Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
CCIE Self Study CCIE Security Exam Certification Guide - Cisco press.pdf
10.23 Mб

140 Chapter 3: Application Protocols


Scenario 3-1: Configuring DNS, TFTP, NTP, and SNMP

This scenario uses a configuration taken from a working Cisco IOS router and tests your skills with DNS, TFTP, NTP, and SNMP. Example 3-12 displays the configuration of a Cisco router named R1.

Example 3-12 R1 Running Configuration

version 12.1 hostname R1

clock timezone UTC 10


no ip domain-lookup

ip domain-name cisco.com ip host CCIE ip host Router3 ip host Router2 ip host Router1

ip name-server ip name-server interface Ethernet0/0

ip address


interface Serial0/0

ip address ntp broadcast


no ip http server

snmp-server community public RO snmp-server community publiC RW snmp-server host isdn line con 0


ntp authentication-key 1 md5 121A061E17 7 ntp authenticate

ntp trusted-key 1 ntp master 1

ntp peer key 1 end

Scenario 3-1: Configuring DNS, TFTP, NTP, and SNMP 141

1What happens when a network administrator types the host name Router1 at the router prompt? (Select the best two answers.)

a.DNS queries are disabled; nothing will be translated.

b.The name Router1 is mapped to the IP address

c.The administrator could also type CCIE to reach the same IP address (

d.Because DNS is disabled with the command no ip domain-lookup, the router assumes this is an invalid IOS command and returns the error “% Unknown command or computer name, or unable to find computer address.”

e.Local DNSs are case-sensitive so you can only type Router1 to map to

2The following commands are entered on the router named R1. What are the TFTP server address and TFTP filename stored on the router on board flash?

R1#copy tftp flash

Address or name of remote host []?

Source filename []? c2600-jo3s56i-mz.121-5.T10.bin

Destination filename [c2600-jo3s56i-mz.121-5.T10.bin]? c2600-c1

3R1 supplies an NTP clock source to a remote router. What is the NTP’s peer IP address, and what is the MD5 password used to ensure that NTP sessions are authenticated?

4What is the SNMP read-write access community string for the following configuration?

snmp-server community public RO snmp-server community publiC RW

142 Chapter 3: Application Protocols

Scenario Answers

Scenario 3-1 Solutions

1Answers: b and c. The host name Router1 (not case-sensitive) is mapped to with the command ip host Router1 Also, the IOS command CCIE is mapped to the same name with the IOS command ip host CCIE If you look at the IP address assigned to the Ethernet 0/0, it’s the local IP address. Therefore, if a user types Router1 or CCIE, they will be return to the same router. The following sample display demonstrates this fact:


Translating "router1"

Trying Router1 ( Open

User Access Verification



!quit commands exit Telnet session and you return

!to the first Telnet connection on R1


to router1 closed by foreign host]






Trying CCIE

( Open


User Access









Both the DNS names, CCIE and Router1, are translated to the same IP address,

2Answer: The TFTP server address is and the filename requested is c2600-jo3s56i-mz.121-5.T10.bin. However, the last command entered is the destination filename, which defines the names stored locally on the system flash. In this case, the network administrator types the filename c2600-c1.

3Answer: R1 is configured statically to peer to the remote NTP IP address, (ntp peer key 1). The MD5 password is configured but, unfortunately, the configuration will not display the MD5 passwords (encrypted), so it cannot be derived.

4Answer: The read-only (RO) community string is named public, and the read-write (RW) community string is set to publiC. Community strings are case-sensitive.

Exam Topics in this Chapter

58 IOS Specifics

Соседние файлы в предмете Сети и Телекоммуникации