PDA

View Full Version : Passed LAB TS2, CFG H3 updated, DIAG H2+



nokuta
09-20-2018, 04:54 AM
Hello Guys , Firstly I want to thank CC Dreamer and Combat for Their Efforts , and Without CCIE4Career update , It was very hard To pass The Exam .
Recently Got The Updates From CC Dreamer and Practiced alot .
About Exam : I dont know other countries , but in Dubai The test center is very Good , Console is not that much slow , speed is good .
When I was Working On the The PC in Exam I feeled like I'm in home and working in my own PC . Speed is good , Console is Good , alot of Bugs which i
heard From The Feedback of candidates wasnt there , room temprature was also normal , by the way i was wearing a jacket lolz .

TS2
1: there was vlan access-map configured sequence 1 was deny , sequence 2 was permit , in sequence 1 there was an access-list 111
I added sequence 25 with deny ip any any
2: The Trace output Required The patch to go via R14 , But it was going through R15 : added Next-hop-self in R14 and There was ospf cost 9
configured under interface Just Manipulate that and Make that ip ospf cost 10 , after clearing Ip bgp * soft , trace Gone Via R14.
3: This Trace and load balancing which required was a bit Tricky as Follows :
they Required that my Trace should Be Like This :
SW110#traceroute 10.2.200.254
Type escape sequence to abort.
Tracing the route to 10.2.200.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.22.1 1 msec
10.1.20.1 1 msec
10.1.22.1 1 msec
2 10.1.112.1 1 msec
10.1.212.1 0 msec
10.1.112.1 1 msec
3 10.12.22.2 1 msec 1 msec 1 msec
4 10.2.122.2 [AS 65002] 2 msec 2 msec 2 msec
5 10.2.20.2 [AS 65002] 2 msec 3 msec
!
-SW210#traceroute 10.1.200.254
Type escape sequence to abort.
Tracing the route to 10.1.200.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.22.1 1 msec
10.2.20.1 1 msec
10.2.22.1 0 msec
2 10.2.122.1 0 msec
10.2.222.1 0 msec
10.2.122.1 0 msec
3 10.12.22.1 [AS 65001] 1 msec 0 msec 1 msec
4 10.1.212.2 [AS 65001] 2 msec 2 msec 1 msec
5 10.1.22.2 [AS 65001] 2 msec 4 msec

So When I t-shoot The loopback of R23 was in Wrong ospf process ID , So Fixed That and in The access-list which Advertised The Even prefixes for R12
needed to add Set origin IGP in order to fix , Caue R13 had Set metric 2 but origin IGP .
And For This Traceroute IN Order The path to be like this We need To advertise the link between Ebgp Peers Or R12-22 , R13-23 .
So I advertised From The link From R22 and R23 , The Traceroute Output Become like This :

SW110#traceroute 10.2.200.254
Type escape sequence to abort.
Tracing the route to 10.2.200.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.22.1 1 msec
10.1.20.1 1 msec
10.1.22.1 1 msec
2 10.1.112.1 1 msec
10.1.212.1 0 msec
10.1.112.1 1 msec
3 10.12.22.2 [AS 65002] 1 msec 1 msec 1 msec
4 10.2.122.2 [AS 65002] 2 msec 2 msec 2 msec
5 10.2.20.2 [AS 65002] 2 msec 3 msec
!
-SW210#traceroute 10.1.200.254
Type escape sequence to abort.
Tracing the route to 10.1.200.254
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.22.1 1 msec
10.2.20.1 1 msec
10.2.22.1 0 msec
2 10.2.122.1 0 msec
10.2.222.1 0 msec
10.2.122.1 0 msec
3 10.12.22.1 1 msec 0 msec 1 msec
4 10.1.212.2 [AS 65001] 2 msec 2 msec 1 msec
5 10.1.22.2 [AS 65001] 2 msec 4 msec

4: They Want The Traceroute from Server2 via R21 , But The Question Stated Dont change any Bgp Attribute , So i Manipulate The Cost of Loopback 0 of R20 to 1000.
The problem Solved.
5:DMVPN : Only correct The Mask OF R60 to /24.
6: VLan 2001 of SW111 is not advertised in OSPFv3 , Just Advertised It .
7: In MPLS Vpn R5 loopback 0 was configured in Wrong ospf proccess ID Just put it in correct proccess id , and R10 Got #Ospf distance 19 , I change The Distance to 210 . clear ip ospf process.
8: Arp Inspection was configured in SW310 port-channel 2 , just Configured it in port-channel 1 also Problem Solved .
9: There was Ip ospf network mismatch , changed the network type of R71 to point-to-multipoint.
10: Just Added Ip nat inside source static tcp ...... and ip nat outised source static .......

DIAG
H2 +
Was same as Workbook.

H3 CFG
At the first Which The CFG started , The first thing i did was going on SW300/301/310 and Do the command # show run | s spanning-tree
They were configured with "no spanning-tree mst simulate pvst global" , just Removed NO in order to MST work.
Section 1 : exactly Same
Section 1.2 : exactly Same

Section 1.3
Same
only :
There is vlan 3001 on SW310
so there will be Block interfaces for MST3, but in question, only required access vlan (2000-2009), so it's no problem
!
After Section 1 , I go For Section 4 :
4.1 : exactly Same only needed to add # ipv6 nd raguard policy RAFILTERING
#hop-limit maximum 2
4.2 : Same
!
5.1 : Exactly Same , configured according to New H3 update .
5.2 : exactly Same .
5.3 : exactly Same .
5.4 : Exactly Same , the preconfiguration only Configured standby Ip . no preemtion , delay , timers , so added them .
!
Then I come To Section 2 :
2.1 Exactly Same , all Routers In headquarters Configured With correct router-id under ospf .
2.2 Ospf was preconfigured with correct router-id , But Sw111 had loopback 2001 , advertised that loopback into ospf ,
loopback 1 of SW100 and Sw101 was not advertised in ospf "neccessary for Multicast " Advertised Them , No passive interface was configured under
SW110 and Sw111 so only prefix-suppression under ospf process Needed.
2.3 Ospf was preconfigured with Correct Router-ids , only issue was Vlan 2000 and 2001 was passived under ospf process but not advertised in OSPF
Advertised vlan 2000, 2001 in OSPF , cause its neccessary for Later when the output requies ping from User4.
Could not touch R100 , Configured R42 with Proccess ID 2 and implement The Filtering according to new H3 Update.
2.4 Exactly Same , correct router-id was preconfigured under BGP.
2.5 Implement Multipath , used the commands according to New H3 Update .
2.6 External Bgp Neighbors were Configured , only thing was To add aggregate-timer , router-id , network , aggregate Statement under BGP . Question Was Exactly Same as workbook
no required R14 and R15 .
2.7 Required The Filtering for R10 , R11 , R14 , R15 , R20 , R21 ,
configred The Filtering according to new H3 update Which sequence 1 with deny statement added at the begining and Configured the filtering for R10.R11 , R14 for DMVPN , R20 and R21
although R15 was Configured Ebgp with ISP but Only Configured The Prefix-list In R15 didnt configured any filtering For R15.
2.9 Configured BGP with Connected Ipv6 interfaces , and other same as Workbook , the preconfiguration only Configured Ebgp with ISP without Filtering , So all other things needed to be added .
Also Needed to add Ipv6 unicast-routing for SW111 .
2.10 Exactly Same , Requested That in the output Info Source was loopback 1 of SW 100/ SW 101 .
so configured 2nd Variation of Multicast in The Workbook ,
Then Started 2.11 : Configured it according To NEw H3 Update , but at the End The question States It should Have The Exact Match :
"""""Everything Matched without R13 , in R13 Requested #sh ip pim rp mapping , The Info source was 10.1.113.2 , It confused me abit , i just thought with my self
The statement was saying Exact match so i removed the send-rp-discovery loopback 1 from SW100 and SW101 , ANd Remove the rp-announce-filter from Both Switches and Configured
the Send-RP-discovery to 10.1.113.2 of SW100 , and ADvertised That network into BGP .
And The OUtput matched as Required , Then I check The Question 2.10 Which The info source was Required was 10.250.250.250 but It was Required IN SW100 , So After My configuration I
used The command on SW100 # sh ip pim rp mapping : the source was 10.250.250.250 , so Both Problems Was Solved and The Both required Output was Solved , IN R13 the info source was 10.1.113.2.
Both Output Exactly Matched as The Exam Required.
^^^^ The important Point comes into Filtering , I did configure access-list 2 according to New Update and Configured it in the E0/0 of R30/R31 as follows :
ip multicast boundary 2 filter-autorp
!
But When R31 used Ping It Got Replies from Both SW111 and SW300 , It Confused me , after A while I changed the filtering according to this :
R30/R31 : # int e0/0
# no ip multicast boundary 2 filter-autorp
# ip multicast boundary filter-autorp 2
!
Then all the Desired Output Matched Exactly AS the Output .
3.1 Mpls Vpn
Exacly Same , Only Needed to add mpls ldp router-id loopback 0 force ,
and Other Config Same AS Work Book .
Only Point need to be added is The PE routers didnt have RD configured , But IN The output Which needs to match It has Route-distinguisher
So Copied The RD from The Output to the PE routers in the MPLS VPN , and added The Route-target Export and Import Accoring to That RD.
3.2 DMVPN
Exactly Same , Only Alot Of lines on R14 need to be matched By The 2 Spokes ,
The only Thing I did i go to R14 # added ip nhrp redirect and IP nhrp map multicast dynamic
and opened a notepad COnfigured Config for R51, R60 Exactly from R14 . Copied it into R51, R60 .
The DMVPN tunnel Become Up .
And For IPSEC the crypto Keyring was not configured , Configured them and added them .
!
For BGP The spokes were configured for Ebgp without local-as and allowas-in , So FIxed that .
3.3
Exactly Same
3.4
Exactly Same
Only Configured Static Route to 201.99.24.1 .
But when i tried I was not working , I checked and checked again , my config was Correct ,
after a while i notice when i added the crypto map comman on R71 e0/0 , it was not added WTF , I added the crypto map again . The the Ping And Traceroute worked .

!!!!!! Finished in 3 hours Verified it and did the command Write in each router in 1 hour.

muhmiqbal
09-20-2018, 12:54 PM
Thanks for your feedback really appreciate, if you dont mind can you share latest workbook? would help a lot since i will go for exam next month

aloha
09-20-2018, 03:54 PM
congratulation bro :)

tieudao
09-20-2018, 04:07 PM
Thanks, bro, your feedback is really helpful

mahlekefane
09-22-2018, 11:11 PM
congratulation bro

Can you please share new H3 updated, file you talking about

beece2003
09-28-2018, 02:16 AM
Congrats nokuta, can you please share workbook?

Myash
10-04-2018, 03:08 AM
congratulation bro

umar11891
12-18-2018, 11:38 AM
congrats brother
could u plz share the workbook if u have not any problem. that will help the other ccie lab takers.
thankz in advance

JimmyLO89
02-03-2019, 06:48 PM
thanks for info

ASN373
03-15-2019, 02:51 AM
Can you please share your diag workbook ?
thanks