Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Passed TS2, DIAG H2, CFG H3

  1. #1

    Passed TS2, DIAG H2, CFG H3

    Dear,
    I just want to share the feedback from skype group, please don't ask me about the vendor and the guy who passed.
    1. Thank you all guys in our group
    2. I've got TS2, DIAG H2, CFG H3 with nat pool (last update)
    3. Guys, learn technology, not topology. Use this great platform
    4. At the exam, lot of things are preconfigured, more than we have in WBs. Lot of things are there to distract you, be careful and stay calm
    5. I had 2 major issues - BGP in DC1 didn't want to come up. Till that point everything was flawless, I finished TS in an hour, DIAG in few minutes, prepared some config for H3if I get it.
    And I got it. But this issue I never had before. I spent way too much time on it, at the end I saved config and rebooted RR ... and it worked emidiately ... But my confidence and moral were gone.
    I started to make typos ... For DMPVN I couldn't see that I'm missing tunnel vrf INTERNET under Tu0 interfaces on spokes ... for 2 hours ... I was working on other stuff, got back to DMVPN 40 minutes before end of exam.
    I had 2.10 and 2.11 sections left and DMVPN down ... I decided to work on DMVPN, as this was only chance to pass exam ...And luckily my eyes got opened right on time to fix it. 20 mins before end, I configured MCAST
    and started to test everything ... I found 3 major typos - copy/paste mistakes which would cost me my number ... So be careful, match outputs perfectly ...

    Here are few details from the lab:

    +++++++
    TS2
    +++++++

    TK1
    ===
    vl access-map ATTACK 10
    action drop
    !
    vl access-map ATTACK 20
    action for
    !
    ip access-l ext 111
    30 per ip any any

    I reconfigured line 30
    no 30
    deny ip any any

    - Changed lease time in dhcp ser

    TK2
    ====
    SW111
    int e1/2
    no ip os cos 9
    !
    do wr

    TK3 --- 3 faults
    ===
    R23
    int lo0
    no ip os 10 ar 0
    ip os 1 ar 0
    do wr

    - changed with the origin code
    - changed OSPF cost on R13 interface to match trace perfectly - Pay attention

    TK4
    ====
    Q.Don't change any BGP attrib - no Pre-bestpatch configured

    I just modified the cost to lo0 on R20 to be 1000 ..

    TK5
    ===
    DMVPN
    IP on T0 of R60 was /32.

    TK6
    ===
    At R15, I advertised vl2001 network

    TK7
    ===
    I fixed MPLS only in 2 mins, didin't touch backup path.
    R51 had 2 OSPF processes, but very strange redistribution, didin't want to waste time on it


    TK8
    ===
    SW310
    In the init config, running snoop & arp at SW310
    - i checked the trunk inter (sh int tru). One int doesn't incl arp inspection so i fixed
    - And also added ip dh rela infor tru under vl2000 and vl2001
    -Changed lease time in dhcp ser

    TK9
    ===
    Changed tunnel key on R71

    TK10
    ===
    This is init config :
    ip nat pool NAT123 123.XX.XX.XX 123.XX.XX.XX netmask XX.XX.XX.XX
    ip nat in so route-map NAT pool NAT123 over
    ip nat in so stat 10.2.200.1 123.xx.xx.xx

    Copy nat config from R25 to R24.
    ip nat out so stati 201.99.70.2 123.xx.xx.xx
    ---------------------------------------------------

    ++++++++++++++++
    DIAG H2 - per WB
    ++++++++++++++++

    +++++++++++++++++++
    H3 cfg
    +++++++++++++++++++

    Sec 1.1
    The same with workbook

    Sec 1.2
    The same with workbook

    Sec 1.3
    The same with workbook
    "no spanning-tree mst simulate pvst" command was there so I removed "no keyword from the command" from all the HQ's switches.

    Sec 1.4
    The same with workbook

    Sec 5.4
    the same with workbook

    Sec 5.3
    the same with workbook

    Sec 5.2
    the same with workbook

    Sec 5.1
    the same with workbook

    Sec 4.2
    int e1/0 --- different interface is connected to Partner's router
    ip verify unicast so reach rx


    Sec 4.1
    The same with workbook

    Sec 2.1
    The same with workbook
    I bet vlans 2000 and 2001 were not passive, from the output thay asked for both to be DR on the segment, so I configured ip ospf net non-broadcast under vlan interfaces to match output

    Sec 2.2
    - OSPF was already configured with router-id in DC1 except below
    Didn't have passive-interface vlan 2001 so didn't add "ip ospf prefix suppression"
    Just added ospf prefix-suppression and served my purpose
    Loop1 on SW100 and SW101 was not advertised in OSPF so added then in OSPF
    Advertised VLAN2001 network into BGP on SW111

    Sec 2.3
    - OSFP 1 already configured in large office and just added router-id
    - Remaining the same with workbook

    Sec 2.4/5
    The same with workbook - have a major issue with RR, iBGP came up only partiallly - spent lot of time looking for some ACL which is blocking TCP or something
    I couldn't find anything ... At the end, after the lunch, I rebooted RR ... Everything was working normaly - still don't know what was the issue.

    Sec 2.6/7
    The same with workbook
    Configure the Datacente's gateways R10,R11,R14,R20 and R21 as per following requirements:

    ip prefix FILTER deny 10.0.0.0/16
    ip prefix FILTER per 10.0.0.0/13 ge 16 le 16
    ip prefix FILTER per 0.0.0.0/0

    Sec 2.8
    The same with workbook

    Sec 3.1
    The same with workbook
    Already run ospf.
    Take care "no bgp def ipv4" command

    Sec 3.2
    The same with workbook
    +++ Don't forget set local preference 90 at R14 for AS65005. Like that

    - i did change NAT pool netmask to match Lo123 subnet mask - from /24 to /28

    Sec 3.3
    The same with workbook
    it was mentioned to use :
    int e0/0
    no ip proxy-arp

    Sec 3.4
    The same with workbook

    Sec 2.9
    The same with workbook
    Don't configure dynamic routing. so i run ibgp with directly interface ip add .

    LEFT for the end of the exam

    Sec 2.10
    The same with workbook

    Sec 2.11
    The same with workbook


    ALL THE BEST !!!

  2. The Following User Says Thank You to CiscoCCDE For This Useful Post:

    Yurukinai (08-07-2019)

  3. #2

    Re: Passed TS2, DIAG H2, CFG H3

    thanks for sharing your experience, it will help somebody for sure!

  4. #3

    Re: Passed TS2, DIAG H2, CFG H3

    So what he got, it is H3+ right?

  5. #4

    Re: Passed TS2, DIAG H2, CFG H3

    Congratulatins on pass.

    Which Skype group is?
    Which topology he got it?

  6. #5

    Re: Passed TS2, DIAG H2, CFG H3

    Quote Originally Posted by aloha View Post
    So what he got, it is H3+ right?
    correct, that is H3+ or H3 variation.

  7. The Following User Says Thank You to Nexus For This Useful Post:

    Kelesi (08-08-2019)

  8. #6

    Re: Passed TS2, DIAG H2, CFG H3

    Quote Originally Posted by CiscoCCDE View Post
    Dear,
    I just want to share the feedback from skype group, please don't ask me about the vendor and the guy who passed.
    1. Thank you all guys in our group
    2. I've got TS2, DIAG H2, CFG H3 with nat pool (last update)
    3. Guys, learn technology, not topology. Use this great platform
    4. At the exam, lot of things are preconfigured, more than we have in WBs. Lot of things are there to distract you, be careful and stay calm
    5. I had 2 major issues - BGP in DC1 didn't want to come up. Till that point everything was flawless, I finished TS in an hour, DIAG in few minutes, prepared some config for H3if I get it.
    And I got it. But this issue I never had before. I spent way too much time on it, at the end I saved config and rebooted RR ... and it worked emidiately ... But my confidence and moral were gone.
    I started to make typos ... For DMPVN I couldn't see that I'm missing tunnel vrf INTERNET under Tu0 interfaces on spokes ... for 2 hours ... I was working on other stuff, got back to DMVPN 40 minutes before end of exam.
    I had 2.10 and 2.11 sections left and DMVPN down ... I decided to work on DMVPN, as this was only chance to pass exam ...And luckily my eyes got opened right on time to fix it. 20 mins before end, I configured MCAST
    and started to test everything ... I found 3 major typos - copy/paste mistakes which would cost me my number ... So be careful, match outputs perfectly ...

    Here are few details from the lab:

    +++++++
    TS2
    +++++++

    TK1
    ===
    vl access-map ATTACK 10
    action drop
    !
    vl access-map ATTACK 20
    action for
    !
    ip access-l ext 111
    30 per ip any any

    I reconfigured line 30
    no 30
    deny ip any any

    - Changed lease time in dhcp ser

    TK2
    ====
    SW111
    int e1/2
    no ip os cos 9
    !
    do wr

    TK3 --- 3 faults
    ===
    R23
    int lo0
    no ip os 10 ar 0
    ip os 1 ar 0
    do wr

    - changed with the origin code
    - changed OSPF cost on R13 interface to match trace perfectly - Pay attention

    TK4
    ====
    Q.Don't change any BGP attrib - no Pre-bestpatch configured

    I just modified the cost to lo0 on R20 to be 1000 ..

    TK5
    ===
    DMVPN
    IP on T0 of R60 was /32.

    TK6
    ===
    At R15, I advertised vl2001 network

    TK7
    ===
    I fixed MPLS only in 2 mins, didin't touch backup path.
    R51 had 2 OSPF processes, but very strange redistribution, didin't want to waste time on it


    TK8
    ===
    SW310
    In the init config, running snoop & arp at SW310
    - i checked the trunk inter (sh int tru). One int doesn't incl arp inspection so i fixed
    - And also added ip dh rela infor tru under vl2000 and vl2001
    -Changed lease time in dhcp ser

    TK9
    ===
    Changed tunnel key on R71

    TK10
    ===
    This is init config :
    ip nat pool NAT123 123.XX.XX.XX 123.XX.XX.XX netmask XX.XX.XX.XX
    ip nat in so route-map NAT pool NAT123 over
    ip nat in so stat 10.2.200.1 123.xx.xx.xx

    Copy nat config from R25 to R24.
    ip nat out so stati 201.99.70.2 123.xx.xx.xx
    ---------------------------------------------------

    ++++++++++++++++
    DIAG H2 - per WB
    ++++++++++++++++

    +++++++++++++++++++
    H3 cfg
    +++++++++++++++++++

    Sec 1.1
    The same with workbook

    Sec 1.2
    The same with workbook

    Sec 1.3
    The same with workbook
    "no spanning-tree mst simulate pvst" command was there so I removed "no keyword from the command" from all the HQ's switches.

    Sec 1.4
    The same with workbook

    Sec 5.4
    the same with workbook

    Sec 5.3
    the same with workbook

    Sec 5.2
    the same with workbook

    Sec 5.1
    the same with workbook

    Sec 4.2
    int e1/0 --- different interface is connected to Partner's router
    ip verify unicast so reach rx


    Sec 4.1
    The same with workbook

    Sec 2.1
    The same with workbook
    I bet vlans 2000 and 2001 were not passive, from the output thay asked for both to be DR on the segment, so I configured ip ospf net non-broadcast under vlan interfaces to match output

    Sec 2.2
    - OSPF was already configured with router-id in DC1 except below
    Didn't have passive-interface vlan 2001 so didn't add "ip ospf prefix suppression"
    Just added ospf prefix-suppression and served my purpose
    Loop1 on SW100 and SW101 was not advertised in OSPF so added then in OSPF
    Advertised VLAN2001 network into BGP on SW111

    Sec 2.3
    - OSFP 1 already configured in large office and just added router-id
    - Remaining the same with workbook

    Sec 2.4/5
    The same with workbook - have a major issue with RR, iBGP came up only partiallly - spent lot of time looking for some ACL which is blocking TCP or something
    I couldn't find anything ... At the end, after the lunch, I rebooted RR ... Everything was working normaly - still don't know what was the issue.

    Sec 2.6/7
    The same with workbook
    Configure the Datacente's gateways R10,R11,R14,R20 and R21 as per following requirements:

    ip prefix FILTER deny 10.0.0.0/16
    ip prefix FILTER per 10.0.0.0/13 ge 16 le 16
    ip prefix FILTER per 0.0.0.0/0

    Sec 2.8
    The same with workbook

    Sec 3.1
    The same with workbook
    Already run ospf.
    Take care "no bgp def ipv4" command

    Sec 3.2
    The same with workbook
    +++ Don't forget set local preference 90 at R14 for AS65005. Like that

    - i did change NAT pool netmask to match Lo123 subnet mask - from /24 to /28

    Sec 3.3
    The same with workbook
    it was mentioned to use :
    int e0/0
    no ip proxy-arp

    Sec 3.4
    The same with workbook

    Sec 2.9
    The same with workbook
    Don't configure dynamic routing. so i run ibgp with directly interface ip add .

    LEFT for the end of the exam

    Sec 2.10
    The same with workbook

    Sec 2.11
    The same with workbook


    ALL THE BEST !!!
    Congratulation and Thanks for great feedback.

    By a chance could you tell list the difference in between H3 and H3+ (H3 variation) you have? from what I can see in your list 3.2 is Internet access with some NAT pool and 3.3 seems to be DMVPN, in normal H3 3.2 is DMVPN and 3.3 is Internet access.

    Thanks in advance.

  9. #7

    Re: Passed TS2, DIAG H2, CFG H3

    I have a question, what is the difference between Diag H2 and H2+, there is no difference in the WB that i have except the answers. Thanks

  10. #8

    Re: Passed TS2, DIAG H2, CFG H3

    Can someone share the H3 variation or H3+?

  11. #9

    Re: Passed TS2, DIAG H2, CFG H3

    Hello,
    can you please share C4C material

  12. #10

    Re: Passed TS2, DIAG H2, CFG H3

    Could you tell me why we need to set local preference 90 at R14 for AS65005?
    We need to ping from User4 to 8.8.8.8 through R14 but it will no be through R14 if we set lower local preference. am I correct?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •