Jump to content


6

CCIE R&S Failed at TSHOOT TS2, DIAHG H2+, CONFIG H2+

CCIE R&$

61 replies to this topic

#1 cocksparrow

cocksparrow

    Member

  • Members
  • PipPip
  • 15 posts
  • 28 thanks

Posted 13 July 2018 - 04:15 PM

Hi CCIE R&S Lab Exam Takers,

I sat lab exam recently and failed because of I didn't work properly in exam. Below is my feedback which could help for someone who preparing for upcoming exam attempt.

TSHOOT (TS2)

Ticket 1 (One Fault)
"switchport mac-address security" was configured with wrong mac-address on SW410 facing to User4.
Passive-interface was configure for VLAN2000 and VLAN2001 on both SW400 and SW401. I think no need to remove passive-interface vlan.
DHCP lease time was set "0 2".

Ticket 2 (One Fault)
OSPF is not configured for VLAN2001 on SW111.

Ticket 3 (Two Faults)
Local-Preference value was configured on R10 to prefer all routes to go via R10.
R22 e0/2 interface was configured with wrong ospf process ID and area.

Ticket 4 (One Fault)
Question asked "do not touch bgp attributes" to fix the issue.
Route-map for local preference value were configured on both R20 and R21.
R21 local-preference is higher than R20.
Trouble is on R20 and it is route-map with "set extcommunity ..... " configuration for bgp neighbors.

Ticket 5 (One Fault)
"crypto ipsec transform-set ...." configuration was mis-matched on R51 with R14 and R60.

Ticket 6 (One Fault)
"ipv6 dhcp server <dhcp pool name>" configuration was missing under int vlan 2001 on SW111.

Ticket 7 (Two Faults)
The question mentioned that this ticket has "two faults".
Question said that there is two Traffic Path between DC1 to Medium Office.
Primary Path is via MPLS and backup path is via DMVPN which is from R51>>ISP>>R14.
Trace output from SW500 to DC1 and Server 1 to Medium Office were given for Primary Path.
On R3, "mpls ldp neighbor <R1's loopback> password <password>" is mis-matched with R1 as first fault.
(I wasn't able to find second fault. There is no vrf configured on R60 and R51 for this ticket.)

Ticket 8 (Two Faults)
"ip dhcp relay info trusted" command was missing on SW300 int vlan 2000.
"passive-interface int vlan 2000" was configured on SW300.

Ticket 9 (One Fault)
"ip nhrp map multicast <WAN IP address of R14>" was missing on R60.

Ticket 10 (One Fault)
"ip nat outside source static <R70 WAN IP Address> <Location IP Address>" was missing on R25.

DIAG (H2+)
(Same as spoto)

CONFIG (H2+)

Section 1
Same as spoto.
VTP and VLANs are pre-configured.
Just need to check the vlan assigned ports to correct and unshut.

Section 2
Same as spoto. But need to configure ospf for all devices in DC1 AS65001 and there is no requirement for SW1,SW2 and R1 to be DR and R2 to be BDR.

Section 3
IPv6 OSPFv3 session was asked for Interface VLAN100 to be passive-interface.
VPN (vrf) to be full mesh for each Jamesons and Jacobs. Jacobs to Jamesons and Jamesons to Jacobs traffic must go through via DC1 AS65001.
The question asked that R55 and R56 may not be aggregate and summary for all BGP prefixes.
The rest are same as spoto.

Section 4
There is requirement that request not to use "deny statement in Access-List" on R17 for Control Plane Protection Policy.

Section 5
Same as spoto.

Thanks and good luck.

Edited by cocksparrow, 14 July 2018 - 04:14 AM.


Thanked by 9 Members:
Argentina , torix , ronaldlee1607 , maulik1402 , InformaticIdea , ccienov2017 , manish1804 , frenky8888 , smartlen

#2 mmartinezcl

mmartinezcl

    Member

  • Members
  • PipPip
  • 19 posts
  • 6 thanks

Posted 13 July 2018 - 04:48 PM

Hi,

Are you planning to take the exam again?.  Maybe we can make a study group.( 2 or 3 people, no more).  I took the exam last month and I failed too, and I want to start to prepare it again.

#3 allforug

allforug

    Junior Member

  • Members
  • PipPip
  • 4 posts
  • 1 thanks

Posted 13 July 2018 - 05:53 PM

thank you for your feedback I hope you pass the next time. where did you take it?

#4 azekeg

azekeg

    Junior Member

  • Members
  • PipPip
  • 6 posts
  • 2 thanks

Posted 13 July 2018 - 08:28 PM

Thanks for the feedback . You will pass next time.

#5 eraymus

eraymus

    Member

  • Members
  • PipPip
  • 43 posts
  • 24 thanks

Posted 14 July 2018 - 03:53 AM

how to do this ?

There is requirement that request not to use "deny statement in Access-List" on R17 for Control Plane Protection Policy.

#6 manish1804

manish1804

    Junior Member

  • Members
  • PipPip
  • 5 posts
  • 0 thanks

Posted 14 July 2018 - 10:04 AM

hi cocksparrow,


could you please give more info where did you lose marks

thanks

#7 brunosz

brunosz

    Member

  • Members
  • PipPip
  • 16 posts
  • 0 thanks

Posted 14 July 2018 - 11:11 AM

Hello,

Sorry for not taking it and i hope you fight back and take it next time.

Can you please provide more information about:

Ticket 4 (One Fault)
Question asked "do not touch bgp attributes" to fix the issue.
Route-map for local preference value were configured on both R20 and R21.
R21 local-preference is higher than R20.
Trouble is on R20 and it is route-map with "set extcommunity ..... " configuration for bgp neighbors.
And how you solved it.Maybe some pre-solution trace and after solution trace would be helpful.

Thnx in advance

#8 cocksparrow

cocksparrow

    Member

  • Members
  • PipPip
  • 15 posts
  • 28 thanks

Posted 14 July 2018 - 12:23 PM

View Postbrunosz, on 14 July 2018 - 11:11 AM, said:

Hello,

Sorry for not taking it and i hope you fight back and take it next time.

Can you please provide more information about:

Ticket 4 (One Fault)
Question asked "do not touch bgp attributes" to fix the issue.
Route-map for local preference value were configured on both R20 and R21.
R21 local-preference is higher than R20.
Trouble is on R20 and it is route-map with "set extcommunity ..... " configuration for bgp neighbors.
And how you solved it.Maybe some pre-solution trace and after solution trace would be helpful.

Thnx in advance

Hi,

I just remove the "set extcommunity ..." config from route-map on R20 with "no set extcommunity ..." then the trace match required output.

Edited by cocksparrow, 14 July 2018 - 01:56 PM.


#9 cocksparrow

cocksparrow

    Member

  • Members
  • PipPip
  • 15 posts
  • 28 thanks

Posted 14 July 2018 - 12:24 PM

View Postmanish1804, on 14 July 2018 - 10:04 AM, said:

hi cocksparrow,


could you please give more info where did you lose marks

thanks

Hi,

I loose points at Layer 3 and VPN sessions the most. But this was my mistake and it is not because of variations.

#10 cocksparrow

cocksparrow

    Member

  • Members
  • PipPip
  • 15 posts
  • 28 thanks

Posted 14 July 2018 - 12:25 PM

View Posteraymus, on 14 July 2018 - 03:53 AM, said:

how to do this ?

There is requirement that request not to use "deny statement in Access-List" on R17 for Control Plane Protection Policy.

Hi,

You need to create two access-list with two class-map to solve this.

#11 brunosz

brunosz

    Member

  • Members
  • PipPip
  • 16 posts
  • 0 thanks

Posted 14 July 2018 - 01:07 PM

View Postcocksparrow, on 14 July 2018 - 12:23 PM, said:

Hi,

I just remote the "set extcommunity ..." config from route-map on R20 with "no set extcommunity ..." then the trace match required output.

Thnx for the answer.
So for R21 was smth like this:
###R21###
route-map LP permit 10
match ip add prefix "10.4.0.0/16 le 32"
set local-preference 1000
route-map LP permit 20
###R20###
route-map LP permit 10
match ip add prefix  "10.4.0.0/16 le 32"
set local-preference 100
set extcommunity cost pre-best path 1 1000
route-map LP permit 20

R20/21
router bgp 65002
neighbor DC2 route-map LP out

Initially with this you should see on R22 (As a router-reflector) two prefixes advertised.
1.From 21 with lp-1000
2.From 20 with lp-100 and pre-bestpath 1:1000 (chosen as BEST)

This is the only way to override the LP of R21 and the pre-fix traceroute should be via R20.

Please confirm if this is the setup so i can test longer on the fix without the need of removing it.

I would appreciate some details on this.

#12 cocksparrow

cocksparrow

    Member

  • Members
  • PipPip
  • 15 posts
  • 28 thanks

Posted 14 July 2018 - 01:56 PM

View Postbrunosz, on 14 July 2018 - 01:07 PM, said:

Thnx for the answer.
So for R21 was smth like this:
###R21###
route-map LP permit 10
match ip add prefix "10.4.0.0/16 le 32"
set local-preference 1000
route-map LP permit 20
###R20###
route-map LP permit 10
match ip add prefix  "10.4.0.0/16 le 32"
set local-preference 100
set extcommunity cost pre-best path 1 1000
route-map LP permit 20

R20/21
router bgp 65002
neighbor DC2 route-map LP out

Initially with this you should see on R22 (As a router-reflector) two prefixes advertised.
1.From 21 with lp-1000
2.From 20 with lp-100 and pre-bestpath 1:1000 (chosen as BEST)

This is the only way to override the LP of R21 and the pre-fix traceroute should be via R20.

Please confirm if this is the setup so i can test longer on the fix without the need of removing it.

I would appreciate some details on this.

That's how exactly in exam what I faced.

#13 duckRabbit

duckRabbit

    Member

  • Members
  • PipPip
  • 14 posts
  • 6 thanks

Posted 14 July 2018 - 04:16 PM

I think I had same tasks on my exam. I pass TSHOOT and DIAG section, but failed CONF.
During may exam I was very nervous and spent a lot of time for deliberation about VPN Section.

#14 brunosz

brunosz

    Member

  • Members
  • PipPip
  • 16 posts
  • 0 thanks

Posted 14 July 2018 - 04:23 PM

@
duckRabbit

How did you solve Ticket 4?Removing the set extcommunity (which i think breaks the rule 'dont touch bgp attributes')?
Also for the ODD/EVEN load balanace (Ticket 3) where there any set extcommunity for 10.2.x.x anywhere on the devices or just tweaks of OSPF and local-preference.

Please profide some detail on this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Organization

Community

Downloads

Test Providers

Site Info


Go to top