TX 75035,USA
live:cciernstricks

CCIE R&S v5 Exam Review on 01 June 2015

CCIE Real Lab Workbook

CCIE R&S v5 Exam Review on 01 June 2015 No ratings yet.

Hello guys,
I just passed the CCIE LAB, below is a summary of what I remember, including the DIAG.
I apologize for my English, if I’m not clear, ask, and I’ll try to explain better.

TROUBLESHOOTING !!!!!!!!!!!
**************** TSHOOT 1
– On PC101 the interface toward SW2 has the mac-address configured manually, delete it.
– On SW2 the interface toward PC101 has configured incorrect vlan-id (10 instead of 100).
– On SW2 interface to PC101 has configured port security mac-address sticky, the “MAC-ADDRESS” is wrong, delete it.
– On R8 configured wrong DHCP client-id.
**************** TSHOOT 2
– On R17 under the interface serialX/Y (to R12) missing “ppp ipcp route default”
**************** TSHOOT 3
– On R5 configured “max-metric router-lsa”, remove it.
**************** TSHOOT 4
– On R12 the interface toward R14 is configured with “bandwidth 1000”.
– On R11-R12-R13-R14 missing “metric weight 0 1 1 1 1 1”

DIAG !!!!!!!!!!!
**************** TK1 -> LAYER2
SW1 and SW2 in server mode, SW3 and SW4 in client mode, SW3 has just been replaced and the configuration copied to the new switch, hosts connected to VLAN 501 do not reach the other networks !!
On SW3 the vtp revision number is zero (on server is ONE) and the number of VLAN is less than others switches.
– question: which device has the problem??
– answer: SW3
– question: which command you used to verify??
– answer: show vtp status
– question: which information you will ask to risolve??
– answer: about vtp password

**************** TK2 -> DMVPN
On R15, under eigrp there is no announcement about nbma addresses.
The problem is on the R16, one of its Ethernet ports has configured a ip address with wrong subnet mask (/ 29) which includes the ip address that R15 uses as tunnel source.
– question: which device has the problem ??
– answer: R16
– question: how to solve it ??
– answer: increase the mask length to /30.
**************** TK3 -> uRPF
see annex.
uRPF loose mode configured on R1 (e1/0 and e2/0) and in strict mode on R2 and R3 (I believe on the doors to R1).
– question: what is the cause of the problem?
– answer: uRPF in strict mode with load-balance to destination (I am having little time I responded with one of the logical answers).
– question: drag and drop with eight possibilities. Same as above, I was trying to sort the answers but the time has expired !! 😥

LAB !!!!!!!!!!!
version with vrf LOCALSP (AS 45678 – Sydney) !!
Layer two: spanning-tree MST, SW1 and SW2 vtp transparent, server SW3, SW4 client, mac address aging 10800 seconds on SW3 and SW4. Portfast and bpduguard on SW1-2-3-4.
ospf bgp in as12345: the router R1 should not be a transit, entered command “max-metric router-lsa”.
eigrp as in 34567: you can not use eigrp 64-bit (normal eigrp – do not forget “no auto-summary”).
eigrp as in 45678: requires antireplay protection of R15-R16-R17-SW5-SW6 so used eigrp 64-bit.
eigrp as in 65222:I configured eigrp 64-bit (I seem to remember it was requested) remember immediately put “no split-horizon” of R17 for DMVPN.
bgp as 12345: R1 as RR, peer-group iBGP, disables default ipv4-unicast, on R2 and R3 the “address-family vrf” the family was not preconfigured,
on R20 bgp preconfigured but only neighbor to R3 and R4 without default originated, on R6 and R7 preconfigured neighbor to AS20001 and AS20002,
bgp as 34567: disable default ipv4-unicast, on R8-R9-R10-R11 preconfigured neighbor to their ISP (attention!! missing bgp router-id), recalls the command “next-hop-self” and “redistribute eigrp 34567” on all routers.
Routers R9 and R11 as primary and backup for the routes injected from the outside, both inject only 0/0 in eigrp.
bgp as 45678: R15 peer with AS10003, R16-R17-R18-R19 in vrf LOCALSP and They should receive only the default by AS20003.
bgp routing policy: PE routers in AS12345 announce in vrf INET to ISPs only 123.0.0.0/8, same for peering toward the ISPs in AS34567; the router R13 (AS65112) must prefer the routes from AS20002 (I used “WEIGHT 50000” to AS20002).
mpls vpn in AS12345: R1 as RR vpnv4, R4 and R5 transits (no bgp), all routers “no mpls ip ttl”, ldp enabled under ospf with “mpls ldp autoconfig” (no restrictions).
ospf IPV6: in my LAB it’s used the feature “IPV6 general-prefix”, to see ipv6 addresses use the command “show ipv6 int brief”, in ospf not allowed to use the command “ipv6 ospf” so you must use the OSPFv3, recall redistribute connected SW3-SW4-R10-R11.
bgp IPV6: on R10 and R11 under “router bgp/address-family ipv6” redistribute connected and ospf with include-connected, internal and external, on R12 and R14 “allowas-in” and IP addresses configured under the subinterface (eg e0/1.4 for ipv4 and e0/1.6 for ipv6).
multicast: peer PIM between R15 and R17 (in my lab no eigrp manipulation), multicast sorce (232.1.1.1) on SW5 (vlan5), receivers on LAN ports of R18 and R19.
DMVPN: minimum configuration of the tunnel port, remember command “tunnel vrf LOCALSP” and “tunnel sorce interface XYZ” because otherwise the tunnel does not go up, commands for DMVPN Phase 3, on R18 and R19 “eigrp stub connected” and standard encryption (tunnel protection, pre-shared, keyring, DH 1024, ….)
Infrastructure: same as this in the forum (banner, port security, ssh, ntp, ip flow top-talker), only a variant of NTP (with authentication) where the server is SW3 while the two peers are R10 (not R14) and R12.

Thanks and good luck to all !!! :yo:

Please rate this