Learn About Cisco Certified Network Associate (CCNA)

  By Certification Magazine —

Examining the other options:

router ospf process-id
network address wildcard-mask

You cannot enable OSPF using this set of commands because the area area-id parameter also needs to be specified.

router ospf
network address wildcard-mask area area-id

You cannot enable OSPF using this set of commands because the OSPF process-id needs to be specified at the time of enabling OSPF on a router.

router ospf network-ip
network address wildcard-mask area area-id

You cannot enable OSPF using this set of commands because the OSPF process-id, not the network-ip, needs to be specified when you enable OSPF on a router.

References:
Configuring OSPF
Cisco.com
http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1cospf.html

Objective: Implement, verify and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network.
Sub-objective: Configure and apply ACLs based on network filtering requirements (including CLI/SDM).

Single answer, multiple-choice

You are the network administrator for your company. You configure a Web server on the network using the IP address 64.12.13.15. You want to allow users outside the network to access this Web site. You want to configure an access list on the router connecting the network to the Internet. Which access list should you configure to accomplish the task?

A.    access-list 1 permit ip any host 64.12.13.15
B.    access-list 101 permit ip any host 64.12.13.15
C.    access-list 1 permit ip host 64.12.13.15 any
D.    access-list 101 permit ip host 64.12.13.15 any

Answer:
B

Tutorial:
Access-list 101 permit ip any host 64.12.13.15 allows users outside the network to access the Web site hosted on the server having an IP address of 64.12.13.15.

There are two broad categories of access lists:

* Standard access lists are applied as close to the destination as possible. These access lists filter the network traffic based on the source IP address in the packet. The range used for standard access list is 1 to 99 and 1300 to 1999.

* Extended access lists are applied as close to the source as possible. These access lists can filter the network traffic based on the source and destination IP addresses in the packet. You can also specify additional protocol information to make the access list more specific. The range used for the extended access list is 100 to 199 and 2000 to 2699.

In this scenario, the packets destined for the IP address 64.12.13.15 are permitted access. The decision is based on the destination IP address in the packet; therefore, you should configure an extended access list. The range used for numbering the extended access lists is 100 to 199 and 2000 to 2699. Extended access lists are configured using the following command:

access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [established] [log | log-input] [time-range time-range-name] [fragments]

The first IP address in this command is the source IP address. The second IP address is the destination IP address. When you need to filter the packets based on only the destination IP address, you can use the keyword “any” to specify that the source IP address can be anything. When you want to provide access to only one of the addresses on the network, specify the keyword “host” before the destination IP address instead of using a wildcard mask after the address.

According to the above explanation, the access list should be configured as follows:
access-list 101 permit ip any host 64.12.13.15

You should not configure the access list as access-list 1 permit ip any host 64.12.13.15 or access-list 1 permit ip host 64.12.13.15 any because you will get a syntax error. The list is an extended access lists and should be numbered in range 100 to 199 and 2000 to 2699, not 1.

You should not configure the access list as access-list 101 permit ip host 64.12.13.15 any because this access list will permit the packets from host 64.12.13.15 to any destination.

Reference:
Configuring IP Access Lists
Cisco.com
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

Objective: Describe how a network works.
Sub-objective: Determine the path between two hosts across a network.

Single answer, multiple-choice

You are the network administrator for your company. One of your hosts cannot communicate with a host on a different network. Which Cisco Internetwork Operating System (IOS) command should you issue on the router to find the network route taken by the packets that are getting dropped?

A.    Traceroute.
B.    Tracert.
C.    Ping.
D.    extended ping.

Answer:
A

Tutorial:
You use the traceroute command to find the network route taken by the packets that are getting dropped. The traceroute command identifies the network route taken by the packet to reach the destination. This command is used to find the routing breaks in the network. Sample output for the command is as follows:

Router# traceroute 192.168.1.6

Type escape sequence to abort.
Tracing the route to 192.168.1.6

1 172.16.17.30 msec 4 msec 4 msec
2 192.168.1.1 msec 16 msec 16 msec
3 192.168.1.6 msec * 16 msec

The tracert command cannot be used to accomplish the task. The tracert command is used by Microsoft Windows and is not a valid Cisco utility that can be run via the Cisco IOS command line interface.

The ping command cannot be used to accomplish the task. The ping command tests connectivity between two devices.

The extended ping cannot be used to accomplish the task. The extended ping command can be issued on a router to test connectivity between two devices, with parameters other than the default.

Reference:
The Traceroute Command
Cisco.com
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml#traceroute