PDA

View Full Version : Passed TS2, DIAG H2, CFG H3



CiscoCCDE
08-06-2019, 01:35 AM
Dear,
I just want to share the feedback from skype group, please don't ask me about the vendor and the guy who passed.
1. Thank you all guys in our group
2. I've got TS2, DIAG H2, CFG H3 with nat pool (last update)
3. Guys, learn technology, not topology. Use this great platform
4. At the exam, lot of things are preconfigured, more than we have in WBs. Lot of things are there to distract you, be careful and stay calm
5. I had 2 major issues - BGP in DC1 didn't want to come up. Till that point everything was flawless, I finished TS in an hour, DIAG in few minutes, prepared some config for H3if I get it.
And I got it. But this issue I never had before. I spent way too much time on it, at the end I saved config and rebooted RR ... and it worked emidiately ... But my confidence and moral were gone.
I started to make typos ... For DMPVN I couldn't see that I'm missing tunnel vrf INTERNET under Tu0 interfaces on spokes ... for 2 hours ... I was working on other stuff, got back to DMVPN 40 minutes before end of exam.
I had 2.10 and 2.11 sections left and DMVPN down ... I decided to work on DMVPN, as this was only chance to pass exam ...And luckily my eyes got opened right on time to fix it. 20 mins before end, I configured MCAST
and started to test everything ... I found 3 major typos - copy/paste mistakes which would cost me my number ... So be careful, match outputs perfectly ...

Here are few details from the lab:

+++++++
TS2
+++++++

TK1
===
vl access-map ATTACK 10
action drop
!
vl access-map ATTACK 20
action for
!
ip access-l ext 111
30 per ip any any

I reconfigured line 30
no 30
deny ip any any

- Changed lease time in dhcp ser

TK2
====
SW111
int e1/2
no ip os cos 9
!
do wr

TK3 --- 3 faults
===
R23
int lo0
no ip os 10 ar 0
ip os 1 ar 0
do wr

- changed with the origin code
- changed OSPF cost on R13 interface to match trace perfectly - Pay attention

TK4
====
Q.Don't change any BGP attrib - no Pre-bestpatch configured

I just modified the cost to lo0 on R20 to be 1000 ..

TK5
===
DMVPN
IP on T0 of R60 was /32.

TK6
===
At R15, I advertised vl2001 network

TK7
===
I fixed MPLS only in 2 mins, didin't touch backup path.
R51 had 2 OSPF processes, but very strange redistribution, didin't want to waste time on it


TK8
===
SW310
In the init config, running snoop & arp at SW310
- i checked the trunk inter (sh int tru). One int doesn't incl arp inspection so i fixed
- And also added ip dh rela infor tru under vl2000 and vl2001
-Changed lease time in dhcp ser

TK9
===
Changed tunnel key on R71

TK10
===
This is init config :
ip nat pool NAT123 123.XX.XX.XX 123.XX.XX.XX netmask XX.XX.XX.XX
ip nat in so route-map NAT pool NAT123 over
ip nat in so stat 10.2.200.1 123.xx.xx.xx

Copy nat config from R25 to R24.
ip nat out so stati 201.99.70.2 123.xx.xx.xx
---------------------------------------------------

++++++++++++++++
DIAG H2 - per WB
++++++++++++++++

+++++++++++++++++++
H3 cfg
+++++++++++++++++++

Sec 1.1
The same with workbook

Sec 1.2
The same with workbook

Sec 1.3
The same with workbook
"no spanning-tree mst simulate pvst" command was there so I removed "no keyword from the command" from all the HQ's switches.

Sec 1.4
The same with workbook

Sec 5.4
the same with workbook

Sec 5.3
the same with workbook

Sec 5.2
the same with workbook

Sec 5.1
the same with workbook

Sec 4.2
int e1/0 --- different interface is connected to Partner's router
ip verify unicast so reach rx


Sec 4.1
The same with workbook

Sec 2.1
The same with workbook
I bet vlans 2000 and 2001 were not passive, from the output thay asked for both to be DR on the segment, so I configured ip ospf net non-broadcast under vlan interfaces to match output

Sec 2.2
- OSPF was already configured with router-id in DC1 except below
Didn't have passive-interface vlan 2001 so didn't add "ip ospf prefix suppression"
Just added ospf prefix-suppression and served my purpose
Loop1 on SW100 and SW101 was not advertised in OSPF so added then in OSPF
Advertised VLAN2001 network into BGP on SW111

Sec 2.3
- OSFP 1 already configured in large office and just added router-id
- Remaining the same with workbook

Sec 2.4/5
The same with workbook - have a major issue with RR, iBGP came up only partiallly - spent lot of time looking for some ACL which is blocking TCP or something
I couldn't find anything ... At the end, after the lunch, I rebooted RR ... Everything was working normaly - still don't know what was the issue.

Sec 2.6/7
The same with workbook
Configure the Datacente's gateways R10,R11,R14,R20 and R21 as per following requirements:

ip prefix FILTER deny 10.0.0.0/16
ip prefix FILTER per 10.0.0.0/13 ge 16 le 16
ip prefix FILTER per 0.0.0.0/0

Sec 2.8
The same with workbook

Sec 3.1
The same with workbook
Already run ospf.
Take care "no bgp def ipv4" command

Sec 3.2
The same with workbook
+++ Don't forget set local preference 90 at R14 for AS65005. Like that

- i did change NAT pool netmask to match Lo123 subnet mask - from /24 to /28

Sec 3.3
The same with workbook
it was mentioned to use :
int e0/0
no ip proxy-arp

Sec 3.4
The same with workbook

Sec 2.9
The same with workbook
Don't configure dynamic routing. so i run ibgp with directly interface ip add .

LEFT for the end of the exam

Sec 2.10
The same with workbook

Sec 2.11
The same with workbook


ALL THE BEST !!!

olivereng20
08-06-2019, 08:07 PM
thanks for sharing your experience, it will help somebody for sure!

aloha
08-07-2019, 01:10 PM
So what he got, it is H3+ right?

pacino5
08-07-2019, 02:09 PM
Congratulatins on pass.

Which Skype group is?
Which topology he got it?

Nexus
08-08-2019, 01:48 AM
So what he got, it is H3+ right?

correct, that is H3+ or H3 variation.

queved0
08-12-2019, 03:26 PM
Dear,
I just want to share the feedback from skype group, please don't ask me about the vendor and the guy who passed.
1. Thank you all guys in our group
2. I've got TS2, DIAG H2, CFG H3 with nat pool (last update)
3. Guys, learn technology, not topology. Use this great platform
4. At the exam, lot of things are preconfigured, more than we have in WBs. Lot of things are there to distract you, be careful and stay calm
5. I had 2 major issues - BGP in DC1 didn't want to come up. Till that point everything was flawless, I finished TS in an hour, DIAG in few minutes, prepared some config for H3if I get it.
And I got it. But this issue I never had before. I spent way too much time on it, at the end I saved config and rebooted RR ... and it worked emidiately ... But my confidence and moral were gone.
I started to make typos ... For DMPVN I couldn't see that I'm missing tunnel vrf INTERNET under Tu0 interfaces on spokes ... for 2 hours ... I was working on other stuff, got back to DMVPN 40 minutes before end of exam.
I had 2.10 and 2.11 sections left and DMVPN down ... I decided to work on DMVPN, as this was only chance to pass exam ...And luckily my eyes got opened right on time to fix it. 20 mins before end, I configured MCAST
and started to test everything ... I found 3 major typos - copy/paste mistakes which would cost me my number ... So be careful, match outputs perfectly ...

Here are few details from the lab:

+++++++
TS2
+++++++

TK1
===
vl access-map ATTACK 10
action drop
!
vl access-map ATTACK 20
action for
!
ip access-l ext 111
30 per ip any any

I reconfigured line 30
no 30
deny ip any any

- Changed lease time in dhcp ser

TK2
====
SW111
int e1/2
no ip os cos 9
!
do wr

TK3 --- 3 faults
===
R23
int lo0
no ip os 10 ar 0
ip os 1 ar 0
do wr

- changed with the origin code
- changed OSPF cost on R13 interface to match trace perfectly - Pay attention

TK4
====
Q.Don't change any BGP attrib - no Pre-bestpatch configured

I just modified the cost to lo0 on R20 to be 1000 ..

TK5
===
DMVPN
IP on T0 of R60 was /32.

TK6
===
At R15, I advertised vl2001 network

TK7
===
I fixed MPLS only in 2 mins, didin't touch backup path.
R51 had 2 OSPF processes, but very strange redistribution, didin't want to waste time on it


TK8
===
SW310
In the init config, running snoop & arp at SW310
- i checked the trunk inter (sh int tru). One int doesn't incl arp inspection so i fixed
- And also added ip dh rela infor tru under vl2000 and vl2001
-Changed lease time in dhcp ser

TK9
===
Changed tunnel key on R71

TK10
===
This is init config :
ip nat pool NAT123 123.XX.XX.XX 123.XX.XX.XX netmask XX.XX.XX.XX
ip nat in so route-map NAT pool NAT123 over
ip nat in so stat 10.2.200.1 123.xx.xx.xx

Copy nat config from R25 to R24.
ip nat out so stati 201.99.70.2 123.xx.xx.xx
---------------------------------------------------

++++++++++++++++
DIAG H2 - per WB
++++++++++++++++

+++++++++++++++++++
H3 cfg
+++++++++++++++++++

Sec 1.1
The same with workbook

Sec 1.2
The same with workbook

Sec 1.3
The same with workbook
"no spanning-tree mst simulate pvst" command was there so I removed "no keyword from the command" from all the HQ's switches.

Sec 1.4
The same with workbook

Sec 5.4
the same with workbook

Sec 5.3
the same with workbook

Sec 5.2
the same with workbook

Sec 5.1
the same with workbook

Sec 4.2
int e1/0 --- different interface is connected to Partner's router
ip verify unicast so reach rx


Sec 4.1
The same with workbook

Sec 2.1
The same with workbook
I bet vlans 2000 and 2001 were not passive, from the output thay asked for both to be DR on the segment, so I configured ip ospf net non-broadcast under vlan interfaces to match output

Sec 2.2
- OSPF was already configured with router-id in DC1 except below
Didn't have passive-interface vlan 2001 so didn't add "ip ospf prefix suppression"
Just added ospf prefix-suppression and served my purpose
Loop1 on SW100 and SW101 was not advertised in OSPF so added then in OSPF
Advertised VLAN2001 network into BGP on SW111

Sec 2.3
- OSFP 1 already configured in large office and just added router-id
- Remaining the same with workbook

Sec 2.4/5
The same with workbook - have a major issue with RR, iBGP came up only partiallly - spent lot of time looking for some ACL which is blocking TCP or something
I couldn't find anything ... At the end, after the lunch, I rebooted RR ... Everything was working normaly - still don't know what was the issue.

Sec 2.6/7
The same with workbook
Configure the Datacente's gateways R10,R11,R14,R20 and R21 as per following requirements:

ip prefix FILTER deny 10.0.0.0/16
ip prefix FILTER per 10.0.0.0/13 ge 16 le 16
ip prefix FILTER per 0.0.0.0/0

Sec 2.8
The same with workbook

Sec 3.1
The same with workbook
Already run ospf.
Take care "no bgp def ipv4" command

Sec 3.2
The same with workbook
+++ Don't forget set local preference 90 at R14 for AS65005. Like that

- i did change NAT pool netmask to match Lo123 subnet mask - from /24 to /28

Sec 3.3
The same with workbook
it was mentioned to use :
int e0/0
no ip proxy-arp

Sec 3.4
The same with workbook

Sec 2.9
The same with workbook
Don't configure dynamic routing. so i run ibgp with directly interface ip add .

LEFT for the end of the exam

Sec 2.10
The same with workbook

Sec 2.11
The same with workbook


ALL THE BEST !!!

Congratulation and Thanks for great feedback.

By a chance could you tell list the difference in between H3 and H3+ (H3 variation) you have? from what I can see in your list 3.2 is Internet access with some NAT pool and 3.3 seems to be DMVPN, in normal H3 3.2 is DMVPN and 3.3 is Internet access.

Thanks in advance.

Johnsnow
08-26-2019, 11:17 PM
I have a question, what is the difference between Diag H2 and H2+, there is no difference in the WB that i have except the answers. Thanks

Mayanaka
08-27-2019, 03:38 PM
Can someone share the H3 variation or H3+?

aures
08-31-2019, 05:53 PM
Hello,
can you please share C4C material

naonaih
10-02-2019, 01:48 AM
Could you tell me why we need to set local preference 90 at R14 for AS65005?
We need to ping from User4 to 8.8.8.8 through R14 but it will no be through R14 if we set lower local preference. am I correct?

buratino01
11-13-2019, 09:35 AM
very detail, tks so much

Hyosub Seo
11-17-2019, 01:18 PM
Thank you for your sharing!!