4.1 到10.10.4.5 之间的DHCP 服务器的流量。

2、请参见图示。

连接到Fa0/0 的主机无法从此DHCP 服务器获取IP 地址。

debug ip dhcp server命令"DHCPD: there is no address pool for 192.168.1.1"。

问题出在哪里?DHCP 地址池中排除了地址192.168.1.1。

192Network 的地址池不正确。

网络地址池的默认路由器不正确。

地址192.168.1.1 已经用在接口Fa0/0 上。

3、请参见图示。

R1 针对内部网络10.1.1.0/24 执行NAT 过载。

主机A 向web 服务器发送了一个数据包。

务器返回的数据包的目的IP 地址是什么?10.1.1.2:1234172.30.20.1:1234172.30.20.1:3333192.168.1.2:804、请参见图示。

网络管理员对Router1 和Router2 上发出图示中的命令。

但其后在检查路由表时发现,两个路由器均不能获知相邻路由器的LAN 网络。

RIPng 配置最可能发生什么问题?串行接口处于不同的子网上。

接口上未启用RIPng 进程。

未配置RIPng 网络命令。

Router1 和Router2 的RIPng 进程不匹配。

5、请参见图示。

使用default-router和dns-server命令指定的TCP/IP 配置信息是如何获得的?TCP/IP 信息先转发至10.0.1.3,再提供给DHCP 客户端。

CCNA第四学期官方章节考试题之4 46 8、《网络故障排除》(附答案)

CCNA第四学期官方章节考试题之4 46 8、《网络故障排除》(附答案)

缩小范围
收集可疑设备的症状
分析现有症状
确定所有权
2逻
接口标识符
连接器类型
操作系统版本
电缆类型
虚电路
记录仅在园区网络中发现的设备的相关信息。

记录在整个网络中(包括远程站点)发现的设备的相关信息。

将网络配置表中与拓扑图所示组件相关的任何设备信息记录下来。

仅将网络配置表中与拓扑图所示组件相关的第
将网络配置表中与拓扑图所示组件相关的在网络使用高峰期收集的的设备信息记录下来。

检查所有服务器的电缆连接。

检查每块网卡上的连接指示灯是否为绿色。

在每台服务器上使用应用程序控制台来确保应用程序正在运行。

检查应用程序服务器上的事件日志,看是否有特定应用程序的错误消息。

测试客户端与服务器之间的
如果
在服务器上重新安装受影响的应用程序。

如果应用程序仍然无法响应,则在其中一台用户
6下
封装不正确
STP
ARP
时钟频率不正确
8全
数据中心中的超时传输现象表明存在本地物理层问题。

序以及电缆是否损坏。

因为所有客户端都遇到了应用程序问题,管理员应该对数据中心内的应用程序服务器使用自上而下问题的范围表明可能存在路由问题或生成树问题。

通过对员工进行调查以确定最近是否进行过更改。

10广12
14
极端工作条件下的预期性能
基线工具
知识库
协议分析器
电缆测试仪
18下
TCP/IP
TCP/IP
使用
网络接入层负责在
Internet
TCP/IP
20网。

CCNA各章精彩一句话

CCNA各章精彩一句话
ISP的静态路由配置如下:
ip route 172.16.0.0 255.240.0.0 Serial0/0/0
2.3.6.1.2《动态路由协议简介》
1、请解释为什么相对于动态路由会优先选用静态路由。
答:静态路由更安全,占用较少的路由器计算资源,而且易于理解。静态路由之所以安全,是因为路由器不会向其它路由器通告路由信息。它比动态路由使用更少路由器资源。动态路由需要执
4、什么是管理距离,它的重要性何在?
答:管理距离是衡量路由来源可信度的一项指标。当路由器从两个不同的路由来源取得到达同一目的网络的路由信息时,就需要用到管理距离。它的重要性在于,不是所有的路由来源都具等同的重要性。例如,如果目的网络与路由器直接相连,那么肯定不会希望路由器将数据分组发送到另一台路由器!管理距离可以确保不会发生此类事情,因为直接相连的路由的可信度要高于所有其它路由来源。
11、所有的分支路由器都需要配置到达RegionA的默认路由。RegionA需要到达HQ的默认路由,而HQ需要到达ISP的默认路由。HQ和ISP可以通过一条静态路由总结所有的LAN。每一台分支路由器、RegionA和HQ的静态路由分别是什么?在RegionA、HQ和ISP上配置的总结静态路由分别是什么?
二、RIP使用跳数作为其路径选择的唯一度量。
三、将跳数超过15的路由通告为不可达。
四、每30秒广播一次消息。
2、请按顺序列出用于检验RIP配置和排除RIP配置故障的三条命令。
答:show ip route
show ip protocols
debug ip rip
3、passive-interface命令有何用途?
拓扑图如下:
答:Branch1、Branch2和Branch3都有相同的默认静态路由:

思科第四学期第六章100分答案

思科第四学期第六章100分答案

CCNA第四学期(六)(2010-12-11 10:09:12)标签:ccnait第四学期第六章思科网络分类:CCNA1微波接入全球互通 (WiMAX) 通信技术有哪两项特点?(选择两项。

)支持使用网状技术的市政无线网络可覆盖的面积多达 7,500 平方公里支持点对点链路,但不支持全移动蜂窝式接入通过高带宽连接直接连接到Internet工作速度比 Wi-Fi 低,但支持的用户更多2技术人员应要求为远程工作人员配置宽带连接。

技术人员接到指示,连接所需的所有升级和下必须使用现有电话线路进行。

应该使用哪种宽带技术?电缆DSLISDNPOTS3下列关于 DSL 的说法中哪两项正确?(选择两项。

)用户连接到共享介质上使用 RF 信号传输本地环路最长可达 3.5 英里 (5.5km)物理层和数据链路层由 DOCSIS 定义用户连接通过 CO 处的 DSLAM 汇聚4可使用哪三种加密协议加强 VPN 的数据传输机密性?(选择三项。

)AESDESAH哈希MPLSRSA5VPN 通过哪两种方法实现数据传输的机密性?(选择两项。

)数字证书加密封装哈希密码6当监控有线电视网络中的流量时,技术人员发现数据传输使用的频率为 38 MHz。

下列哪种说法了该技术人员所观察到的情况?数据正在从用户向前端传输。

数据正在下行流动。

有线电视传输正在与语音和数据传输相互干扰。

系统在较低频段发生了拥塞。

7安全 VPN 有哪三项主要功能?(选择三项。

)记帐身份验证授权数据可用性数据机密性数据完整性8下列哪种说法正确描述了有线电视网络?通过有线电视网络提供服务要求下行频率介于 50 MHz 到 860 MHz 之间,上行频率介于 5 M 之间。

有线电视用户必须购买电缆调制解调器端接系统 (CMTS)每个有线电视用户拥有专用的上行和下行带宽。

有线电视用户在上传路径上最高可获得 27 Mbps 的带宽。

9请参见图示。

一名远程办公人员通过 Internet 连接到 HQ 办公室。

CCNA ENetwork Chapter 7

CCNA ENetwork Chapter 7

ENetwork Chapter 7 - CCNA Exploration: NetworkPosted by Space on Sunday, May 10, 20091Which options are properties of contention-based media access for a shared media? (Choose three.) * non-deterministic* less overheadone station transmits at a time* collisions existdevices must wait their turntoken passing2What is a primary purpose of encapsulating packets into frames?provide routes across the internetworkformat the data for presentation to the user* facilitate the entry and exit of data on mediaidentify the services to which transported data is associated3Refer to the exhibit. How many unique CRC calculations will take place as traffic routes from the PC to the laptop?246*8164What is true concerning physical and logical topologies?The logical topology is always the same as the physical topology.Physical topologies are concerned with how a network transfers frames.Physical signal paths are defined by Data Link layer protocols.* Logical topologies consist of virtual connections between nodes.5Refer to the exhibit. Assuming that the network in the exhibit is converged meaning the routing tables and ARP tables are complete, which MAC address will Host A place in the destination address field of Ethernet frames destined for www.server?00-1c-41-ab-c0-00* 00-0c-85-cf-65-c000-0c-85-cf-65-c100-12-3f-32-05-afWhat are three characteristics of valid Ethernet Layer 2 addresses? (Choose three.)* They are 48 binary bits in length.*They are considered physical addresses.* They are generally represented in hexadecimal format.They consist of four eight-bit octets of binary numbers.They are used to determine the data path through the network.They must be changed when an Ethernet device is added or moved within the network.7Refer to the exhibit. A frame is being sent from the PC to the laptop. Which source MAC and IP addresses will be included in the frame as it leaves RouterB? (Choose two.)source MAC - PCsource MAC - S0/0 on RouterA* source MAC - Fa0/1 on RouterB* source IP - PCsource IP - S0/0 on RouterAsource IP - Fa0/1 of RouterB8What determines the method of media access control? (Choose two.)network layer addressing* media sharingapplication processes* logical topologyintermediary device function9What is the purpose of the preamble in an Ethernet frame?is used as a pad for dataidentifies the source addressidentifies the destination addressmarks the end of timing information* is used for timing synchronization with alternating patterns of ones and zeros10What statements are true regarding addresses found at each layer of the OSI model? (Choose two.) * Layer 2 may identify devices by a physical address burned into the network cardLayer 2 identifies the applications that are communicating* Layer 3 represents a hierarchical addressing schemeLayer 4 directs communication to the proper destination networkLayer 4 addresses are used by intermediary devices to forward data11Which statements describe the logical token-passing topology? (Choose two.)Network usage is on a first come, first serve basis.* Computers are allowed to transmit data only when they possess a token.Data from a host is received by all other hosts.* Electronic tokens are passed sequentially to each other.Token passing networks have problems with high collision rates.12Which sublayer of the data link layer prepares a signal to be transmitted at the physical layer? LLC* MACHDLCNIC13What is true regarding media access control? (Choose three.)* Ethernet utilizes CSMA/CD* defined as placement of data frames on the mediacontention-based access is also known as deterministic802.11 utilizes CSMA/CD* Data Link layer protocols define the rules for access to different mediacontrolled access contains data collisions14What is a characteristic of a logical point-to-point topology?The nodes are physically connected.The physical arrangement of the nodes is restricted.* The media access control protocol can be very simple.The data link layer protocol used over the link requires a large frame header.15What two facts are true when a device is moved from one network or subnet to another? (Choose two.)The Layer 2 address must be reassigned.The default gateway address should not be changed.* The device will still operate at the same Layer 2 address.Applications and services will need additional port numbers assigned.* The Layer 3 address must be reassigned to allow communications to the new network.16What is a function of the data link layer?provides the formatting of dataprovides end-to-end delivery of data between hostsprovides delivery of data between two applications* provides for the exchange data over a common local media17Which three factors should be considered when implementing a Layer 2 protocol in a network? (Choose three.)the Layer 3 protocol selected* the geographic scope of the networkthe PDU defined by the transport layer* the physical layer implementation* the number of hosts to be interconnected18What is the primary purpose of the trailer in a data link layer frame?define the logical topologyprovide media access control* support frame error detectioncarry routing information for the frame19A network administrator has been asked to provide a graphic representation of exactly where the company network wiring and equipment are located in the building. What is this type of drawing? logical topology* physical topologycable pathwiring gridaccess topology20Refer to the exhibit. Which statement describes the media access control methods that are used by the networks in the exhibit?All three networks use CSMA/CANone of the networks require media access control.* Network 1 uses CSMA/CD and Network 3 uses CSMA/CA.Network 1 uses CSMA/CA and Network 2 uses CSMA/CD.Network 2 uses CSMA/CA and Network 3 uses CSMA。

CCNA【理论7-1】WLAN

CCNA【理论7-1】WLAN

15

4、中继型(Relay)或者桥接型拓扑? 、中继型( )或者桥接型拓扑?
© 2010 Cisco Systems.Inc All rights reserved.
Cisco Systems v1.0
16

5、SSID? 、 ?
© 2010 Cisco Systems.Inc All rights reserved.
Cisco Systems v1.0
18

7、什么是漫游? 、什么是漫游?
a、漫游是从一个原AP移动到新AP重新关联的过程 b、客户端将要发送一个已经存在关联的BSSID c、相同子网漫游无需切换IP Reassociation response
Reassociation request
© 2010 Cisco Systems.Inc All rights reserved.
Cisco Systems v1.0
19

8、无线天线的特征? 、无线天线的特征?
a、增益 、 功率增加的度量标准,思科规定用dBi来度量增益,这是选择天线的最主要的一 个参数,它指的是天线在一定方向上天线辐射电磁波的强度,直接影响到天线 的覆盖范围和发射频率的强度。 b、方向 、 全向天线: 全向天线:360度覆盖辐射RF能量 定向天线: 定向天线:集中在一个方向上
4、用户对无线网络的主要需求总结? 、用户对无线网络的主要需求总结?
全网认证统一
统一集中管理
高带宽覆盖
移动漫游访问 入网安全控制 射频调整
© 2010 Cisco Systems.Inc All rights reserved.
Cisco Systems v1.0
5
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

1
请参见图示。

R1 为网络10.1.1.0/24 执行NAT,R2 为网络192.168.1.2/24 执行NAT。

主机 A 与网络服务器通信时,主机 A 在其IP 报头中加入的有效IP 目的地址是什么?B
10.1.1.1
172.30.20.2
192.168.1.2
255.255.255.255
2您公司获得供应商分配的IPv6 前缀2001:0000:130F::/48。

根据这个前缀,您的公司在创建子网时有多少位可以利用?B 8
16
80
128
3网络管理员应该使用哪种NAT 来确保外部网络一直可访问内部网络中的web 服务器?B
NAT 过载
静态NAT
静态NAT
PAT
4使用NAT 的两个好处是什么?(选择两项。

)AB
它可节省公有IP 地址。

它可增强网络的私密性和安全性。

它可增强路由性能。

它可降低路由问题故障排除的难度。

它可降低通过IPsec 实现隧道的复杂度。

5
请参见图示。

路由器FastEthernet0/0 接口已配置IPv6 地址2006:1::1/64 eui-64。

下列描述EUI-64 标识符配置的说法中,哪一项正确?D
它将随机生成64 位的接口ID。

它将自IPv6 私有地址池中为接口分配一个地址。

它仅把IPv6 全球单播地址的注册机构前缀分配给接口。

此配置将从接口MAC 地址中提取IPv6 地址的接口部分。

6IPv6 地址内有多少位用于标识接口ID?C
32
48
64
128
7有关NAT 与PAT 之间的差异,下列哪一项正确?D
PAT 在访问列表语句的末尾使用"overload" 一词,共享单个注册地址。

静态NAT 可让一个非注册地址映射为多个注册地址。

动态NAT 可让主机在每次需要外部访问时接收相同的全局地址。

PAT 使用唯一的源端口号区分不同的转换。

8
请参见图示。

下列关于图中所示配置的说法中哪两项正确?(选择两项。

)AC
来自网络10.1.1.0 的流量将被转换。

来自网络209.165.200.0 的流量将被转换。

允许的流量会被转换为单个内部全局IP 地址。

取自网络10.1.1.0 的内部全局IP 地址池将用于转换。

来自网络209.165.200.0 中的外部用户可以访问网络10.1.1.0 和10.1.2.0 中的私有地址。

9
请参见图示。

语句ip nat pool Tampa 179.9.8.96 179.9.8.111 netmask 255.255.255.240会导致哪两个地址被分配给流出S0 的流量?(选择两项。

)CD
10.0.0.125
179.9.8.95
179.9.8.98
179.9.8.101
179.9.8.112
10
请参见图示。

此拓扑中存在多少个IPv6 广播域?A
1
2
3
4
11网络管理员希望将两个IPv6 岛连接起来。

最简单的方式是通过仅使用IPv4 设备的公共网络来连接。

哪种简单的解决方案可解决此问题?D
将公共网络中的设备替换为支持IPv6 的设备。

在每个IPv6 岛的边界路由器上配置RIPng。

将路由器配置为使用双协议栈技术。

使用隧道技术将IPv6 流量封装在IPv4 协议中。

12
请参见图示。

技术人员使用SDM 为一台Cisco 路由器输入了NAT 配置。

哪种说法正确描述了配置结果?C 内部用户会看到192.168.1.3 使用端口8080 发来了一个web 流量。

地址172.16.1.1 会被转换为以192.168.1.3 开头的地址池中的一个地址。

外部用户会看到192.168.1.3 使用端口80 发来了一个请求。

外部用户必须将流量发往端口8080 才能到达地址172.16.1.1。

13主管要求技术人员在尝试排除NAT 连接故障之前总是要清除所有动态转换。

主管为什么提出这一要求?B
主管希望清除所有的机密信息,以免被该技术人员看见。

因为转换条目可能在缓存中存储很长时间,主管希望避免技术人员根据过时数据进行决策。

转换表可能装满,只有清理出空间后才能进行新的转换。

清除转换会重新读取启动配置,这可以纠正已发生的转换错误。

14
请参见图示。

根据图中所示的配置,应该如何为网络中的关键主机(例如路由器接口、打印机和服务器)分配排除地址池?A 地址由网络管理员静态分配。

DHCP 服务器动态分配地址。

地址必须先列在DHCP 地址池中,才能用于静态分配。

地址必须先列在DHCP 地址池中,才能用于动态分配。

15在Cisco 路由器上激活IPv6 路由并在多个接口上设置IPv6 地址后,还需进行什么步骤才能激活RIPng?A 进入每个IPv6 接口的接口配置模式并启用IPng RIP。

输入ipv6 router rip name命令,然后使用network 语句在该接口上激活RIPng。

输入router rip命令,然后使用version命令激活RIPng。

RIPng 即会自动在所有IPv6 接口上运行。

进入每个IPv6 接口的接口配置模式,然后启用组播组FF02::9,再使用ipv6 router rip name命令全局激活RIPng。

16
请参见图示。

请参见图示。

根据图中所示的输出,此DHCP 服务器成功分配或更新了多少个地址?D 1
6
7
8
9
17
请参见图示。

哪个或哪些地址是内部全局地址?C
10.1.1.2
192.168.0.100
209.165.20.25
网络10.1.1.0 中的任意地址
18
请参见图示。

在图中所示的Cisco 宽带路由器的部分配置输出中,标有箭头的命令有何用途?A
定义可以转换哪些地址
定义允许来自哪些地址发来的流量进入路由器
定义向NAT 地址池分配哪些地址
定义允许来自哪些地址发来的流量通过路由器传出
19
请参见图示。

网络技术人员确定DHCP 客户端工作不正常。

客户端从作为DHCP 服务器的路由器上接收了IP 配置信息,但无法访问Internet。

根据图中所示的输出,问题最可能出在哪里?D
未启用HTTP 服务器服务。

未定义DCHP 的内部接口。

未将DHCP 地址池绑定到接口。

地址池中没有为客户端定义默认路由器。

DHCP 地址池中排除了所有主机地址。

20
请参见图示。

FTP 服务器拥有一个RFC 1918 私有地址。

Internet 上的用户需要连接到R1 Fa0/0 端口所连LAN 中的FTP 服务器。

必须在R1 上完成哪三项配置?(选择三项。

)CDF
动态NAT
NAT 过载
开放端口20
开放端口21
开放端口23
NAT 端口转发
21
请参见图示。

流出R1 的流量转换失败。

最可能出错的是配置的哪个部分?B ip nat pool语句
access-list语句
ip nat inside配置在错误的接口上
接口s0/0/2 应该拥有一个私有IP 地址。

相关文档
最新文档