Jump to content

Rein

Members
  • Content Count

    24
  • Joined

  • Last visited

Community Reputation

5 Neutral

About Rein

  • Rank
    Member

Profile Information

  • Gender
    Not Telling
  1. All labs are still active guys. I heard people getting them.
  2. I was not able to solve the backup path in the exam. So, I falled back to original configuration so that I satisfied the first part (2 points) at least. I tried to change ospf distance on the switch, and also tried to summarize 10.5.x.x prefixes to /16 on R14, but it didn't work. The problem is that SW111 prefers the longer ospf route 10.5.x.0/24 from DMVPN via R14 (when we redistribute ospf x into ospf y in AS65005, /24 routes are redistributed) than MPLS path 10.5.0.0/16. I think the solution should not be very difficult
  3. Yes, that's right. Just issue that command on the interface facing ISP.
  4. For section 2.10, Info source is 10.250.250.250 on SW100 output. There is no R13 output in question. For section 2.11, the output in the question is the same as what you have written. Info source is 10.1.113.2 on R13 output. Nevertheless, Cisco did not highlight Info source in the question. They only highlighted the RP address and the group. For me, I know the solution for 10.1.113.2 as info source but I just used Lo1 for DC1 (the same as SPOTO solution) because the requested output on SW100 in section 2.10 is 10.250.250.250 as Info source. The sample config is below 2.10 SW100/101 access-list 1 per 239.250.0.0 0.0.255.255 ip pim send-rp-announce lo1 scope 255 group 1 ip pim send-rp-discovery lo1 scope 255 SW100 ip msdp peer 10.1.101.101 connect-source lo0 ip msdp originator-id lo0 SW101 ip msdp peer 10.1.100.100 connect-source lo0 ip msdp originator-id lo0 SW100,SW101,R13 (if pim is not enabled on lo0) int lo0 ip pim sparse-mode 2.11 R30 access-list 1 per 239.130.0.0 0.0.255.255 access-list 2 deny 239.130.0.0 0.0.255.255 access-list 2 permit any ip pim send-rp-announce lo1 scope 255 group 1 ip pim send-rp-discovery lo1 scope 255 int e0/0 (towards R10) ip multicast boundary filter-autorp 2 R31 access-list 2 deny 239.130.0.0 0.0.255.255 access-list 2 permit any int e0/0 (towards R11) ip multicast boundary filter-autorp 2 And of course, autorp listener command and ip host commands.
  5. I used following order. I try to finish section 1,4,5 first. 1.2,1.3,1.1,1.4 4,5 2.1,2.2,2.4,2.5 2.3,2.6,3.2,2.7,2.8 3.1,3.3,3.4 2.9-2.11
  6. -For multicast, I used multicast boundary filter autorp command with ACL on R30 and R31 interfaces(towards R10,R11). It is perfect. -For backup path for 10.5.0.0/16 section, yes, I use lower LP towards RR from R14 so that the traffic from the Server to 10.5.0.0/16 go through MPLS. -For TS backup path, I successfully made both corporate traffic and internet traffic worked during the exam. However, the issue is with return path from the server towards 10.5.x.x. It's like DC1 is preferring R14 ospf more specific routes(/24) (as we redistributed ospf into ospf on R5x) even when MPLS is up. I tried to solve but spent quite a long time on this.
  7. -I have no idea about your lab booking issue. Try checking other location if the issue is just for Dubai. You can raise a ticket at [Hidden Content] -How long you will need for preparation depends on you. 3-4 months is pretty realistic if you are already comfortable with the technologies. -The materials with the contributor details are already shared in my first post. Just search in the forum.
  8. I think you are referring to isakmp keyring. We still have to remember and configure the keyring under vrf if the underlay is in the vrf. For H3 DMVPN, underlay is in vrf, but tunnel interface is not. So, need to configure tunnel vrf command. You also need to take note of the vrf command for NAT. Below is my short note when vrf keyword is needed. It just depends on the inside interface as we use "ip nat inside". Hope it helps. "in H2+ NAT underlay is global, (inside interface) tunnel is vrf so, in NAT, vrf interface must be used in H3 NAT underlay is vrf, (inside interface) tunnel is global so in NAT, no need to use vrf interface"
  9. Yes, I only did crypto for phase 1, 2 and apply the crypto map on R71. On R24, I added a static route for 10.7.0.0/16 pointing to ISP and redistribute into BGP as per the workbook. The pre-configured internet ACL on R71 is deny 10.7.0.0/16 to 10.0.0.0/8 and permit everything else. I was thinking if I should change the source to 10.7.0.0/24 but I did not change it. I didn't want to disturb the pre-config. Yes, the pre-configured NAT statements are with route-map; maybe to make more complex. These NAT statements were very similar to the ones which we got in TS2 earlier.
  10. By God's grace, I have passed the lab exam last week. Thanks certcollection and everyone who have contributed with solutions and discussions. Special thanks to Cisspin2019 (Spoto + C4C all lab files (September)), ncmccie (C4C CCIE R&S VM Cracked), terembura (C4C CCIE R&S All Videos Cracked). These shared resources were very useful to me. TS2 Q1. It is about port-security violation protect Q2. ACL issue on R14 Q3. It was about higher local pref and changing ospf cost to reflect the trace route. Q4. Pre-bestpath cost is configured. Removed set extcommunity on R20. The question said don't change bgp attribute. So, I'm not sure what I did was OK, but I think there is nothing else I can do to solve this(chaning LP, ospf cost did not work) Q5. DMVPN. Crypto map issue between hub and spoke. Just need to correct it. Q6. IPv6. DHCP pool and assignment issue on VLAN interface. Q7. MPLS. First fault is wrong neighbor password. 2nd part is about backup path via R51 when the primary path fail. On 51, there are 2 ospf processes and need to redistribute and origniate default route. I didn't do right for the 2nd part. Q8. Security. DHCP scope issues. Q9. DMVPN is up but ospf is not forming neighbor. ISP routers are not accessible. Q10. Usual NAT issue. Just change the outside NAT configuration. H3++ Same as Spoto. DHCP issue and Server,Attacker Cfg H3 Not much surprises except L2L VPN. The rest are pretty much same as Spoto/C4C workbook and other exam takers has already provided feedback. - L2L VPN - The question said LAN users in 10.7.0.0/24(not /16 as in the workbook) communicate with 10.0.0.0/8. ACL and NAT for Internet is already configured on R71. - Some preconfig are already there. - No passive interfaces preconfigured in Data Center 1. The question said don't change any preconfig. - R42 is not accessible. - Explicitly mentioned to not send unnecessary proxy ARP traffic on Internet Access seciton (on R60) Special notes especially for the first time takers: 1) the mouse seemed a bit slower and I was not comfortable at all. 2) Putty sessions stay on top of the windows(the questions, the topology) unless you minimized them. So, they might be covering the questions and topology sometimes. It may be better to put topology and questions on the right monitor. 3) Right click on putty does not do paste. Need to right click and select paste option from the drop-down menu. 4) Multiple putty sessions cannot be closed with a single click. I had to close them 1 by 1 and that consumed some time especially when I faced issue with the mouse (there may be ways to closed multiple sessions at once, but I do not know. I tried using SHIFT, CTRL) 5) Saving the config is not mandatory (well, according to the proctor. However, it's a good practice to save in case the VM crash ) 6) Config section is not limited to maximum 5 hr + 30 minutes (means if you finish TS in 1.5 hr, you will have 6 hrs for config; DIAG is set for 30 min) Thanks everyone again and Good Luck!
  11. 1. HTTP session from A to B (A clicks a link that it shouldn't and goes to B's fishing website.) 2. TCL script downloaded from B (A is the one running 'get' command, and downloads tcl from 3. TCP session from B to A (After A runs tcl, it creates a backdoor port on itself and B connects to A using this newly created backdoor.) 4. Ransomware is installed by backdoor (B installs a ransomware to A using backdoor previously created)
  12. For me, I do AS by AS..I complete all IGP, ipv4 BGP(VPNV4, VRF,MPLS,etc. if required) for each AS, then do the routing policies. If we follow according to the section number, you will be jumping here and there.
  13. I think we have to choose the victim's IP here. The logic is that the script has already been downloaded on victim's machine/router/server. The attacker connects to the script which is now on victim's.
  14. Sorry to hear that. Don't' give up and you will definitely make it next time.
  15. The *** website is so poorly written that it doesn't deserve to be credible. And this is the first time I see the dump vendor mentions This product is currently out of stock and unavailable. $-)
×
×
  • Create New...