You are on page 1of 5

I just come from MY exam and i passed T-shoot 1000/1000 i want share some experience there i had Only

one BUG IN exam For question access map U need to choice Aswn1 to get correct Answer because if u make Dwsn1 U will see not there Option to get correct answer.. Well all those TT are the same all The TTs that I got are mentioned below: 1. ASW1 Allowed Vlan 2. ASW1 Port Security 3. ASW1 Access Vlan 4. DSW1 Access Map 5. DSW1 HSRP 6. R4 IP DHCP first delete ip dhcp excluded-address 10.2.1.1 10.2.1.253 and then enter ip dhcp excluded-address 10.2.1.1 10.2.1.2 9. R2 IPv6 10. R1 NAT ACL 11. R1 L3 Security ACL 12. R1 BGP Wrong BGP Neighbor Address 13. R1 OSPF Authentication I didnt get there any IP Helper there also i checked all TT and IP helper was not configured there.. Well now I want to Describe how to find more easy the TT first with 3 TT which be ON R1.. IN 3 TT U can Ping 10.1.1.1 which tickets are Nat , BGP , Access list , remember IN 3 TT U can ping 10.1.1.1 which is R1 totally are 4 TT on R1 which IN one Ticket u cannot ping 10.1.1.1 but u can ping 10.1.1.2 which Ticket is Ospf authentication. Dont lose ur time use abort abort abort and abort First I found those 3 TT where I can ping 10.1.1.1 and one ticket when u cannot ping 10.1.1.1 but u can ping 10.1.1.2 which is ospf authenteticaton 4 TT Gone of R4 now Find 2 TT HSRP and IPV6 which are so clearly as question.. Now totally 6 TT GOneeeee Next steeep FIND 4 TT which Client 1 Get IP address 169.x.x which are Access vlan 10 , port security issused on f0/1/0 , Trunking Interface Those 3 TT u Must must must Check ON ASW1 Remember One TT is ON R4 Layer 3 Topology which Client get IP 169.x.x.x which Is DHCP ON R4 router R4 IP DHCP first delete ip dhcp excluded-address 10.2.1.1 10.2.1.253 and then enter ip dhcp excluded-address 10.2.1.1 10.2.1.2 Now 10 TT Goneeeeeeeeeee now Find TT which Client get IP address 10.x.x.x but cannot ping the Gateway Using abort that Is Access Map but in this TT is one BUG and U need to choice ASW1 to get Correct answer because doesnt see any option Vlan acl / Port ACL * IF u select AWS1 U will see this One Vlan Acl POrt now 11 TT GONeeee now 2 TT Of R4 which Client get IP address 10..x.x.x Route Redistribute , and Passive Interfaceee ,, I played with those 2 TT for more 20 MIN just to play and to spend the time because i did exaaamm so fast 30 MIN

and i stayed for 1 Hour well now are ONLY 2 TT When select One TT of them IN one U will see wrong redistribute I mean name of spelling of Route map if U use abort and JUMP another TT U will see then Correctly Route map spelling name and u will see another one new with Passive Interface Under EIGRP Well the First I end this one with wrong spelling route map.. and for this one the last with passive interface i did in the end and u must select R4 EIGRP no passive interface under eigrp process in Interface f0/1 and f0/0 now 13 TT GOneeeee 100% Well also i want tell YOU something is better to Useeee 46Q there are all all all all all the answers the same when U select just there in that DUMP are 2 questions WRONG Interface Trunking allow vlan 10 , correct answer is 10.200 now as that dump 10.20.200 keep this In Mind.. and another one Port security In this dump 46Q are Wrong for this one port security need to choice with shutdown and no shutdown there on dump write somthing different right I hope this have been Information for all OF you Here is the strategy which I Useddddddd Problem Device Problem Description A > ASW1 > Access VLAN 10 ( Layer 2 )host 1- 169.x.x.x P > ASW1 > Port-Channel not allowing VLAN 10 ( layer 2 )host 1- 169.x.x.x S > ASW1 > Port Security needs to be disabled ( layer 2 )host 1- 169.x.x.x H > DSW1 > HSRP Track 10 ( layer 3 ) host 10.x.x.x V > DSW1 > VLAN Filter ( layer 2 ) host 1 -10.x.x.x E > R4 > DHCP wrong exclude address host 1- 169.x.x.x P > R4 -> Passive Interface Under eigrp 10 host 1 10.x.x.x R > R4 > Route Redistribution ( layer 3 )host 1- 10.x.x.x 6 > R2 > IPv6 OSPF ( Ipv6 topology ) ipv6 ip add B > R1 > BGP wrong Neighbor IP ( layer 3 )host 1 10.x.x.x N > R1 > NAT ACL miss configured ( layer 3 ) host 1- 10.x.x.x A > R1 > ACL blocking traffic on int ( layer 3 )host 1- 10.x.x.x O > R1 > OSPF Authentication issue ( layer 3 ) host 1 10.x.x.x Try the following strategy.. if you have got time This i have found from one of the post. your strategy is good, but how will you find out which ticket is having that particular issues this may help you If you can ping 10.1.1.1 Then faulty device is definitely R1. Check this website. This is 100% correct. From client ping 10.1.1.1. If successful then R1 is the faulty device. It is simple concept. Any device before that does not have faulty configuration. Because you can reach R1 it means DSW1, R4, R3, R2 is allowing you to reach R1. If any of them had wrong configuration then you would not be able to ping 10.1.1.1. From client I pinged 10.1.1.1 more frequently then others. Once you can ping 10.1.1.1 then you definitely know the fault is with R1. No doubt about about that. 1. Can be faulty BGP neighbour. Wrong ip address of neighbour. Use show run. You know where to look. Under router bgp 65001.> sh ip bgp sum

2. Check NAT access list. Look for permit statement. If permit 10.2.0.0 0.0.255.255 is not present then it is NAT Access list. 3. Check edge_security access list. If the permit statement is missing for permit 209.65.200.224 0.0.0.3 then it is IPV4 layer 3 security. So, you can see that if you can ping 10.1.1.1 but can not ping 209.65.200.241 then 3 TT for R1. Now if you can ping to 10.1.1.2 but can not ping 10.1.1.1 then it is definitely R1. ip ospf authentication message-digest on serial0/0/0/0.12 interface. Check configuration on R1. You will see that ip ospf authentication message-digest is missing. So it R1, OSPF, ip ospf authentication message digest. In total R1 has 4 TT. 3 TT You can ping R1 but can not ping 209.65.200.241 1 TT You can ping 10.1.1.2 but can not ping 10.1.1.1. As soon as I opened a TT > I used ipconfig to see the ip address. If it is 169.XXX then 3 TT for ASW1. If it has valid ip address such as 10.2.1.3 then i immediately pined 10.1.1.1 to see if the fault is with R1. 3 TT gone. Total 6 TT gone in the blink of an eye. ASW1 3 TT if ip address is 169.xxxx (1.switch port security: Symptoms for this ticket:1- Client 1 is getting 169.x.x.x ip address 2- Client 1 is unable to ping Client 2 as well as DSW1. 3- sh interfaces fa1/0/1 will show following message in the first line enFastEthernet1/0/1 is down, line protocol is down (err-disabled) 4- sh running-config, you will see switchport port-security mac-address 0000.0000.0001 configured under fa1/0/1. if u did not have the port in err-disable mode but in the config there was a port security mac 0.0.0.0.. command assigned so if u do show int fa 1/0/1 it will show it as UP so do not get confused) (2.vlan1> vlan10) (3.trunk allowed: int range portchannel13,portchannel23 switchport trunk allowed vlan none switchport trunl allowed vlan 10,200) R1 3TT if you can ping R1 10.1.1.1 R1 1TT if you can ping 10.1.1.2 but can not ping 10.1.1.1 If HSRP mentioned then you know it is DSW1 If ipv6 or ospfV3 mentioned then you know it is R2. 9 TT very simple. Now if you can not ping 10.1.1.1 or 10.1.1.2 then you come back near client. Like DSW1, R4. DSW1 1 more TT Vlan ACL Look for VLAN Access Map R4 3 TT: EIGRP Passive interface , DHCP on R4 which get IP add 169.x.x , OSPF-to-EIGRP (OSPF>EIGRP). also now we have 2 TT new to idendify them if client now get ip add 169.x.x also check ON R4 for DHCP this new One again ON R4 for passive Interface now totally we have 3 TT ON R4 4 TT on R1 Dws1 2 TT R2 1 TT Asw1 3 TT

* Note: The bug has been fixed recently so you can select DSW1 device, next page you have to scroll down and you will find the VLAN Access List/PACL option. Best wishes to those who are going to take this exam!

Hello network_user,
You can find Belal strategy in the comments section of all tickets. Just in case if you couldnt find it.I have pasted it below. Dont forget to read other comments like the ticket symptoms by Naveed for each and every tickets,it really helps you when you are confused ,since many tickets look similar and the strategy posted above (ENA) is also very good.What I did was I wrote the Belal strategy in the writing pad you get for the test and followed tips suggested by ENA too.like finding the R1 questions and the easier hsrp ,ipv6 questions first and answering them using abort. Choose the strategy which you think is easier to follow. Belals Strategy: All TTs are still valid and same as mentioned under networktut. I got multiple choices and 13 TTs. Except EIGRP AS all TTs came. In All TTS Client1 will have valid IPs (except 4 TTs of 169.x.x.x). I did my complete exam using only ipconfig, ping and show run commands and never felt to use any other command. One thing is very important that you should have complete understandings of TTs other wise you will not able to understand 2 or 3 TTs because Cisco made very minor changes in mulitple choices or in configuration. The IP scheme between R4, DSW1 and DSW2 is 10.1.4.x. When i entered in LAB, before starting my exam i wrote the below lines on the provided sheet and then it became very easy to solve the TTs. To solve the TTs i followed the following scheme and order: (remember to use ipconfig and ping always in Client1 for all TTs) ->> If it is 169.x.x.x there are 4-TTs 1.ASW1 port security (show-run ASW1 if 1/0/1 and 1/0/2 are in Vlan10, apply sh int for both) 2.ASW1 access vlan 10 (show-run and check ASW1 if 1/0/1 and 1/0/2 are in Vlan1, if they are stop!) 3.ASW1 switch-to-switch (show-run ASW1) 4.R4 DHCP excluded (show-run R4) ->> If client got IP address then 2 options: -First, if client1 can ping 10.1.1.1 not to server 209.65.200.241 (3TT) ALL IN R1 1.R1 NAT (10.2.0.0) (show-run R1)(sh ip BGP summary) 2.R1 BGP (56-65) (show-run R1)(sh ip BGP summary) 3.R1 ACL (show-run R1)(sh ip BGP summary) -Second , Client cant ping 10.1.1.1 but it can ping to 10.1.1.2) then: (1TT) 4-R1 OSPF authentication (show-run R1 + R2) -Thirdly, if client1 cannot ping 10.1.1.1, then (4 TTs) 1. DSW1(ASW1) vlan access map(vlan acl port) *** this one cannot ping even gateway (Check vlan-filter command, which contain vlan access-map, this contain access-list no., now check accesslist no. It can drop the packet for PC conntected to ASW1.) 2. R4 Route redistribution: (show-run R4)(EIGRP->OSPF is created and EIGRP-TO-OSPF is used) 3. R4 EIGRP Passive Interface: passive interface (show-run R4)(sh IP protocols ) 4-R4-EIGRP AS: AS number of EIGRP is different is used To verify show IP protocols. ->> Finally, there are 2 distinct TTs, - HSRP on DSW1: Check DSW1 Use track 10 instead of track 1 (show run) and this is the only

question you will see tracking. - OSPF IPv6 on R2: On serial interface use area 0, not area 12 (show run), you will recognize this TT by reading ticket because it is the only TT which says about IPv6. Note: The above scheme i copied from one comment under networktut, i dont remember the name. Sory to mention under my comments but it was just to help others. Please feel free for any query, my email address belal_fouzi@yahoo.com