某公司网络拓扑如下:

乾颐堂RS-CCIEv5 LAB备考测试题分享_CCIE考试模拟题

为了尽量减少工程师的工作难度,现将整个网络业务规划做基本情况介绍。

某公司共有:

两个数据中心: AS 65001和 AS 65002

三个分支站点:65003、65004、65005

一个家庭办公点:Home Office

AS 64512 为MPLS核心,主要用于转发站点之间的私有业务流量

AS 64511 和 AS 64513 为Global SP,主要为用户提供互联网接入服务

其中MPLS核心和Global SP互为备份

R9和R13为企业互联网网关,其中每个远程站点均可独立访问互联网,本地互联网链路故障后,可通过×××访问互联网

R9、R14、R15 部署DM×××,其中对于 AS 65005区域,Spoke场点之间的流量优先走DM×××,其它流量优先走MPLS ×××

R13和R18之间部署IPSec LAN to LAN ×××,User4通过IPSec ×××接入公司网络,通过SP2访问互联网


测试规则说明:

参加乾颐堂CCIE理论课学习并完成课后作业的同学,建议参考这个文档和拓扑自行提前研究案例;

测试题使用上面拓扑,几套题目部署不同故障点,测试学员需要在规定时间内完成故障排查,测试时间为六个小时;

以抽签形式决定测试哪一套;

每题分值不同,得分大于等于80%即视为通过测试,可以开始进行LAB考试的备考;

测试过程为开卷测试,允许学员翻阅自己的笔记、查阅官方文档;

测试过程中不允许请其它人帮忙;

一旦有违规行为则取消测试资格,半年之内不允许再次测试;

学员参加测试即视为同意以上规则;


测试过程配置及其它规则:

除非题目有明确说明,否则不允许在任何位置部署静态路由;

不允许修改任何接口的MAC地址;

不允许修改任何接口的IP地址;

不允许创建任何新的路由协议进程;

要求对解题最终解法的每个改动做出记录并解释,否则不给分;

解题现象出来之后要求截图保存,附在解法解释下面;

输出图中标记下划线的部分要求必须完全一致;


任务一  (四分)

AS 65001区域 User1与Server之间的连通性有故障,请排查并实现如下图输出:


User1#traceroute 10.1.200.100 numeric

Type escape sequence to abort.

Tracing the route to 10.1.200.100

VRF info: (vrf in name/id, vrf out name/id)

1 10.1.100.254 1 msec 1 msec 1 msec

2 10.1.10.1 1 msec 1 msec 0 msec

3 10.1.200.100 2 msec * 3 msec


任务二  (二分)

排除故障并实现DM××× Spoke场点之间建立动态隧道,产生如下输出:


R15#traceroute 10.4.1.14 source loopback 0 numeric

Type escape sequence to abort.

Tracing the route to 10.4.1.14

VRF info: (vrf in name/id, vrf out name/id)

1 172.16.1.14 [AS 65001] 5 msec * 1 msec


R15#show crypto session

Crypto session current status

Interface: Tunnel0

Session status: UP-ACTIVE

Peer: 123.14.14.14 port 500

IKEv1 SA: local 123.15.15.15/500 remote 123.14.14.14/500 Active

IPSEC FLOW: permit 47 host 123.15.15.15 host 123.14.14.14

Active SAs: 2, origin: crypto map


任务三 (二分)

排查连通性故障并实现如下输出:


User3#ping 10.1.200.100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.200.100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms


User3#traceroute 10.1.200.100 numeric

Type escape sequence to abort.

Tracing the route to 10.1.200.100

VRF info: (vrf in name/id, vrf out name/id)

1 10.3.100.254 1 msec 0 msec 1 msec

2 10.3.10.1 0 msec 1 msec 0 msec

3 101.2.16.2 1 msec 1 msec 1 msec

4 10.0.10.17 [MPLS: Labels 207/312 Exp 0] 1 msec 1 msec 2 msec

5 10.0.10.1 [MPLS: Labels 108/312 Exp 0] 2 msec 1 msec 2 msec

6 101.2.7.2 [MPLS: Label 312 Exp 0] 2 msec 1 msec 1 msec

7 101.2.7.1 1 msec 2 msec 1 msec

8 10.1.10.5 3 msec 1 msec 1 msec

9 10.1.200.100 3 msec * 3 msec


User3#traceroute 10.2.100.1 numeric

Type escape sequence to abort.

Tracing the route to 10.2.100.1

VRF info: (vrf in name/id, vrf out name/id)

1 10.3.100.254 0 msec 1 msec 0 msec

2 10.3.10.1 1 msec 0 msec 1 msec

3 101.2.16.2 1 msec 1 msec 1 msec

4 10.0.10.17 [MPLS: Labels 204/512 Exp 0] 1 msec 1 msec 2 msec

5 101.2.12.2 [MPLS: Label 512 Exp 0] 1 msec 2 msec 1 msec

6 101.2.12.1 1 msec 3 msec 1 msec

7 10.2.10.5 2 msec 2 msec 1 msec

8 10.2.100.1 2 msec * 4 msec


任务四  (二分)

检查连通性和路由策略配置实现如下输出:


R15#traceroute 10.1.200.100 source loopback 0 numeric

Type escape sequence to abort.

Tracing the route to 10.1.200.100

VRF info: (vrf in name/id, vrf out name/id)

1 101.2.15.2 [AS 65001] 1 msec 0 msec 0 msec

2 10.0.10.21 [AS 65001] [MPLS: Labels 108/312 Exp 0] 1 msec 1 msec 1 msec

3 101.2.7.2 [AS 65001] [MPLS: Label 312 Exp 0] 0 msec 1 msec 0 msec

4 101.2.7.1 [AS 65001] 1 msec 1 msec 0 msec

5 10.1.10.5 [AS 65001] 2 msec 1 msec 1 msec

6 10.1.200.100 [AS 65001] 2 msec * 3 msec


任务五  (四分)

检查连通性和路由策略配置实现如下输出:


R15#traceroute 10.3.100.100 source loopback 0 numeric

Type escape sequence to abort.

Tracing the route to 10.3.100.100

VRF info: (vrf in name/id, vrf out name/id)

1 101.2.15.2 [AS 65001] 1 msec 0 msec 0 msec

2 10.0.10.21 [AS 65001] [MPLS: Labels 106/612 Exp 0] 2 msec 1 msec 1 msec

3 10.0.10.2 [AS 65001] [MPLS: Labels 203/612 Exp 0] 1 msec 1 msec 1 msec

4 101.2.16.2 [AS 65001] [MPLS: Label 612 Exp 0] 1 msec 2 msec 1 msec

5 101.2.16.1 [AS 65001] 1 msec 2 msec 1 msec

6 10.3.10.2 [AS 65003] 2 msec 2 msec 1 msec

7 10.3.100.100 [AS 65003] 2 msec * 3 msec


R15#traceroute 10.2.100.1 source loopback 0 numeric

Type escape sequence to abort.

Tracing the route to 10.2.100.1

VRF info: (vrf in name/id, vrf out name/id)

1 101.2.15.2 [AS 65001] 1 msec 0 msec 1 msec

2 10.0.10.21 [AS 65001] [MPLS: Labels 107/512 Exp 0] 1 msec 2 msec 1 msec

3 10.0.10.2 [AS 65001] [MPLS: Labels 204/512 Exp 0] 1 msec 1 msec 1 msec

4 101.2.12.2 [AS 65001] [MPLS: Label 512 Exp 0] 1 msec 1 msec 1 msec

5 101.2.12.1 [AS 65001] 1 msec 1 msec 1 msec

6 10.2.10.5 [AS 65002] 2 msec 1 msec 2 msec

7 10.2.100.1 [AS 65002] 1 msec * 2 msec


任务六  (二分)

检查连通性和路由策略配置实现如下输出:


User2#traceroute 10.1.200.100 numeric

Type escape sequence to abort.

Tracing the route to 10.1.200.100

VRF info: (vrf in name/id, vrf out name/id)

1 10.2.100.254 1 msec 0 msec 1 msec

2 10.2.10.6 0 msec 0 msec 1 msec

3 101.2.12.2 1 msec 1 msec 1 msec

4 10.0.10.13 [MPLS: Labels 207/312 Exp 0] 7 msec 7 msec 7 msec

5 10.0.10.1 [MPLS: Labels 108/312 Exp 0] 7 msec 6 msec 7 msec

6 101.2.7.2 [MPLS: Label 312 Exp 0] 1 msec 2 msec 2 msec

7 101.2.7.1 7 msec 6 msec 6 msec

8 10.1.10.5 7 msec 7 msec 6 msec

9 10.1.200.100 7 msec * 7 msec


User2#traceroute 10.1.100.100 numeric

Type escape sequence to abort.

Tracing the route to 10.1.100.100

VRF info: (vrf in name/id, vrf out name/id)

1 10.2.100.254 1 msec 0 msec 1 msec

2 10.2.10.2 0 msec 0 msec 1 msec

3 102.10.11.1 9 msec 9 msec 9 msec

4 10.1.10.21 9 msec 10 msec 10 msec

5 10.1.100.100 10 msec * 11 msec


任务七 (四分)

检查连通性并实现如下输出:


User4#traceroute 10.2.100.1 numeric

Type escape sequence to abort.

Tracing the route to 10.2.100.1

VRF info: (vrf in name/id, vrf out name/id)

1 10.6.100.254 0 msec 1 msec 0 msec

2 * * *

3 10.2.10.9 2 msec 1 msec 1 msec

4 10.2.100.1 2 msec * 2 msec


R13#show crypto session

Crypto session current status

Interface: Ethernet0/0

Session status: UP-ACTIVE

Peer: 101.3.17.1 port 4500

IKEv1 SA: local 101.3.13.1/4500 remote 101.3.17.1/4500 Active

IPSEC FLOW: permit ip 10.0.0.0/255.0.0.0 10.6.0.0/255.255.0.0

Active SAs: 2, origin: crypto map


R18#show crypto session

Crypto session current status

Interface: Ethernet0/2

Session status: UP-ACTIVE

Peer: 101.3.13.1 port 4500

IKEv1 SA: local 10.6.10.2/4500 remote 101.3.13.1/4500 Active

IPSEC FLOW: permit ip 10.6.0.0/255.255.0.0 10.0.0.0/255.0.0.0

Active SAs: 2, origin: crypto map


任务八 (二分)

解决远程管理故障,并实现如下输出:


R10#telnet 102.10.11.2

Trying 102.10.11.2 ... Open

User Access Verification

Username: CCNA

Password:

R11>show users

Line User Host(s) Idle Location

0 con 0 idle 00:00:08

* 2 vty 0 CCNA idle 00:00:00 102.10.11.1

Interface User Mode Idle Peer Address

Se1/0 R10 Sync PPP 00:00:02 102.10.11.1

注:telnet用户密码为 : username CCNA password CCIE