Free Download CCNA Access List Sim 2 | Latest Cisco CCNA Certification Dumps

CCNA Access List Sim 2

By PassGuide CCNA Training Materials and Practice Tests | March 15, 2010

CCNA Access List Sim 2(Recent reports have said they saw this sim in the exam. It is a very old sim but maybe Cisco has just included it to their exam.)

passguide sitemap
Question

A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed.

The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.

All passwords have been temporarily set to “cisco”.
The Core connection uses an IP address of 198.18.196.65
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254
Host A 192.168.33.1
Host B 192.168.33.2
Host C 192.168.33.3
Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30
The Finance Web Server is assigned an IP address of 172.22.242.23.

Answer and Explanation

Corp1>enable (you may enter “cisco” as it passwords here)

We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the “show running-config” command to check which interface has the IP address of 172.22.242.30.

Corp1#show running-config

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction).

Corp1#configure terminal

Our access-list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80)

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via web

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permitted

Corp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from the Core network.

Click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it.

Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Server from these hosts.

Finally, save the configuration

Corp1(config-if)#end
Corp1#copy running-config startup-config

(This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic – like FTP, SMTP… then other hosts can access it, too.)

I created this sim in Packet Tracer v5.2.1 so you can practice with it. You will need new version of Packet Tracer to open it (v5.1+).

Download this sim here

Notice: After typing the commands above, if you make a “ping” from other hosts (PC0, PC1, PC3) then PC4 (Finance Web Server) can still reply because we just filter HTTP traffic, not ICMP traffic. To generate HTTP traffic, select “Web Browser” in the “Desktop” tab of these PCs. When a web browser opens, type the IP address of Finance Web Server and you can see how traffic flows in Simulation Mode.

And notice that in the initial configuration of this sim the Core network can ping Finance Web Server. We have to create an access-list that can filter this traffic too.

Other lab-sims on this site:

CCNA NAT SIM Question 1

CCNA NAT SIM Question 2

CCNA Frame Relay Sim

CCNA Configuration SIM Question (RIPv2 SIM)

CCNA VTP SIM

CCNA EIGRP LAB

CCNA Drag and Drop SIM

CCNA Implementation SIM

Comments
Usman 03-03-2010
Financial Server Address shut be .23?
Usman 03-03-2010
shud*
olly 03-03-2010
To deny any other host, can’t we just use this statement instead?

access-list 100 deny tcp any host 172.22.242.23 eq 80
gym-zone 03-03-2010
is it ok if i just configure the access-group as

Corp1(config)#interface fa0/1
Corp1(config)#ip access-group 100 in..

is still be consider?because i taught that it should be configure first
in the first attemp of the packet..like other examples
hussein 03-03-2010
yes olly u r right coz when i read this solution i noticed that the current configuration will not deny hosts from corporate network to access the finance server using port 80
venky 03-03-2010
HI,
In that question the traffic frm core should be deny to finance webserver,but where is d access-list for that?

pls someone clear this..
9tut 03-03-2010
Yes, the router should deny traffic from Core network too. I updated the question. Thanks for your detection.
9tut 03-03-2010
@gym-zone: No need to apply the access list first.
CUDOS 03-03-2010
Hi master 9tut can you plss send me a packet tracer file of that new question from CCNA Access List Sim 2 so that i can practice to configure….

cudos_03@yahoo.com

Like NAT RIPV2 etc

thanks a lot and more power!!!
cj2a 03-03-2010
just took the ccna and got a 732. Man what a bad day. I took a bootcamp and was given a pass4sure that is supposed to be good until the end of march. But there were a lot of questions on the exam I just took that were no part of the test. 9 tut where can I get a copy of the lastest pass4sure test or is there another one that you would recommend??

Sincerely,

Wanting to do better and get even with Cisco.
Sarah 03-03-2010
Just talked to Test-inside and they confirmed that they are updating their dumps in two days!!!!!
Danny 03-03-2010
CJ2A,

There was an update from Pass4sure with 60 questions, did you not have those 60? I purchased P4S CCNA about a week or two ago and it came with the 60 updated questions. Also if you got pass4sure, maybe the person you got it from left out some areas?

I’m planning on taking my CCNA no later than the end of March, just doing dumps and sims for now. Read Network +, CCNA, and CCNA fastpass…
mahmoud 03-03-2010
i want 60 q update from pass4sure
khaled 03-03-2010
to sarah
it’s corect after 2 days
so evryone wait until the update done
rice 03-03-2010
Why is “ip access-group 100 out” instead of “ip access-group 100 in”
you are applying this to allow and or not allow the hosts to get to the web servers on that interface, right? i thought i understood ACL enough to pass the exam, now im lost….
rice 03-03-2010
Nevermind… solved my own question after thikning about it. Packets are comming IN from fa0/0 and going OUT fa0/1 to the servers…
FAILED 03-03-2010
Hello all master!!! any update?
moha33 03-03-2010
hi eveyone iam planning to take ccna exam on 8th of March did cisco change the exam or not coz this question was not in the exame

i need you advice

thank you all
gym-zone 03-03-2010
hi rice that thing also makes me confuse..as you can see my comment above.
but i think it is still the same concept but the in my own understanding with
that, the packet can reach in to interface fa0/1 but denied when it goes out.

can somebody explain this to us…thanks
gym-zone 03-03-2010
ok im so sorry, i did not read it carefully the scenario..your right rice why no
“access-group in” in fa0/0….
gym-zone 03-03-2010
do the ccna exam can be taken any day?or there should be an schedule date and month?thanks
gym-zone 03-03-2010
Is this correct?it seems that 192.168.1.1 can still connect telnet. pls help..thanks

R2 = 10.195.1.1

R2(config)#access-list 100 deny tcp host 192.168.1.1 host 10.195.1.1 eq 23
R2(config)#access-list 100 permit ip any any

R2(config-line)#access-class 100 in
dano 03-04-2010
hello for 9tut ,plz i wanna ask u a question if i make a mistake when m configuring an access list during real ccna exam..
can i say (no access-list 101) as example and then configure it again ??????????
9tut 03-04-2010
It depends on the lab sim, some reports said that they can’t use the “no” keyword to disable the command but I guess in most case you can re-configure.
blurred-eye 03-04-2010
for 9tut, y access-group out in fa0/1 and not access-group in in fa0/0?
sashidhar 03-04-2010
pls send me the path to the new 60 questions dump to sashidhar06@gmail.com
sashidhar 03-04-2010
DANNY can u pls send the updated p4s with 60 questions to sashidhar06@gmail.com pls
venky 03-04-2010
pls provide this lab in packet tracer n give that link..

plzzzzzzzzzzzzz,thanq.
Apoorv rai 03-04-2010
I got this sim in exam today

Passed iwth 949/1000

@9tut- One new question on IDS,antivirus,spyware and firewall(drag n drop)

God bless u 9tut mate!

looking forward for CCNP now thanx!
needccna 03-04-2010
The access-list should be placed as close to the source as possible.

We need to apply it inbound!!!!

Extended access-list are placed close to the source so that they
are not routed to the destination and then blocked. Its placed as
close to the source so it can be denied before being allowed to be sent!!!
needccna 03-04-2010
the access-list should be placed in fastethernet 0/0 inbound direction……………..

Can you please tell me why it is placed close to the destination???
needccna 03-04-2010
I have read the question now and see that the core should be also denied……

Its placed in the fa 0/1 interface so that all the traffic coming in can be checked against the access-list statements.

Am I correct, please help!!
venky 03-04-2010
ys,so all d traffic coming into that servers LAN can be checked against d access-list statements.

all d best…
venky 03-04-2010
@Apoorv rai

which labs hav u got ?

thanq..
@vebky 03-04-2010
four labs : VTP , EIGRP , NAT ,ACl (all from 9tut)

Just do labs frome here and study from TI11.72 and P4s

Gud luck!!
Apoorv rai 03-04-2010
@venky

four labs : VTP , EIGRP , NAT ,ACl (all from 9tut)

Just do labs frome here and study from TI11.72 and P4s

Gud luck!!
cj2a 03-04-2010
Danny,

I have p4s versions 7.58. Would you please forward me the pass4sure that has the updated 60 questions!!

To all, as I said to took the exam yesterday. The sims that I got were the new one with the ACL’s, vtp, and EIGRP 22 instead of EIGRP 212.

Test prep suggestion, each day that you prepare for the exam, take 5 minutes and write down your subnet block numbers. what I mean is 128 64 32 16 8 4 2 1
128 192 224 240 248 252 254 255

Then write out the subnets ranges under each up to 220 under 64, 32 and 16.

Also, you should be allowed to use your own paper and pen/pencil. Just show the admin that the papers are blank.

If anyone would like addtional tips for the test, send me an email and in the subject put “CCNA test tips wanted”

Thanks 9tut for sims and Danny your efforts here are greatly appreciated. My email is w_sessions@hotmail.com.
Sarah 03-04-2010
Apoorv rai,

Were all the questions from testinside? Or you have seen big change in question as well. I’ve an exam in two days. I’ve studied from testinside and labs from 9tut. Is there anything else I need to cover?
Please help!

Thanks
Mike 03-04-2010
@ Apoorv rai
For the labs did the ip addresses were changed or they were exactly the same? And also for Vtp lab were all the questions same?
Thanks a lot bro for helping us all out.
kamus 03-04-2010
@ sarah

when does testinside update the 640-802 dumps?
where i can free download it ?
please help

thanks
9tut 03-04-2010
I created this sim with Packet Tracer. Hope this can help you!
VTP SIM 03-04-2010
can you create VTP SIM PLEASE
sahar 03-04-2010
hi 9tut… plz ask me about this command (line vty 0 4)
can i always put (0 4)???????? or???
rana 03-04-2010
hi 9tut , some labs said when restarting the router press CTRL+BREAK

where can i find (BREAK BUTTON)or is it a key plzzz help!!!
9tut 03-04-2010
@VTP SIM: You can find link to download VTP sim at http://www.9tut.com/ccna-lab-sim/69-practice-real-ccna-labs-with-packet-tracer-simulator

@sahar: Ttink of “line vty 0 4″ as telnet port #0 through port #4.

@rana: BREAK is a key on your keyboard.
Kamus 03-04-2010
@9tut
hey please dont ignore me !!!
please tell us when does testinside gonna be updated for march 2010 , because i will take the exam on this month and some people had said that testinside 11.72 is not more valid , others like sarah said that testinside gonna be ready in 2 days or in a week.
pls help me
blurred 03-04-2010
Hey guys…for those confuse like me about why the access-group put in int fa0/1 out because……..No other hosts from the LAN nor the Core should be able to use a web browser to access this server……..Base on the question, the CORE also should be denied right?so if we set “access-group in” in int fa0/0 the CORE can use web server. So it should be in int fa0/1 out…HOPE
this would help.
Felix 03-05-2010
Hi Friends.,

I cant able to open the Packet tracer Stimulation files, It says Its not an valid packet tracers files.. Plz help
Buzzinga 03-05-2010
for Packet tracer 5.2 use :

http://isohunt.com/download/149735753/PacketTracer52+setup.torrent

Arun 03-05-2010
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Hi.,

Here in this access-list.. We should add wildcard bit after 192.168.33.3 ???

In stimulation It is getting accepted only when i give the class C wildcard bits., otherwise showing error
Hossam Shaaban 03-05-2010
Dear all,
today test-inside have just updated to a new version 498 Q&As, i was willing to write the exam in 3 days, any idea about where to get that new version?
Sarah 03-05-2010
Does anyone know where to get new test-inside?
Lawrence 03-05-2010
9tut, U guys are great. Jst passd d exam wit score 949. Was given dis ACL sim, EIGRP & VTP.

Any writing soon shld focus on P4S v3.22 and Testinside 11.72.
Parameters changed in the VTP sim, SW-3 is root. Watch out.
Sarah 03-05-2010
Thanks for the update Lawrence!! Really appreciated.
Can you please tell how many questions were different?
I only studied testinside 11.72 and sims from this site
Do you think its enough to crack the new exam.
Or should I look out for new briandumps from testinside.
I have an exam next week on Tuesday.
Please do answer.

Cheers!!!!!!
9tut 03-05-2010
@Arun: The “host” keyword specifies a particular device so “host 192.168.33.3″ is same as 192.168.33.3 0.0.0.0 -> we don’t need a wildcard mask.

To all: The exam has been changed so if you are not confident enough then you should postpone your exam.
9tut 03-05-2010
@Felix: You need a newer Packet Tracer version to open that pkt file.
Chamila Dias 03-05-2010
@Sarah: I take the exam on next Wednesday. Could you pls update me about the simulation on TUESDAY after the exam?
Hope any body will help youngsters…
I’ll hope to give an update on next Wednesday ab my experience.

cheers
Chamila Dias 03-05-2010
@Sarah: if You can email me while updating the blog that’s great.

email : upadyadias@gmail.com

thanks
Suhail Adam 03-05-2010
Hi

can someone please email me, email me at circuit79@hotmail.com and let me knwo whats gonna come up in exam, also i have configured the above on the router and when i put 172.22.242.23 on the url of the web browser it says “server reset connection”

is this config right?

Corp1#configure terminal

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end
Corp1#copy running-config startup-config
scooby 03-05-2010
Hey all,
I just crashed and burned on my CCNA. This question was on it, and I studied it religiously prior to testing, based on the chatter.
Here was my problem:
access-list 100 permit tcp host (ip address) host (ip address) eq 80 would NOT get written in, I kept getting the ^ error mark.
The line access-list 100 permit (host, any , or ip address) (wildcard mask) WOULD write, but this wasn’t what I needed to accomplish.

I had the whole thing written out on my sheet, ready to be typed in, and couldn’t get past the first access-list line.

Any suggestions?
Sarah 03-05-2010
@scooby

The ^ error mark underneath the command tells you where is the error.
Let suppose if you typed access-list wrong, error mark would show up there.
If it’s syntax problem it would show it at the end.
You must have something typed wrong or may be syntax was wrong
Sarah 03-05-2010
@Scooby
By the way what else did you get in the exam???
scooby 03-05-2010
The autocomplete feature was enabled, even with using that, and following the autocompletes, I was not able to specify tcp or a destination host.

I tried six ways to Sunday to figure this out, ended up blowing a lot of time on it.

The EIGRP lab was on it, as was a match up the source and destination IP and MAC values.
hEldeR 03-05-2010
@Scooby
you might have did something wrong, because i practise this un PT and it was fine, other wise i would get error, something you did was not good, what else came in the exam?
Sarah 03-05-2010
@Scooby
How about the questions and drag and drop? Did you see whole a lot of new quesitions?
fadi 03-05-2010
hi 9tut,, plz tell me can i do my test on the coming tuesday coz i registered it.. i prepared testking 900 questions and some dumps and labs 27labs pass4sure and the labs of 9tut??????
Pamela 03-05-2010
@Lawrence
Where can I find P4S v3.22? Thank you in advance!
ahmed 03-05-2010
to all,

all the exam had been changed , if any one spicifed his exam should be postpone and study hard , waiting for the update from 9tut.

thanks.
Anonymous 03-05-2010
Has Pass4ure updated its ccna test? Because I can find it, I am a member.
I don’t think there is an update. I downloaded and it is still the old version.
Let me know
Anonymous 03-05-2010
The pass4sure with the 60 new (updated) questions is still the old version of 05 january. I’m sure about that. It won’t help you to pass the exam. But testinside did an update.
hEldEr 03-05-2010
too late for me, i can’t postpone anymore, well , let it be, i will pass ccna or i will dye trying….
blurred 03-05-2010
hi guys!

Please advice, there is an error “server reset connection”
I use PT 5.2.0

orp1#configure terminal

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end
Corp1#copy running-config startup-config
hilu 03-05-2010
Hi master 9tut can you pls send me a packet tracer file of that new question from CCNA Access List Sim 2 so that i can practice to configure….

jhdeen@yahoo.co.in

Like NAT RIPV2 etc

Thanks
Felix 03-06-2010
Thanks 9tut Masters..!!!!!!!!!!

I have downloaded PT V5.1 but still its showing that error.. Can you plz tell me the URL to download the latest version of PT i mean PT v5.2 something..

Thanks!!!!!! \O/
Hossam Shaaban 03-06-2010
Dear 9tut
Can you update the new topics in the latest exam soon as i’m gonna write it next Wednesday isA
if happen to get the latest Test inside can you post us the link
Appreciate your support
rana 03-06-2010
hi 9tut…plz i need any way to get latest changes i have my exam on the coming tuesday
Aleit 03-06-2010
You can download via this link: http://rapidshare.com/files/318644426/1.pt521.rar
samsecure 03-06-2010
I gave my exam today…got 1000/1000……..there is one drag and drop

based on load,reliability,hop count,cost,bandwidth,delay…….

config of EIGRP,plus ACL…as in 9tut…………..

all questions from actual it test jan version
Pavan 03-06-2010
i got this in exam on 3rd march!! god damn it!!! , got screwed!!!!!!!!!!

didnt complete the ACL lab, but got through!!! was tensed, but all other questions were from TestInside v11.72.

and another VTP LAB SIM, EIGRP LAB.

thanks to this 9tut for the VTP question!!!
sahar 03-06-2010
hi samsecure ,plz can u give the link u studied from ..i have my exam soon
Sarah 03-06-2010
@Pavan
Were the lab exactly like 9tut or IP addresses were different?
Any new questions? Drag and drop???

Thnaks
pet 03-06-2010
I did my ccna and I did not pass I scored 796. Pls not the exams has changed and the sim are EIGRP, ACL and VTP
Arun 03-06-2010
Is the labs same as in 9tut ??
Arun 03-06-2010
@Rana

Did u get the latest dumps ??
Pavan 03-06-2010
@sarah
no, IP addresses are always different, you cant expect them to stay the same…

new questions ?? not sure….

1) hmm.. there was one question regarding Bandwidth mismatch, two switches, one getting CRC errors with flow control off… its obviously a Gigabit–FastEthernet connection, u get giant packets from Giga port to Fa0/0 port and fast ethernet port receiving errors, u have to choose from 4 Multiple choice answers.

2) Drag n Drop

there was a new one which i had not seen ,

it was to match definitions of Antivirus, AntiSpyware, IDS, Firewall.. i know i got those things right

3) even in the Simulators, the Ports, MAC Addresses, IP addresses keep changing, so u better have through knowledge of what is actually happening there, or else every question will go wrong if u byheart things…

4) dont struggle too much with this simulator!!!
a funny thing happened, after 20 mins, i wasnt able to configure anything on the router… pretty scary!!! seriously… finish it as soon as possible.

all answers in TI are accurate.
Sarah 03-06-2010
@Pavan
Thanks a million budd!!
Susan 03-06-2010
@Pavan
You said that the questions you had were from TestInside v11.72. Is this true? I have been reading that not all the questions are from v11.72.
Pavan 03-06-2010
@Sarah
thank you

@Susan
sorry, i dont know about others, i thought i was a goner when i didnt do the ACL lab, but to my luck, almost most of the things were… say >90% was from TI. so i could manage to do well. i got a near 900 in-spite of losing out a lab question which was 6th question.

very few of the questions were out, but i managed to think it over, seriously, only very few were out, but give it a thought for a while without panicking, i think you’ll get the answer… but i’d suggest that you people wait for the latest dumps.

i had 2hrs — 50 questions.
Pavan 03-06-2010
@sarah,
oopsy mistake,

*welcome n all the best for ur exam..
NeilWhitby 03-06-2010
Whoever uploaded this new access-list lab sim saved my life!
I took my CCNA yesterday and this one was on it!
The only difference was the host, everything else was identical, even the IP addresses!!!

I just wanted to thank 9tut for this website. It provided me with so much support for the 802 exam.

I advise everyone to do the labs on here. You will pass if you do!!!

Good luck everyone!
Susan 03-06-2010
@Pavan
Thank you so much for your input!
Susan 03-06-2010
@NeilWhitby
Were most of your questions from TestInside v11.72? If not which questions did you study?
rana 03-06-2010
@Arun
hi..no i didnt get them but i need them coz my exam on tuesday
mikepogi 03-06-2010
i have a question, why not put the acl on fa0/0 as ip access-group in, since extended acl are preferably closest to the source?
Arun 03-07-2010
@Rana

I am also writing on Tue 9 March….Have not got the latest but studying ver 11.72 now..Pls let me know if u gets the latest…Thanks
hEldEr 03-07-2010
tomorrow is the day.. God b with me. guys wish me luckyyyyyyyyyyyyyyyyy
Donny 03-07-2010
Hi, can anyone please upload here or email me at (sajiv29@yahoo.com) the latest ACL sims, please?

The sim above seems to be not valid.

Many thanks.
9tut 03-07-2010
@mikepogi: We need to block Core network to access the Server LAN so it is better to put extended acl near the destination.

Best wishes to you hEldEr! Please share your experience after taking the exam.
Arun 03-07-2010
@
hEldEr

Best of luck…..pls share once u are done tmrooo
Sarah 03-07-2010
@hEldEr

All the best dude!!! Do well in your exam.
Finger crossed for you
ixozz 03-07-2010
hi..took the exm on 7/3.most of the Qs (60-70%) came frm TestInside v11.72. ive compiled some of the Qs that were not frm this dump in a .docx file. pls check here: http://www.4shared.com/file/236205082/4b8d0052/640-8027mac10.html
Sarah 03-07-2010
*Fingers
embabi 03-07-2010
@ixozz and what about sim ???????????????????
@embabi 03-07-2010
like others, i got eigrp, acl, vtp..
all from here with diff ip, AS for eigrp, host to be allowed for ACL..
Raj 03-07-2010
@ixozz

but updates told tht dumps have changed then What is ur personal experience about the dumps…..

Pls share is TI 11.72 is still valid or not?????
hEldEr 03-07-2010
@embabi, thanx buddy, i did not know the question on IDS an Firewal, it helped alot, missing 1 hour for my exam..
ixozz 03-07-2010
@Raj
ive scanned thru TI v11.72 n compiled Qs i got frm there. can say that actually it covers 85% of my exam..pls check here: http://www.4shared.com/file/236574348/123293d4/640-802_p1.html
-CGC- 03-08-2010
Guys, I’ve tried this sim but can’t prove it from PC 2 or 3, the website just says connection refused or unsupported protocol.

Can’t we just do this for telnet to check? Then change the telnet part to WWW or 80. If the ACL works for telnet it’ll work for http right? song long as use use the proper ports….
hEldEr 03-08-2010
Hi Guys,
Ti v11.72 still 80% valid and the sims were : ACL,EIGRP,VTP, all from 9tut just Ip changes, some drag and drop about IDS,Firewalls,antispiware and antivirus.a question about hub and spoke,frame relay,LMI..
guys just concentrate and make sure you only click next after checking all the questions, it hapened to me in vtp simlet,and i got few score for that…do not worry about the time, the time is enough if you have studied hard. good lucky
KHAN 03-08-2010
Hi,
Can somebody help me understanding the VTP SIM as their is no explanation anywhere….

Thanks alot
betawi 03-08-2010
I’ve got this SIM at my exam, 3rd march. i’ve done all config as above.. But when i recheck to make sure it’s fulfill the requirement, the result is :

1. Yes, PC3 can make http connection to ‘finance web server’, and to all server in server farm. And yes, another PC is forbidden to access ‘finance web server’ via http. BUT
2. it not only for ‘finance web server’ but all server in server farm.

Finally i let that error, and continue to next question, due to my time is running out. (i’ve got this sim at 32nd question, anyway).

But my result is : 961/1000. And point explanation for ‘ACLs and related’, is 100%! I dont know it’s bug or what.. but it’s my experience.
Chamila Dias 03-07-2010 03-08-2010
Can we use windows calculator in CCNA exam?
Any pioneer , Just answer this pls?

upadyadias@gmail.com
hEldEr 03-08-2010
@Chamila Dias
no windows calculation on ccna exam, and calculator is not allowed
@ all 03-08-2010
hey my exam is the next tuesday can anybody help me im confused cause some people say that ti11.72 isnot valid others said that it is almost 80% help what do do
hEldEr 03-08-2010
@ all, the ti v11.72 covers at least 80% of the exams, but make sure you understand all concepts , since there will be some questions which you have to describe..
help@needed 03-08-2010
I someone please send me the latest p4s dumps, if they are out. I plan to take the exam at the end of the month.

Any help is grealty appreciated.

email w_sessions@hotmail.com
Chris 03-08-2010
Failed exam with an 809 . Completely blanked out on ACL sim. Plan to retake soon.
Ang 03-08-2010
@Chris

Which ACL sim? It is here at 9tut?
anton piruriru 03-08-2010
@Chris

did you found ti11.72 in your failed exam? how many q from it?
tell us c’mon
xxx 03-08-2010
@ helder

hey man do you can be 100% sure that almost the 80% of the exam came from ti11.72 or i must wait and late my exam to april???
be honest
mrbogus888 03-08-2010
Thanks 9tut, passed the exam yesterday, had EIGRP, VTP and ACL (all from here), studied with pass4sure 3.22, TI 11.72 (most of the question where from here) and Tesking v41, for all exam takers Good Luck to you all, the exam is not that difficult as you think
embabi 03-08-2010
@ hEldEr

what describe??????????????
hEldEr 03-08-2010
@xxx
almost 80% , if you do the 3 labs well and ask almost the 80% of qs which is covered in V11.72 you will pass…
sashidhar 03-08-2010
i intent to take exam as soon as possible, but i am waiting for new dumps. Can anybody send me the latest changed dumps to sashidhar06@gmail.com pls.
newbye 03-09-2010
Guys.. here a question which came in exam , what must be done when a router prompt a message : prompt “rommon 1 > ”

i don’t remember the options :::for the question. can someone pls help t this question??
Hossam Shaaban 03-09-2010
@ newbye:
After referring to Cisco.com (If the router is stuck in ROMmon mode, the first setting that should be checked is the value of the configuration register)
rommon 2 > confreg
geturccna 03-09-2010
testinside have now gone up to 734 Q&A. this is very worrying
ab 03-09-2010
where did u get that info ……. 734

is it right
ab 03-09-2010
@geturccna
where did u get that info …… 784 Q & A

is it right or still; ambiguous
Arun 03-09-2010
Hi Alll..

Passed CCNA(974) ..Just now !!! Most of the qns are from TI 11.72.

Thanks for all those who helped…Labs were eigrp,ACL and VTP same in 9tut

1 qns on IDS,ANtivirus ..Let me think of other qns..will update soon
embabi 03-09-2010
@ arun

what discrebtion of this qns and haw to answer it?????????
plz replay my exam tomororw
Chamila dias 03-09-2010
@ Arun
What is that IDS and Antivirus question?
what is the reading material to answer it?
I’m also taking exam tomorrow…
Reply ASAP….
Arun 03-09-2010
Just the basics….

It was drag and drop qn..

Antispyware
Antivus
FIrewall
IDS

wherer colum A..check the defintions of these in net….dont get confused with antivus and antispyware…the choice is almost similar…other 2 u can answer….
marty 03-09-2010
hey guys,.i hear the ccna exam has been completely changed,. as in the questions are new.
anyone got informatio on this? am doing the exam on Friday 12th March.
thanks
cj2a 03-09-2010
Marty,

If you hear anything can you please forward it to me. My email is w_sessions@hotmail.com

Also, to everyone if you are taking the test for the first time, you will encounter a survey by Cisco (at least I did) take this time to write out your notes. Tables, vtp or acl syntax, etc.

Thanks.
prabath 03-09-2010
Can we write acl like this

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
then
access-list 100 permit ip any any

is’t that enough
geturccna 03-09-2010
@ ab

it is showing up as 723 Q&A. Earlier in the morning their was more questions. Testinside are now changing everytime……… It costs 100 dollars less now
Take a look at their new website:

http://www.test-inside.com/640-802.htm

Before they were testinside.com, but cisco put them down for weeks and now they are back………….

We have to wait for pass4sure………….
geturccna 03-09-2010
@ prabath

There is more configuration needed than that…..

After we have configured the access-list, we need to apply it to the routers interface inbound or outbound to tell the router which direction to filter traffic
Arun 03-09-2010
In this case all the other machines also will be able to acceess web server on port 80.
ab 03-09-2010
@geturccna

Thanx
Sarah 03-09-2010
@Arun
Do you remember which other questions/drag and drop(not covered in TI 11.72) did you get?
Arun 03-09-2010
@Sarah

Column A is

Antispyware
Antivus
FIrewall
IDS

column B i am not sure…if u know wat are these u will be able to answer..just google for these and understand u will be able to answer
MALDINIO 03-09-2010
thankss god
i passed my ccna exam…guys don be afraid from any changes only 3 questions were new(one related to subnetting,second show ip eigrp topology,find feasible successor…)
thx for 9tut all labs are valid tell now(eigrp,vtp and acl 2 (finance server) v11.72 is very very important
good luck to all
sab 03-10-2010
hi 9tut,
i heard that there is a double shot offer for CCNA exam.. is that true.. if yes
, when will that be.
sab 03-10-2010
in one way prabath is correct. . his config is enough coz there is an rule called EXPLICIT DENY RULE by which all other traffic will be denied.
ab 03-10-2010
@maldinio
would you please tell whether tab was working at your lab simulation or not.

what about drag and drop regarding antispyware
ab 03-10-2010
@sab

what do you mean by double shot offer. iheard this type of phrase for the first time.
KK 03-10-2010
@ Sab

But this line will override the implicit(not explicit) deny

access-list 100 permit ip any any
dodo 03-10-2010
please where are the lab VTP please send link
Chamila Dias 03-10-2010
hi guys…I just now pass the exam…Thanks for 9tut and testinside 11.72.
I got 847/1000. Pass mark was 825 . I would like to share my experience.

I sat for the exam from Germany in English medium.
I had a German keyboard. It gave me a problem while I’m doing a Sim question.
‘/’ was not working on the test application. then I ask for an English keyboard.
So guys when u r doing the exam in English medium in non English speaking country
you must consider this thing also.In my case, I managed to sort out it soon with a huge pressure.
Exam is bit tough and first 10 questions were very time consuming.
Even I can´t remember the questions as I was very nervous.
so,Good luck for those who do exam…..!!!!
contact me upadyadias@gmail.com if in any help…

SIMs – Vtp, EIGRP, ACCess list 2 (thanks for 9tut)

Practice well test inside 11.72 and P4S.
Bimal 03-10-2010
@Chamila

Congrats ofr passing out the exam, isnt 850 the passing score ?

In this ACL-2 sim the ip address and other setting must have changed but I have only one question regarding this Lab-sim, that is there any way u can check that the other hosts doesnt have the permission to get the acess of finance server ? I have sent u an email on ur g-mail id, if u get time than do reply back on that also.. thanks in advance..
TheMan 03-10-2010
Passing score is 825…igot a freakin 821! I hate this
Maldinio 03-10-2010
@ab

i had two drag and drop questions ,one about using line console or vty or enable as in 11.72 ,…and the other one about static routing you have choices to which hop this route will be forwarded also in 11.72….i didnt have spyware!…
Muhammad Khan 03-10-2010
prabath 03-09-2010

Can we write acl like this

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
then
access-list 100 permit ip any any

is’t that enough

——–
If u write the ACL is this way….u are permitting every user to access every thing…

Q is The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted…

So we need to deny the access of other users to gain access of finance web server..Also we need to deny core network to acess web server…
So
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

This statement says that deny access to webserver by any host…..as we have permitted host C in the statement before so after that this statement will deny the access…
After that permit ip any any will be used beacuse we need to allow users to access other esrvices in the network…

Hope this helps
Neo 03-10-2010
@ all

c’mon lets talk serious CAN ANYBODY WHO ALREADY FACE THE REAL EXAM UPDATE US AND CONFIRM OR DENY THAT DOES TI11.72 AND P4S 3.00 ARE VALID FOR TAKING THE EXAM ON MARCH NEXT WEEK?
IM VERY CONFUSED MY EXAM IS THE MONDAY 15TH
SHOULD I JUMP INTO THE FIRE OR MUST WAIT LASTEST DUMPS?
I’VE STUDYING TI11.72 ENGINE AND P4S 3.00 PDF
ANSWER PLEASE SOME CCNA SURVIVOR!!
misha 03-10-2010
hi TheMan

same here. but that was last september.
I’ll be taking my exam before the end of March.

Im just revewing TI 11.72 and 9tut.com of course.
wildsierra 03-11-2010
Passed with 949 !!!.

3 labs: ACl Sim2, EIGRP, VTP.

Same sims as 9tut, but different EIGRP AS number, different switches on the VTP sim.

On the VTP sim, when working with Question 8 “Out of which ports will a frame be forwarded?”, in order to give the right answer, remember that a switch will broadcast a frame to all access and trunk ports on the same vlan EXCEPT the port on which the frame arrived.

Subnetting and 9tut sims are a must !.

In my opinionTI 11.72 is still 80% valid (I worked with ps4 3.00 too, the more the better…).

Thank you so much to 9tut (I’ll donate more money as soon as I get a new job, you really deserved it keeping this great site), and thanks to all the people who write comments here.
prabath 03-11-2010
thank u guys really appreciated
Kumar 03-11-2010
I gave the exam a week back and got 986/1000. Few words….

1) Go through 9tutor lab sims and questions….they are more than enough.
2) Practice subnetting (good both for exam and real life) and be thorough with theory of STP, VLAN, RIP, OSPF, EIGRP…..
2) P4S 3.0 is old but lot of questions are same (more than 80%)… use PassGuide 3.0
3) The exam is easy… so don’t panic… If you have practiced your stuff you will feel that the exam is much easier than what you anticipated…
4) Don’t give the exam solely on the basis of dumps (you will pass) but you know what I mean!! (In interviews and real life there will be too much screwing) Read + practice and use dumps as nothing more than practice materials…. First try to solve all the questions by yourself and than look at the answers ….
5) 3 days left… still I would say don’t worry…. If you read and practiced 9tut will be just more than fine…..
6) If you need dumps PassGuide give post you emaid id….

Bye Happy exam time…… Just don’t panic….
Chamila Dias 03-11-2010
U can download the dumps which I practiced for CCNA.
** but first through with theories. then Dumps…

http://cid-37a85ff83adbfc59.skydrive.live.com/browse.aspx/CCNA%20stuff%20for%20tut9%20%20friends

Good luck for your CCNA exam
ab 03-11-2010
paseed with 961 marks

any one interested in taking CCNA recently kindly go through following topics

-pap and chap basic concepts + their configurations, i faced a question about them which is not in dumps

-go through the definitions of antispyware and antivirus

-kindly do read or clear the concepts regarding configuration register values of 2100 and 2102

-clear your concepts about vlans, vtp, OSI model, spanning tree.

- lab simulation of ACL 2, EIGRP

-straight and cross cable making

-WLAN concepts

if you have any quries kindly do ask …….

Good luck for your CCNA exam
ciscoman 03-11-2010
@ ab and wildsierra

is ti11.72 valid ??
Mohamed 03-11-2010
Urgent Urgent Urgent

I took the exam 3 hours ago, I found this Sim, and answered it EXACTLY as written in the answer here, BUT IT WAS WRONG, WRONG WRONG

I try in the exam to access any other server with any device (not host C ), But it didn’t work. when I disable the access list, it work.

Again, I think that there is a problem with this question in CISCO system, What can I do, I got 961/1000 and 75% in the part of ACL and NAT.

I added it again so, every one can read it b4 he attend the exam
Anonymous 03-11-2010
hi to all
ded any one pass the exam to day
cj2a 03-11-2010
Can someone please send me the ti11.72 dump. w_sessions@hotmail.com
ab 03-11-2010
@ciscoman
yes if you cover 11.72 + 9tutsim, u will inshalllah pass CCNA.
some questions are also from p4s

@Anonymous
@Mohamed
i gave the exam yesterday, same simulation came and i answered it accordingly; had faced no problems

thanks
Mohamed 03-12-2010
@ab

you tried to use web browser in the hosts (a, b, d), to access any server except Finance one and work ?????, I tried that and didn’t work.
hEldEr 03-12-2010
Guys actualtest , updated their dumps on 05-03-2010 ,is out check here..

http://www.examcollection.com/cisco/Cisco.ActualTests.640-802.v2010-03-05.604q.vce.file.html

ciscoman 03-12-2010
how much is important to study testking 999 q vce?it is really necessary cause i dont have enogth time to review 999 qs
TheMan 03-12-2010
Ok so anyone who WANTS to PASS the Test, this is what you should do. (I got an 821 on the test, i did not bother looking at testinside 11.72)

If you have a general understanding of everything you are fine, but here is what I did for the test:

Read network +, CCNA Lammle, CCNA Fastpass

STudied 9tut sims, P4S 3.00

I had testinside 11.72 but didn’t bother to open it or look at it because I was under the assumption that it was the same thing as P4S, I was wrong. The questions that I got wrong came from Testinside and i didn’t bother to look at it.

Know how to subnet, know basic concepts, know theories, and know how to do sims and you’re fine.

DO NOT WAIT to take the test if you fail the first time. Just sign up for your retake date.
TheMan 03-12-2010
PRactice as many dumps, sims as you can. Pass4Sure sims allows you to learn and understand concepts better.
ahmed zein 03-12-2010
i want the program that open vce extension files, i can not open any file from the exam collection web site , would any one please sent for me the program , my email kgb200525@hotmail.com
hEldEr 03-12-2010
@ahmed zein
download it from examcollection.com
BigCheese 03-13-2010
Hi guys, my exam is on Monday. I have read Todd Lammle’s book, watched CBT nuggets, practiced sims on packet tracer, did all the sims on this site and have gone through testinside 11.72 like 6 times. Is this enough to pass?

For those that used testinside 11.72, are the M/C questions the same exact or do they modify it. I know the values for the sims are modified for sure.
Felix 03-13-2010
Hi 9tut., Thanks guys.. For your effort to help CCNA and cisco candidates.. I took my exam on 11 of this March and I passed the exam.. I got this SIM only, Different IP address.. same concept.. but the dumps was completely changed..
hEldEr 03-13-2010
@ Felix
which dumps you saw on your exams ??
aung 03-13-2010
passed with 834 yesterday

thanks 9tu
shaka 03-13-2010
By the grace of almighty ALLAH , i have passed my ccna exam yesterday. My preparation pathes included : Todd lammle book , Cisco press (icnd 1 & 2) , testinside 11.72 and 9tut.com. these dums (testinside 11.72) are still valid. i found questions from testinside 11.72 about 80%. labs were eigrp and access-list. both are present on this site so take this site serious dude.
there was a little trick played by cisco. during exam i found that figures were different from dums but logic was same . so i advise to try to understand logic of question during preparation from dums . ok good luck all of u !!!!
Cyh 03-13-2010
im getting worried man! im going to take the exam on march 25.
anyways ive been reading books in cisco, i only lacked knowledge ryt now about IPv6, DHCP, Nat and PAT. grrr.
ciscoman 03-13-2010
@felix
from which dumps did you study??
Cyh 03-13-2010
havent studied those dumps yet, i first studied concepts. too many that im forgetting some of them right now T_T. by the way i found a new update but the problem is it is a .vce extension. cant seem to find a free program to open it. anyone knows how? i dont wanna pay $24 for it T_____T
Agali 03-13-2010
Did my exam on 10th and passed with 910.Todd Lammle’s book will give you a solid background.Subnetting is absolutely necessary.pass4surev3.23 or any latter version,Testking,Testinside,all are good for your practice.The labs on this site are very important! My labs were VTP,EIGRP,ACL2.Study these labs and understand the concepts.The exam isn’t difficult,avoid nervousness and you would surely crack CCNA! Goodluck folks.For assistance, mail me at sleekcm@yahoo.com.
3kul 03-13-2010
I cant open the PacketTracer file for this lab. It is saying it isnt a valid PacketTracer file. Anyone else having this problem?
Anonymous 03-13-2010
hi to all السلام عليكم
I took the exam 6 hours ago
and i did not pass the exam

my next exam after 1week

the labs: ACl Sim2, EIGRP, VTP

بالتوفيق للجيع
Ayline 03-13-2010
To Cyh
Plz Help my exam is in few days and i am worried, plz plz ,give me the new update whith .vce Extention, the program to open it is Visual CertExam Suite. you wil find it in www.examcollection.com
this is my email: rym50@live.fr
krishnareddy 03-13-2010
”Server Reset Connection” error…pls help me tomorrow i have exam.

PLEASE HELP ME

Current configuration : 995 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
ip name-server 0.0.0.0
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.33.254 255.255.255.0
ip access-group 101 in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.22.242.30 255.255.255.240
ip access-group 101 out
duplex auto
speed auto
!
interface Serial1/0
ip address 198.18.196.66 255.255.255.0
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 172.16.0.0
network 192.168.33.0
network 198.18.196.0
!
ip classless
!
!
access-list 101 permit tcp host 192.168.33.3 host 172.22.242.23 eq www
access-list 101 deny tcp any host 172.22.242.23 eq www
access-list 101 permit ip any any
!
!
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
ciscoman 03-13-2010
@ krishnareddy
my best wishes please feed back us after taking the exam
god be with u
go for them!
krishna reddy 03-14-2010
Please help me the above configuration is correct or not

i am very much afraiding…..
Cyh 03-14-2010
@krishnareddy

i also got the same output. try the other 3 PC and you will have an output that says request time out.

Before applying ACL, all of the PC ( 1-4 ) will output “server reset connection”, i think its a way of saying that you have acces to the web server. im not sure thought just sharing wat i experienced
krishna reddy 03-14-2010
Thank u…

OK …then i will follow this

Hope for the best…
Anonymous 03-14-2010
Can anyone confirm that these sims posted here on 9tut are still valid for the exam?? Mine is scheduled for tomorrow . No turning back now
Elchin 03-15-2010
Hi Everybody new passguide is published but i cant find it