PDA

View Full Version : Passed CCIE RS lab (TS2, DIAG H3, CFG H1).



switching
07-27-2018, 10:51 AM
Hi guys,
I would like to share my feedback, thank you all guys for your support.
My advice:
Practice every CFG, many guys failed because he did not practice H1, H1+.

That is the link to download EVE-NG (included LAB)

http://iecollection.net/Forums/showthread.php?65-EVE-NG-for-CCIE-RSv5-(CFG-Tshoot-Updated-new-TS2-variation)

TS: TS2

#1: Port-Security on switch 410
A: Change MAC address on SW410

#2: NAT ACL wrong on R14
A: Add an entry in the NAT ACL to “permit any”

#3: R10 has higher local-preference for routes in DC2
A: Lower local preference to 100

#4: R20 has BGP pre-best-path ext. cost community on inbound routes from the ISP. Can’t touch BGP.
A: Insert route-map sequence before the sequence w/ the ext. cost community.

#5: Server in DC1 can’t reach IPv6 WAN address
A: Don’t disable IPv6 unicast-routing. Add “ipv6 address dhcp” and “ipv6 address autoconfig default”

#6: Large Office traffic not being routes
A: MPLS LDP password wrong on R3. Redistribute on R51 between OSPF process 10 and 1. When redistributing, only redistribute internal routes into R51’s DMVPN tunnel. R50 is advertising a default route into OSPF. Change the metric to type E1. SW500 will load-balance at this point, and you won’t match the trace output. Fix this by increasing the OSPF cost on the link between SW500 and R51.

#7: R60 IPsec mode incorrect
A: Change IPsec mode to “transport”.

#8: User3 can’t ping R30
A: Change default gateway on R30’s DHCP reservation for Vlan2000.

#9: NAT incorrect on R24/R25
A: Add an “outside source” statement on R25 and R24. R24’s inside NAT statement was reversed.

#10: R71 Spoke not mapping multicast to R24 hub for OSPF
A: Add “ip nhrp map multicast <R24>” to R71’s tunnel interface.

DIAG: H3

Ticket #1: DHCP Snooping
A: Snooping was enabled on SW1 w/ all uplinks trusted. SW3 was the DHCP relay and the “show output” revealed that SW3 didn’t have any trusted relay interfaces. The packet capture confirms this when you filter for “bootp” packets. Select the first packet that has a relay address == 0.0.0.0 and Option 82 in the payload. The packet capture can only reveal this on the link between SW1 and SW3

Ticket #2: TCL Script
A: Find the HTTP GET request to determine the victim. The victim is the device initiating the GET request that is done over TCP. Follow the GET request stream to see the TCL script being downloaded by the victim. The TCL script will reveal all the possible attacks that could be executed by the attacker. All of the possible options were different banners except for 1, which had a malicious message and wiped the flash. Look at the list of possible choices in the ticket to determine the TCP port to follow that will show the hacker sending commands to the victim (mine was 1337). Pick the symbol or letter that does something destructive. The attacker executes the TCL script by using “tclsh http://victim_IP/bd2.tcl”

CONFIG: H1

1.1: Same as WB

1.2: Same as WB

1.3: Same as WB

1.4: Same as WB

2.1: Same as WB

2.2: Same as WB

2.3: Didn’t have to touch Vlan6. Only ran EIGRP Named Mode on R15/16/17.

2.4: Lab required Phase 3 DMVPN. Didn’t configure “no split-horizon” under R17 Tunnel af-interface. This makes the NHRP routes show up in the RIB as legitimate routes (H), instead of override routes (%).

2.5: Same as WB. Injected a /30 subnet into BGP w/ a network statement to propagate the 10.0.0.0/8 aggregate.

2.6: Same as WB. Didn’t need to configure a default local preference on R11 above 100. Only R9 needs an increase in LP.

2.7: Same as WB

2.8: Same as WB

2.9: Same as WB

2.10: Same as WB. I used “redistribute connected” under R12/R14 IPv6 BGP AF.

2.11: Same as WB. Didn’t need to configure multicast on SW6.

3.1: Same as WB. I used “mpls ldp autoconfig” under the OSPF process.

3.2: Same as WB

3.3: Same as WB

3.4: Same as WB

4.1: Same as WB. Configure “no motd-banner” under VTY lines to prevent duplicate banners when using SSH.

4.2: Same as WB

5.1: Same as WB. I added logging to my ACL and included a “deny any log” line at the end.

5.2: Same as WB

5.3: Same as WB

5.4: Same as WB. I added “ntp disable ipv4” under Lo0 on SW3.