Home > CCNA Access List Sim 2

CCNA Access List Sim 2

February 15th, 2012 Go to comments

Question

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply a numberd access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to “cisco”.
The Core connection uses an IP address of 198.18.196.65
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254
Host A 192.168.33.1
Host B 192.168.33.2
Host C 192.168.33.3
Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30
The Finance Web Server is assigned an IP address of 172.22.242.23.
The Public Web Server is assigned an IP address of 172.22.242.17

access_list_sim2.jpg

Answer and Explanation

(Note: If you are not sure how to use access-list, please check out my access-list tutorial at: http://www.9tut.com/access-list-tutorial, also some modifications about the access-list have been reported so you should read the “Some modifications” section at the end of this question to understand more. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_Access-list_sim2.pkt

Corp1>enable (you may enter “cisco” as it passwords here)

We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the “show running-config” command to check which interface has the IP address of 172.22.242.30.

Corp1#show running-config

access_list_sim_show_running.jpg

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).

Corp1#configure terminal

Our access-list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via web

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permitted

Corp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks. If we apply access list to the inbound interface we can only filter traffic from the LAN network.

In the real exam, just click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.

Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Server from these hosts.

Finally, save the configuration

Corp1(config-if)#end
Corp1#copy running-config startup-config

(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic – like FTP, SMTP… then other hosts can access it, too.)

Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully.

Some modifications:

permit host B from accessing finance server access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
deny host B from accessing the OTHER server (not the whole network) access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
permit everything else permit ip any any
Only allow Host C to to access the financial server access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
Not allow anyone else in any way communicate with the financial server access-list 100 deny ip any host 172.22.242.23
Allow all other traffic permit ip any any
- Host C should be able to use a web browser(HTTP)to access the Finance Web Server access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
- Other types of access from host C to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
access-list 100 deny ip any host 172.22.242.23
(because the requirement says we can not use more than 3 statements so we have to use “any” here for the hosts in the Core and hosts in local LAN)
- All hosts in the Core and local LAN should be able to access the Public Web Server * access-list 100 permit ip any host <IP of Public Web Server>
(If the question asks this, surely it has to give you the IP of Public Web Server) but in the exam you should use “access-list 100 permit ip any any”
Host C should be able to use a web browser to access the financial web server access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Other types of access from host C to the finance web server should be blocked access-list 100 deny ip host 192.168.33.3 host 172.22.242.23
All hosts in the core and on the local LAN should be able to access the Public web server * access-list 100 permit ip any host <IP of Public Web Server>
(The IP of Public Web Server will surely be given in this question) but in the exam you should use “access-list 100 permit ip any any”

* There are some reports about the command of “All hosts in the core and on the local LAN should be able to access the Public web server” saying that the correct command should be “access-list 100 permit ip any any”, not “access-list 100 permit ip any host (IP of Public Web Server)”. Although I believe the second command is better but maybe you should use the first command “access-list 100 permit ip any any” instead as some reports said they got 100% when using this command (even if the question gives you the IP address of Public Web Server). It is a bug in this sim.

(Note: Don’t forget to apply this access list to the suitable interface or you will lose points
interface fa0/1
ip access-group 100 out

And in the exam, they may slightly change the requirements, for example host A, host B instead of host C… so make sure you read the requirement carefully and use the access-list correctly)

I created this sim in Packet Tracer v5.2.1 so you can practice with it. You will need new version of Packet Tracer to open it (v5.1+).

accesslist_sim2_packet_tracer.jpg

Download this sim here

Notice: After typing the commands above, if you make a “ping” from other hosts (PC0, PC1, PC3) then PC4 (Finance Web Server) can still reply because we just filter HTTP traffic, not ICMP traffic. To generate HTTP traffic, select “Web Browser” in the “Desktop” tab of these PCs. When a web browser opens, type the IP address of Finance Web Server and you can see how traffic flows in Simulation Mode.

accesslist2_test_http.jpg

And notice that in the initial configuration of this sim the Core network can ping Finance Web Server. We have to create an access-list that can filter this traffic too.

Other lab-sims on this site:

CCNA NAT SIM Question 1

CCNA NAT SIM Question 2

CCNA Frame Relay Sim

CCNA Configuration SIM Question (RIPv2 SIM)

CCNA VTP SIM

CCNA EIGRP LAB

CCNA Drag and Drop SIM

CCNA Implementation SIM

Comments
Comment pages
1 ... 17 18 19 41
  1. Ngoroko
    April 23rd, 2012

    @9tut

    Going by the correctly configured acl below, is n’t it obligatory to include the netmasks?

    access-list 100 permit tcp host 192.168.44.4 host 172.22.242.23 eq 80
    access-list 100 deny ip any host 172.22.242.23

    Thank you

  2. duncan
    April 23rd, 2012

    i did ma exam today and passed with 90.7.thanks alot to 9gtut.labs were access list 2,vtp and eigrp.vtp was abit differerent.sw 3 was the the root bridge.otheerwise evrything was quite the same except for the change of ip addresses.thanks for ur support guys.allthe best 4 those preparing.collosio dumps fantastic.

  3. 9tut
    April 23rd, 2012

    @Ngoroko: When using the keyword “host” we don’t need to use the netmask because in fact, the keyword “host” equals to netmask “0.0.0.0″. In other cases we have to use the netmasks.

  4. zimzim
    April 23rd, 2012

    Failed today scored 801,be careful of verification and VTP…

  5. Velaskon
    April 23rd, 2012

    zim zim ? which question u failed?>

  6. Masthan
    April 23rd, 2012

    @zimzim… can pls explain what is mean by verification? am goin 2 tak exam on thursday.. pls do tel me what is the change..

  7. Ace
    April 24th, 2012

    Failed few weeks ago…All the question came outta latest dumps and 9tut. All I gotta say is becareful b4 u hit next button…there’s no previous button nor reviews in the end.

  8. ccna rookie
    April 24th, 2012

    just passed my ccna .thanks very much 9tut and everyone on this site .without you guys i dont think i could have passed.gudluck to all prospective ccna.thanks a lot .labs. eigrp,vtp acl2 .try to understand them dont just dump but all in all they are easy

  9. abdul
    April 24th, 2012

    how are subnetting questions like in the real exams,,is it thesame as the ones in d dumps or they change the numbers and how many questions is subnet in d real exams,,,its diving me lotta headache..thnks

  10. jelenna
    April 24th, 2012

    I’m confused about this part of simulation:

    “All access from hosts in the Core or local LAN to the Finance Web Server should be blocked”

    and you put: “access-list 100 deny ip any host 172.22.242.23″.
    BUT, access list is implemented on OUT of fa0/1 router interface, so all traffic generated from workstations or servers in same LAN as Finance server will not be processed by access-list, so – it will be allowed?

  11. jelenna
    April 24th, 2012

    Is there any other reason to use:

    access-list 100 permit ip any ANY

    when it is asked to allow: “All hosts in the core and on the local LAN should be able to access the Public web server”, and it is not written to allow ALL other traffic?

    If we don’t put “permit ip any any”, than “permit ip any IP-web-server”, don’t we get what they asked?

  12. xallax
    April 24th, 2012

    @abdul
    they change the numbers of course…
    you should learn how to subnet on your own, not just memorize the answer. it is fast and easy

    read 9tut’s tutorial or watch cbt nuggets video on subnetting

  13. Lodhi
    April 24th, 2012

    ALHAMDULILLAH passed 2 hours ago with 907/1000, passing marks was 825, VTP Sim, ACL-2, EIGRP (AS 23) came in my exam and almost same with different IP scheme, thanx 9tut……. Good Luck guys!!!
    Now looking towards CCNP or CCNA Security =)

  14. Mr Russell
    April 25th, 2012

    Failed with an 815. Had a nervous bladder and had to run out right at this sim. I ran out of time, missing my last two questions. If I just didn’t have to pee…

  15. Mr Russell
    April 25th, 2012

    Just another question; Do we have to save to startup-config? I’ve been doing it just in case, but as I’ve said before, I just ran out of time.

  16. Narendra
    April 25th, 2012

    Hi Xallax,
    While practising in Packet Tracer we are able to verify our Access List configuration by getting into the Simulation Mode and observing the exact path a packet traverses and eventually hitting the Finance Web Server @ port no 80 and the others(Hosts A,B,D & tcp traffic pertaining to http port propagating from Core Router) being restricted at R1 router itself. How would we be able to verify our configuration during the real CCNA examination..Would we have the same simulation mode out ther as well??

    I would be appearing for my exam this friday & your prompt response would be highly appreciated!!!

    Thanks & Regards,
    Narendra

  17. Narendra
    April 25th, 2012

    Or please reply back @ narendra.varma106@gmail.com Thanks!!!

  18. Lodhi
    April 25th, 2012

    @ Narendra: you will have to jst click on specific host from which u want to verify it, then the web browser will be shown to u automatically, dnt getin nervous, be confident or if u want to verify icmp (ping reply) so u can do this from the router in ACL sim

  19. xallax
    April 25th, 2012

    @narendra
    yes, you will be able to verify it similar to what you’ve seen in practice labs here

  20. steve.ratna@gmail.com
    April 25th, 2012

    Please pass me the latest questions please. Send me the latest pdf to steve.ratna@gmail.com

    Thanks

  21. HMTM
    April 25th, 2012

    Thanks to Allah, I have passed my CCNA today with 960 marks. There were 48 questions with two labs:
    1. EIGRR sim with some modifications (I have to make connectivity with ISP router), and there is “passive interface” command on router’s ISP side so I didn’t change that.
    2. Access list sim same, just change with IP’s.
    I want to thank 9tut because I prepared all my labs and questions from here, just reviewed 480 dumps last two days and specially thanks to xallax comments about different questions as that were very helpful.
    Good luck to all

  22. Agustin
    April 26th, 2012

    I just took the Exam today! Y passed with 905/1000!!!.
    Thanks a lot 9tut.com. The best place to study the Simlets. I couldn’t have done it without you.

    The 3 sims were: VTP, ALC2 and EIGRP.
    - The addressing scheme on the VTP SIM was different, and things were quite different. My 5 questions were: Question 1 (different MAC addresses); Question 9 (There was no ip default-gateway on the show runn, but I managed to get the answer); Question 4 (Sw-Ac3 was the root bridge switch); Question 5 (the port was assigned to vlan 22); Question 7 (Sw-Ac3 had a higher configuration revision number than the new one, so it prevailed)

    - ACL2 had different network addresses and the statements of the ACL were: 1)Allow only host D to use www to access Finance Web Server. 2) Deny any other hosts to access the Finance Web Server. 3) Allow everyone to access the Public Web Server.

    - EIGRP used AS 221 and had different network addresses. The routers were called Regional1 (R1), Regional2 (R3), Store1 (R2) and Store2 (R4). The router Regional2 (R3) had misconfigured AS 22. There was no passive-interface command anywhere on Regional1 (R1).

    Thanks again!
    Now I will embark on CCNP (or maybe CCNA Security).

  23. zed
    April 26th, 2012

    Hi Agustin and all

    For ACL 2, “3) Allow everyone to access the Public Web Server.”
    how the command would be?

    is it : “access-list 100 permit ip any any” ?
    ===================================================

    According to Agustin question this command correct?

    #Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
    #Access-list 100 deny ip any host 172.22.242.23
    #access-list 100 permit ip any any

    #interface fa0/1
    #ip access-group out

  24. Sammy Gh
    April 26th, 2012

    Agustin, you were saying on vtp question 9) there was no default gateway even though you
    issue show running-config, yet you couldn’t find it but you manage to get the answer .

    can you please show me how you manage to get the answer for question 9 ?

  25. zed
    April 26th, 2012

    sammy, if i’m not wrong, u could just show cdp nei and see the router connected..should be vlan-r1..from there, u can sh mac add to see where the port goes..

    correct me if i’m wrong..=)

  26. Dolly
    April 26th, 2012

    Please can someone tell me which application we need to open the sim downloaded just so I can practice or have hands on?

  27. Paul
    April 26th, 2012

    Pass my exam today. Got 1000/1000….a 100% pass i couldn’t believe it after having failed 2 weeks ago with a score of 815. Had the same ACl, VTP and EIGRP sim like last time with just little change. Almost all question that appear in the exam are found here except for 4 or 5 new question>>>
    for those who will attempt the exam soon beware as there are similar questions as in here that has some configuration change so don’t just jump in BE CAREFUL. also curiously my first question was the eigrp lab and all the 2 other sim in b/t ques 2 to 10. think they just try to scare me away. Anyway 9tut you are the best.
    Should anyone in here need help don’t hesitate

  28. Are
    April 26th, 2012

    please paul i want to do ccna exam about the questions which link is good to study ,I know that 9tut are best for (sim and lab,..) ,but waht about other questions i mean choose the correct answer .I was student for ccna with open university and now i finshed just want help please.

    Thank you

  29. Dolly
    April 27th, 2012

    Hi Paul or 9tut, I am looking to practice some of the SIMS on 9tut, I have downloaded them but how do I open them? Thanks

  30. CCNA-Baby
    April 27th, 2012

    Dolly, you need to download packet tracer to use SIM’s

  31. CCNA-Baby
    April 27th, 2012

    Dolly, check this link to download packet tracer 5.3.2
    http://www.ccna4u.org/2011/04/packet-tracer-version-53-2-available.html

  32. prem
    April 27th, 2012

    hai guys cleared the exam got 881…..thanks to exam collection and 9tut.com..

  33. Masthan
    April 27th, 2012

    Alhamthulillah.. By d grace of Almighty Allah I have passed CCNA today with 933/1000.

    Collisio and jericho dumps are 100% valid.
    labs were:
    ACL2( ip address change, everything else same as in 9tut)
    EIGRP( change in only ip address. dont touch d mysterious network in router 1)
    VTP ( sw3 is d root bridge, everything else is d same).

    thnks 9tut & examcollection.. next onto CCNA security..

  34. CCNA-Baby
    April 27th, 2012

    Passed CCNA today………..!!!!!!!!! Hurray..! Had 48 questions in total.

    I watched video tutorials of Jeremy (CBT-nuggets) then studied both PASS4Sure + 9tut.com

    3 Sims came in exam:

    (1)EIGRP (122)

    (2) VTP with 5 Questions:
    What interface did Sw-AC3 associate with source MAC address 0010.5a0c.ffba ?
    What ports on Sw-AC3 are operating has trunks (choose three)?
    Which switch is the root bridge for VLAN 1?
    What address should be configured as the default-gateway for the host connected to interface fa 0/4 of SW-Ac3?
    From which switch did Sw-Ac3 receive VLAN information ?

    (3) Access List Sim 2 with Host B configuration.

    Thanks 9tut & Good luck to all reader for future exams.

  35. Suresh E
    April 28th, 2012

    1.host c should be able to use a web brw to acces the fws(financial web server)
    2.other type of access from host c to the fws shuld be blocked.
    3.all host in the core & on the local lan should be able to access the public web server

    what is the correct ans for the above question…? plz send quick… i am going to write the exam on mondey…

    whic is the correct commend for the 3rd question..
    ACL 100 permit ip any any or ACL 100 permit ip any public web server…?
    any one rply quick ……..

  36. abemad
    April 28th, 2012

    @Suresh

    I quoted this statement from above from ‘some modifications’ section:

    * There are some reports about the command of “All hosts in the core and on the local LAN should be able to access the Public web server” saying that the correct command should be “access-list 100 permit ip any any”, not “access-list 100 permit ip any host (IP of Public Web Server)”. Although I believe the second command is better but maybe you should use the first command “access-list 100 permit ip any any” instead as some reports said they got 100% when using this command (even if the question gives you the IP address of Public Web Server). It is a bug in this sim.*

  37. edz cudz
    April 29th, 2012

    thanks 9tut!=D

  38. Narendra
    April 29th, 2012

    @Suresh

    abemad is absolutely correct. Please use access-list 100 permit ip any any as i 2 have used the same in my exam which i did cleared yesterday on 28th April’12 and got full marks in the ACL lab even though the usage of the other command is also correct but using the same would cost you the ACL lab same way my friend did during his exam and he lost marks for the ACL lab.

    All the very best for your CCNA exam!!!

  39. Narendra
    April 29th, 2012

    Hi Lodhi & Xallax,
    Thanks a ton for your amazing support . Highly appreciated!!!

    I just passed my exam yesterday with 986/1000 marks..Labs were ACL in which Host B only needs to access the Finance Web Server rest everything should be blocked. Also other LAN’s & CORE network should also be restricted to access the Finance Web Server. Public Server needs to be accessed by all. Same has been explained by 9tut in the ACL lab modifications section. EIGRP lab was almost the same with minor changes & 3rd Lab was pertaining to VTP. I want to thank 9TUT for helping us all with this amazing site.. U guys are just gr8..Keep up the exemplary work!!

    Also guys please understand the concepts AND DONT MEMORISE THE DUMPS cause in the real exam u r bound to get few amendments..

    Gearing up for CCNP now!!!!

  40. Narendra
    April 29th, 2012

    @9tut/Xallax,

    A donation is definitely on from my end as soon as i get the reimbursement from my company..U guys deserve it big time!!!!!

  41. Fahad
    April 30th, 2012

    Thank you 9tut for the help with explanations and labs… all helpful.. the labs were exactly the same except the access list was slightly different. Anyway, if the exam taker understands the concept, he/she will pass the exam for sure.

  42. Sweet
    May 1st, 2012

    wow, i am very amazed with what you have shared guys, CONGRATULATIONS to all who passed and to those who are about to take exam like me, good luck to us and please help us pray and share to us too what you have up there guys. This is my first day for my review and dont yet where to begin, im planning to take my exam this 3rd week or last week of the May 2012, kindly share to me the latest dumps/ tips and guidance if you dont mind asking your favors. My email add sweet_babe_618@yahoo.com

    Thank you, God bless and takecare to all!

  43. Me
    May 1st, 2012

    Hi 9tut, first great u are doing this, i am going to take the exam in a few days. Just found out about this site 4 days ago!

    But i do not get the modification thing about this±

    question: deny host B from accessing the OTHER server (not the whole network)

    answer: access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

    Why the ip of .16? i do not see it anywhere? And if 16 is not right, does the wildcard mask also change?

  44. Randy
    May 2nd, 2012

    @Me

    It looks like .16 is the network number for the range.

  45. edz cudz
    May 2nd, 2012

    thank you very much 9tut! I just got 1000/1000! acl2, eigrp and vtp too!=D

  46. Randy
    May 2nd, 2012

    @ edz cudz

    What did you do for the ACL sim?

  47. alex
    May 2nd, 2012

    @edz cudz

    Please, can you give more detail about acl2!

  48. Red-Devil
    May 3rd, 2012

    Hi Guys i need your expertise in this one please…. for ACL.

    How can two different questions having same ip’s & details have different ans as shown below?

    What is the difference between this one;

    Corp>enable
    Corp1#configure terminal
    Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
    Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
    Corp1(config)#access-list 100 permit ip any any
    Corp1(config-if)#ip access-group 100 out
    Corp1(config-if)#end

    and this one show below;

    Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
    Corp1(config)#access-list 100 deny tcp 192.168.33.0 0.0.0.255 host 172.22.242.23 eq 80
    Corp1(config)#access-list 100 permit ip any any
    Corp1(config)#ip access-group 100 out
    Corp1(config-if)#end

    THE most confusing part is that these are two seperate questions of ACL but if both context is read than they are basically identical. How can it be differentiated.

    Question: The security for Corp1 router ……!

  49. jelena
    May 3rd, 2012

    In first configuration, CORE and LAN (any) will not not able to access host 172.22.242.23 using web browser. It will only be allowed for host 192.168.33.3.

    In second one, network 192.168.33.0/24 will not be able to access host 172.22.242.23 using web browser. It will be allowed for host 192.168.33.3 and also for CORE network.

  50. Lodhi
    May 3rd, 2012

    @ Narendra: Congratulations!!!

  51. me myself and i
    May 4th, 2012

    Passed today!
    You really need to type “permit ip any any” to permit the access to the webserver (ip was given) tho “permit ip any host ” seems right to me.

  52. sam
    May 4th, 2012

    Thank u 9tut for the gift of this site. Just passed my ccna after the 3rd atempt. Acl 2, Eigrp and Vtp laps are still valid. U guys are too much. (Hank u very much

  53. suhaa
    May 4th, 2012

    Today is my great day,
    passed exam with 907. Sims were from 9tut and they were EIGRP, ACL2 and VTP. Acme and Colliso dumps are still valid!
    Thank you sooo much 9tut… :)
    Good lock to everyone.

  54. Velaskon
    May 4th, 2012

    guys ACL2 sim isnot work… i put all commands same like 9tut says .. and i cant access from host 3 to webserver …. weird …can u guys help me pls

  55. Cezar
    May 4th, 2012

    Thank to Jehovah !

    Yesterday was my CCNA exam…and I passed with 986/1000 score. Lab’s: VTP(Four questions from this page, really the same questions); EIGRP( The same question and the passive interface in the ISP link that we don’t have to take) and the ACL 2 (this lab you should learn the subject “ACL” because the questions are variated a lot but with the same essence from lab 9tut). My personal TIP: 1º you should choose just one dump(in my case it was the Jericho 632) and repeat its untill you reaching between 900 and 1000. 2º step: You should viewing all questions from the 9tut’s link and keep doing the dump. Everyday step 1º plus 2º step. And the 3º step is select the betther dumps and select 50 questions with 30 minuts to response them. You should alternate the dumps. With 4 months you will be completely prepared. Understand the questions, you shouldn´t memorize them. Read the tutorials and the some literature. Good Luck and good preparation!

  56. kaathi
    May 5th, 2012

    thanx to 9tut..

    today i took CCNA exam i scored 1000/1000, sim were from this site only, i prepared sim and quest from this site only ,so i thank to 9tut.but i had seen 5 question from inside the book so guys alert study both book and 9tut, it’s enough

    good luck guys…..

  57. syed
    May 5th, 2012

    In one of the dumps I have noticed
    #inteface s1/0
    ip add 198.18.196.65 255.255.255.252
    #end
    Do I also need to configure Core Router s1/0 in exam, Please advise, I failed my first test

  58. zoo
    May 6th, 2012

    why some of the commands we used wildcard and other we didn’t ?

  59. shajib
    May 6th, 2012

    Can any body sent Latest dump question in my email address.
    Email: shajibcu@yahoo.com
    Thanks for your cooperation.

  60. Sathish_Tom
    May 7th, 2012

    I passed the CCNA Exam today with 960 Marks. 85% of questions came from 9tut.
    Thanks to 9tut…

  61. Colin
    May 7th, 2012

    Hi all,

    Could someone please send any dumps they have that would be of help.
    Colinaevans@hotmail.co.uk

    Thanks in advance :)

  62. JIGNeSH jigopatel258@gmail.com
    May 7th, 2012

    THANK YOU VERRY MUCH GOD…..
    i pass my ccna exam today with 960/1000 marks.. thanx to 9tut , xallx without you i may be cant….
    my sim was 1.vtp same , 2 eigrp (r2(home 2) with misconfiguration AS num ) , 3 acl2 same same as 9tut
    i got 48 qst and 3 or 4 for qst is out of dumps. i read jericho and cillisio dumps and thanx to all who comment here.. ths is best site for ccna

  63. JIGNeSH jigopatel258@gmail.com
    May 7th, 2012

    i got 3 -4 qust in my exam which is out of jericho and collisio dumps … bt that strange qst is from “” Cisco.Lead2pass.640-802.v2012-04-28.by.Bruce.564q “”.. so ps if u have time then once read that dump also… thank u 9tut and xallx .. u are true heroes

  64. AAA
    May 8th, 2012

    EXCEEELLLLEEEEENNNTTTTTTTT!!!!!!! LOVE 9TUT!

  65. Z L H
    May 9th, 2012

    Just pass today with 973. Total 48q. Thanks to 9tut and examcollection.
    Sim >>> eigrp with AS No. 221 and named central1 & 2
    Mismatch AS 22 in central1, no network for new added router(central2) in central1
    Action: Change AS to 221 and no auto-summary on new added router
    : add the network of new added router on central1
    There is passive interface on serial to ISP, just leave it as it is
    : save them on both
    >>> vtp: Mac-address-table is not working so use “mac address-table”
    >>> acl2: different ip address from here
    Only host C can access to finance svr via http and all other access deny to finance svr for host C
    Core and LAN can access to public svr
    Action: access-list 100 permit tcp host C’sip host finance’sip eq 80
    Access-list 100 deny ip any host finance’sip
    Access-list 100 permit ip any any
    Apply it for outbound to interface with .30 ip
    That’s it.
    For dump, Pls click here: http://www.examcollection.com/cisco/Cisco.Acme.640-802.v2011-07-09.by.Collisio.486q.vce.file.html
    Only one new question, but forget alrdy.

  66. Tosh
    May 10th, 2012

    Praise God, pass my CCNA today.

    my requirement is just HOST A to access Web in Financial server, same other requirements.

    Thanks 9tut

  67. abe
    May 10th, 2012

    In the section where the task is ” All hosts in the Core and local LAN should be able to access the Public Web Server” please use the command ” access-list 101 permit ip any any”.. used “access-list 101 permit ip any host “.. lost some marks because of it and scored 986… thanks to examcollection.com and 9tut.com… labs were EIGRP, VTP and Access List 2 with some changes… t

  68. Thapa
    May 11th, 2012

    CCNA.com has a small network that is using EIGRP as its IGP. All routers should be running an EIGRP AS number of 112. Router CAMPUS is also running static routing to the ISP.
    CCNA.com has recently adding the MAIN ROUTER. Currently, the MAIN ROUTER does not have connectivity to the ISP router. All other interconnectivity and Internet access for the existing locations of the company are working properly.
    The task is to identify the fault(s) and correct the router configuration(s) to provide full connectivity between the routers.
    Access to the router CLI can be gained by clicking on the appropriate host.
    All passwords on all routers are cisco.
    CAMPUS
    Fa0/0 – 192.168.22.13
    S1/0 – 198.0.18.6
    S0/0 – 192.168.63.25
    S0/1 – 192.168.40.17
    MAIN
    Fa0/0 – 192.168.22.14
    Fa1/0 – 192.168.36.49
    Fa1/1 – 192.168.36.33
    BLD-101
    Fa0/0 – 192.168.36.65
    Fa1/1 – 192.168.36.81
    S0/0 – 192.168.63.26
    BLD-102
    Fa0/0 – 192.168.36.97
    Fa1/1 – 192.168.36.113
    S0/1 – 192.168.40.18
    The given answer is like this:
    Config t
    Router EIGRP 112
    Network 192.168.22.0
    I am confused that where should I enter this commands for the correct answer? Do I enter these commands in Router MAIN or other too?

  69. Thapa
    May 11th, 2012

    Hi,
    @9tut
    I need your help for the correction and I am confused about this EIGRP configuration.

    CCNA.com has a small network that is using EIGRP as its IGP. All routers should be running an EIGRP AS number of 112. Router CAMPUS is also running static routing to the ISP.
    CCNA.com has recently adding the MAIN ROUTER. Currently, the MAIN ROUTER does not have connectivity to the ISP router. All other interconnectivity and Internet access for the existing locations of the company are working properly.
    The task is to identify the fault(s) and correct the router configuration(s) to provide full connectivity between the routers.
    Access to the router CLI can be gained by clicking on the appropriate host.
    All passwords on all routers are cisco.
    CAMPUS
    Fa0/0 – 192.168.22.13
    S1/0 – 198.0.18.6
    S0/0 – 192.168.63.25
    S0/1 – 192.168.40.17
    MAIN
    Fa0/0 – 192.168.22.14
    Fa1/0 – 192.168.36.49
    Fa1/1 – 192.168.36.33
    BLD-101
    Fa0/0 – 192.168.36.65
    Fa1/1 – 192.168.36.81
    S0/0 – 192.168.63.26
    BLD-102
    Fa0/0 – 192.168.36.97
    Fa1/1 – 192.168.36.113
    S0/1 – 192.168.40.18
    The given answer is like this:
    Config t
    Router EIGRP 112
    Network 192.168.22.0
    I am confused that where should I enter this commands for the correct answer? Do I enter these commands in Router MAIN or other too?

  70. Ian
    May 11th, 2012

    CCNA Access List Sim 2 – I had this sim today in my exam but could not get it to work. I checked my ACL100 and there were no matches at all, even though I had applied it on fa0/1 in the outbound direction. This fa0/1 has the .30 address. So, I removed the ACL from the interface and tried simple ping from the router to the finance web server. No response, just …..
    Tried pinging the other server on that subnet. Same issue. Eventually gave up with the diagnostics as was running out of time. Re-applied the ACL to the interface and saved the config to NVRAM. Interestingly, when I practised this SIM at home it worked fine. I did pass the exam although I’ve no idea if I passed this lab. Anyone else experience this ?

  71. John
    May 12th, 2012

    Today I passed with 986/1000 bcoz of God’s Grace & my effort also Thanx a lot to 9TUT.com & Examcollection.com. my sims were EIGRP, VTP, ACL2 frm 9tut. Total question 48. I solved those ques. very easily

    1) i advice you that u 1st clear ur concept using study materials & notes (use Todd lammle book.It’s very helpful)

    2) for dumps & Sims-> a) use 9tut. & other dumps are (Collisio.486q) (by.Jericho.632q)
    (Bruce.564q) (by.DHARANI.615q) in those dumps there is l’ll bit difference. so pls go through…
    get it from examcollection.com
    dont mug up only, understand the concept. in real exam options comes randomly.

    dont worry exam is very very easy if u follow these advise you will get above 900…………..100% true

    3) One question made ​​me confuse:–>

    In which circumstance are multiple copies of the same unicast frame likely to be transmitted in the Switched LAN?
    A. During high traffic periods
    B. In an improperly implemented redundant topology
    C. After broken links are re-established
    D. When upper-layer protocols require high reliability
    E. When a dual ring topology is in use

    I choose>B. In an improperly implemented redundant topology
    that’s why i lose 14 marks otherwise all ques 100% correct

    I think the correct ans is:–E. When a dual ring topology is in use

    Pls check out this ques

    Best of luck guys………………..

  72. irshad khan
    May 13th, 2012

    thanx to ALLAH !!!passed CCNA in just 50 minutes with 97% score most of the question’s come from 9tut 45q and 3 lab’s and the lab was grate it’s very easy i finished my last lab that was ACL in just 1.5 minute..
    study with CBT NUGGETS ,GNS3, CISCO PRESS BOOK AND LAST 5 DAYS 9TUT..
    THANX 9TUT..

  73. David
    May 15th, 2012

    Pass today with 852. Thank´s a lot 9tut.

  74. kaviii
    May 15th, 2012

    @ david

    can you give some tips about your exam…..it will be very useful dear!!!

  75. mutaz
    May 15th, 2012

    Can any body sent Latest dump question in my email address.
    Email: mutazeldaw@hotmail.com
    Thanks for your cooperation

  76. Albert
    May 15th, 2012

    Hi 9TuT,
    Thanks for the great help and guidance. I pass the exam last fri 907/1000. All the questions are valid. Sim’s for me are, VTP, ACL2 and Eigrp. and all are same as listed here.
    VTP – 5 questions.
    ACL2 – Host A needs to access finance server for http. Other access are blocked for finance for host A. Other hosts need to access other servers except finance server.
    EIGRP – same as here. Change the EIGRP ID to 212 and add the same networks back to the router. Add the new router network to the CORE router.
    Make sure u save the configs. Good luck.. :)

  77. Ace
    May 16th, 2012

    hello 9tut.com and all.

    i’ll be taking ccna exam next month . i am now reviewing using 9tut, pass4sure,testinside. can someone please give me the collisio and jericho dumps . here ace3cute@hotmail.com . Thanks in advance

  78. Jafari
    May 16th, 2012

    Xallas and 9tut you guys are God sent, 9tut Please permit me……

    There is urgent need for Telecom/Network tech within Africa and Europe.
    Minimum qualification for scope of work: CCNA
    Kindly contact me at ralphinci@gmail.com with your Location(City, country) and contact details(skype preferrable)

    Thank you guys and best of luck in your career

  79. Thapa
    May 17th, 2012

    @Ace
    I will suggest you to take PASS4SURE

    I took my exam on 16th may and got 96%

  80. Thapa
    May 17th, 2012

    @Ace
    You need to concerntrate on vlan+vtp simulation, the eigrp, rip v2, acl and nat+pat. these sections are pretty cool and you must have to download from the 9tut, which i mentioned are very important to know for the CCNA examiner.

    I personally, recommend to you that 9tut is the best in the world for ccna practise and many more to gain the knowledges. After finishing course on CCNA that is base but everyone need to get into the deep inside 9tut, where everyone can clear their concept as a practical life.

    Regards,
    Thapa

  81. Naper
    May 17th, 2012

    Hi All,
    A dumb question from me.
    Is there another way to open the downloaded file from
    http://www.examcollection.com/cisco/Cisco.Acme.640-802.v2011-07-09.by.Collisio.486q.vce.file.html without using the visual CertExam Suite? I installed the setup.exe. It looks like – need to purchase and register.
    Please help and respond back to naperjohn@yahoo.com.
    Thanks in advance.
    John

  82. RaviS
    May 17th, 2012

    Ohm sai Ram….Passed just now exam with 840/1000 marks.
    All the questions are from http://www.9tut.com only and labs also the same VTP ,ACL2 and EIGRP.
    VTP,among 5 i got 1 different question and ACL 2,I got the same lab with host D. and EIGRP is the same lab.If you study this 9tut.com and practise labs for 1 week before the exam and read todd lammle CCNA book to understand subnetting concepts and practise questions.You can easily pass….But be careful before clicking next option.

    All the best to all students…

Comment pages
1 ... 17 18 19 41
  1. No trackbacks yet.
Add a Comment