Cisco Dumps Feedbacks

CCIE Written And Lab Feedbacks

TS2,DIAG H3++,CFG H1+

Q1
No 10
No 30
Ospf: no passive interface
Dhcp: change to infinite because lease is short

Q2
SW 111: ospf cost is 100
It deleted

Q3

This problem did not go well.
TE will succeed by changing origin.
However, the displayed AS-path was not displayed
My result was that the AS number of the third hop was 19999.
But the question was AS number 65002.

Q4
the content of BGP was that it did not touch.
I changed the route by setting the OSPF cost of R20 Lo 0  is 0 to   100.

Q5
R60 subnet is different. / 32 → / 24

Q6
VLAN 111 was not advertised to OSPFv 3 by SW 111.

Q7
The process ID of OSPF was different for R1 Lo 0.
In R 10 ospf  external was 19.
It changed to 201.

※ There were things
I was wasted in in ignoring.
· There was a router with mpls ldp router-id lo 0 and mpls label  protocol ldp set in R1 - R6, and a router not configured.

· The route-target imports its own export
I was worried about  changing.
However, it was described as separete 2 faults in the problem
sentence, and traceroute was the result that was requested and I
ignored it.

Q8
SW 300/301: vlan 2000 & 2001 ip dhcp relay information trust
SW 310: ip arp inspection
Dhcp: change to infinite because lease is short

Q9
Ospf network type is change

Q 10
Nat pool was set up.
I set up the ip nat outside source static 201.99.70.2 . . .  
Command on R24 and R25 and it was able to telnet.

DIAG H3++ same   as spoto solutions

CFG H1+ same


TS2, H2 DIAG, H2+ CFG

1
SW400\SW401
vlan access-map ATTACK 20
  action forword
2
SW111
  nt vlan 2001
ip ospf 65001 area 0
R14\15
router bgp 65001
  nei DC1 next-hop-self

3
Sw101:int E1/2 no ip ospf cost 1
R12\R13
  no access 1 2
access 1 per 10.1.1.0 0.0.254.255
access 2 per 10.1.0.0 0.0.254.255

4
  20 21 do not use route-map, 
route-map LP per 10
  se local 200
router bgp xx
  neighbor xx route-map

5
R14\R60\R51
in tun 0
  ip ospf net point-to-multi

6
R15 router bgp 65101
  add ipv6 net *********

7
R1
int loo 0
  ip ospf 10000 area 0

R5
ip vrf GLOBALISP
  route-tar ex 65003:3

8
SW300\SW301
  int vlan 2000
   ip dhcp relay infor trusted
9
R71
in tun 0
  tun key 10000

10
R24/R25 add ip nat outside

LAB 2+

Layer 2: switch config vlan on exam ,but you need config MSTP by yourself
AS 65002 do not config OSPF, almost interface of access had associate to vlan 999 and shutdown.
R11\R12\R13\R14\SW1\SW2 preconfig with OSPF.so you do not need to config it .

R17\19\20\21  create VRF and associate interface to VRF
EIGRP area use as 1, 5 routers only network E0/0. You need network loopback 0 by yourself
BGP routers had config bgp ,but do not config route-id.
R52 and R58 ip address is wrong ,need modify to correct ip address . 


TS1 H3+++DIAG H1+ CFG

TS1
Q1  SW2:add vlan 12 
Q2  R17:int s4/0
          No ppp authen chap callout
Q3  R21: int e2/0
         No ip ospf cost 1

Q4  R13: int e1/0
         No delay 1000

Q5  R12: router bgp 14567
         Max-paths 2  

Q6  R22:bgp add  next-hop-self

Q7  R18  and R19 DMVPN down
Ip nhrp map x.x.x.x x.x.x.x address is wrong , compare R17 configuration of R17
      R15 no ip split

Q8  R3 and R4 did not import RT of R5  and R6 
R3 IPv4 bgp address family
    network 125.45.67.20 mask 255.255.255.252
R8  123 subinterface add ip nat inside
R4/R6: int e2/0
       Ip ospf cost 1000
Q9  R7  crypto add  group 14

Q10  R21:telnet nas.home.net 8008  nslook is OK ,but did not display open
       Add ip http server on NAS 

D3+++
Q1:filter bootp pasket ,find source is 0.0.0.0    destination is 255.255.255.255   [SYN] seq=0
   The seq is 133

Q2 decive:SW1  ip dhcp relay into trust
Q3 chosse SW1-SW3

Q4  router’s vty
    10.1.1.1 on port 1337
    HTTP
    Backdoor
Q5  esdu poweroff
Q6  talsh hhtp://10.1.1.1/bd2.tcl

H1+ CFG
SW1 and  SW3  had create vlan,interface had associate to vlan 
R10 will receive  62.62.62.62 route ,deny it
R6 /R7/R12/R13/R14 had config BGP neighbor ,but forget to add router-id and no bgp default ipv4


[2018-02-12 Beijing Pass] TS2, H3DIAG, H3CFG

TS2 BT2

1
Layer 2
remove the ACL111 No.10 and 30 on SW400 and SW401
Changed the lease to infinite (R40 or R41, forgot)
'no passive-interface vlan 2000' on SW400 and SW401

2
BGP
RR goto R15 chosen the path IGP cost lower(19, goto R14 is 20), check the relational interfaces, find ip ospf cost 9, remove it

3
BGP2
There was a note in question that here will be 2 separate faults
The interface lo0 on R23 change from OSPF10 to OSPF1, than IBGP up incomplete change to igp

4
BGP3
The question required that can't change BGP Attributes, and there will be 2 available path to ISP
change cost higher under lo0 on R20 (IGP metric better)

5
DMVPN
change the mask from 32 to 24 under interface TU0 on R60

6
IPv6
added 'ospfv3 65001 ipv6 area 0' under SVI2001 on SW111

7
MPLS VPN
There was a note in question that here will be 2 separate faults
move the interface E0/1 from OSPF10 to OSPF1 on R5, LDP up
remove 'distance ospf external 19' under OSPF on R10

8
Security
added 'ip arp inspection trust' under po2 on SW310 (there is this command under interface po1)
change DHCP server lease to infinite and shutdown/ noshutdown PC's interface, get IP address
'no ip dhcp snooping information option' on SW310

9
DMVPN
remove 'ip ospf network point-to-multipoint' under tun0 on R71

10
NAT
remove 'ip nat source static 201.99.24.70 201.99.70.2' and add 'ip nat outside source static 201.99.70.2 201.99.25.70' on R24

DIAG H3

Ticket 1
1 filter packets used keyward: bootp, ensure it's No.113
2 device: SW1
command: show ip dhcp relay information trusted-sources
3 SW1----SW3

Ticket 2
1 TCP connection from the router to 10.1.1.2
TCP connection from a remote host to the router’s IP address 10.1.1.1 on port 1337
Downloading a TCL script in memory via HTTP
Installment of a ransomware via a backdoor
2 e sudo poweroff
3 tclsh http://10.1.1.1/bd2.tcl

CFG H3

Note: The unmentioned chapters are completely consistent with the solution.

1.2
LAN Distribution
The inerface connection that between distribute switches and access switches is in below:
SW300 E2/0-1 SW310 E2/0-1
SW301 E2/0-1 SW310 E2/2-3
SW400 E2/0-1 SW410 E2/0-1
SW401 E2/0-1 SW410 E2/2-3
SW500 E2/0-1 SW510 E2/2-3
SW501 E2/0-1 SW510 E2/0-1

1.3
STP
There is vlan 3001 on SW310
so there will be Block interfaces for MST3, but in question, only required access vlan (2000-2009), so it's no problem

1.4
PPPOE
The interface E0/0 on R70 is shutdown and didn't configure IP address

2.2
OSPF in DC1
The interfaces of SVI2001 on SW110 and SVI2001 on SW111 were not passived, so you didn't need configure suppression under interface;
The configurations about OSPF have already been configured (include router-id and set process-id and area) except the below:
1- need configure prefix-suppression
2- The interfaces about lo1 on SW100 and SW101 need add 'ip ospf 1 area 0' (work for multicast)

2.3
OSPF in AS65004
R100 have an interface lo1, the ip address is 10.4.42.42, same with lo0 on R42, just shutdown it
The configurations about OSPF have already been configured (include router-id and set process-id and area) except the below:
1- The interface E0/2 on R42 need set to area 2

2.7
BGP transit
the questions required that R10, R11, R14, R15, R20, R21 only can advertise 7 class B prefixes and default route, because R15 didn't have any remote-site, so only configured prefix-list but no calling to any where

2.9
IPv6
SW111 need configure ipv6 unicast-routing
The IPv6 BGP has been configured on R14 and R15 with R9, but didn't filter only default route

2.10
Multicast-routing 1
All interfaces have already been configured 'ip pim sparse-mode', but need enable 'ip multicast-routing' by yourself
The output on SW100 is like below:
This system is an RP (Auto-RP)
This system is an RP-mapping agent //here is no '(xxxx)',no information for interface, The actual situation must be loopback1
Group(s) 239.250.0.0/16
RP 10.250.250.250 (DC1-RP), v2v1
Info source: 10.250.250.250 ( ? ) , elected via Auto-RP
//'(?)' must be display mistake, ingore it

2.11
Multicast-routing 2
The output on R13 is like below:
Group(s) 239.250.0.0/16
RP 10.250.250.250 (DC1-RP), v2v1
Info source: 10.1.113.2 ( ? ) , elected via Auto-RP
//This information is mismatch with Section 2.10,I want to ask proctor Andy, but he is not in there, so I follow the solution that used lo1 (also in question required)

3.1
MPLS VPN
There are 2 diagrams on the exam, on Diagram 2: MPLS domain has IPV4+VPNV4 neighbor, but on Diagram5: only VPNV4 neighbor, I refer to the Diagram 5 mentioned in questions, just only set VPNV4 neighbors

3.3
Internet Access
The questions required that the interface E0/0 faced to ISP on R60 can't generate unnecessary arp, so I added 'no ip proxy-arp'

3.4
IPSec
There are questions reqiured that the packets from 10.7.0.0/16 to 10.0.0.0/8 need be protected by IPSec, and there has been a NAT on R71, permit any traffic except 10.7.0.0/16 to 10.0.0.0/8, so I set a NAT pool 10.7.0.0/16 to 10.7.0.0/24
ip nat pool B2C 10.7.0.1 10.7.0.254 netmask 255.255.255.0
!
ip access-list extended B2C
deny ip 10.7.0.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip 10.7.0.0 0.0.255.255 10.0.0.0 0.255.255.255
!
ip nat inside source list B2C pool B2C overload

There has been configured redistribute static under BGP on R24, and E0/0 called crypto-map, just only need configure a static route to 10.7.0.0/16

4.1
IPv6 Secutiry

vlan configuration 2001
ipv6 nd raguard
ipv6 snooping
!
interface vlan 2001
ipv6 nd router-preference high
!
Interface range e1/0-3
Ipv6 nd raguard

5.1
SNMP
'snmp-server view NMS dot1dbridge excluded' can be configured
added EEM script for reload
event manager applet NO_SNMPv1
event syslog occurs 1 pattern "%SYS-5-RESTART: System restarted"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "no snmp-server group ccie v1"
action 4.0 cli command "end"
action 5.0 cli command "write"
Tips: Be careful for Upper case and lower case

5.3
DHCPv6
The interface E0/0 has been configured 'ipv6 nd autoconfig default' on Server1, can get IPv6 default route directly


TS1, H2+DIAG, H1+CFG

TS2:
Ticket1:
User4 “int e0/0” did not have “ip address dhcp client-id e0/0”
On R40 I applied “lease infinite “R40” for all scopes” and created a static pool for USER4. The ip address of user4 is can be found under “excluded ip addresses and its .1 ip address
On Switch 401/402 “I removed passive-interface vlan 2000 and passive-interface vlan 2001”
Removed access list 10 and 30.
Vlan Access-maps were present
Ticket2:
“next-hop-self” was missing on both R14/R15 and I added the “ ospf 1 area 0 “ on SW111 “int
vlan 2001” and the ip ospf cost was 9, I set default ip ospf cost.
Ticket3:
Load balancing was the same as spoto mentioned to check the access-list and make them correct.
SW101 has the “ospf cost value” remove it by finding with command “ Show run | s ospf “
Added the correct origin/incomplete/igp on RR routers
Added the necessary ip ospf cost on R13/R22. Please check out and traceroute details if things aren’t working correctly, do “clear ip bgp * soft and clear ip ospf process “
Ticket4:
Applied the route-map on the routers R20/R21
The traceroute will be from server 2 behind switch200, may need to modify the ip ospf cost on SWITCH200 to have the traceroute match.
Ticket5:
Added “Fixed the subnet mask on R60 for DMVPN neighbor to come up” other devices were okay but double checked everything. Use “show ip ospf nei” on R14 to see the neighbors
Ticket6:
I redistributed the ospf under BGP ipv6 address family and advised the ospfv3 1 ipv6 area for vlan20001

Ticket7:
In MPLS check all the route-targets are importing its self so I removed them, you do not need import yourself. Only export your PE and import your neighbor Pes. Modified the OSPF distance on R10 to 210.
Also I added the below on all routers
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id lo0
!
Ticket 8:
Add “ip dhcp relay info trust” on both SW300/SW301’s interface vlan 2001/2000
Added “lease infinite “ R30”
User3 “int e0/0” did not have “ip address dhcp client-id e0/0”
Created a static pool for USER3. The ip address of user3 is can be found under “excluded ip addresses.
Remove Passive interface for vlan2000 and 20001 on both SW300/SW301’s
Switch 310 added ip snooping trust on P02 and “IP DHCP snooping information option”
Ticket9:
R24 had “ip ospf network point-to-multipoint”
Ticket10:
Just added “ip nat outside source X X like spoto” but the ip address will be 134.x.x.x
DIAG H2+
I spent much time on diagnosis because I want to verify all the answers because previously I was given h2 cfg.

H1+ CFG.
Layer2 was not configured at all, only VTP was configured with missing password
BGP was not configured, ospf was not configured
R6/R7 had bogus vrf under interfaces, do not touch them, or configure neighbors, its to confuse you. They need do not need to go towards R12/R13/R14


TS1, H3 DIAG, H2 CFG

ts1

The faults is in the practice materials ,it is no problem
It should be noted that some of the names have changed and have little impact.

diag 3
1,filter “boot”only 3 seq packet source address is 0.0.0.0 choose the first one ,seq is 114。
2, it's source ip address 0.0.0.0
3,sw1-sw3
4,filter tcp。The first syn packet source address is 1.2 it is attacker

H2 CFG
Layer 2 preconfig,vtp is no problem ,you need config ospf of r17 AND r18

Note:AS 65001 not allowed to network segment , need to network under interface,

Note: the first test mentality is very important, must be calm, panic on the finished.
I know I will be nervous, just go into the ts when the feeling, and then there are two problems did not come out, immediately threw away the following questions. Behind slowly calm down, back to the above 2 questions also made out. Config even finished the same also have to follow the document again, to prevent leakage configuration, I check out a path behind the wrong, with the leak configuration.
Eight o'clock into the examination room, examiner, then very few, I asked him to roll when he was lying in a small room to rest. 1.40 out, I seem to be the first one out, in fact, I knocked on the 12 o'clock, not too early to come out. Eat something in the back of the seat of the cabinet, to take their own, the examiner does not seem to take the initiative to ask you to eat something.


TS1, H3 DIAG, H1+CFG

ts1

The faults is in the practice materials ,it is no problem
It should be noted that some of the names have changed and have little impact.

diag 3
1,filter “boot”only 3 seq packet source address is 0.0.0.0 choose the first one ,seq is 114。
2, it's source ip address 0.0.0.0
3,sw1-sw3
4,filter tcp。The first syn packet source address is 1.2 it is attacker

H2 CFG
Layer 2 preconfig,vtp is no problem ,you need config ospf of r17 AND r18

Note:AS 65001 not allowed to network segment , need to network under interface,

Note: the first test mentality is very important, must be calm, panic on the finished.
I know I will be nervous, just go into the ts when the feeling, and then there are two problems did not come out, immediately threw away the following questions. Behind slowly calm down, back to the above 2 questions also made out. Config even finished the same also have to follow the document again, to prevent leakage configuration, I check out a path behind the wrong, with the leak configuration.
Eight o'clock into the examination room, examiner, then very few, I asked him to roll when he was lying in a small room to rest. 1.40 out, I seem to be the first one out, in fact, I knocked on the 12 o'clock, not too early to come out. Eat something in the back of the seat of the cabinet, to take their own, the examiner does not seem to take the initiative to ask you to eat something.


TS1, H3+DIAG, H2+CFG

TS1
1.Create vlan 12, add vlan 12 to trunk port e0/0
2.PPP. Change local pool name in iface s4/0 on R12
3.OSPF. Delete passive iface in R22
4.EIGRP. Change K weight in R13, add deny host 145.14.14.14 to acl on R12 for offset-list
5.BGP. Change route-map MED value in R22 for prefix 194.1.0.0/16
6.IPv6, add network eth0/0 to bgp in R25
7.DMVPN. Add esp any any to acl in R19, ip nhrp reditect R15, delete redistribute connected on R15, ip nhrp nhs on R18
8.MPLS. Default-information originate on R7, ip nat outside e0/0.125, ospf cost 1000 in R4, R6.
9.DMVPN NAT. Change key address on R7 to 0.0.0.0
10.NAS. Enable dns server on R23, change nat conf
DIAG+++.
All same.. Server ip 10.0.2.2
CONF H2+
All same to spoto solutions


TS1, H2+DIAG, H1+CFG

TS1

1. Vlan 12 allowed on trunk on SW2 and no passive int on OSPF
2. PPP incorrect password on R17, did not add net 145.67.89.20/30 on R12
3. R22 passive interface e0/0
4. No BGP session between R4 & R5, weird route-map names, and some different from spoto
only metric cost for prefixes 123 and 134. In my case i modified prefix 134 on R6
I added ip prefix-list 194 seq 10 on R21
5. Passive interface e0/0 on R14
Remove eigrp weight on R13
6. Only added IPv6 phone network
7. Restiction to only do 2 corrections: 1) R19 add permit esp any any on ACL
2) add ip nhrp nhs on R18
Note: On R15 had redistribute bgp with metric 1 1 1 1 1 i left that command due restriction
8. Same restriction to only modified 2 things: 1) add ip nat inside on R8 int e1/0.23
2) R7/R8 has no default-info originate and trace from R104 did not work until command added on R7
I asked proctor if i need to consider to enable backup link and she told me: No, just main backup so i left ticket with
only these 2 changes
9. Incorrect crypto address on R7 (Had something like 192.x.x.x). I noticed on Tunnel10: tunn sour 172.x.x.x. instead the interface alias
10. Added on R21/R23 ip dns server and ip http server on NAS

DIAG H2+ exactly same as spoto (seq #227 for ipv6 frame)

CFG H1+ exactly same as spoto (only noticed the missing sentence "make sure R1 wont be a transit router of the traffics R1 is not source or destination"




CCIE DUMPS TAGS:

ccie security 350 018 400 101 ccie dump ccie data center resume ccie routing and switching ine videos ccie training cost ccie service provider version ccie routing and switching lab forum ccie rs lab solution cisco service provider video Ccie Study Guide Pdf