...CCDA,CCDP,CCNP,CCIP,CCSP, CCVP,CCNS,CCIE?

发布网友 发布时间：2022-04-22 23:42

我来回答

共3个回答

懂视网 时间：2022-05-05 01:06

hostname shafw01 domain-name heraeus.com enable password names ! interface GigabitEthernet0/0 no nameif no security-level no ip address ! interface GigabitEthernet0/0.150 vlan 150 nameif inside_data security-level 50 ip address 172.26.24.6

hostname shafw01

domain-name heraeus.com

enable password

names

!

interface GigabitEthernet0/0

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/0.150

vlan 150

nameif inside_data

security-level 50

ip address 172.26.24.6 255.255.255.252

!

interface GigabitEthernet0/0.151

vlan 151

nameif inside_voice

security-level 50

ip address 10.48.8.1 255.255.255.0!

interface GigabitEthernet0/1

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1.161

vlan 161

nameif web

security-level 50

ip address 172.26.30.1 255.255.255.0

!

interface GigabitEthernet0/1.163

vlan 163

nameif secure

security-level 50

ip address 172.26.31.1 255.255.255.0

!

interface GigabitEthernet0/2

description LAN/STATE Failover Interface for Future

!

interface GigabitEthernet0/3

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3.154

vlan 154

nameif sprint

security-level 50

ip address 172.26.24.9 255.255.255.252

!

interface Management0/0

nameif outside

security-level 50

ip address 222.66.83.18 255.255.255.240

!

boot system disk0:/asa704-k8.bin

ftp mode passive

clock timezone cet 8

dns domain-lookup inside_data

dns name-server 172.26.16.17

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group icmp-type icmp_echo_request

icmp-object echo

object-group icmp-type icmp_echo_reply

icmp-object echo-reply

object-group icmp-type ICMP_echo

group-object icmp_echo_request

group-object icmp_echo_reply

object-group service udp_tftp udp

port-object eq tftp

object-group service udp_citrix udp



port-object eq 1604

object-group service udp_radius udp

port-object eq 1812

object-group service udp_radius_acct udp

port-object eq 1813

object-group service udp_rsa_5500 udp

port-object eq 5500

object-group service tcp_http tcp

port-object eq www

object-group service tcp_http_8080 tcp

port-object eq 8080

object-group service tcp_https tcp

port-object eq https

object-group service tcp_ftp tcp

port-object eq ftp

object-group service tcp_ntp tcp

port-object eq 123

object-group service udp_ntp udp

port-object eq ntp

object-group service tcp_smtp tcp

port-object eq smtp

object-group service tcp_ssh tcp

port-object eq ssh

object-group service tcp_squid_3128 tcp

port-object eq 3128

object-group service tcp_squid_2370 tcp

port-object eq 2370

object-group service tcp_sapdps_47xx tcp

port-object range 4700 4799

object-group service tcp_sapgw_33xx tcp

port-object range 3300 3399

object-group service tcp_sapdp_32xx tcp

port-object range 3200 3299

object-group service tcp_sapgws_48xx tcp

port-object range 4800 4899

object-group service tcp_sapms_36xx tcp

port-object range 3600 3699

object-group service tcp_jetdirect_9100 tcp

port-object eq 9100

object-group service tcp_printer tcp

port-object eq lpd

object-group service tcp_tacacs_plus tcp

port-object eq tacacs

object-group service TCP_squid_web tcp

group-object tcp_http

group-object tcp_https

group-object tcp_http_8080

object-group service TCP_squid_ftp tcp

group-object tcp_ftp

object-group service TCP_squid_all tcp

group-object TCP_squid_web

group-object TCP_squid_ftp

object-group service TCP_squid_port tcp

group-object tcp_squid_3128

group-object tcp_squid_2370

object-group service TCP_sap tcp

group-object tcp_sapdps_47xx



group-object tcp_sapgw_33xx

group-object tcp_sapdp_32xx

group-object tcp_sapgws_48xx

group-object tcp_sapms_36xx

object-group service TCP_printing tcp

group-object tcp_jetdirect_9100

group-object tcp_printer

object-group network n_VLAN108_16

network-object 172.26.16.0 255.255.255.0

object-group network n_VLAN105_22

network-object 172.26.22.0 255.255.255.0

object-group network n_VLAN106_25

network-object 172.26.25.0 255.255.255.0

object-group network n_VLAN163_31

network-object 172.26.31.0 255.255.255.0

object-group service TCP_dameware tcp

group-object tcp_dameware_6129

group-object tcp_dameware_6130

object-group network N_RFC1918

network-object 10.0.0.0 255.0.0.0

network-object 172.16.0.0 255.240.0.0

network-object 192.168.0.0 255.255.0.0

object-group service TCP_client_auth tcp

group-object tcp_http

group-object tcp_https

group-object tcp_telnetobject-group network h_china_ntpserver

network-object host 202.108.158.139object-group network h_auth42

network-object host 172.26.31.42object-group network H_auth

group-object h_auth42object-group network H_ntp_servers

group-object h_china_ntpserveraccess-list TRIGGER extended permit tcp any object-group H_auth object-group TCP_client_auth access-list NONAT remark # this is a nat rule, only permit's are allowed

access-list NONAT remark # no nat inside our networks

access-list NONAT extended permit ip object-group N_RFC1918 object-group N_RFC1918 access-list POLICY remark # counterpart of trigger rule

access-list POLICY extended permit tcp any object-group H_auth object-group TCP_client_auth access-list POLICY remark # # ntp

access-list POLICY extended permit tcp any object-group H_ntp_servers object-group tcp_ntp

access-list POLICY extended permit udp any object-group H_ntp_servers object-group udp_ntpaccess-list HIDING remark # this is a nat rule, only permit's are allowed



access-list HIDING extended permit ip object-group N_RFC1918 anyaccess-list IPS extended permit ip any any tcp-map mss

exceed-mss allow

!pager lines 22

logging enable

logging console critical

logging monitor errors

logging buffered critical

logging trap errors

logging facility 16

logging host secure 172.26.31.142

logging permit-hostdown

mtu inside_data 1500

mtu web 1500

mtu secure 1500

mtu sprint 1500

mtu outside 1500

ip verify reverse-path interface inside_data

ip verify reverse-path interface web

ip verify reverse-path interface secure

ip verify reverse-path interface sprint

ip verify reverse-path interface outside

asdm image disk0:/asdm502.bin

no asdm history enable

arp outside {mac-outside interface} {hiding IP)

arp timeout 14400

global outside 1 {hiding ip} netmask 255.255.255.0

nat (inside_data) 0 access-list NONAT

nat (inside_voice) 0 access-list NONAT

nat (sprint) 0 access-list NONAT

nat (secure) 0 access-list NONAT

nat (inside_data) 1 access-list HIDING

route inside_data 172.26.25.0 255.255.255.0 172.26.24.5 1

route inside_data 172.26.22.0 255.255.255.0 172.26.24.5 1

route inside_data 172.26.16.0 255.255.255.0 172.26.24.5 1

route sprint 172.16.0.0 255.240.0.0 172.26.24.10 1

route sprint 10.0.0.0 255.0.0.0 172.26.24.10 1

route sprint 192.168.0.0 255.255.0.0 172.26.24.10 1access-group POLICY in interface inside_data per-user-override

access-group POLICY in interface inside_voice

access-group POLICY in interface web

access-group POLICY in interface secure per-user-override

access-group POLICY in interface sprint per-user-override

access-group POLICY in interface outsidetimeout xlate 3:00:00

timeout conn 2:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:10

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00



timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:00:00 absolute uauth 0:15:00 inactivityvirtual telnet 172.26.24.xxauth-prompt prompt Please enter your username and password

auth-prompt accept Authentication succeeded.

auth-prompt reject Authentication failed. Try again.

telnet timeout 5

ssh scopy enable

ssh 172.22.161.0 255.255.255.0 sprint

ssh 172.26.16.0 255.255.255.0 inside_data

ssh 172.26.31.0 255.255.255.0 secure

ssh timeout 60

ssh version 2

console timeout 0

management-access inside_data

mangement-acccess sprintclass-map my-ips-class

match access-list IPS

class-map VoIP

match dscp cs3

ef

class-map inspection_default

match default-inspection-traffic

class-map mss-map

match access-list MSS-exceptionspolicy-map global_policy

class inspection_default

inspect ftp

inspect h323 h225

inspect rtsp

inspect skinny

inspect tftp

inspect sip

inspect icmp

inspect ctiqbe

inspect dns

inspect http

class mss-map

set connection advanced-options mss

class my-ips-class

ips promiscuous fail-open

policy-map qos

class VoIP

priority

policy-map my-ips-policy

class my-ips-class

ips promiscuous fail-openservice-policy global_policy global

ntp server 202.108.158.139rdca4fwepshafw01(config)# sh run

: Saved

:

ASA Version 7.0(4)

!

hostname shafw01

domain-name heraeus.com

enable password .68HJO4Qmg83HE2S encrypted

names

!

interface GigabitEthernet0/0

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/0.150

vlan 150

nameif inside_data

security-level 50

ip address 172.26.24.18 255.255.255.240

!

interface GigabitEthernet0/0.151

vlan 151

nameif inside_voice

security-level 50



ip address 10.48.8.1 255.255.255.0

!

interface GigabitEthernet0/1

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1.161

vlan 161

nameif web

security-level 50

ip address 172.26.30.1 255.255.255.0

!

interface GigabitEthernet0/1.163

vlan 163

nameif secure

security-level 50

ip address 172.26.31.1 255.255.255.0

!

interface GigabitEthernet0/2

description LAN/STATE Failover interface for futer!

shutdown

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/3.154

vlan 154

nameif sprint

security-level 50

ip address 172.26.24.9 255.255.255.0

!

interface Management0/0

nameif outside

security-level 50

ip address 222.66.83.18 255.255.255.240

!

passwd 2KFQnbNIdI.2KYOU encrypted

boot system disk0:/0

boot system disk0:/asa704-k8.bin

ftp mode passive

clock timezone cet 8

dns domain-lookup inside_data

dns name-server 172.26.16.17

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group icmp-type icmp_echo_request

icmp-object echo

object-group icmp-type icmp_echo_reply

object-group network h_china_ntpserver

network-object host 202.108.158.139

object-group network h_auth42

network-object host 172.26.31.42

network-object host 172.26.24.19

object-group network N_RFC1918

network-object 10.0.0.0 255.0.0.0

network-object 172.16.0.0 255.240.0.0

network-object 192.168.0.0 255.255.0.0

object-group network n_VLAN108_16

network-object 172.26.16.0 255.255.255.0

object-group network n_VLAN105_22

network-object 172.26.22.0 255.255.255.0



object-group network n_VLAN106_25

network-object 172.26.25.0 255.255.255.0

object-group network n_VLAN163_31

network-object 172.26.31.0 255.255.255.0

object-group network n_VLAN108_18

network-object 172.26.18.0 255.255.255.0

object-group network N_RDCA_S_C

group-object n_VLAN108_18

group-object n_VLAN108_16

group-object n_VLAN105_22

object-group service tcp_http tcp

port-object eq www

object-group service tcp_https tcp

port-object eq https

object-group service tcp_telnet tcp

port-object eq telnet

object-group service TCP_client_auth tcp

group-object tcp_http

group-object tcp_https

group-object tcp_telnet

object-group service tcp_http_8080 tcp

port-object eq 8080

object-group service tcp_ftp tcp

port-object eq ftp

object-group service tcp_ntp tcp

port-object eq 123

object-group service udp_ntp udp

port-object eq ntp

object-group service tcp_smtp tcp

port-object eq smtp

object-group service tcp_ssh tcp

port-object eq ssh

object-group network H_auth

group-object h_auth42

object-group network H_ntp_servers

group-object h_china_ntpserver

object-group service TCP_webservice tcp

group-object tcp_http

group-object tcp_https

access-list HIDING extended permit ip object-group N_RFC1918 any

access-list HIDING remark # this is a nat rule, only permit's are allowed

access-list NONAT extended permit ip object-group N_RFC1918 object-group N_RFC1918

access-list POLICY remark # counterpart of trigger rule

access-list POLICY extended permit tcp any object-group H_auth object-group TCP_client_auth

access-list POLICY remark # # ntp

access-list POLICY extended permit tcp any object-group H_ntp_servers object-group tcp_ntp

access-list POLICY extended permit udp any object-group H_ntp_servers object-group udp_ntp



access-list POLICY remark # RDCA-webbrowsing rule

access-list POLICY extended permit tcp object-group N_RDCA_S_C any object-group TCP_webservice log

access-list POLICY remark # All Internal Network is allowed

access-list POLICY remark # All Internal Network Traffic is allowed

access-list POLICY extended permit ip object-group N_RFC1918 object-group N_RFC1918 log

access-list POLICY extended deny ip any any log

access-list IPS extended permit ip any any

pager lines 24

logging enable

logging buffer-size 10000

logging console critical

logging monitor errors

logging buffered errors

logging trap errors

logging facility 16

logging host secure 172.26.31.142

logging permit-hostdown

mtu inside_data 1500

mtu inside_voice 1500

mtu web 1500

mtu secure 1500

mtu sprint 1500

mtu outside 1500

ip verify reverse-path interface inside_data

ip verify reverse-path interface web

ip verify reverse-path interface secure

ip verify reverse-path interface sprint

ip verify reverse-path interface outside

no failover

asdm image disk0:/asdm504.bin

no asdm history enable

arp outside 222.66.83.19 0013.c482.3ffc

arp timeout 14400

global (outside) 1 222.66.83.19 netmask 255.255.255.255

nat (inside_data) 0 access-list NONAT

nat (inside_data) 1 access-list HIDING

nat (inside_voice) 0 access-list NONAT

nat (secure) 0 access-list NONAT

nat (sprint) 0 access-list NONAT

access-group POLICY in interface inside_data

access-group POLICY in interface web

access-group POLICY in interface sprint

access-group POLICY in interface outside

route inside_data 172.26.23.0 255.255.255.0 172.26.24.17 1

route inside_data 172.26.10.0 255.255.255.0 172.26.24.17 1

route inside_data 172.26.25.0 255.255.255.0 172.26.24.17 1

route inside_data 172.26.22.0 255.255.255.0 172.26.24.17 1



route inside_data 172.26.16.0 255.255.255.0 172.26.24.17 1

route inside_data 172.26.18.0 255.255.255.0 172.26.24.17 1

route sprint 172.16.0.0 255.240.0.0 172.26.24.10 1

route sprint 10.0.0.0 255.0.0.0 172.26.24.10 1

route sprint 192.168.0.0 255.255.0.0 172.26.24.10 1

route outside 0.0.0.0 0.0.0.0 222.66.83.17 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username wafersys password N3432S3svONQ.rWm encrypted

username rdcafwadmin password iqtp6BSrFydQnyAe encrypted

aaa authentication ssh console LOCAL

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

virtual telnet 172.26.24.19

auth-prompt prompt Please enter your username and password

auth-prompt accept Authentication succeeded.

auth-prompt reject Authentication failed. Try again.

telnet timeout 5

ssh scopy enable

ssh 172.22.161.0 255.255.255.0 inside_data

ssh 172.22.163.0 255.255.255.0 inside_data

ssh 172.26.18.0 255.255.255.0 inside_data

ssh timeout 60

ssh version 2

console timeout 0

management-access inside_data

!

class-map my-ips-class

match access-list IPS

class-map Voip

match dscp cs3

ef

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

class my-ips-class



ips promiscuous fail-open

policy-map qos

class Voip

priority

policy-map my-ips-policy

class my-ips-class

ips promiscuous fail-open

!

service-policy global_policy global

ntp server 202.108.158.139

Cryptochecksum:c46fbf0ead94c0a5c60d415f8b5ce82b

: end

shafw01(config)# sh verCisco Adaptive Security Appliance Software Version 7.0(4)

Device Manager Version 5.0(4)Compiled on Thu 13-Oct-05 21:43 by builders

System image file is "disk0:/asa704-k8.bin"

Config file at boot was "startup-config"shafw01 up 47 mins 3 secsHardware:

ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz

Internal ATA Compact Flash, 64MB

BIOS Flash AT49LW080: @ 0xffe00000, 1024KBEncryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)

Boot microcode

: CNlite-MC-Boot-Cisco-1.2

SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03

IPSec microcode

: CNlite-MC-IPSECm-MAIN-2.04

0: Ext: GigabitEthernet0/0

: address is 0013.c482.3ff8, irq 9

1: Ext: GigabitEthernet0/1

: address is 0013.c482.3ff9, irq 9

2: Ext: GigabitEthernet0/2

: address is 0013.c482.3ffa, irq 9

3: Ext: GigabitEthernet0/3

: address is 0013.c482.3ffb, irq 9

4: Ext: Management0/0

: address is 0013.c482.3ffc, irq 11

5: Int: Internal-Data0/0

: address is 0000.0001.0002, irq 11

6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs

: 25

Inside Hosts

: Unlimited

Failover

: Active/Active

VPN-DES

: Enabled

VPN-3DES-AES

: Enabled

Security Contexts

: 2

GTP/GPRS

: Disabled

VPN Peers

: 300This platform has a Base license.

Serial Number: JMX0949K06H

Running Activation Key: 0x7626e778 0xf831bcc6 0x445328fc 0x84003414 0x0e1bcb8a



Configuration register is 0x1

Configuration last modified by enable_15 at 16:29:59.641 cet Thu Feb 16 2006

shafw01(config)#

shafw01(config)#

shafw01(config)#

shafw01(config)#

shafw01(config)# sh int ip brief

shafw01(config)# sh int ip brief

Interface

IP-Address

OK? Method Status

Protocol

GigabitEthernet0/0

unassigned

YES unset

up

up

GigabitEthernet0/0.150

172.26.24.18

YES CONFIG up

up

GigabitEthernet0/0.151

10.48.8.1

YES CONFIG up

up

GigabitEthernet0/1

unassigned

YES unset

up

up

GigabitEthernet0/1.161

172.26.30.1

YES CONFIG up

up

GigabitEthernet0/1.163

172.26.31.1

YES CONFIG up

up

GigabitEthernet0/2

unassigned

YES unset

administratively down down

GigabitEthernet0/3

unassigned

YES unset

up

up

GigabitEthernet0/3.154

172.26.24.9

YES CONFIG up

up

Internal-Control0/0

127.0.1.1

YES unset

up

up

Internal-Data0/0

unassigned

YES unset

up

up

Management0/0

222.66.83.18

YES CONFIG up

up

热心网友 时间：2022-05-04 22:14

思科认证是互联网领域的国际权威认证。

先说CCNA吧，CCNA认证（CCNA－思科网络安装和支持认证助理）是整个Cisco认证体系中最初级的认证，同时它也 是获得CCNP认证、CCDP认证和CCSP认证的必要条件（CCIP认证、CCIE认证不强制要求，换句话来说，就是你可以直接考CCIE或CCIP，没必要去考CCNA），所以对于CCNA其是最基础的证书，是考取CCDP,CCNP,CCSP的必须经过的流程，但不是必须要考的！因为（CCNA认证属于Cisco售后工程师认证体系得入门认证）
对于CCDA，CCDA认证（思科认证设计工程师）表示在设计思科网络基础设施方面具备基本的或者初步的知识。你可以理解为，其与CCNA相同（但个人认为CCNA好点）

对于CCDP而言：

CCDP认证表示精通或者熟知网络设计知识。获得CCDP认证资格的网络人士能够设计包含局域网、广域网和拨号接入服务的路由和交换网络，采用模块化设计方法，以及确保整个解决方案出色地满足业务和技术需求且具有高可用性。（要考取CCNP必须先通过CCNA）

对于 ：CCNP而言：CCNP认证(思科认证网络专业人员)表示通过认证的人员具有丰富的网络知识。获得CCNP认证的专业人员可以为具有100到500多个节点的大型企业网络安装、配置和运行LAN、WAN和拔号访问业务。 （要考取CCNP必须先通过CCNA）

对于CCIE;

专家（CCIE）
思科认证网络专家项目（CCIE Program）为网络技术设立了一个专业标准，被业界广泛认可。拥有CCIE认证被认为是具有专业网络技术知识和丰富工作经验的最好证明。(可以直接考取，难度最高)

CCNP需要先考CCNA,CCIE可以直接考,

CCNA,CCNP,CCIE都不一定接受培训机构培训,可以自学,报名考试

热心网友 时间：2022-05-04 23:32

在北京有好多是通过思科授权培训的机构，像北京华尔思这样的机构等
CCNA认证介绍----CCNA-思科认证网络支持工程师
CCNA认证证书说明了你拥有一定的网络知识去提供服务给中小型企业。作为CCNA的专业人才将能够安装，调试和运作局域网(LAN)，广域网(WAN)，和拨号网络服务给小型网络(一般来说100个节点或更少).同时能够操作IP；IGRP；IPX；Serial；AppleTalk；Frame Relay；IP RIP；VLANs；RIP；Ethernet；Access List等网络协议。
CCNP认证介绍 ----CCNP-思科认证网络高级工程师
CCNP证书表明拥有针对中型到大型企业网络的局域网和广域网的组网能力（路由和交换技术），能够对企业局域网和广域网进行规划、实现和检查排错。CCNP工程师能够协同安全、语音、无线工程师共同实现企业多业务网络的构建。CCNP认证由三门标准课程（路由、交换、排错）组成。