Dear All,

I was sitted CCIE Lab Exam on yesterday and got "Pass Pass Pass but Fail"
Even I did very well and confident I will pass but I am not too sure why I still
fail.
Kindly reviews my feedback and advice me on "Should I raise to re-read?" or "Just
try re-attempt!".

I posted about this first time here https://certcollection.org/forum/topic/319015-

pass-pass-pass-but-failed/page__st__14__p__1208367#entry1208367 and it was not
complete just because of I was shocked. Sorry to repost it again.

TSHOOT - TS2
===================================================================
Ticket 1
- added vlan access-map ATTACK 22 and action forward on SW400 and SW401
- no passive-interface vlan 2000 and vlan 2001 on SW400
- change dhcp lease 0 2 to lease infinite on R40
(ping and trace to 10.4.40.40 from user4)

Ticket 2
- next-hop-self is missing on both R14 and R15. Added.
- vlan 2001 interface is not in ospf on SW111 and added.
(ping and trace to 8.8.8.8 from server 1)

Ticket 3
- change acl from 10.2. to 10.1 on both R12 and R13.
- edit lo0 ospf configuration from ospf process 10 to 1 on R22.
(trace to 10.2.200.254 and 10.2.201.254 from SW110)
(trace to 10.1.200.254 and 10.1.201.254 from SW220)

Ticket 4
- same local preference 100 has been applied on both R20 and R21. Change to 1000 on
R21 and works.
(Trace to do from Server 2 to Large Office and from R41 to DC2.)

Ticket 5
- tunnel key value has mis-matched on R14 and R60. Change on R60 side to match with
R14 and solve.
(Output to match is to see ospf routes 10.100.0.1 and 10.100.0.51 on R60)

Ticket 6
- Server 1 unable to ping 2001:CC1E:BEEF:9:8:8:8:8. Added Server 1 ipv6 interface
network range (not just interface ipv6 ip) on under R15 bgp ipv6 address family and
solve.

Ticket 7
- Lo0 is not in ospf process on R2 and R3 interface e0/1 has no mpls ip enabled.
Fixed these two faults and issues was resolve.
(Asked to Trace from Server 2 and Trace from R50)

Ticket 8
- added ip dhcp snooping information option on SW310.
- added "ip dhcp relay information trusted" in vlan 2000 interface on SW300 and
SW301.
- Remove passive-interface vlan 2000 and vlan 2001 on SW300 and SW301.
- change dhcp lease 0 2 to lease infinite on R30.
(Asked to ping and trace to R30 from user3)
Ticket 9
- added "ip ospf network point-to-point" in tun 0 on R71 and solved.
(Asked to telnet 10.2.200.1 from user7)

Ticket 10
- added "ip nat outside source static 201.99.70.2 201.99.25.70" on both R24 and R25
and solved.
(Asked to telnet 201.99.25.2 from NAS).

DIAG H3+
=====================
Ticket 1
Question 1
-Frame number 133.
Question 2
- Device is SW1
- Command is show ip dhcp relay information trusted
Question 3
- Packet to capture is in between SW1 and SW3

Ticket 2
Attacker is 10.1.1.2 and Router/Server is 10.1.1.1
Question 1
- Choose 4 correct options
Question 2
- Choose "e sudo poweroff"
Question 3
- Choose "tclsh http://10.1.1.1/bd2.tcl

CONFIG H2
==============================

VTP are all pre-configured.

(SW3- VTP Server, the SW4,SW5 and SW6 are VTP-Client, VTP version 2, VTP domain
"Jamesons" and vtp password "CCIE" were pre-configured.)
Access ports already pre-configured on all Switches.

VLAN 100 and 101 are already pre-configured on SW1, SW2, SW10 and SW11.

EIGRP are already pre-configured on SW10 and SW11.

Uni-directional Redistribution has been pre-configured on R55 and R56. But in Pre-
merge Diagram, it was mentioned and needed bi-directional redistribution on R55 and
R56 (EIGRP < > BGP).

Uni-directional redistribution has been pre-configured on R58 (EIGRP > BGP)

RD and Route-Target values are pre-configured wrongly on R51 and need to correct.

All Questions are same as what we practicing but below some were I confuse and did
wrong.

First, outputs were asked to match on R9 and R10 in exam like below,

R9# sh ip route 52.52.52.52

Routing entry for 52.52.52.52/32
Known via "eigrp 1", distance 170, metric 1536640
Tag 172.172.172.172, type external
 Redistributing via ospf 1, eigrp 1
Advertised by ospf 1 subnets
Last update from 10.254.0.62 on Ethernet0/1, 02:12:45 ago
Routing Descriptor Blocks:
* 10.254.0.62, from 10.254.0.62, 02:12:45 ago, via Ethernet0/1
Route metric is 1536640, traffic share count is 1
Total delay is 2002 microseconds, minimum bandwidth is 10000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
Route tag 172.172.172.172

R10#sh ip route 52.52.52.52

Routing entry for 52.52.52.52/32
Known via "eigrp 1", distance 170, metric 1536640
Tag 172.172.172.172, type external
Redistributing via ospf 1, eigrp 1
Advertised by ospf 1 subnets
Last update from 10.254.0.66 on Ethernet0/1, 02:12:45 ago
Routing Descriptor Blocks:
* 10.254.0.66, from 10.254.0.66, 02:12:45 ago, via Ethernet0/1
Route metric is 1536640, traffic share count is 1
Total delay is 2002 microseconds, minimum bandwidth is 10000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
Route tag 172.172.172.172

I was unable to manage to get that output and only got below output,

R9#sh ip route 52.52.52.52

Routing entry for 52.52.52.52/32
Known via "ospf 1", distance 110, metric 20
Tag Path Length >= 1, AS 44204, 3244, type extern 2, forward metric 30
Redistributing via eigrp 1
Advertised by eigrp 1 route-map OSPF->EIGRP
Last update from 10.254.0.17 on Ethernet0/0, 00:29:57 ago
Routing Descriptor Blocks:
* 10.254.0.17, from 10.255.1.10, 00:29:57 ago, via Ethernet0/0
Route metric is 20, traffic share count is 1
Route tag 172.172.172.172

R10#sh ip route 52.52.52.52

Routing entry for 52.52.52.52/32
Known via "eigrp 1", distance 170, metric 1536640
Tag 172.172.172.172, type external
Redistributing via ospf 1, eigrp 1
Advertised by ospf 1 subnets
Last update from 10.254.0.66 on Ethernet0/1, 00:30:17 ago
Routing Descriptor Blocks:
* 10.254.0.66, from 10.254.0.66, 00:30:17 ago, via Ethernet0/1
Route metric is 1536640, traffic share count is 1
Total delay is 2002 microseconds, minimum bandwidth is 10000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
Route tag 172.172.172.172

Second, R1 have to peer with R3,R4,R5,R6,R7 and R8 by using ipv4 and vpnv4
addresses in Question.
R1 have to peer with all nine PE routers including R50, R51 and R52 with vpnv4
address in Question.
But in Pre-merge Phase 2 diagram provided in Exam mentioned that all nine PE
routers are peering with R1 using both IPv4 + VPNv4 address.
Thus I configured peering R1 with R50,R51 and R52 with both ipv4 and vpnv4
addresses. However, I did not typed "no bgp def ipv4 uni" command on R50, R51 and
R52.

Third, I didn't remove "no ip summary-address eigrp 10 0.0.0.0 0.0.0.0" on R58

interface e0/0.

Beside that, I didn't do any mistakes and manage to get all requested output.

Requested output are as below,

R11 - "show ip bgp 10.1.0.0/16"

R19
"ping 8.8.8.8"
"ping 10.16.2.1"
"ping 10.16.3.1"

SW1, SW2, SW10 - "ping 8.8.8.8"

R101
"ping 10.3.1.254"
"trace 10.3.1.254"
"ping 172.18.1.254"
"trace 172.18.1.254"
"ping 172.18.2.254"
"trace 172.18.2.254"
"ping 8.8.8.8"

Thanks.