Jump to content

balajijsh

Members
  • Content Count

    16
  • Joined

  • Last visited

Community Reputation

2 Neutral

About balajijsh

  • Rank
    Member
  1. Yes H3 config has come for a few persons (whom i know of)who have cleared/attended the exam in Bangalore.
  2. VRF YELLOW is preconfigured in R6 and R7. BGP peering on VRF Yellow in R6 and R7 shouldn't be established by us. Thats the catch
  3. The answers i selected are TCP connection from a remote host to the router’s IP address 10.1.1.1 on port 1337 TCP connection from the router to 10.1.1.2 Download of a TCL script in memory via HTTP Installment of a ransomware via a backdoor b. sudo poweroff c. tclsh [Hidden Content] Please extrapolate the Diag query as appropriate cos i dont exactly recollect the full question
  4. Yes, it is allowed to change. I didn't face any issues related to exec timeout during my exam.
  5. The options i selected in the diag for this query are listed below. Please extrapolate the Diag query as appropriate TCP connection from a remote host to the router’s IP address 10.1.1.1 on port 1337 TCP connection from the router to 10.1.1.2 Download of a TCL script in memory via HTTP Installment of a ransomware via a backdoor
  6. One other CCIE RS candidate passed on the same day. He got TS2 //Diag not sure//Config-H3
  7. Congrats dude. Awesome feedback. Section 3.3 --> Same as WB. dont forget to using this command "no ip proxy-arp", NAT is working everywhere, except on R60. Check it carefully. Where should this command be applied ? I presume R14 . Correct ?
  8. Are they in two different OSPF area IDs ?
  9. one small change - the "show ip route ospf" will have only /32 routes for all Lo interfaces. "Ip ospf prefix-suppression" command to be added under vlan 2000 and vl 2001. For reachability, advertise these two vlans in iBGP to RR (R13)
  10. Malsrary, Yes its been more than a month when i completed my CCIE
  11. RT is mandatory if you would like to route leak (import/export) in the VRF. However, in this requirement RT is not mandatory
  12. I took my exam on June 14 , 2019 and was able to get my CCIE #. Small Tips : People might have already shared on this forum but trying to reiterate the same. 1. Try to understand the packet flow in each sub section of a lab (TS or config), it will be useful to troubleshoot the issues in exam time 2. In each sub section of lab ( For instance, DC1 in H3 config), practice configuring all protocols at the same time ( OSPF, BGP, STP, DHCP, Multicast and NAT) 3. Practice makes a man perfect. Therefore, there is no substitute for practice. 4. Until you select "Start lab", the timer for TS/Diag doesnt start in the computer. However the moderator/invigilator has different set of timings and he clearly mentions them on the board. So please be aware to click on the appropriate buttons on the page. Section TS : Ticket 1 : It took more than 20 minutes to realize that there is "port security" configured in SW410. Because in the practice labs, the faults were mostly in SW400/SW401. Since i understood the packet flow, i was able to crack it Ticket 2: NAT was not configured (ip nat inside/outside) in R14. Once NAT was configured, traceroute from Server1 in DC1 to ISP got matched exactly Ticket 3:: Fault 1: iBGP neighborship between R22 and R23 (BGP RRs) was down. In R23, the lo0 interface was part of a different OSPF ID. Fault 2 : Advertised R12-R22 link and R13-R23 link on both R12 and R13( should not advertise on R22 and R23) to exactly match the traceroute output requested. Ticket 4: Fault 1 : R10 was advertising higher LP for Large Office (10.4) and Medium Office ( 10.5) networks. Two solutions - reduce LP in R10 or increase LP in R12 Fault 2 : BGP cost community attribute used in R20/R21. We can use the command to ignore the cost community in best patch calculation and also increase OSPF cost of R20 Lo0 Ticket 5 : DMVPN tunnel parameter mismatch. Traceroute expected from Server1 to small office vlan 100/101. Therefore OSPF between R60 and SW600 need to be established. Spoke to spoke communication(R60, R51) has to be verified. This is very important Ticket 6: Ipv6 DHCP server configuration needed to be added on Vlan 2001 in SW111 Ticket 7: MPLS password mismatch between peers in the MPLS VPN network (CISCO and CISC0 - Note the alpahabet "O" and number "0") - This was a very subtle difference and i was not able to crack it during exam hours- i actually removed the password and traceroute worked but probably might have lost marks for it. Ticket 8 : DHCP server in HQ was providing incorrect GW ( Vlan 2001 HSRP IP was provided as GW to user in Vlan 2000 and vice versa). Modify the GW in DHCP server configuration and increase the DHCP lease timer to infinity. Ticket 9 : Fault 1 :NAT was incorrectly configured in R71. ( IP nat inside missing on the interface facing R70/NAS). Fault 2 : DMVPN tunnel key mismatch between R24 and R71. Please remember to Copy paste the tunnel key from DMVPN HUB (R24) into Spoke (R71) and not vice versa Ticket 10 : Couldnt crack the NAT configuration. There was ACL configured on Server2 to permit only a few networks. I had inadvertently removed it without copying the existing config. I used the whole 2 hours and additional 30 minutes but couldn't find solution in R24/R25. Section Diag : H3 diag Need to select the following options from drop down list 1. a. show ip dhcp relay information trusted sources b. Search for the first "DHCP discover" packet with source IP 0.0.0.0 in the packet capture and select the packet no c. Highlight link between SW1-SW3 2. Attacker is 10.1.1.1, Server 10.1.1.2 a. Select the following options for question TCP connection from a remote host to the router’s IP address 10.1.1.1 on port 1337 TCP connection from the router to 10.1.1.2 Download of a TCL script in memory via HTTP Installment of a ransomware via a backdoor b. sudo poweroff c. tclsh [Hidden Content] Section Config : Config lab as per SPOTO its termed "A4" and in cert collection forums its termed "H1 plus" Same as in WB. There will be additional VRFs(Yellow VRF) configured on R6 and R7 in the MPLS VPN (AS 12345). But eBGP neighborship has to be established as per requirement. Questions were very precise. The network diagrams were very clear and easy to understand. Configuration was easy as i had practised well and i was able to complete them in 3 hours 15 minutes. Then went for a walk outside the building for 15 minutes. Came back and finished all verifications (Traceroute outputs, Ping). Use the command "no mpls ip propagate-ttl" to disable MPLS TTL propagation and match traceroute. Add weight in R20 towards R3 (INET VRF) because traceroute was very specific to go via R3 at all times. Good luck everyone !
  13. How do i open the UNL file attached here ? SPOTO CCIE LAB RS V5 H2 Plus CFG v19_UNL.rar
  14. Section 4 There is requirement that request not to use "deny statement in Access-List" on R17 for Control Plane Protection Policy. How do you achieve this ?
×
×
  • Create New...