TX 75035,USA
live:cciernstricks

CCIE R&S v5 Exam Review on 15 July 2015

CCIE Real Lab Workbook

CCIE R&S v5 Exam Review on 15 July 2015 No ratings yet.

Hello CCIE Dreamers !!

I am sharing with you my experience hoping it might be helpful.

T-Shoot:

1> PC101 needs to ping Server1 . Ping was already working. However they ask you to trace as well. Since Vlan 12 was not allowed on trunk on one switch, trace did not take desired path.

Resolution: Add Vlan 12. Note that they did not ask to ping using hostname “Server1/Server” so need not bother about DNS part.

2> PPP R12-R17 > Nothing special. On R17, “ppp chap hostname <name> command was wrong . So R17 was responding to R12 with wrong host name.

Resolution : Changed it to match what is configured on R12 in “username <name> password <pass>” command.
3> OSPF : OSPF neighbor-ship was missing between R5 and R22. Passive interface was present on R22.Resolution: Did no passive interface for concerned interface. Note there was no max-metric router-lsa. Had it been there I would have gone for “max-metric router-lsa summary 20 / max-metric router-lsa on-startup 5”. Both give desired result.
4> EIGRP : “metric weight 0 1 1 1 1 1” was missing on R11, R12,R14. Also there was offset 1000 out on R12. The ACL for this offset was permit ip any any.Resolution: Added “metric weight 0 1 1 1 1 1” where it was needed. Also denied 145.14.14.14 in ACL defined in offset-list statement.

kills. In exam , troubleshooting was way to easy than what we have been discussing here.
And without a doubt there would be jitters if I remove , change ,leave it as it is etc etc. Let that moment come and figure it out depending on what question needs.

For example many would say that I could have avoided route-map part in MPLS where I added “neighbor 123.x.x.x default-originate route-map MED”. Truth is yes I could have. Then I would have played with OSPF cost make cost to reach 123.4.4.4 higher from R6. But that is again just another way of dealing with it. I chose to use route-map and why would Cisco bother if you are using a legitimate way of doing it.

Diag:
1> SW3 has been replaced due to failure and a user is complaining. They give you tons of log. Be quick and without wasting go to console logs and see that vto configuration number is zero.

part1: Sw3 is problematic device. How did you check -> show vtp status.
part 2 : Sw3 is the device and “Ask for show vtp password”.

Note I am not sure. Some say that ask for VTP password of working switch which is also fine but what is the harm in asking password for SW3 to check if it is correct. I chose SW3 as device and asked for its VTP password.

2. EIGRP/DMVPN: They show an email that spokes have issues with HUB and connectivity problems. There is a big diagram showing connectivity. I checked console logs and wallah….. Midchain logs pointing to NBMA being advertised in EIGRP. I went to R15 (HUB) and it was not advertised. I checked the diagram and both R15 and R16 were shown as /30. I checked for config of R16 and actually inerface was /29.

So device with issues -> R16 and how will you fix it -> Increase subnet mask length on E0/0.

3. uRPF: There was hell lot of information there about this. Drag and drop. Choose 8 correct options.

Not we had
r1 -e0/0———e0/0 r2
r1 e0/1 ———e0/1 r3
r2———————-r3

Loose mode on both interface of R1.
Strict on R2 and R3 on interfaces going towards R1.

What I did:

R1 checks input ACL
R1 realizes it has multiple egress point.
R1 checks RIB (They give you output of show ip route , show ip cef etc)
R1 translates and forwards to R3.
R3 inspects ACL.
R3 notices that source is learnt via another of interface and drops it.
Part 2: BGP asymmetric routing with strict uRPF, BGP default missing. This is what I chose.
However what I believe it should be is : strict uRPF with per destination load sharing.

Frank advice: This section is more of luck than knowledge. Some might argue but you need to scrutinize hell lot of info if you have not seen kit discussed here on forums like this.
Pray that Diag does not change and proceed with preparations.
Configuration:

1> SW1,SW2 (Transparent), SW3(Server), SW4 (Client)
2> MST -> They ask you that there should be three instances.
3> mac-address ageing 10800 (3 hours)
4> EIGRP strongest auth/anti replay -> Named mode on R15,R16,R17,SW5,SW6.
5> NTP authentication
6> Terminal shell/Shell processing/R17
Rest was same.

Just note that they use “ipv6 general-prefix” to assign IPs on R12,R13,SW3, etc. This is just another way of assigning IP. So should you need to check IPV6 address, do show ipv6 interface brief.
Read on cisco about ipv6 general prefix to understand it.

Rest all was same.

Please rate this