CCNA Access List Sim 2

@ raj and harry

SIMS are the same acl,vtp and eigrp..

for me all 3 sim came within first 20 qns…

In ACL SIM only Finance and web server ..no DNS server was present…

Host D should get access to Finance server thru web server..

All other hosts and Core n/w shouldnt get any access to Finance server by any means(Ip)

permit all other traffic ..

In eigrp sim ..there was a passive interface command on Serial interface to create confusion..

all other things are the same..

lot of qns from VLAN and vtp…also from frame relay…

*** previous comment*** ->Host D should get access to Finance server through http ..

I think the second command should be
access-list 100 deny ip any host destination
because they not said through web server or www or http it means the other traffic to the finance web server not http
any one correct me if i’m wrong
my exam is tomorrow
hope not found new questions from frame relay ,I don’t like it

Praise be to Jehovah. i nailled it got 973. vtp, eigrp and acl 2 all valid. thax to 9tut you are such a wonderfull site. also Shekar is the best dump you wont go wrong with that dump. for concerpt grasping Todd Lammle 6th edition is good. No need to fear you can pass guys.

Surprisingly not even a single subnetting question.

@ 9tut do you have a site for CCNP????????????

Thax to everyone for the contributions.

Extended IP access list 101
permit tcp host 192.168.33.3 host 172.22.242.23 eq www (59 match(es))
deny tcp any any eq www
permit ip any any

how about this

hai…

Any one can clarify the use of inbond and outbond.. Where I can use inbond nd where outbond.???? expecting quick reply….

can someone send me latest dump please….? and thanks in advance.
email: evemark198@gmail.com

@Afsal

we are need to deny out traffic from access The Finance Web Server

so just look the int f0/1 this is our Finance Web Server

# show run
—-

The user on host C should be able to use a web browser to access financial

its mean traffic coming from outside …. u can see the pic

if u read the question u can understand we need to use extendet acl cuz u need port and destination ip . so its mean put the access list near the destination

example :
if u need allow host C
u should be put ACL outbound in the router ..why ? and which interfaces use?

remember : we cant use f0/0 192.168.33.245 its for sw2 : )
if u put ACL on f0/0 ..its wrong hosts A+B+C+D cant access CORE INTERNET

u need to use
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

cuz our Finance Web Server work on this int f0/1 switch 2 .okay : )

now we need to decide inbound or outbound

host C … coming from outside ..right?
that is mean when any packet coming from outside the ACL start filtering

so:
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

You can also download this sim to practice

NOTE: in real exam don’t forget to test ur ACL its work or not before going to the next question

and
#copy run start

cuz our Finance Web Server work on this int f0/1 switch 1 .okay : )

Just did my exam go 801/1000 :(
pass mark is 825 which basically means i was 1 question off.

- Sims were ACL2, EIGRP & VTP
ACL: pretty much the same as this sim but ips were different
EIGRP:my question was the group i need to make was”221″ also ips are different. and it had a passive interface on s0/1 which was the isp. my neighbours went up as soon as i configured and i could ping between routers so i left it.
VTP: Same pool of questions worded slightly different

Know your multiple choice is all i can say.

I used 9tuts sims and shekars brain dumps. (most questions are the same or similar)

Gonna try again on the 28th Dec. apparently cisco is gonna update the exam on Jan 12th 2013 according to pearson vue

Just given the exam
Sims were ACL2,EIGRP & VTP thanks for 9tut …senario in simmulations are same only address scheme were different..
PrepKing 680 is 100% valid

Sorry man better luck next time

I passed my exam on Dec, 22th!!! got 3 simlations ACL sim2, vtp and eigrp. I used sekhar, my guide from my ccna course with a lot of my notes plus 9tut. This sites is awesome but you really need to understand the concept so if any questions is change( i saw acouple questions from this site with different answer meaning the same) you can still answer. Ccna is a tricky exam ao good luck to all and see you in ccnp studiens next year

9tut ,i plan to take my exam second week of January what is this that i hear that cisco is going to revise the exams what does that mean?does the sillabus change or what ?

Dear 9tut, only this config work to me here, fyi

Extended IP access list 100
permit tcp host 192.168.33.3 host 172.22.242.23 eq www (10 match(es))
deny tcp 192.168.33.0 0.0.0.255 host 172.22.242.23 eq www (35 match(es))
permit ip any any

because if put deny tcp any host 172.22.242.23 eq www and aply out for fa0/1 then will deny the network 172.22.242.0 ..

please help

sorry guys, PT is so bad, now everthing is working fine.

thanks

i have passed ccna exam today with 960/1000,,,sim were eigrp,vtp and acls,,,but in acl there was some modification,and it is asked as only host B is used instead host C

Host C should be able to use a web browser to access the financial web server access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Other types of access from host C to the finance web server should be blocked access-list 100 deny ip host 192.168.33.3 host 172.22.242.23
All hosts in the core and on the local LAN should be able to access the Public web server * access-list 100 permit ip any host
(The IP of Public Web Server will surely be given in this question) but in the exam you should use “access-list 100 permit ip any any”

By the grace of GOD I have passed today with 907 / 1000 studied hard 4 3 months and plenty of thanks to 9tut, shekhar and brar for help.
*****Shekhar ******

labs were vtp, eigrp and acl2

eigrp lab was with passive-interface on the router but i was not able to make it no passive-interface.

Plss
Can some one send me Prepking 680Q? to arulsr2@gmail.com

hi
AK Imran
how many question in ur exam in 9tut

Please Post the link for Prepking 680 and brar ??

Thanks 9tut

I got It…………986/1000

@ arul

around 25 questions from 9tut
all 50 questions from shekhar

http://www.examcollection.com/640-802.html

Taking it in 24 Hours. Last minute cram begins!

Sekhar ? It is Brar same questions ?

I think that this comment from Ebby on 14 Dec looks like the scenario I had (although I definately had host D, not B):
———-
A corporation wants to add security to its network. The requirements are:
- Host B should be able to use a web browser (HTTP) to access the Finance Web Server.
- Other types of access from Host B to the Finance Web Server should be blocked.
- All access from hosts in the Core or local LAN to the finance Web Server should be blocked.
- All host in the Core and on local LAN should be able to access the Public Web Server.
———-

The ACL had to be 3 lines maximum
The DNS server was not in the sim.
I’m sure the IP addresses for Finance and Public were .17 and .18

Does anyone know if this sim varies slightly in the exam?

Hi guys,
can anyone pls explain how they got the ip address and mask 172.22.242.16 0.0.0.15 in the command below pls?

deny host B from accessing the OTHER server (not the whole network)
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

congrats in advance JG Miller.Kindly post your experience after the exam.taking it in a week’s time

Further to my comment yesterday, this is how I have it configured using the Packet Tracer lab:

Router(config)#access-list 100 permit tcp host 192.168.33.4 host 172.22.242.18 eq 80
Router(config)#access-list 100 deny ip any host 172.22.242.18
Router(config)#access-list 100 permit ip any any
Router(config)#int fa0/1
Router(config-if)#ip access-group 100 out

Then I’ve tested it works ok, by trying to access Finance from C and D, and Public from C and D. And pinged both servers from C and D. Everything works or gets blocked correctly as per the requirements:

Router#sh access-lists 100
Extended IP access list 100
permit tcp host 192.168.33.4 host 172.22.242.18 eq www (6 match(es))
deny ip any host 172.22.242.18 (6 match(es))
permit ip any any (14 match(es))

Can anyone confirm if this sim may vary slightly in the actual exam?

hi everyone i have big doubt ,,,in this above topology how can a DNS server and webserver assigned a private addresses ?

hi everyone i have big doubt ,,,in this above topology how can a DNS server and web server assigned a private addresses ? i.e .finance webserver is assigned 172.22.242.23 and public web server 172.22.242.17,,,,,these are private addresses rite?

would appreciate if someone explains me

Thanks

@newbie, i guess it should be 255.255.255.255
-255.255.255.240
______________
0 . 0 . 0 . 15

Dear @ Shankarsg: You are right, (172.22.242.17, 23) these are Private addresses and not Public…

Below is the valid Private Usable Range:
Class A: 10.0.0.0 – 10.255.255.255
Class B: 172.16.0.0 – 172.31.255.255
Class C: 192.168.0.0 – 192.168.255.255

Guys, please feel free to correct me if found wrong..

Friends, Today 9.30AM IST going to take CCNA exam…
Best of Luck for ALL…

Best Regards,
Aniket Belsare.
India, Karnataka, Bangalore.

Dear @ Shankarsg:

In Practice any Web Server has PRIVATE address configured & by using NAT these PRIVATE addresses get translated to PUBLIC addresses to get accessed via INTERNET.

Friends, please feel free to correct me if found wrong..

Best Regards,
Aniket Belsare.
India, Karnataka, Bangalore.

Dear Friends,

My exam got postponed due to some technical errors at exam center, lets hope I could get next slot soon…

Best of Luck for All..

Thanks & Regards,
Aniket Belsare,
India, Karnataka, Bangalore

I took this exam but its asking for wild card mask? would 0.0.0.255 work? or does it have to be the inverse of each PC or servers mask?

Nice little LAB very helpful for basic understanding keep. Happy Studying everyone !

Tnx 9tut i passed the CCNA exam today 894 out 1000.. Sim (EIGRP, ACL2 and VTP) is valid

ACL question:

A corporation wants to add security to its network. The requirements are:
- Host C should be able to use a web browser (HTTP) to access the Finance Web Server.
- Other types of access from Host C to the Finance Web Server should be blocked.
- All access from hosts in the Core or local LAN to the finance Web Server should be blocked.
- All host in the Core and on local LAN should be able to access the Public Web Server.

the ip address for Finance web Server .17
the ip address for Public web server .18

ACL2 came question no. 9
EIGRP qustion 11 as for me

By the way i used Pass4sure reviewer 100% questions came out in the exam and of course 9tut for SIm ACL2 EIGRP and VTP explanation…

gazebo what did you have to do for the vtp eigrp and ACL,

hii, can anyone say that can we use the ? and tab in the real exam to fill commands??

do you have the file for the pass4sure questions

@ Jack

i just bought the legit reviewer the Pass4Sure one …by the way
just try to search previous page here regarding the Prepking its almost the same as Pass4Sure..and of course the Sim of 9tut is Valid as of today of my exam slightly change of an IP.

Cheers

vtp eigrp and ACL
Be carefull: “show mac address-table “with one “-”, not “show mac-address-table” with two “-”.
I scored 881 to pass

i am afraid of taking the exam just got scared after comments from people
,any advice pliz

@ Anonymous

Why afraid? if you think you capable and well prepared enough to take the exam,..have courage don’t let those negative comment affect your emotion instead let it be a challenge to you to get pass in CCNA ..

the exam is easy and bet there are little tricky questions especially to ACL2 but no worry just study the concept here in 9tut everything is here…(:

@9tut

Do you have a similar forum like this One for ccnp? If so can i have the site please. Thank you in advance.

@zie: Yes, we can sites like this for CCNP. Please check under “Network Resources” menu and you will find them.

9TUT is Cisco changing the exam soon.I have heard a few rumours about this.