Cisco CCT Routing and Switching Certification Practice Test Questions, Cisco CCT Routing and Switching Exam Dumps

Get 100% Latest CCT Routing and Switching Practice Tests Questions, Accurate & Verified Answers!
30 Days Free Updates, Instant Download!

Download Free CCT Routing and Switching Exam Questions in VCE Format

File Name Size Download Votes  
File Name
514.16 KB
File Name
27.74 KB

Cisco CCT Routing and Switching Certification Practice Test Questions, Cisco CCT Routing and Switching Exam Dumps

ExamSnap provides Cisco CCT Routing and Switching Certification Practice Test Questions and Answers, Video Training Course, Study Guide and 100% Latest Exam Dumps to help you Pass. The Cisco CCT Routing and Switching Certification Exam Dumps & Practice Test Questions in the VCE format are verified by IT Trainers who have more than 15 year experience in their field. Additional materials include study guide and video training course designed by the ExamSnap experts. So if you want trusted Cisco CCT Routing and Switching Exam Dumps & Practice Test Questions, then you have come to the right place Read More.


9. Dynamic Routing

In this section we are going to talk about dynamic routing, so let's start with the dynamic routing protocols. Static routing allows routing tables in specific routines to be set up by the network administrator. Dynamic routing uses routing protocols that dynamically discover network destinations and how to get them. Dynamic routing allows routing tables in routers to change if a router on the route goes down or if a network is added in dynamic routing. Routing protocols running in routers continuously exchange network status updates between each other as broadcast or multicast. with the help of routing update messages sent by the routing protocols. Routers can continuously update the routing table whenever a network topology change happens.

And let's go here to the two versus, static routing versus dynamic routing. Static routing is at a manually configured routing entry and must be manually updated if the topology changes. This is suitable for very small networks and requires less CPU usage, so it may be fine to use too, or from a subnetwork. Static routing can be used in a subnetwork and it is easy to implement. We're just writing one statement at the top that points to our destination and this subnet mask. Let's go ahead with the dynamic routing. Dynamic routing uses routing protocols that dynamically discover network destinations as you know and are automatically updated if topology changes. That's the biggest advantage. One of the biggest advantages when you compare it to tostatic routing is that it is suitable for large networks. Because of this, we have rapid convergence times for the dynamic routing and we may require more CPU. Let's go ahead with how dynamic protocols work. A router sends and receives routing messages on its interfaces first, then shares messages with other routers using the same protocol.

In the third step, they exchange information with each other. And lastly, if a router detects a topology change, it advertises this to other routers. Let's go ahead with the IGPs and the EGPS. Actually, guys, we have two types of dynamic routing protocols and they are IGPs and EGPS. IGPs are used to exchange rods in the same autonomous systems and support small-medium and large-scale organizations. But scalability is limited. For example, this is the number 100 as you see, and here is the inside of the number 100. So here, the protocols I'm using are the IGPs. All right, let's go ahead and IGPs can quickly converge the network, and the most commonly used IGPs are EIGRP, OSPF, and Rip, which is very limited, and ISPs are also ISIS. Let's go ahead with the EGP. EGPS are used to exchange routes between different autonomous systems, and BGP is the only GPU today. The main function of the BGP is to exchange a large number of routes between different autonomous systems. For example, here is as 200 and here is as 100. If you want to exchange routes between S 100 and S 200, we're using EGPS, and theBGP is the only EGP we are using today. Let's go ahead with the dynamic routing protocol classes. We have three classes of dynamic routing protocols and their distance vector linkstate and path vector. Every router only knows what its neighbour tells him. There is no network map on the rudders. For example, Rip and Eigerp are the distance ranger purple calls. Let's go in with the link statewide protocols. Routers running the link state routing protocols canextract the topology map of the entire network. That is, they have knowledge of all the ways between two points, so they collect all the subnets in a tree and make the best decision about which way to go. With the shortest path algorithm, they decide according to bandwidth delay and something like that. And the link state protocols are OSPF and ISIS.

Let's go ahead with the pet vector routing protocols. Similar to distance vectors, rod information is used to determine the best routes in pathfactor routing. Routers do not have a network map in pathfactor routing, and BGP is the only path vector writing protocol. Distance vector protocols require that I inform its neighbours of topology chains periodically. They are Rip and EIGRP. As I told you in our previous slide, link stateprotocols have the complete map of the network topology and they choose the best path relying on their topology table. We have no neighbour dependency here. And OSBF and Isas are the link state protocols. And let's go ahead with theclassful versus class list protocols. classful Protocols in classful protocols Subnet mask is not sent in routing updates and we can use class AB or croding. We can make class A.B or crowding by using the classful protocols and as they are classless, I'm sorry. as they are classful. We don't have Cr or VLSM support, and we only have reap version one and the iGRP. which is the old form. The EIGRPs are the cluster protocols. In classless protocols, the subnet mask is sent in writing updates, and we can make classless writing. So we have CDR and VLSM support and versions two of ERP, ISS and the Ospflus protocols. Here is a general routing protocol's comparison chart and here are the distance vector protocols RIP and EIGRP.

BJP is a path vector, but you may also see it as a distance vector in some places. The link step protocols are ISIS and OSPF. As you can see, the classless ones are version two, EIGRP, ISIS, OSPF, and the BGP. And if you want to check the wheels support, as I told you in our previous slide,we don't have wheels support for Rip. Version One allows us to use the Rip in small networks, EIGRP ISIS in large networks, and PGP in extremely large networks. Thehop is the metric count of the Rip, while EIGRP has the composite metric, Isas has the metric, Ospfs has the cost metric, and PGB has path attributes as the metric. And we are going to take a deeper look at all of these features in our later sections. And if you want to check the convergence time, rip can converge slow, EIGRP can converge very fast, isa sando SPF fast, and BGP is the slowest converging protocol. Let's go ahead with the distance vectordynamic routing and Rip and G. When routers use the distance vectorprotocol, they send updates to their neighbor, so they only know what their neighbour says, and they don't know the whole details. In this topology, Rip and EIGRP are the most commonly used distance vector protocols. As I told you on our previous slide, Rip is a distance vector protocol.

Routers that are using the Rip protocol create their routing table based on information exchange between routers and these routers send routing updates every 30 seconds to each other as broadcast for Rip version one and asmulticast for Rip version two. Rip uses the bellman for the algorithm guys, and the actual metric of Rip is the hop count. Rip can support a maximum hop count of 15 others. For example, as you can see on the screen, if you want to reach from the other one to 100 zero network, the best path will be the path above,because we use just one more hope to get the destination. But for the link below, as you can see here, it uses two more hops, which means two more routers to get the destination and which means the worst path for the rip. That's why we are using this path instead of this path if we are using Rip as a dynamic routing protocol. So let's go ahead with how we can establish a routing table in Rip. The first stage In the first stage, all routers are installed and directly connected networks to the routing table. As you can see, one instals 1041 and 1042 rather than This guy instals the 42 and three, and this guy instals the 43 and the 44. Then, in the next stage, rods are exchanged between neighbours and the rotting tables begin to grow. As you can see here, this guy knows these networks first, and Rodo Two knows about this and this guy knows about this one. Then they start to exchange rods with each other. For example, router two says to router one, "Hey Rodgerone, I have a network which is 1043 and is directly connected to me, which means zero hopcounts and one installed this to its routing table." As you can see, the network 10430 zero and the interface is the effect as you can see.And the hope count is one because, rather two, it says that hey, 1043 is directly connected to me. Rather, one gets this update and says that if this guy is directly connected to me, If this guy is directly connected to you, I'm sorry.

It means 10430 zero is one hop away from me. Which is actually you. Okay? Then, after all the rods are exchanged, as you can see, a full routing table is established. For example, Router Three announced this rod to Rodr Two and told him that this guy is directly connected to me. And instead of receiving it and saying hello Rod, Robert two installed this as the one hop away and advertised this route to Router One again. Two, if this route 44 is one hop away from you, that means it is two hops away from me and I installed it with a hop of two. And here is the configuration of the rep. That's pretty straightforward, guys. And let's go ahead. Router One, Router Two, and Router Three are all examples of this. We are preparing to rip. In this example, we are typing in the configuration mode rather than rip, as you can see here. And if we are going to use the rip version two, we are typing the version and the two versions two, then what you're going to see here is for Router One, we have two directly connected networks and we are writing these guys in a classful state. As you know, this is a B-class network, not an A-class network. So I'm typing the network statements as the class rule states. For example, network 100 zero for this network and I'mtyping 170 2160 for this network, or rather one.

And for two of the same logic, it's just connected to the ten networks, as you can see from this guy and this guy. So that's enough that I just type network 100 0 for this. And for the other three, I'm typing the 100zero and the C class of this network. Alright, that's pretty cool. And to verify the rip configuration, we can use the show IP protocols command and we can display the routing protocol we are using, which is ripping here. And we can also see the update timers, the invalid, the flush, and the hold on timers as well. And to verify the grip configuration, we can also use the Show IP routes command. And in the routing table, as you can see, we have some entries with the R keyword, which means the rip. Okay, And if we were to check the router to the IP routing table by using the Show IP route command, We can see the R keywords in this as well. Which is rep, and to be honest, learning this network and this network from these guys. As you can see, I'm learning the network via 10420, which is here, and I'm learning the other network via 10430, which is here. Let's go in with the rip ng rip ng rip nextgeneration is an extension of Rip for supporting IP version six. The maximum hope count we can use in Rip Ng is 15. So let's go ahead and see how we can configure the Rip Ng in here. The first step in configuring the Rip Ng is to enable IP version six routing on our routers by typingIP version six unicast routing for each router. Then we get into the interface modes. Here is the difference between the Rip configuration in Ripeng.

We are configuring the IP version six statements under the interface models while using Rip next generation for IP versionsix. So we are getting into the interface mode by typing for another one. For example, interface zero and the command becameis a fairly simple IP version six rip akeyword that we can use at our discretion. This is my rip for this and we are typing together. Okay, that's pretty straightforward and the same for the other interfaces as well. And to verify the Rip Ng configuration again, we can use the Show IP version six protocols this time and we can see that the IP version six routing protocol and the routing protocol name, as you can see here, which we configured as Myrip for the previous example, And we can also use the Show IP version six rodcommand and we can display our full routing table and we can see the rods learned by Rip again here. Let's go ahead with the links to protocol. Routers that use link state routing protocols have a complete map of the network topology and use the topology table to select the best path. in links to routing. We don't have any dependency on our neighbors; we don't care about what they tell us as the distance vectors. OSPF and ISIS are the most commonly used link state algorithms. Let's go ahead with the Dixra algorithm. For link-state routing, we use algorithms, the most popular of which is the Dijkstra. Dijkstra is an algorithm for finding the shortest paths between nodes in a graph,which may represent, for example, raw networks. OSPF and ISIS use this shortest path algorithm to determine the best path. In this algorithm, we have cost values for each path representing the bandwidth of the path. Lower costs mean higher speed. Guys, there's a reverse logic here.

For example, best pet from A to E through A to C to D and D to E. We have a total cost of ten here, one plus six plus two. OK, we can also go from the paths A to B and D to E as well. Or I'm sorry, I'm sorry, this is actually not ten, this is nine. Okay, one plus six plus two is nine. And if you take this route, our total cost is ten. And remember that if we were to use Rib in here, the metric would be the hop counts, and this pad, this time would be preferred because we are using just one more hop to get the E while we are using two hops in here. Let's go ahead with the link state routing operation. We have four steps of the link state routing operation, and in the first step, brothers discover their directly connected neighbours and send the hello packets. In the second, the brothers created a link state packet LSP that contains the link state of all directly connected links. In the third, LSPs are fluent in all their neighbours and stored in a database. In the fourth database, it is used to construct a full map of the topology. Let's go ahead. As I told you in the first step, I discovered there are directly connected neighbours and send hello packets and receive a hello reply back from each neighbor. As you can see, the first step of the linkstate routing operation is sending and receiving the hellos. And here, router One is sending the Hellos from each interface and receiving the hello packets from router Two and router Three. Secondly, routers build the link state packet, which is LSP and which has the link state of directly connected links. For example, in router one LSP we have the information containing the Internet network which is 1041 280 and with a cost value of five, as you can see here.

And we also have this serial point-to-point link between router one and router two, which is 1041, and zero network, which is a cost of ten. And we also have the serial point to pointlink between router one and router three, which is1041 27, that's zero with the cost of 15. In the third step, LSPs are fluent in all our neighbors' languages and stored in a database. And finally, each router establishes an alink state database and calculates the best path for destination networks. The best path results are added to our routing table. Let's go ahead with the routing table. What is a routing table? The route table stores information about IP networks and how they can be reached either directly or indirectly. As you can see in IPV for routine routing table entries, we have some fields in the first field, which identifies how the router learned the network. For example, if it is learned with EIGRP,if it's learned with Rip, if it's learned with a static route or something like that. The second field identifies the destination network, and the third field identifies the administrative distance of the protocol that we're using. And here this field identifies the method to reach the remote network, and this field here identifies the next hop. This field here identifies the amount oflapse time since the network was discovered, and the last field identifies the outgoing interface on the router to reach the destination network. In summary, to reach the ten one ten network. I'm using Aigrp within an administrative distance of 90 and this is my metric. And I'm reaching out to this network via this IP address.

And this is the outgoing interface of the router to reach the destination. And this is the last time since the network was discovered. Let's go ahead with the routing table term Cisco's IP routing table is not a flat database, guys. The routing table is actually a hierarchical structure that is used to speed up the lookupprocess when locating rods and forwarding packets. Within this structure, the hierarchy includes several levels. Routes are discussed in terms of UltimateRoute, level one routes, level one parent routes, and level two child routes. An Ultimate Route is a routing table entry that contains either a desktop IPversion address or an exit interface. Directly connected, dynamically learned, and local routes are the ultimate rods, as you can see here. To identify an Ultimate Rod, we should see an interface or exit point, however you define it, and that's the thing we should see in Ultimate Routes. A level one route is a route with a subnet mask equal to or less than the class full mask of the network address. A level one parent route is a level one network route that is subnetted. A parent route can never be an ultimate route,and a level two child route is a route that is a subnet of a classical network address.

10. Access Control Lists

In the section we are going to talk about the access control lists. Let's go ahead with the ACL overview. ACL's access lists are a set of commands that are grouped together to filter the packets that enter or list to an interface. They control the flow of traffic within the network and provide security for the network. Access lists are implemented sequentially as a permit ordenise statement through inbound or outbound interfaces and are used for different purposes, such as, for example,maybe route map or something like that. There are two types of access lists; they are standard or extended, and they can be used with numbers or named format.Please pay attention that each ACL must have a permit statement because there is an implicit deny rule at the bottom of each ACL. That's the key point. Here you see an example for thenumbered access lists, which permit some networks. Here's our configuration access list and the number then permit or deny statement. And we are using a network, and we are using an afield named Wildcard, which we are going to explore later.

All access lists must be identified by a name or number, as I told you in the first slide. And named access lists are more convenient than numbered access lists because you can specify a meaningful name that is easy to remember and associate with a task. You can reorder statements in or addstatements to a named access list. And named access lists support the following features that are not supported by numberedaccesses, such as IP option filtering, noncontigiousports, or TCP flag filtering. All right, here is how we can configure a named access list. To configure a name access list, we are typing the IPAccess list command and we are choosing if we are going to use an extended or standard access list most of the time. In this example, we are using standard and IP access lists and standard configuration, and we are writing the name of our access list here. And as you can see here under the Accesslist mode, we are denying our permit to sign statements.

Okay, let's go ahead with the wildcard mask term. A wildcard mask is a mask of bits that indicates which parts of an IP address are available for examination and determines what IP addresses should be permitted or denied in access control lists. A wildcard mask has the reverse logic of a subnet mask. A zero in the Wildcard mask means to focus on that bit, while a one means to ignore the related meaning. If you see a zero on the subnet mask, I'm sorry, the white car mask, that means we need to take care of it, we need to focus on the related bit, but if we are seeing one, that means we need to ignore that bit. Okay, I'm going to show you an example as well. We see an AccessList statement in this access list, and this access list says that access list, the number accesses one permit 172, that 160 with a wild card mask of 255.255. So what that means is that here is the networkID and here is the sub answer. Here is the wildcard mask. What I told you is that if we are using azero, that means we need to focus on the related bits. All right, as you can see here, I have a zero and I need to focus on 172. Here we have another zero and we need to focus on 16. On the left two bits, we have just once for 255, as you can see in the binary version. And that means we need to ignore that bit. So this wildcard mask means focus on everything starting with the 172, that's 16. And so that means we are permitting everything, starting with the 170 and 216. For example, 170, 216, one,five, maybe, whatever you want. Let's go ahead with the wildcard mask example. We have another configuration access list, 50/minute, this time 192, 168, 80 with a wildcard mask of 255, which means 80.

And here is the wildcard mask, which means we need to focus on the first three portions and we don't care about the last portion because we have continuous ones in here. That means this Access List permits everything starting with the 192 and 168. That's eight, for example. Oh, that's wrong. That's wrong. That would be something like that. And we can give an example like five 6254, and that's an arbitrary number. Okay, let's go ahead with the standard IPV four access lists. Standard Access Lists filter packets based on source address and must be implemented on the router closest to the destination address for efficiency numbers ranging from 199 to 1301 999. These ranges are used for standard accessconfiguration and these access lists are applied to interfaces by the IPA access Group command. As you can see here, there is a standard access list configuration. We are getting into the configuration mode first. Then we enter Access List, the number of AccessList, permit or deny, and the associated network. Then we are getting into the interface mode and we are implementing this access list to our related interface, which means, for example, we have a router here, we have FaceTime zero and we are implementing this IP Access Group to inbound.

This would be 50 to inbound, which means we are implementing this access list in this direction. And let's go ahead. In this example, we have another standardAccess List access list, for in the first statement, we are denying the 200. That means everything beginning with this: 1041, 20 and something like that. In the second statement, we are permitting the host 10, 41, and 25 in here. Okay, access list rules are implemented. It's implemented sequentially. As I told you in the first statement, we are also denying this IP address, as you can see. So the traffic will be blocked even if we type this IP address with a permit statement in here. As you can see, here there's a conflict between two rules in this example. Let's take a look at another configuration example on a topology. Now, on router one, we are defining an access list, standardaccess list, and we are denying the host two of five. Okay? This guy will be denied because we are permitting any other traffic. Okay? Then we are getting into the interface mode, which is here, and we are implementing theAccess list to inbound, which means in this direction. So PC Two will be denied. For example,if it wants to communicate with the PC one to edit the standard access list configuration. For example, as you know, access list one denies the host two six for this example, which is here, I think access list one is permittingany other thing.

So if you want to edit this configuration, you are typing the Show Access List command and you see the sequence number here. As you can see, sequence number ten is denying this host and sequence number 20 is permitting anything else. So if you want to edit it, just type IP Access List standard one.Then note ten, which means we are deleting this rule and we are typingagain ten denyhost 1041, two or five maybe. All right, this is how we edit this. We can use the Show Access Listcommand to verify the standard access configuration, as well as the Show IPinterface and the related interface command to see if there is an inbound or outbound access list applied to that interface. Let's go ahead with the extended IPV four access lists. Extended Access List filters packets based on their source, destination, protocol, and port numbers. It's good that extended ACLs are implemented on the router which is closest to the source address for efficiency. And here is the range that we can use for the Extended Access List. Extended Access Lists are applied to interfaces by IPAccess group name, number of in and out statements, as well as in the standard Access List. And here is the configuration example access list for this time100, which is in this range, as you can see,is denying the TCP traffic which is coming from this source and going to this destination for the port equivalent of two NF three, which is the telnet part. For example, I can also write this statement in here accesses 190CP, which is equivalent to saying I can write the protocols as well directly, for example, tenlet for this example,then the same thing as the standard accesses. I'm getting into the interface mode and I'm typing the IP Access group number of the ICL and inbound or outbound as the direction, and here is the syntax.

As we can see, accesslist and access number permit or deny the protocol name, source address, and wildcard of the source. Then the port operator and source port, the I'm sorry, destination and destinationwildcard port operator, and the destination port. Again, you get it better with this example here. As you can see here, we have an access list configuration, which is an extended one. This wildcat is allowing TCP traffic from this network, which means that everything starts with these three sections. And we are permitting this traffic while it's going through this host directly. I can also use ten 1124 with a wildcat mask of zero instead of here. But I can also use, for simplicity, host host keyboard and the host IP address with the equivalent of the www port. Okay? That means actually permuticp traffic from this guy from this network to ports ad, which is the HTTP port on the host 1001, one, and 204. Okay, let's go ahead with the second. IP access is granted 100 times. This guy is permitting the traffic from this network while it's going through this network.

Okay, permit the traffic from this network 24 to that network 24. Okay, let's go ahead with this third denial TCPs, okay, from the host this time. Again, as you can see here, I'm using the 192, 168 dot one dot one with a zero zero zerowildcard mask, which means actually, this IP address, I'm focusing all of these bits, and the destination will be ten one 1254, which is equivalent to the 23 port, which is a telnet port. Okay, I'm denying the telnet traffic sourced by this destination is here. Okay, let's go with the fourth one. In the fourth step, we are using anotherdeny statement from this host to this host. There's a missing statement here. Maybe in here there's a zero zero as well, the equivalent of the ad, which means HTTP port. In the final statement, we use an access list 100, permit IP any, and this anykeyword means that if you want to match all sources or all destinations, replace the entire source or destination elements of the command with keywords any. Let's go ahead with another configuration example. Create an access list that will permit this subnet for TCP sessions. Okay, create an access list that will deny telnet sessions to this host. For this host, create an access list that will permit any IP traffic. Okay, accessing this one will permit two TCP sessions from this network from this subnet to any destination. Okay, as you can see here, the wildcardmask is 15, this time for slash 28.

Okay? Slash 28 means 25525, 5255, and 240. To convert this guy to a wildcard mask,we can use zero, zero, and 55. Okay? So if we add all these guys to each other, The end result will be 255-25-5255 and 255 Okay, In the second, we are writing a deny statementaccesses 101 deny TCP from any source to the destination host this guy with an equivalent port of 23, which means telnet, and in the third statement, we are creating an accessor that will permit any IPtraffic, which is access this 101 permit IP any. Here is another configuration example for you, okay? It's saying as a block, just tell me the traffic coming from PC one and going to PC two. Okay, This guy will be our source and here will be our destination on the other one. I'm writing an extensiveAccess List access 101 deny TCP host from PC one to PC two with the equivalent of telnet and, as I told you in our first slide, we should have at least one permit statement for each access list and I'm writing the Access List 100 permit IP address which ispermitting any other traffic from different than this guy. We are also implementing these IP addresses. I'm sorry. This access list is for the fast return zero one's inbound direction.

To verify the extended access configuration, we can use the Show Access List command, as you can see, to display them, and we can also use the Showip interface to display the related interface name as well. Let's go ahead with the IP version six ACLs. We can only use named ACLs for IP version six networks, and the logic is similar to the IP version four extended ACL, except that there is no wildcard mask and we are using the IP version six traffic filter command to apply the Access List to the related interface. Here is the configuration example, and we are typing for IP version six Access List for this time and the name of the Access List. We have just named ACL for IP version six. We are denying one host with an IP address of this and another with an IP address of this. This will be our source with the destination of this IP address. We are permitting any other traffic. To implement this ACL to our interface, we are using the IP version six traffic filter command instead of using the IPAccess Group command in IPV four eight.

11. Lab : Access Control Lists Configuration

In this practical lab, we'll take a look at the access disc configuration. We have two routers, two series, and two PCs in our lab. In the first step, the lab is saying to configure PCOne and PCTwo with the proper default gateways. Okay? And for the second step, we need to configure an extended access list and provide that PC One can't reach the FTP telnet and HTTP ports of PC Two. And we should also allow for any other Terrific. All right, let's go. So what I need to do first is to configure PC One and PC Two with the proper default gateways. As you can see, in the figure, PC One's default gateway is here. So I should use this IP address for the PC One gateway. And I should use Two One as the default guide for the PC Two. Let's go to the packet tracer. You go, packet tracer. I need to close this so you can focus better. Okay, I'm going to the first PC and check the IP configuration. And my default gateway will be One. That one. And I'm going to the second desktop, IPCONFIG 21026. No. Two one. All right, I accomplished my first step, and let's take a look at the second step.

Now in the second step, I need to configure an extended access list and ensure that PC One can reach the FTP telnet and HTTP ports of PC Two. So PC One is my source, and PC Two is my destination. As you can remember from our sessions, extended Access lists are written to the closest router to our source. So I'm going to use I'm gonna configure an ACL on router One, which blocks the traffic for FTP telnet and HTTP protocols coming from PC One and Destin Two. PC Two. Alright, let's go. I'm going into the other one. Enable the first right configuration and let's configure our access list. access list. I'm going to use a question mark, as you can see that we have a different range that we can use for Standard or Extended Access List. Because if I'm going to use Extended AccessList, I'll use this range and this number. All right, what I'm going to do is I'm going to deny some traffic, right? My protocols are working on TCP, so I'm going to deny the TCP traffic. Another question mark. So the first thing is that I need to write my host address for the source address. Okay, I'm defining my source address. I can use the IP address of my PC with a white card of zero zero.But instead of this, I can just use the host command, which is easier. Okay, TCP host, what is the IP address of my source? Okay, and another question mark. I need to define my destination address as my destination. The IP address is a single host, 10 41 26. Host 10: 41: 26. Pretty cool. And I'm going to match a given port number using the EQ equivalent commandEQ and I have another question mark. I can define the port numbers by using these numbers, or I can use the names of the protocols as well.

For simplicity, I'm going to use the port answer protocol names. I'm going to deny FTP, I'm going to deny telnet, and I'm going to deny http, which means www. Okay, pretty cool. The next step is that I need to permit any other traffic, okay? Because I need to include at least one permit statement in my ACL. Please remember that, okay, access list 100permit IP, any permit, any IP traffic. Okay, I'm permitting anything other than what I denied above. Okay, that's cool, but the mission is not accomplished. I created my access list correctly, but I needed to implement my access list to the related interface from inbound or outbound. I'm denying the traffic of PCone, so I can implement my ACL to this interface inbound while packets coming from this PC to this interface fast determine zero one.I will block this traffic. Okay, now I need to go to the fastest10 one, fastzero one interface, fastzero one. I'm using IP access group with the number of my ACL and in or out. In this scenario, I'm going to use an inbound. Okay, pretty cool. I can verify my configuration using the Shock access list command and I can take a brief look at what I'm doing and what I'm permitting for and that's it. Okay, we have completed our configuration lab and everything was fine. Thanks for reading. See you in the next session, guys.

Study with ExamSnap to prepare for Cisco CCT Routing and Switching Practice Test Questions and Answers, Study Guide, and a comprehensive Video Training Course. Powered by the popular VCE format, Cisco CCT Routing and Switching Certification Exam Dumps compiled by the industry experts to make sure that you get verified answers. Our Product team ensures that our exams provide Cisco CCT Routing and Switching Practice Test Questions & Exam Dumps that are up-to-date.

Comments (0)

Add Comment

Please post your comments about CCT Routing and Switching Exams. Don't share your email address
Asking for CCT Routing and Switching braindumps or CCT Routing and Switching exam pdf files.

Add Comment




ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.