Documente Academic
Documente Profesional
Documente Cultură
I was sitted CCIE Lab Exam on yesterday and got "Pass Pass Pass but Fail"
Even I did very well and confident I will pass but I am not too sure why I still
fail.
Kindly reviews my feedback and advice me on "Should I raise to re-read?" or "Just
try re-attempt!".
TSHOOT - TS2
===================================================================
Ticket 1
- added vlan access-map ATTACK 22 and action forward on SW400 and SW401
- no passive-interface vlan 2000 and vlan 2001 on SW400
- change dhcp lease 0 2 to lease infinite on R40
(ping and trace to 10.4.40.40 from user4)
Ticket 2
- next-hop-self is missing on both R14 and R15. Added.
- vlan 2001 interface is not in ospf on SW111 and added.
(ping and trace to 8.8.8.8 from server 1)
Ticket 3
- change acl from 10.2. to 10.1 on both R12 and R13.
- edit lo0 ospf configuration from ospf process 10 to 1 on R22.
(trace to 10.2.200.254 and 10.2.201.254 from SW110)
(trace to 10.1.200.254 and 10.1.201.254 from SW220)
Ticket 4
- same local preference 100 has been applied on both R20 and R21. Change to 1000 on
R21 and works.
(Trace to do from Server 2 to Large Office and from R41 to DC2.)
Ticket 5
- tunnel key value has mis-matched on R14 and R60. Change on R60 side to match with
R14 and solve.
(Output to match is to see ospf routes 10.100.0.1 and 10.100.0.51 on R60)
Ticket 6
- Server 1 unable to ping 2001:CC1E:BEEF:9:8:8:8:8. Added Server 1 ipv6 interface
network range (not just interface ipv6 ip) on under R15 bgp ipv6 address family and
solve.
Ticket 7
- Lo0 is not in ospf process on R2 and R3 interface e0/1 has no mpls ip enabled.
Fixed these two faults and issues was resolve.
(Asked to Trace from Server 2 and Trace from R50)
Ticket 8
- added ip dhcp snooping information option on SW310.
- added "ip dhcp relay information trusted" in vlan 2000 interface on SW300 and
SW301.
- Remove passive-interface vlan 2000 and vlan 2001 on SW300 and SW301.
- change dhcp lease 0 2 to lease infinite on R30.
(Asked to ping and trace to R30 from user3)
Ticket 9
- added "ip ospf network point-to-point" in tun 0 on R71 and solved.
(Asked to telnet 10.2.200.1 from user7)
Ticket 10
- added "ip nat outside source static 201.99.70.2 201.99.25.70" on both R24 and R25
and solved.
(Asked to telnet 201.99.25.2 from NAS).
DIAG H3+
=====================
Ticket 1
Question 1
-Frame number 133.
Question 2
- Device is SW1
- Command is show ip dhcp relay information trusted
Question 3
- Packet to capture is in between SW1 and SW3
Ticket 2
Attacker is 10.1.1.2 and Router/Server is 10.1.1.1
Question 1
- Choose 4 correct options
Question 2
- Choose "e sudo poweroff"
Question 3
- Choose "tclsh http://10.1.1.1/bd2.tcl
CONFIG H2
==============================
VLAN 100 and 101 are already pre-configured on SW1, SW2, SW10 and SW11.
Uni-directional Redistribution has been pre-configured on R55 and R56. But in Pre-
merge Diagram, it was mentioned and needed bi-directional redistribution on R55 and
R56 (EIGRP < > BGP).
RD and Route-Target values are pre-configured wrongly on R51 and need to correct.
All Questions are same as what we practicing but below some were I confuse and did
wrong.
First, outputs were asked to match on R9 and R10 in exam like below,
I was unable to manage to get that output and only got below output,
Second, R1 have to peer with R3,R4,R5,R6,R7 and R8 by using ipv4 and vpnv4
addresses in Question.
R1 have to peer with all nine PE routers including R50, R51 and R52 with vpnv4
address in Question.
But in Pre-merge Phase 2 diagram provided in Exam mentioned that all nine PE
routers are peering with R1 using both IPv4 + VPNv4 address.
Thus I configured peering R1 with R50,R51 and R52 with both ipv4 and vpnv4
addresses. However, I did not typed "no bgp def ipv4 uni" command on R50, R51 and
R52.
Beside that, I didn't do any mistakes and manage to get all requested output.
R101
"ping 10.3.1.254"
"trace 10.3.1.254"
"ping 172.18.1.254"
"trace 172.18.1.254"
"ping 172.18.2.254"
"trace 172.18.2.254"
"ping 8.8.8.8"
Thanks.