CCIE R&S v5 Exam Review on 07 MAY 2015
I passed CCIE lab thanks to cciereallabworkbook.com.Here is my feedback. It was my first attempt. Without cciereallabworkbook there is no way for me to pass the lab since you don’t have enough time to read questions and verify your all config within the give time in the lab.
I think the keys to pass the lab there is no secret or shortcut…..1) must study technologies very well, 2) should know your enemy before 3 months to take a lab and familiar with the topology, 3) Good at time management during the exam.
1.L2 issue -> VLAN 12 was missing on SW1 and SW2, so I added it.
2.PPP issue -> R17 had ‘ppp authentication chap callout’ and I removed it.
3.OSPF issue -> On R21, ospf cost 1 was configured. So I changed the cost to 10 to match with the ospf route output asked in the exam.
4.EIGRP issue -> one of routers had wrong bandwidth manually configured, so I changed it to match with the other interface. Also, I had to change K value to ‘metric weight 0 1 1 1 1 1’
5.BGP issue -> On R12, it was missing ‘maximum path 2’. So I added it to match with the requested output.
6.IPv6 issue -> On R22, IPv6 next hope was wrong. So, I modify the Route-map to correct IPv6 next hop.
7.DMVPN Hun and Spoke issue -> on R18 and R19, ip nhrp maps were wrong. So, I corrected them and shut/no shut for the tunnel to bring up the DMVPN tunnels.
8. MPLS issue -> I spend more than one hour to solve this problem. There were many faults. I am not sure my resolution was connect but it worked.
a.R3-R7 and R4-R8 0/0.125 BGP connection weren’t there. So I added.
b.On R3 and R4, vrf import were missing. So, I added.
c.R3,4,5,6 were configured as full mesh VPNv4 peering but they had ‘route-reflector-client’ was configured. I think we don’t need to have a route reflector if you have full mesh configured. So, I removed them.
d.On R7 and R8, there are redistribution from BGP to OSPF but metric was not configured on R8 to make R7 primary and R8 secondary for OSPF routes. So, I added the metric 9999 on R8 to make less preferred OSPF routes.
e.At this point, ping to 18.104.22.168 ( NAT ) via R7 works, and Ping from Branch to Branch works through R7, and Ping from Branch to Hub. But, when I rebooted R7 ( Primary ), NAT and any ping between VPN side failed. While I was troubleshooting the fail over issue, I was running out of 2 hour troubleshooting and I got a pop up window asked to continue the TS or not. I was so panic and I thought I would fail this exam. But, I didn’t give up. I skipped this issue and move on to T9 and T10. After completed T9 and T10, I came back to this issue. Then, I found out that R8 is missing ‘ip nat inside’ for e0/0.123. So, I added it but it was still no success. But, Then, I realized that R4 and R6 had a preferred direct OSPF link. So , I added ip ospf cost 9999 on both links between R4 and R6 because you want to MPLS route through R2 since MPLS was not enabled between R4 and R6. Now, it worked client PC behind R5. However, still failed from client PC behind R6. Then, I realized that there is no VPNv4 peering between R6 and R4. So, I added the VPNv4 peering and now all worked as expected.
9.DMVPN issue -> on R24, isakmp’s DH group was configured to gorup2 but R7 had group 1 was configured. So, I changed DH group 2 to 1 on R24
10.NAS issue -> On R23, DHCP identifier was not configured correctly to match NAS’s interface’s MAC. So, I modified the MAC address on R23.
Nothing special same as workbook.
1.Port security Issue
a.SW3 and sh ip int b
b.Host A and the mac address
a.R15 and removed NBMA address from redistribution
a.Root cause of the problem. -> uRFP and Async routing ( R1 has two interfaces, and uRPF strict mode was configured. )
b.Drug and Drop for ICMP packet flow. -> if you know the concept of uRFP and can read console output of routing table, you can select the correct order of the ICMP packet something like, R1 received ICMP packet, lookup routing table, translate source IP for NAT, send a packet from e0/0, and received by R2, and the destination reply to ICMP, and routing via R3, and R1 received the IMCP reply via a wrong interface, and drop it because of uRPF strict mode configured.
Nothing special shared in the forum. But, SW’s lookback interface was 123.20x.x.x. ( x is switch number, ex SW1, 22.214.171.124.1). Also, In IPV6 config section, the IPv6 interface was sub interface. In DMVPN, the tunnel ip address was 10.x.x.x. Since I lost my 30min by TS section, I didn’t have time to verify Banner, SSH and IPV6 auth. I configured the three sections within 10min. So, again, the time management is very key. I spent a lot of time for L2 and IGP verification since if you misconfigured those sections, the rest of the config won’t work.