Jump to content


17

Passed!!! H3Config/TS2/Multicast&HSRPv6


82 replies to this topic

#1 cciedude2019

cciedude2019

    Member

  • Members
  • PipPip
  • 31 posts
  • 350 thanks

Posted 01 April 2019 - 08:14 AM

I got the magic number.  Thanks to certcollection and the one who shared valuable feedbacks and docs. Please find the below feedback.


========================================================================
TS 2.2

Ticket - 1:

*All the Devices running DHCP lease time is set to (0 1) set to 1 hour we need to make it to infinite.
*VLAN Access Map as same as in solution (deny ip any any) will work.

Ticket - 2:

*Increae the cost in R14 loopback cost to 20.Since the trace asked to go via R15
*Switch cost check and make all 10.

Ticket - 3:

*No cost community found
*Just the regulat switch costs & MED/origin as same as of the solution 2.1
*DC2 Sw200 loopback in a diffrent ospf process since no IBGP formed correct it.

Ticket - 4:

***We supposed to not to change the BGP Attributes***

*Changed the OSPF cost on

Ticket - 5:

***OIA 10.1.0.0/16 OE2 10.5.0.0/16***

*R60 Nhrp authentication & OSPF network type.
*R51 need to run 2 diffrent ospf processes (Preconfigured) need to redistribution.

Ticket - 6:

*Server-1 e0/0 ipv6 address dhcp/IPV6 address autoconfig default(Pre configured)
*Vlan 2001 was not is IPV6 add it.

Ticket - 7:

***No MPLS passwords***

*ip cef / mpls ip missing in some devices.
*R10 distance ospf external 19 (preconfigured) make the path to go via DMVPN we need to make it high (200 I put).
***Import/Export was pre configured***

Ticket - 8:

*DHCP relay information trusted/ARP inspection trust Same as in our solution.
****DHCP Lease time to infinite****

Ticket - 9:

*OSPF Process/Network Type

Ticcket - 10:

*ip nat outside source static tcp
==============================================================================================================

DIAG:

HSRP/Multiacst:

HSRP :

CE2 giving IPV6 but standby as per HSRP

***Full logs like show run is given for CE1/CE2/Hosts***

Ans:

*Fault device : CE2 since he is giving the IPV6

*Wrong HSRP configuration

*packet capture (113)

Multiacst :

show ip int b | exclude down
show ip pim rp mapping
show ip route
show ip mroute

*Interfaces are given clearly in the diagram*


*IP pim rp mapping 0.0.0.0*

*In R3 route was not there to R4*

Ans:

*Why there is no route to RP in R3?

*ip route 10.4.1.1 (RP) 255.255.255.255 10.0.0.17(R4 as Next-hop)

*As same as the solution*

=========================================================================================================
Configuration:

Sec 1:

1.1:

*vtp mode is off everywhere.

*Trunk/Prtfast edge default/portfast edge bpduguard default/errdisable recovery cause bpduguard/errdisable recovery interval 600 (As same as WB)

1.2:

*PO-1 & PO-2 etherchannel clearly mentioned in the diagram need to stick to that.In access Swiches (310,410,510) channel-group XX mode passive/Distribution (300,301,400,401,500,501) channel-group XX mode active.

1.3:

*MST as same as WB. 4 instances SW300 should be root for instance 2/SW301 root for instance 1.
*Between SW300-301 e0/2 allow only vlan 3001.
*In all trunk links switchport nonegotiate.
*SW310 highest mst priority (61440)

1.4:

*pppoe same as WB.
*Dialer 1 was preconfigured.PPP ipcp route default.Ping 8.8.8.8.

Sec - 2

2.1:

IN HQ:

*OPSF network p2p eveywhere/ip host needs to be created.

2.2:

IN DC1:

*OSPF is preconfigured evereywhere just need to add prefix-suppression/Passive interface all the SVI in SW110,111.

2.3:

OSPF in LO:

***We do not have access to R100 (partner)*** But it is mentioned in the diagram that the Partner network is ospf 2 area 0***

R42:

in R42 OPSF 1 & OSPF 2 was there.

ip prefix-list Sum permit 10.0.0.0/13 ge 16 le 16

route-map Sum permit 10
match ip add pref Sum

router ospf 2
red bgp 65004 subnets route-map Sum

router bgp 65004
red ospf 2
bgp redistribute-internal

***OSPF is preconfigured everywhere. BGP next-hop-self was missing on R40&41 correct it***

2.4:

***Some devices are configured***

R13 - bgp listen range/RR/password. After this do a reload if it is not catching up.

2.5:

*additional path commands/maximum path ibgp 2
****BGP is preconfigured in HQ and the trace is for the HSRP ip and it is confiugred so now only we can match the trace****

***AS same as WB***

2.6:

*Ebgp/next-hop-self/aggtimer/network advertismet/aggregate address.*

2.7:

*prefix-list with 0.0.0.0/0 * 10.0.0.0/13 ge 16 le 16*

***In R14 needs to be configured with the prefix filter on to the DMVPN.***

***R14,15,10,11,20,21***

***As-Path access list with ^$*** (R40/41/50 & int R51/60 over DMVPN)***


2.8:

*R41 LP & R40 AS-path prepend*

***R50 LP glbal & R51 match only 10.6.0.0/16 and put LP 110.***

2.9:

***Same as WB***

***R14/R15 put the IPV6 prefix-list ::/0 in in direction.IPV6 IBGP using directly connected interfaces.***

2.10 & 2.11 :

***Same as WB***

R30/31

ip access standard 10
deny 239.130.0.0 0.0.255.255
permit any

int e 0/0
ip multicast-boundary filter-autorp 10

***Ensure to run this commands on all the multicast devices,may some devices are not having the preconfig.***

ip multicast-routing

ip pim autorp listner

interface range eX/X
ip pim sparse-mode

***SW300 ip pim igmp join-group was missing***

int vlan 2001
ip igmp join-group 239.130.1.1
ip igmp join-group 239.250.1.1

Sec - 3:

3.1:

***OSPF is preconfigured everywhere with the process id 1***

ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loop 0 force

router ospf 1
mpls ldp autoconfig

***in all the devices***

***ip vrf HollyMaya*** without RD is precinfigured.All the interface are in VRF preconfigured***

***RD value needs to be checked from the Output only & use the same RD as RT very important***

**************
65001:3 - DC1
65002:4 - DC2
65005:5 - MO
65004:6 - LO
**************

***All the sites import all***

*** in the output they are asking the interface e 0/0 ip of all the PE routers so we need to redistribute connected with the route-map

**************************************
R3-R6:

route-map connected
match interface e 0/0

router bgp 10000
add ipv4 vrf HollyMaya
red connected route-map connected
**************************************
*The same output as like in Passrns lab is to be verified during the practice*

***10.7.0.0/16 is to be seen as incomplete in the MPLS core*** so no need to aggregate 10.7.0.0/16 in R24***

3.2:

*Same as WB*

***65001 in DC1 and in MO/SO 65100***

***Ensure the allowas-in/local-as and also the AS-path access-list in MO/LO & in DC1 Summary prefix-list.***

***SW600 IBGP using connected interface and in R60 towards SW600 default-originate***

3.3:

***Same as WB***

R60:

ip route 0.0.0.0 0.0.0.0 e0/0 200.99.60.1

***Route-Leak from VRF to Global
access-list 101 permit any 10.6.0.0 0.0.255.255

***NAT***
access-list 102 permit ip 10.6.0.0 0.0.255.255 any

route-map INET permit 10
match ip add 101
set global

int e 0/0
ip policy route-map INET

ip nat inside source list 102 interface e 0/0 overload

int e 0/0
ip nat outside
int e 0/1
ip nat inside

3.4:

***Same as WB***

***R24 is perfectly preconfigured***

***MPLS core need to see the 10.7.0.0/16 as ?(incomplete) so no need to aggregate or put network statement**

***In R24***

ip route 10.7.0.0 255.255.0.0 e 0/0 201.99.24.1

router bgp 65002
redistribute static

Sec - 4:

4.1:


ipv6 nd raguard policy IPV6
device-role host

inter vlan 2001
ipv6 nd router-pref high

int ra e 0/0-3
ipv6 nd raguard attach-policy IPV6

4.2:

int e 1/0
ip verify unicast source reachable-via rx

Sec - 5:

***5.1/5.2 Same as WB but check for the Spellings.***

5.3:

***Same as WB do 5.3 & 5.6 together.***

5.4:

***Group and IP is configured just we need to make Active/Standby as per the requirement***
=========================================================================================

Edited by mavis, 01 April 2019 - 08:59 AM.
Duplicate topic merged.


Thanked by 14 Members:
elmo17 , Mbarahim , Danikn , cciemaster01 , nestorreyes , wangliqin1001 , nbxcv8 , VKosarev , Gsdhy , BloodyMery , Seymur2002 , celt2005 , kabritoe , aabuissa

#2 dinukro

dinukro

    Junior Member

  • Members
  • PipPip
  • 7 posts
  • 4308 thanks

Posted 01 April 2019 - 08:18 AM

Congratulation ... thank you for feedback ... enjoy your number :)

#3 Rev1

Rev1

    Member

  • Members
  • PipPip
  • 19 posts
  • 5 thanks

Posted 01 April 2019 - 09:49 AM

Big congratulations dude, really nice job.

I do have two questions:
1: what materials did you use during your preparation?
2: how long did you take before your appear in the exam?

#4 cciedude2019

cciedude2019

    Member

  • Members
  • PipPip
  • 31 posts
  • 350 thanks

Posted 01 April 2019 - 12:47 PM

View PostRev1, on 01 April 2019 - 09:49 AM, said:

Big congratulations dude, really nice job.

I do have two questions:
1: what materials did you use during your preparation?
2: how long did you take before your appear in the exam?

Rev1,
I used to spoto/c4c solutions. It took 1  year to get the number coz I didnt get enough time to concentrate due to job. Last 2 months I did labbing 8-10  hours/day.

Thanked by 2 Members:
nestorreyes , mguerrerop

#5 djpali

djpali

    Member

  • Members
  • PipPip
  • 10 posts
  • 61 thanks

Posted 01 April 2019 - 02:10 PM

Hello Bro,

Congratulation first of all.. I'm also planning to give exam this month.. I need your little help bro.. Can I have a chance to talk to you for a while? Can I get your skype ID privately.. ??

#6 terembura

terembura

    Member

  • Members
  • PipPip
  • 10 posts
  • 2675 thanks

Posted 01 April 2019 - 05:09 PM

View Postcciedude2019, on 01 April 2019 - 08:14 AM, said:

I got the magic number.  Thanks to certcollection and the one who shared valuable feedbacks and docs. Please find the below feedback.


Congrats bro!!

For MPLS section, since exam has preconfig if "no bgp default ipv4-unicast" did you activate IPv4 and VPNV4 both or just VPNV4 address family?

Edited by terembura, 01 April 2019 - 05:10 PM.


#7 cciedude2019

cciedude2019

    Member

  • Members
  • PipPip
  • 31 posts
  • 350 thanks

Posted 01 April 2019 - 08:40 PM

View Postterembura, on 01 April 2019 - 05:09 PM, said:

Congrats bro!!

For MPLS section, since exam has preconfig if "no bgp default ipv4-unicast" did you activate IPv4 and VPNV4 both or just VPNV4 address family?

terembura,
I did both ipv4 & vpnv4.

#8 AURES

AURES

    Member

  • Members
  • PipPip
  • 10 posts
  • 4 thanks

Posted 02 April 2019 - 04:57 AM

congratz

can u please share your WB.

#9 mlordx

mlordx

    Junior Member

  • Members
  • PipPip
  • 6 posts
  • 93 thanks

Posted 02 April 2019 - 05:08 AM

Congrats bro. I am planning to give my lab soon.

#10 hind0rz

hind0rz

    Member

  • Members
  • PipPip
  • 21 posts
  • 13 thanks

Posted 02 April 2019 - 09:47 AM

Congrats! Regarding the below, did you do any filtering for 14/15? I mean other than 14 towards the DMVPN?? Also just to confirm, you didn't add the "deny 10.0.0.0/16" in the beginning?

2.7:

*prefix-list with 0.0.0.0/0 * 10.0.0.0/13 ge 16 le 16*

***In R14 needs to be configured with the prefix filter on to the DMVPN.***


***R14,15,10,11,20,21***


As for 2.2:

IN DC1:

*OSPF is preconfigured evreywhere just need to add prefix-suppression/Passive interface all the SVI in SW110,111.


In my lab the SVIs were not passive, were you the one to make them passive? Any reason why not just leave them as is?

#11 qento

qento

    Member

  • Members
  • PipPip
  • 17 posts
  • 9 thanks

Posted 02 April 2019 - 01:15 PM

@cciedude2019

Gratz, man.

Can you please provide full configuration aboute L2L  ipsec with crypto-map and NAT. Did interface E0/1 of R71 with address 10.7.100.01 or 10.7.0.1?

#12 ta1yu2ri3to4

ta1yu2ri3to4

    Member

  • Members
  • PipPip
  • 28 posts
  • 2 thanks

Posted 02 April 2019 - 02:37 PM

Congratulation!

Regarding sec 2.9, my solution is following. If something is diiferent, please let me know. Especially I'm concern with IPv6 address value is same or not.

-----R14
ipv6 pre DEFAULT seq 5 per ::/0

router bgp 65001
nei 2001:DB8:10:1:149::1 remote 19999
nei 2001:DB8:10:1:144::1 remote 65001
add ipv6
  agg 2001:DB8:10:1::/64 sum
  nei 2001:DB8:10:1:149::1 act
  nei 2001:DB8:10:1:149::1 pre DEFAULT in
  nei 2001:DB8:10:1:144::1 act
  nei 2001:DB8:10:1:144::1 next-hop-s


-----R15
ipv6 pre DEFAULT seq 5 per ::/0

router bgp 65001
nei 2001:DB8:10:1:159::1 remote 19999
nei 2001:DB8:10:1:154::1 remote 65001
add ipv6
  agg 2001:DB8:10:1::/64 sum
  nei 2001:DB8:10:1:159::1 act
  nei 2001:DB8:10:1:159::1 pre DEFAULT in
  nei 2001:DB8:10:1:154::1 act
  nei 2001:DB8:10:1:154::1 next-hop-s


-----SW111
ipv6 pre DEFAULT seq 5 per ::/0

router bgp 65001
nei 2001:DB8:10:1:144::2 remote 65001
nei 2001:DB8:10:1:154::2 remote 65001
add ipv6
  net 2001:DB8:10:1/104
  nei 2001:DB8:10:1:144::2 act
  nei 2001:DB8:10:1:154::2 act
  m i 2


Thank you inadvance

#13 TJ4M

TJ4M

    Member

  • Members
  • PipPip
  • 29 posts
  • 2512 thanks

Posted 02 April 2019 - 03:14 PM

Congratulations!!!

#14 cciedude2019

cciedude2019

    Member

  • Members
  • PipPip
  • 31 posts
  • 350 thanks

Posted 02 April 2019 - 05:00 PM

View Postta1yu2ri3to4, on 02 April 2019 - 02:37 PM, said:

Congratulation!

Regarding sec 2.9, my solution is following. If something is diiferent, please let me know. Especially I'm concern with IPv6 address value is same or not.

-----R14
ipv6 pre DEFAULT seq 5 per ::/0

router bgp 65001
nei 2001:DB8:10:1:149::1 remote 19999
nei 2001:DB8:10:1:144::1 remote 65001
add ipv6
  agg 2001:DB8:10:1::/64 sum
  nei 2001:DB8:10:1:149::1 act
  nei 2001:DB8:10:1:149::1 pre DEFAULT in
  nei 2001:DB8:10:1:144::1 act
  nei 2001:DB8:10:1:144::1 next-hop-s


-----R15
ipv6 pre DEFAULT seq 5 per ::/0

router bgp 65001
nei 2001:DB8:10:1:159::1 remote 19999
nei 2001:DB8:10:1:154::1 remote 65001
add ipv6
  agg 2001:DB8:10:1::/64 sum
  nei 2001:DB8:10:1:159::1 act
  nei 2001:DB8:10:1:159::1 pre DEFAULT in
  nei 2001:DB8:10:1:154::1 act
  nei 2001:DB8:10:1:154::1 next-hop-s


-----SW111
ipv6 pre DEFAULT seq 5 per ::/0

router bgp 65001
nei 2001:DB8:10:1:144::2 remote 65001
nei 2001:DB8:10:1:154::2 remote 65001
add ipv6
  net 2001:DB8:10:1/104
  nei 2001:DB8:10:1:144::2 act
  nei 2001:DB8:10:1:154::2 act
  m i 2


Thank you inadvance

ta1yu2ri3to4,

IPv6 neighborship is established with directly connected interfaces , the address prefix  (:DB8:) may differ in the lab still thats not an issue as the address prefixes will be clearly mentioned in the diagram/configured in interfaces.




1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    fightertoend

Organization

Community

Downloads

Test Providers

Site Info


Go to top