CCNA Access List Sim

zim zim zim zim
what do you mean
{eigrp with an extra unneccessary network to be removed}
what do we do?

@atr – The answer is A. You can check Cisco’s page on DHCP. It clearly says that.

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/Easyip2.html

Go to the end of the page. In the Glossary look for “address conflict”. It’ll give you the answer.

I think you can get the Latest CCNA certification braindumps in http://www.brothercert.com

No configuration present in the router. :(

It’s questions like this one that make the whole “Cisco no-red-herring questions” ethos a complete fabrication of the truth.

Something similar came up in my last exam, They say things like “Allow ONLY icmp traffic while keeping telnet disabled”.. to me that means:

permit icmp any any
deny ip any any

and cannot mean anything else.

Can anyone send me the latest dumps fuggz37@gmail.com

pls, send me latest dump arulsr2@gmail.com

question 1 says you need to enable telnet and icmp, however the answer denies telnet traffic. can anyone explain?

@Squeeb.

If you need to alow ICMP and deny telnet the statment in acs should be:

access-list 100 permit ICMP any any
access-list 100 deny TCP any any eq telnet

there is an inplicit line at the end of every ACL that denyes all traffic.

That said, I think that’s the solution…

hi,i greet you all,am really impressed with all your comments and qustions,none is wasteful,i will be writing my icnd1 exam by this month ending,but am still having a problem with sim,n configuraton, and little bits of subnetting,am kind of confused ,pls i need your advice,and your surport,bsogbaike@yahoo.com. thanks

after all configuration I got ping 10.4.4.3 but I am not ping telnet 10.4.4.3.say why this happene. How to ping telnet command

@raj u cannot ping telnet it is application uses port 23 used for making connection to router or switch

i just got my ccna and it was nnot easy but thank u 9tut your the best

If anyone has the latest brain dumps, please send a copy to homegrown63@yahoo.com

Thanks for the awesome site!!

Hie 9tut and everyone.l failed my ccna.l didnt know about 9tut till l went for the exam.Today when l got into this site,voala!,there are the questions l met!.Nice job.l’d like some dumps pliz or the latest registration key to the Visual Exam Suite app. prepfailed@gmail.com

I’m find’ subnett’ a bit tough.how can u assist?

Q3 answer A IS CORRECT. Reasons:

Interface s0/0/1 has an ipaddress 10.45.45.1/255.255.255.0 ===> Implying that it is connected to a network whose address uses a mask of 24. So it is reasonable to assume that the network mask to be 24 or greater for networks connected to s0/0/1.

Q1
i think access-list 106 can answer correctly this question. i don’t understand why access list 104 has been chosen instead acl 106.
plz can anyone explain me why does”access-list 106 permit icmp any any echo-reply” not permit ping to work properly?

@softwil

ACL 106 permit for ‘echor reply’ on inbound direction of f0/0 interface (in this case it doesnt matter because, we ping from switch to router sa echo request goes sw->rou, and ‘echo reply’ goes rou->sw) but implict deny at the end of ACL (deny all) block the ‘echo reguest’, thats why ping is not working.

thks bgrpl!

it s easy..but, it will collaps of our mind….much more acl

Thank you 9tut, this site filled the knowledge gaps I had in my preparation for the CCNA exam and was key in helping me to pass my exam. I appreciate everything, you all are wonderful.

Best Regards

Oh and best of luck to everyone who will be taking the exam. No worries, you will do well.

God Bless.

If anyone has the latest brain dumps, please send a copy to stuward.karima@yahoo.com

Thanks for the awesome site!!

in the ccna exam drag and drop questions is there r not , will u plz answer

latest dump please email: tapiwach@natfood.co.zw

Good Afternoon All,
@ Rosi. I have to retake the exam due to techical issues at the testing site, but I can confirm that there ARE drag and drop questions ( at least I had some). I got questions 1 from section 3 and 1/5 of section 4 on 9tut.

Hi, can you please send the latest dump to tr33do@yahoo.com

@ cs thanks for the information

Hi ! Please send me the latest dump to canihasu@gmail.com
thanks !!!!!!

show ip dhcp conflict

To display address conflicts found by a Cisco IOS Dynamic Host Configuration Protocol (DHCP) Server when addresses are offered to the client, use the show ip dhcp conflict EXEC command.

show ip dhcp conflict [address]
Syntax Description

address

(Optional) Specifies the IP address of the conflict found.

Defaults

None
Command Modes

EXEC
Usage Guidelines

This command first appeared in Cisco IOS Release 12.0(1)T.

The server detects conflicts using ping. The client detects conflicts using gratuitous Address Resolution Protocol (ARP). If an address conflict is detected, the address is removed from the pool and the address will not be assigned until an administrator resolves the conflict.

Please send latest dump to wiredup@nf.sympatico.ca,,Thanks

Whenever there is a address conflict in the DHCP server the address is usually removed from the pool for the a specific time period configured by an administrator

I fee so dumb, please somebody help!
Q 1: The explanation says: “Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.”. So if I understand correctly, we call icmp echo-reply the answer that we get when we ping some address. And in this case it can come to the router on the outbound (free) side of the port. But it seems to me it needs to be reverse: the echo-reply (the ping answer) should be able to come on the INbound side and be blocked by the outbound. Ohhhh, please help? Im lost. Every side can be IN and every can be OUT depending from where you look. Why can not they explain this easier?

Q 1: 104 inbound means: we can ping to someone but can not get their echo-reply (answer) does not it? So by applying 104 in we can not actually ping and expect to get an answer. It will be blocked by the IN port. So how can we say then that the answer is satisfied (meaning that we can ping) but actually we should not be able to receive an answer of the ping- meaning we can not ping???
Any smarties out there?

@bgrpl, thanks dude for your response to softwill. I was too messed with question 1, now it’s clear with your answer.

address conflict—A duplication of use of the same IP address by two hosts. During address assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the address is removed from the pool. The address will not be assigned until the administrator resolves the conflict.

Question 3…. One of CCNA nonsense never-hapens-in-your-life questions ..

OSPF and EIGRP routing will fail as multicast updates (224.0.0.X) will be blocked. We see no static routing configuration in “sh run” output, so that means the only route associated with s 0/0/0 interface in the router table is:

10.45.45.0/24 direcly connected to s 0/0/0

Any hosts from this network would be blocked by the access list. So the only correct answer seems to be A.

ok … The connection through s0/0/0/1 could actually work if the packets from source like X.X.X.0 would take another return-path to the sender. I mean:

Packets from source: X.X.X.0 with subnet mask from /23 to /8
Incoming interface: s0/0/1
Return interface: NOT s0/0/1

The connection like that could work.

P.S. I have made a mistake in the interface number in my previous post. Should be s0/0/1

I think answer C is correct because there is no such form of command “access-group 115 in”
In interface configuration mode you must type “ip access-group 115 in”. By typing “access-group 115 in” without word “ip” IOS just reject your input, thus access list 102 will remain applied.

Nuts&Bolts: Are you CCIE?

pls send to me the ccna dumps.thanks in advance.

Question 1:

Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?

A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out” <–seems to be correct
m.

The easiest way to answer to Q3 is that there is an implicit deny at the end of the access list which we cannot see. Hence, all the traffic will be automatically blocked. I don’t know why people are writing gigantic answers just to answer Q3.

regarding Q1
B-Change the ip access-group command on fa0/0 from “in” to “out
not correct becuase this will allow telnet and ping as well.

I downloaded the pkt, regarding the Q3 it did not overide as i execute the command the s0/0/0 has now 2 ACL: ip access-group 115 in and ip access-group 102 out in the explanation it says override so in my unerstanding the first ACL will be read and the second ACL will just be ignored?

I downloaded the pkt, regarding the Q3 it did not overide as i execute the command the s0/0/0 has now 2 ACL: ip access-group 115 in and ip access-group 102 out in the explanation it says override so in my unerstanding the first ACL will be read and the second ACL will just be ignored?

Does anyone out there have Packet Tracer 6 or later? Please send to aaegh7@gmail.com. My version (V5) does not support iBGP…I’m preparing for CCIE.
Thanks in advance.

@Enthusiast

Check your directions. You can only have 1 access list per interface, per protocol, per direction. You have two ACLs on your interface because one is facing in and the other is facing out. The original question has ACL 102 IN. If you apply ACL 115 IN it will over write ACL 102

is this lab subject to any changes during the exam? thank you very much.