Jump to content

wowman

Members
  • Content Count

    11
  • Joined

  • Last visited

Everything posted by wowman

  1. WHO wants to share any exam or questions for: Fortinet NSE 7 - Cloud Security
  2. Do you have any exam for: Fortinet NSE 7 - Cloud Security
  3. Any exam for Fortinet NSE 7 - Cloud Security
  4. If you want all routers to go throug R18, just advertise a default local preference on R18. Route will be received by RR, advertised to R15 and R16. Based on tiebreakers, Local Preference will win over eBGP, even if AD is 20 vs 200, Local Preference will win nonetheless.
  5. 172.18.1.0/24 can only be on Jamesons as exact /24 vía unsupress map or not supressing the adv vía summary only in R57. You must have it as /24 to properly select where to go to either R18 or L3VPN. You can not "not have it" because it the exam outputs require a different path between 17.18.1.0 and 172.x.x.0/24. Depending on the variation, if you have the /24 only vía R18, no metric type change is needed. If you know the /24 on both 15,16 and 18, just redistr E1 im 18 or increase the cost metric on 15/16 redistribution to higher than 20
  6. Why is R60 sending it towards As19999? Does R60 has a 10.7.0.0 route? It must be advertised from R14 on the DMVPN R 10.7.0.0 is either Redistributed (if origin incomplete is required) or aggregated on R24, sent to its RR, received by 22, sent to 65001 to all routers including 14.
  7. If you really want to learn, start doing the entire INE workbook including full scale and foundations. Narbik books are a good introduction but that is it. Narbik Workbook for Labs is good again for introductory tasks IP routing TCP/IP from Jeff Doyle is truly great for ospf and bgp theory Multicast Vol 1 from Beau is also great. Once your knowledge is solid enough, you can start dumping, it sounds stupid but you wont be able to memorize 5 cfg sets alomg tshoot. You better understand eveything the way it is supposed to be. C4c vm is good for practice, TS1 (ALL Bts), also TS2 BT1 and 2, i think there is a TS2 variation that is not on the vm. You can compare both SPOTO and C4C Ts and cfg configs to see their different approaches to each part. C4c workbook are way more easier to read than SPOTO. C4C Vm has some cef, broadcast Storm and crypto bugs on some parts, not sure if spoto uses the same IOS Diag is the same always, SPOTO has better resources in diag
  8. H3 is definitely the hardest of all 5 (h1,h1+,h2 and h2+) It is because of the way it is supossed to be done. I'm doing: LAN (Dot1q, etherchannel, stp) Infrastructure services (HSRP and IPv6 addressing, not routing) PPPoE at R71 OSPF on HQ and Remote sites OSPF at DC1 IBGP configurations eBGP configurations MPLS/L3VPN Internet Access (NAT and PBR VRF) Lan2Lan IPSEC (to get the 10.7.0.0/16 summary) Routing Policies and Routing Tunning IPV6 OSPF Multicast Services (SNMP, QoS, Ipv6 Raguard) In the end all 5 scenarios are about the same thing: LAN and PPPoE First If there is any HSRP configuration, do it first (although H2+/H2 HSRP is bugged because of CEF and DHCP snooping) If there is any DMVPN which needs a small BGP requirement or neighborship, do it first, so you can run OSPF on it Don't do any BGP or L3 VPN routing policy without finishing the main Core (IGP+IBGP+EBGP+MPLS+VPNV4) Do Internet access (Nat and public prefixes) Don't do any IPV6 without doing Routing policies Multicast always at the end of L3 services at all Do services, which doens't really relate to anything
  9. For the first question I think I've found it. When using P2MP on hub only, /32 from hubs won't be shared through hubs, only to the spoke, as it is basically an NBMA. When using P2MP on all spokes, all /32 routes from tunnel interfaces are known to each spoke. For the second one, I still don't know if changing mac on client instead of client id on routers would be a valid option. Also, in IPV6 BGP/OSPF reachability (question 6) Instead of using the network command in bgp on R15, we could just redistribute the entire OSPFv3 domain on BGP, it also leads to the same resolution, is it valid?
  10. Hi everyone I've been having some doubts in regards of what would be a "valid" solution for either DMVPN issues and DHCP (which are not only related to TS2 but other CFG labs). In DMVPN, when no DR is required to be configured, I see that every single Hub and Spoke changes its network type to P2MP. Which is absolutely valid. But is there any penalty for changing the type on the Hub only? I'm sure it achieves the same exact purpose. So: Instead of #ip ospf network point-to-multipoint (in all interfaces) (requires 3 commands) Could this be also a valid solution? (also 3 commands) #ip ospf net point-to-multipoint (in hub) #ip ospf hello 10 (in hub) #ip ospf dead 40 (in hub) Another thing is that, for DHCP services, where the main issue is always an incorrect client-id, I see that the change is done at DHCP router level (sometimes , there are 2 of them, using the same client-id which is wrong on the Client). Wouldn't a better solution would be to add a mac-address command matching such client-id on the client, instead of changing these on the servers? It works for the same purpose, but workbooks usually change these at router. Regards
  11. In H2 there is no reason to supress child routes from the summaries on R18 and R57. Purely based on that, you no longer need a way to get the exact /24 route for 172.18.1.0 on the OSPF in Jameson DC. Instead, there is no way to get the /24 address from MPLS/L3 VPN, as you supress these on 55 and 56 via aggregate. I'm not sure about the unsupress-map solution in H2+, where summary supression happens at R18 and R57, as this actual solution uses a route-map for the unsupress-map.... and it seems that a route-map is an invalid result. However, if this is valid, then you can just unsupress the /24 being advertised via network command and redistribute it via E1 instead of E2. On a possible variation, 55 and 56 could block 172.18.1.0/24 via prefix list to their PEs, if that is the case, you don't need to change the metric type in R18 redistribution If it only ask to block 172.0.0.0/8, then you would end up with 172.18.1.0/24 advertised via 15 and 16, just redistribute these as E2 and Redistribute E1 in R18 Or Redistribute both as E1 and increase the redistribution metric on R15/16
×
×
  • Create New...