1- Vlan access-map ATTACK 20 2- Next Hop Self on R15. Let me point out that the ping was working before, through R14. 3- Route-maps TE playing with MED to match the trace. As this is a 4p points there are two differents faults the first one is the ACLs applied in R12 and R13 because they are referring to networks in DC2 The second fault is to change the OSPF costs in the link between SW100 and SW11 so it can match exactly the trace 4- Follow the traze between User 5 and Server 2. The initial traze was going through the MPLS, I did first the MPLS ticket, so when I applied better local preference in R15 it preferred the path through LOCALSP, but then my trace was not exactly the same that they asked to me, so i played with OSPF costs, but then I realized that I was disrupting the T3 (because I was playing with the OSPF cost in DataCenter2) and it was a question of 4 points, so of the two traceroutes that they showed to you I was correct in one. 5 / DMVPN point to multipoint. you have to match the same routes as is the question 6/ DHCP snooping/ Quite straight forward 7 DMVPN in NHRP state. Tunnel key missmatch 8 MPLS As is a question of 4 points there are two kinds of faults. First problem LDP on R1 was not populated due to the Loopback 0 of R1 was not in the OSPF process Second problem R5 was exporting the wrong RT You have to be sure that your trace is exactly the same, I did not have to change any OSPF cost 9 Advertise LAN of Server 1 in R15 There is an aggregate network that fullfils all the networks in DataCenter 1, you need to create in BGP one statement of this range in order to create the aggregate so the ISP1 knows how to reach Server1 10/ Double NAT tricky About this question they ask you to translate in R25 the source and the destination so you have to play with ip nat inside and ip nat outside. Important to notice that the source is a network that does not exists in the HUB so we will not have a routing problem
Diag was the new one, as mention in previous post.
Config was the ‘old one’.
I recommend you guys practice a lot the config part, speed is really important so you get time for verification.
Advise for troubleshooting is to not remove any config, also be carefull not to impact the rest of the network when you try to fix issue.
I used IOU vm from this forum and this is really great for practicing.