You are on page 1of 27

CCIE R&S Sample Diag from real test posted in certcollection by users:

Posted 31 March 2015 - 04:53 AM

Ticket# 1
You are the network administrator of a layer 3 switched network. A user in a VLAN is complaining
that he cannot communicate with other users besides him. The other users have not complained and
have no trouble reaching each other.
What is the most likely cause of this issue?

Solution:
Do "show ip interface brief" on SW3, You will find the interface is in down/down status. This is caused
by portfast or port security configuration on the port connected to the user.

Ticket# 2
The network administrator is considering limiting what addresses will be allowed to send traffic on
switch ports within the switched network. The administrator wants to allow only host A to have
access to Ethernet0/0.
What is the best method to do this?

Solution:
The administrator can configure MAC address of host A manually with the switchport security feature
of the MAC address sticky. Issues on SW3, Eth1/0 is down/down due to port security.

Ticket# 3
The network administrator is running a VPN network via DMVPN between sites A & B. The EIGRP
protocol has been used in their network. After the administrator did some maintenance, the VPN
tunnels dropped and has been down.
What is the most likely cause of this issue?

Solution:
On site A or B, the NBMA address has been declared within EIGRP. The address must be selected and
deleted from there. This is the issue with EIGRP. On R15 EIGRP section, there is a redistribute
connected command.

Ticket# 4
The network administrator is considering running uRPF within his network to mitigate problems that
are caused by the introduction of malformed or forged IP source addresses. This will cause the
packets to be discarded because it lacks verifiable IP source address information.
All the required information is provided below. Which sequence of five actions should be
recommended to the network administrator? When a packet is received, please put the following
sequence in the correct order if uRPF and ACLs are used.

Solution:
1. Input ACLs configured on the inbound interface are checked.
2. CEF table (FIB) lookup to find interface for packet forwarding.
3. Unicast RPF checks to ensure that the packet has arrived on the best return path source by doing a
reverse lookup in the FIB table.
4. The packet is forwarded.
5. Output ACLs are checked on the outbound interface.

Ticket# 5
You are working as a network administrator of a network where, users connected to R1 are reporting
problems in accessing web based services. As per information provided in the ticket logs, Host 1 is
not able to ping Web Address 8.8.8.8 while Host 2 does.

Diagram: See Attached File

Configurations and Outputs:

R1 and R2, R1 and R3 are configured eBGP.


R2 and R3 are running iBGP.
R1 is receiving many routes via R2 and R3.
R1, R2 and R3 are configured with BGP community and other attributes.

R1 prefers R1-R3 path to access Web.


Web prefers R2-R1 path to access Host 1.

R1 is configured with 2 NAT statements:


R1 is translating Host 1 connected with Eth0/0 to its Loopback0.
R1 is translating Host 2 connected with Eth0/1 to its Loopback1.

R1 is configured with uRPF on its interface Eth0/2.

For your understanding:

uRPF is configured on R1's interface Eth0/2 (connects to R2) which says any source which is not
learnt via this interface, packets will be dropped for that. Route 8.8.8.8 or 0.0.0.0 is being preferred
via interface Eth0/3 (connects to R3).

Part 1 Question:
Order correct 8 options from below list to explain to your colleague the problem why Host 1 is
unable to ping the Web Server:

Options
Packets are received by R2 and forwarded to the destination
Packets are received by R3 and forwarded to the destination
R1 looks up its routing table (RIB) and selects interface E0/3 as Egress Interface.
R2 and R3 drop the packet due to missing routing information for the destination
The destination does not reply with an icmp echo reply
R2 transmits the echo reply to R1
R2 and R3 drop the packet due to missing routing information for the source
Unicast RPF on R1 drops the echo reply
R1 translates the source IP address to its interface loopack0
R1 looks up its routing table (RIB) and selects interface E0/2 as Egress Interface
R1 access-list drops the echo reply
The echo reply is routed via R2
The destination replies with icmp echo reply
The echo reply is routed via R2
R1 translates the source IP Address to its interface Loopback1
R3 transmits the echo reply to R1
The echo reply is routed via R3
R1 transmits the icmp request to R3 via interface E0/3

Answers
R1 looks up its routing table (RIB) and selects interface E0/3 as Egress Interface.
R1 translates the source IP address to its interface loopack0
R1 transmits the icmp request to R3 via interface E0/3
Packets are received by R3 and forwarded to the destination
The destination replies with icmp echo reply
The echo reply is routed via R2
R2 transmits the echo reply to R1
Unicast RPF on R1 drops the echo reply

Suggestions for your understanding:

> The idea is, when Host 1 issues ping to internet, it gets send to R1.
> R1 looks up the destination IP address in RIB.
> It finds E0/3 (connection to R3) as exit interface.
> It changes the source Private IP to NAT/PAT IP.
> It forwards icmp echo requests to R3.
> R3 looks up its table and sends to internet.
> Internet replies back to Host 1 via R2.
> R2 sends reply to R1 via interface E0/2.
> R1 looks up reverse path in RIB as per uRPF rules.
> R1 finds source being learnt via E0/3 (connecting to R3).
> It drops the reply.

Part 2 Question 1:
What is the most likely cause of the problem?

Solution: uRPF

Part 2 Question 1 Alternate:

Select what is most likely cause of the problem:

> Asymmetric routing with unicast RPF.


> Symmetric routing with unicast RPF.
> Routing loop due to wrong BGP community configuration.
> Traffic dropped via access list.
> Traffic dropped because of oversubscription of bandwidth.
> Traffic dropped because of incomplete routing information.
> Traffic dropped because of oversubscription of input queue.
> Traffic dropped because of oversubscription of output queue.

Solution: Asymmetric routing with unicast RPF.

Posted 01 April 2015 - 06:48 AM

Hi Kapss

The correct answer to Ticket 4 is as follows:

1. Input ACLs configured on the inbound interface are checked.


2. Unicast RPF checks to ensure that the packet has arrived on the best return path source by doing a
reverse lookup in the FIB table.
3. CEF table (FIB) lookup to find interface for packet forwarding.
4. Output ACLs are checked on the outbound interface.
5. The packet is forwarded.

Reference:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfr
pf.html

Posted 01 April 2015 - 10:06 PM

I disagree with Question 5, part 1. I would pick the other similar answer. I hope you know what I
meant.

Posted 01 April 2015 - 10:08 PM

@Kapss

I would pick the other side on step 1 and 3 in Q5, part 1. Good luck.

Posted 21 April 2015 - 09:45 PM

I failed my attempt, the questions are different in the diag section now. the same topology but the
problems changed.
ticket 1 - there is no port-security on the port to user's vlan. I didn't solve this one

ticket 3 - the tunnel flaps but there is no option to exclude the nbma interface of hub. I didn't solve
this one

ticket 5- t2 receives the packet from r1 but use urpf strict mode and drops packet

Posted 20 May 2015 - 12:20 PM

my friend took the exam today. All 3 DIAG Qs get 0%. Hope someone can let me know if there is
partial grading for DIAG so we can know not to choose these answers the next time round.

his answers:

DIAG 1: User not getting IP from DHCP


-------------------
PART 1:
which device is likely the problem = SW3
command to check = sh ip int bri

PART 2:
Problem device = SW3
Problem = ask user for mac address, cause i saw DHCP snooping on SW3

DIAG 2: DM HUB AND SPOKE FLAPPING (midchain-loop)


-------------------
Select problem device = DM HUB
Device issue = s4/0 is advertised in EIGRP (Something like that)

DIAG 3: URPF
------------------
PART 1: drag and drop ( did not complete as left 5 mins)
PART 2: where is the problem = assymetric routing with loose urpf.

Hope it helps.

 Like This

 Back to top
 Quote
 MultiQuote
 Thanks
 Posted 10 January 2016 - 08:57 AM
 Recently Diagnosis changed

3 tickets are MPLS, IPV6 HSRP and Multicast

Please post questions and their solutions.


 Posted 14 January 2016 - 04:12 AM
 I know about the IPv6 HSRPv2 and Multicast.
But where did the MPLS came from?
Who got it?
 Posted 02 March 2016 - 04:27 AM
 all diag from certcollection forum; I hope this will help you

===========================================================
=======
=============================V1============================
=======
===========================================================
=======

Ticket# 1
You are the network administrator of a layer 3 switched network. A user in a VLAN is
complaining that he cannot communicate with other users besides him. The other users
have not complained and have no trouble reaching each other.
What is the most likely cause of this issue?

Solution:
Do "show ip interface brief" on SW3, You will find the interface is in down/down status. This
is caused by portfast or port security configuration on the port connected to the user.

Ticket# 2
The network administrator is considering limiting what addresses will be allowed to send
traffic on switch ports within the switched network. The administrator wants to allow only
host A to have access to Ethernet0/0.
What is the best method to do this?

Solution:
The administrator can configure MAC address of host A manually with the switchport
security feature of the MAC address sticky. Issues on SW3, Eth1/0 is down/down due to
port security.

Ticket# 3
The network administrator is running a VPN network via DMVPN between sites A & B. The
EIGRP protocol has been used in their network. After the administrator did some
maintenance, the VPN tunnels dropped and has been down.
What is the most likely cause of this issue?

Solution:
On site A or B, the NBMA address has been declared within EIGRP. The address must be
selected and deleted from there. This is the issue with EIGRP. On R15 EIGRP section, there is
a redistribute connected command.

Ticket# 4
The network administrator is considering running uRPF within his network to mitigate
problems that are caused by the introduction of malformed or forged IP source addresses.
This will cause the packets to be discarded because it lacks verifiable IP source address
information.
All the required information is provided below. Which sequence of five actions should be
recommended to the network administrator? When a packet is received, please put the
following sequence in the correct order if uRPF and ACLs are used.

Solution:
1. Input ACLs configured on the inbound interface are checked.
2. CEF table (FIB) lookup to find interface for packet forwarding.
3. Unicast RPF checks to ensure that the packet has arrived on the best return path source
by doing a reverse lookup in the FIB table.
4. The packet is forwarded.
5. Output ACLs are checked on the outbound interface.

Ticket# 5
You are working as a network administrator of a network where, users connected to R1 are
reporting problems in accessing web based services. As per information provided in the
ticket logs, Host 1 is not able to ping Web Address 8.8.8.8 while Host 2 does.

Diagram: See Attached File

Configurations and Outputs:

R1 and R2, R1 and R3 are configured eBGP.


R2 and R3 are running iBGP.
R1 is receiving many routes via R2 and R3.
R1, R2 and R3 are configured with BGP community and other attributes.

R1 prefers R1-R3 path to access Web.


Web prefers R2-R1 path to access Host 1.

R1 is configured with 2 NAT statements:


R1 is translating Host 1 connected with Eth0/0 to its Loopback0.
R1 is translating Host 2 connected with Eth0/1 to its Loopback1.

R1 is configured with uRPF on its interface Eth0/2.


For your understanding:

uRPF is configured on R1's interface Eth0/2 (connects to R2) which says any source which is
not learnt via this interface, packets will be dropped for that. Route 8.8.8.8 or 0.0.0.0 is
being preferred via interface Eth0/3 (connects to R3).

Part 1 Question:
Order correct 8 options from below list to explain to your colleague the problem why Host
1 is unable to ping the Web Server:

Options
Packets are received by R2 and forwarded to the destination
Packets are received by R3 and forwarded to the destination
R1 looks up its routing table (RIB) and selects interface E0/3 as Egress Interface.
R2 and R3 drop the packet due to missing routing information for the destination
The destination does not reply with an icmp echo reply
R2 transmits the echo reply to R1
R2 and R3 drop the packet due to missing routing information for the source
Unicast RPF on R1 drops the echo reply
R1 translates the source IP address to its interface loopack0
R1 looks up its routing table (RIB) and selects interface E0/2 as Egress Interface
R1 access-list drops the echo reply
The echo reply is routed via R2
The destination replies with icmp echo reply
The echo reply is routed via R2
R1 translates the source IP Address to its interface Loopback1
R3 transmits the echo reply to R1
The echo reply is routed via R3
R1 transmits the icmp request to R3 via interface E0/3

Answers
R1 looks up its routing table (RIB) and selects interface E0/3 as Egress Interface.
R1 translates the source IP address to its interface loopack0
R1 transmits the icmp request to R3 via interface E0/3
Packets are received by R3 and forwarded to the destination
The destination replies with icmp echo reply
The echo reply is routed via R2
R2 transmits the echo reply to R1
Unicast RPF on R1 drops the echo reply

Suggestions for your understanding:

> The idea is, when Host 1 issues ping to internet, it gets send to R1.
> R1 looks up the destination IP address in RIB.
> It finds E0/3 (connection to R3) as exit interface.
> It changes the source Private IP to NAT/PAT IP.
> It forwards icmp echo requests to R3.
> R3 looks up its table and sends to internet.
> Internet replies back to Host 1 via R2.
> R2 sends reply to R1 via interface E0/2.
> R1 looks up reverse path in RIB as per uRPF rules.
> R1 finds source being learnt via E0/3 (connecting to R3).
> It drops the reply.

Part 2 Question 1:
What is the most likely cause of the problem?

Solution: uRPF

Part 2 Question 1 Alternate:

Select what is most likely cause of the problem:

> Asymmetric routing with unicast RPF.


> Symmetric routing with unicast RPF.
> Routing loop due to wrong BGP community configuration.
> Traffic dropped via access list.
> Traffic dropped because of oversubscription of bandwidth.
> Traffic dropped because of incomplete routing information.
> Traffic dropped because of oversubscription of input queue.
> Traffic dropped because of oversubscription of output queue.

===========================================================
=========
===========================================================
=========

Solution: Asymmetric routing with unicast RPF.

Step 1 Input ACLs configured on the inbound interface are checked.

Step 2 Unicast RPF checks to see if the packet has arrived on the best return path to the
source, which it does by doing a reverse lookup in the FIB table.

Step 3 CEF table (FIB) lookup is carried out for packet forwarding.

Step 4 Output ACLs are checked on the outbound interface.

Step 5 The packet is forwarded.

above from
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfr
pf.html

===========================================================
=========
===========================================================
=========

Question 1;
You are the network administrator of a Layer 3 switched network. A user in one VLAN is
complaining that he cannot communicate with other users. Besides, other users do not
have any complain to reach each other. What is most likely the cause of this issue?
To make a diagnosis this issue, you must check the configuration and port status of Sw3
which is connected to that user who is complaining.
Answer;
On Sw3, do “show ip interface brief” command. Then, you can find interface is down/down
status and it is caused by portfast configured on port connected to user.
Question 2;
For the security purpose, network administrator is considering to fix the ability to limit what
address will be allowed to send the traffic on individual switchports within switchied
network. In case if this, the administrator want to allow Host A to access Ethernet port 0/0
only. What is the best to do this?
To make a diagnosis this issue, you must check the configuration and port status of
Ethernet 0/0 first and whether port-security has been configured for Host A.
Answer;
On Sw, you should make sure that mac address of host A must be configured manually with
“port-security sticky address”.
Question 3;
You are the network administrator is operating VPN networking via VPN tunnel (DMVPN)
between Site A and Site B. EIGRP protocol has been used in this network but after
administrator did some maintenances, VPN tunnel has been down. What is most likely the
cause of this issue? (the status will be shown in detail)
To make a diagnosis this issue, you must check the configuration of DMVPN and any mis-
configured, routing issue on relevant sites.
Answer;
On Site A or Site B, “NBMA address” has been declared into EIGRP. You must select to
delete that address from there. This issue is in EIGRP.
Question 4 (Drag & Drop);
The network administrator is considering of setting uRPF for his network to mitigate
problems that are caused by the introduction of malformed or forget (spoofed) IP source
address into a network by discarding IP packets that lack a verifiable IP source address.
All information is provided below, which sequence of five actions should be recommended
to the network administrator. Please make it corrected sequence when a packet is received
at the interface which is configured with uRPF and ACLs.
To make correct sequence, you must be acknowledge that Unicast RPF is an input function
and is applied only on the input interface of a router at the upstream end of a connection.
Answer;
You should drag each one in left side to drop on right blank in sequence.
Before Answer, it is mixed
Answer
1-Input ACLs configured on the inbound interface are checked.
1-Input ACLs configured on the inbound interface are checked.
2-CEF table (FIB) lookup is carried out for packet forwarding.
3-Unicast RPF checks to see if the packet has arrived on the best return path to the source,
which it does by doing a reverse lookup in the FIB table.
3-Unicast RPF checks to see if the packet has arrived on the best return path to the source,
which it does by doing a reverse lookup in the FIB table.
2-CEF table (FIB) lookup is carried out for packet forwarding.
4-The packet is forwarded.
5-Output ACLs are checked on the outbound interface.
5-Output ACLs are checked on the outbound interface.
4-The packet is forwarded

===========================================================
===========
===========================================================
===========

Configurations and Outputs:


User connected in vlan 501 on SW3.
Interface on SW3 is configured in Vlan 501.
Interface on SW3 connected to host is up.
Trunk between Switches are working and Layer 3 interfaces are up/up.
SW1 and SW2 are configured as VTP Servers, SW3 and SW4 are as Client.
VTP Domain is CCIE with incorrect MD5 Password.
Interface on SW3 connected to host is configured for Port Fast.
Interface on SW3 connected to host is configured for Switch Port Security.
Suggestions:
Jump to SW3 logs and check show ip interface brief output, ports must be up.
You must find VTP revision number 0 on SW3.
You must not find VTP revision number 0 on SW4.
Vlan propogation on SW3 is not proper, it must have all the vlans which are on SW1.

===========================================================
===========
===============================V2==========================
===========
===========================================================
===========

DIAG 1
Description - No IPv6 conenction from LAN to Internet. CE1 and CE2 are configured in
HSRP for IPv6, CE1 is Active with Route-Preference Low and HSRP priority 200, CE2 is
Standby with Route-Preference High and HSRP priority 100. HSRP Preemption is configured
on both.
Issue - Router with Higher Route-Preference. Check console logs on Host, default route is
pointing to FE80:::666.
Resolve - Set HSRP priority on CE2 to Highest (So it would become Active and start making
Router Advertisements with Route-Preference High)
Which line on Wireshark capture is the first one, indication the issue - 193 packet - RA from
FE80::666.

DIAG 2
Description - No multicast connectivity from Site3 to Site1. RP is set on Site4.
Issue - no route to RP (10.1.4.0/24) on R3
What question you should ask network engineer at Site3 - Why there is no route to
10.1.4.0/24 on R3?
Qiuck Solve - Static route on R3 to RP (R4)
ip route 10.1.4.1 0.0.0.0 10.0.0.17
 Posted 27 May 2016 - 07:44 AM

 delideli12345, on 02 March 2016 - 04:27 AM, said:


 all diag from certcollection forum; I hope this will help you

==================================================================
=============================V1===================================
==================================================================

Ticket# 1
You are the network administrator of a layer 3 switched network. A user in a VLAN is complaining that he
cannot communicate with other users besides him. The other users have not complained and have no
trouble reaching each other.
What is the most likely cause of this issue?

Solution:
Do "show ip interface brief" on SW3, You will find the interface is in down/down status. This is caused by
portfast or port security configuration on the port connected to the user.

Ticket# 2
The network administrator is considering limiting what addresses will be allowed to send traffic on switch
ports within the switched network. The administrator wants to allow only host A to have access to
Ethernet0/0.
What is the best method to do this?

Solution:
The administrator can configure MAC address of host A manually with the switchport security feature of
the MAC address sticky. Issues on SW3, Eth1/0 is down/down due to port security.

Ticket# 3
The network administrator is running a VPN network via DMVPN between sites A & B. The EIGRP protocol
has been used in their network. After the administrator did some maintenance, the VPN tunnels dropped
and has been down.
What is the most likely cause of this issue?

Solution:
On site A or B, the NBMA address has been declared within EIGRP. The address must be selected and
deleted from there. This is the issue with EIGRP. On R15 EIGRP section, there is a redistribute connected
command.

Ticket# 4
The network administrator is considering running uRPF within his network to mitigate problems that are
caused by the introduction of malformed or forged IP source addresses. This will cause the packets to be
discarded because it lacks verifiable IP source address information.
All the required information is provided below. Which sequence of five actions should be recommended to
the network administrator? When a packet is received, please put the following sequence in the correct
order if uRPF and ACLs are used.

Solution:
1. Input ACLs configured on the inbound interface are checked.
2. CEF table (FIB) lookup to find interface for packet forwarding.
3. Unicast RPF checks to ensure that the packet has arrived on the best return path source by doing a
reverse lookup in the FIB table.
4. The packet is forwarded.
5. Output ACLs are checked on the outbound interface.

Ticket# 5
You are working as a network administrator of a network where, users connected to R1 are reporting
problems in accessing web based services. As per information provided in the ticket logs, Host 1 is not able
to ping Web Address 8.8.8.8 while Host 2 does.

Diagram: See Attached File

Configurations and Outputs:

R1 and R2, R1 and R3 are configured eBGP.


R2 and R3 are running iBGP.
R1 is receiving many routes via R2 and R3.
R1, R2 and R3 are configured with BGP community and other attributes.

R1 prefers R1-R3 path to access Web.


Web prefers R2-R1 path to access Host 1.

R1 is configured with 2 NAT statements:


R1 is translating Host 1 connected with Eth0/0 to its Loopback0.
R1 is translating Host 2 connected with Eth0/1 to its Loopback1.

R1 is configured with uRPF on its interface Eth0/2.

For your understanding:

uRPF is configured on R1's interface Eth0/2 (connects to R2) which says any source which is not learnt via
this interface, packets will be dropped for that. Route 8.8.8.8 or 0.0.0.0 is being preferred via interface
Eth0/3 (connects to R3).

Part 1 Question:
Order correct 8 options from below list to explain to your colleague the problem why Host 1 is unable to
ping the Web Server:

Options
Packets are received by R2 and forwarded to the destination
Packets are received by R3 and forwarded to the destination
R1 looks up its routing table (RIB) and selects interface E0/3 as Egress Interface.
R2 and R3 drop the packet due to missing routing information for the destination
The destination does not reply with an icmp echo reply
R2 transmits the echo reply to R1
R2 and R3 drop the packet due to missing routing information for the source
Unicast RPF on R1 drops the echo reply
R1 translates the source IP address to its interface loopack0
R1 looks up its routing table (RIB) and selects interface E0/2 as Egress Interface
R1 access-list drops the echo reply
The echo reply is routed via R2
The destination replies with icmp echo reply
The echo reply is routed via R2
R1 translates the source IP Address to its interface Loopback1
R3 transmits the echo reply to R1
The echo reply is routed via R3
R1 transmits the icmp request to R3 via interface E0/3

Answers
R1 looks up its routing table (RIB) and selects interface E0/3 as Egress Interface.
R1 translates the source IP address to its interface loopack0
R1 transmits the icmp request to R3 via interface E0/3
Packets are received by R3 and forwarded to the destination
The destination replies with icmp echo reply
The echo reply is routed via R2
R2 transmits the echo reply to R1
Unicast RPF on R1 drops the echo reply

Suggestions for your understanding:

> The idea is, when Host 1 issues ping to internet, it gets send to R1.
> R1 looks up the destination IP address in RIB.
> It finds E0/3 (connection to R3) as exit interface.
> It changes the source Private IP to NAT/PAT IP.
> It forwards icmp echo requests to R3.
> R3 looks up its table and sends to internet.
> Internet replies back to Host 1 via R2.
> R2 sends reply to R1 via interface E0/2.
> R1 looks up reverse path in RIB as per uRPF rules.
> R1 finds source being learnt via E0/3 (connecting to R3).
> It drops the reply.

Part 2 Question 1:
What is the most likely cause of the problem?

Solution: uRPF

Part 2 Question 1 Alternate:


Select what is most likely cause of the problem:

> Asymmetric routing with unicast RPF.


> Symmetric routing with unicast RPF.
> Routing loop due to wrong BGP community configuration.
> Traffic dropped via access list.
> Traffic dropped because of oversubscription of bandwidth.
> Traffic dropped because of incomplete routing information.
> Traffic dropped because of oversubscription of input queue.
> Traffic dropped because of oversubscription of output queue.

====================================================================
====================================================================

Solution: Asymmetric routing with unicast RPF.

Step 1 Input ACLs configured on the inbound interface are checked.

Step 2 Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it
does by doing a reverse lookup in the FIB table.

Step 3 CEF table (FIB) lookup is carried out for packet forwarding.

Step 4 Output ACLs are checked on the outbound interface.

Step 5 The packet is forwarded.

above from
http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrpf.html

====================================================================
====================================================================

Question 1;
You are the network administrator of a Layer 3 switched network. A user in one VLAN is complaining that
he cannot communicate with other users. Besides, other users do not have any complain to reach each
other. What is most likely the cause of this issue?
To make a diagnosis this issue, you must check the configuration and port status of Sw3 which is
connected to that user who is complaining.
Answer;
On Sw3, do “show ip interface brief” command. Then, you can find interface is down/down status and it is
caused by portfast configured on port connected to user.
Question 2;
For the security purpose, network administrator is considering to fix the ability to limit what address will be
allowed to send the traffic on individual switchports within switchied network. In case if this, the
administrator want to allow Host A to access Ethernet port 0/0 only. What is the best to do this?
To make a diagnosis this issue, you must check the configuration and port status of Ethernet 0/0 first and
whether port-security has been configured for Host A.
Answer;
On Sw, you should make sure that mac address of host A must be configured manually with “port-security
sticky address”.
Question 3;
You are the network administrator is operating VPN networking via VPN tunnel (DMVPN) between Site A
and Site B. EIGRP protocol has been used in this network but after administrator did some maintenances,
VPN tunnel has been down. What is most likely the cause of this issue? (the status will be shown in detail)
To make a diagnosis this issue, you must check the configuration of DMVPN and any mis-configured,
routing issue on relevant sites.
Answer;
On Site A or Site B, “NBMA address” has been declared into EIGRP. You must select to delete that address
from there. This issue is in EIGRP.
Question 4 (Drag & Drop);
The network administrator is considering of setting uRPF for his network to mitigate problems that are
caused by the introduction of malformed or forget (spoofed) IP source address into a network by
discarding IP packets that lack a verifiable IP source address.
All information is provided below, which sequence of five actions should be recommended to the network
administrator. Please make it corrected sequence when a packet is received at the interface which is
configured with uRPF and ACLs.
To make correct sequence, you must be acknowledge that Unicast RPF is an input function and is applied
only on the input interface of a router at the upstream end of a connection.
Answer;
You should drag each one in left side to drop on right blank in sequence.
Before Answer, it is mixed
Answer
1-Input ACLs configured on the inbound interface are checked.
1-Input ACLs configured on the inbound interface are checked.
2-CEF table (FIB) lookup is carried out for packet forwarding.
3-Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it does
by doing a reverse lookup in the FIB table.
3-Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it does
by doing a reverse lookup in the FIB table.
2-CEF table (FIB) lookup is carried out for packet forwarding.
4-The packet is forwarded.
5-Output ACLs are checked on the outbound interface.
5-Output ACLs are checked on the outbound interface.
4-The packet is forwarded

====================================================================
==
====================================================================
==

Configurations and Outputs:


User connected in vlan 501 on SW3.
Interface on SW3 is configured in Vlan 501.
Interface on SW3 connected to host is up.
Trunk between Switches are working and Layer 3 interfaces are up/up.
SW1 and SW2 are configured as VTP Servers, SW3 and SW4 are as Client.
VTP Domain is CCIE with incorrect MD5 Password.
Interface on SW3 connected to host is configured for Port Fast.
Interface on SW3 connected to host is configured for Switch Port Security.
Suggestions:
Jump to SW3 logs and check show ip interface brief output, ports must be up.
You must find VTP revision number 0 on SW3.
You must not find VTP revision number 0 on SW4.
Vlan propogation on SW3 is not proper, it must have all the vlans which are on SW1.

====================================================================
==
===============================V2====================================
=
====================================================================
==

DIAG 1
Description - No IPv6 conenction from LAN to Internet. CE1 and CE2 are configured in HSRP for IPv6, CE1
is Active with Route-Preference Low and HSRP priority 200, CE2 is Standby with Route-Preference High and
HSRP priority 100. HSRP Preemption is configured on both.
Issue - Router with Higher Route-Preference. Check console logs on Host, default route is pointing to
FE80:::666.
Resolve - Set HSRP priority on CE2 to Highest (So it would become Active and start making Router
Advertisements with Route-Preference High)
Which line on Wireshark capture is the first one, indication the issue - 193 packet - RA from FE80::666.

DIAG 2
Description - No multicast connectivity from Site3 to Site1. RP is set on Site4.
Issue - no route to RP (10.1.4.0/24) on R3
What question you should ask network engineer at Site3 - Why there is no route to 10.1.4.0/24 on R3?
Qiuck Solve - Static route on R3 to RP (R4)
ip route 10.1.4.1 0.0.0.0 10.0.0.17

this is what i got last January from HK testing site (the Version 2)
 Edited by iceman23, 27 May 2016 - 07:44 AM.
 Posted 09 July 2016 - 12:17 AM
 new version released. Unfortunately, I cannot remember everything I ran into.

1. VTP password mismatch.


2. EIGRP over DMVPN problem - NBMA address got advertised into EIGRP.
R15 is HUB, R17/18/19 are spokes,
R16 is not part of DMVPN but is part of EIGRP. R16 redistribute connected interfaces
into EIGRP. However, one of R16's interface has subnet configured incorrectly (/29) instead
of /30, which overlapped R15's NBMA address. ==> resolution: reduce subnet mask on
R16.
3. I ran out of time

Posted 14 February 2017 - 01:45 PM

hello

Description - No IPv6 conenction from LAN to Internet. CE1 and


CE2 are configured in HSRP for IPv6, CE1 is Active with Route-
Preference Low and HSRP priority 200, CE2 is Standby with
Route-Preference High and HSRP priority 100. HSRP Preemption is
configured on both.
Issue - Router with Higher Route-Preference. Check console logs
on Host, default route is pointing to FE80:::666.
Resolve - Set HSRP priority on CE2 to Highest (So it would
become Active and start making Router Advertisements with
Route-Preference High)
Which line on Wireshark capture is the first one, indication
the issue - 193 packet - RA from FE80::666.

Could somebody please explain it to my brain why if a router even with lover priority advertise irself
as default route it should nessesary mean an issue?

Lets assume that the host installed the route over CA2, which is HSRP standby. In that case the host
will be sending the packets to CA2 which, in turn, will routing them to the Internet. Why is it an
issue?
Hello,

We don't see any details on addressing scheme.


I would assume that FE80::666 doesn't belong to CE1/CE2 and HSRP on them.
FE80::666 is configured on some third device with medium router-preference in IPv6 RA which
doesn't have connectivity to Internet.

Edited by vboyko, 15 February 2017 - 03:32 PM.

Forum Link: https://certcollection.org/forum/topic/318612-eve-comm-edition-added-h1-h2-h3-ts1-ts2/page__st__14

Posted 24 November 2017 - 12:53 AM

EVE Comm Edition version (updated to 2.0.84)

Pre-Loaded LABS

H1, H1+ H2 H2+ H3


TS1 TS2

Devices Used in IOU

L2-ADVENTERPRISEK9-M-15.1A.bin
L3-ADVENTERPRISEK9-M-15.5-2T.bin

CLI Credentials root:eve


GUI Credentials admin:eve -----> (all are small)

WOWWWWW Nice post:

EVE Comm Edition Reloaded version (updated to 2.0.84)


with pre-loaded Cisco ISO file which was used in web iou
now added 2 labs for practice more coming soon.

L2-ADVENTERPRISEK9-M-15.1A.bin
L3-ADVENTERPRISEK9-M-15.2.M1.bin
L3-ADVENTERPRISEK9-M-15.4-1T.bin
L3-ADVENTERPRISEK9-M-15.5-2T.bin

Hidden Content

https://mega.nz/#!kx0hTRCC!NePo9YbqnJicbryLEvS36v_E0GyVUgx82irXFFs6eqI

Posted 01 December 2017 - 12:36 AM

sanger, on 30 November 2017 - 08:55 PM, said:

Thank for for your response


I just remove and import the EVE again and it works.

if you face this problem again use below command

root@localhost#/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Clear your cookies and restart the lab

Edited by i91u7, 01 December 2017 - 12:37 AM.

Posted 25 November 2017 - 07:37 AM

Hi ALL,

1.) Basic things you should know after installing the ova file

Always use command line to shutdown yourVM

root@localhost#init 0
When you use these command it will properly shutdown your VM

2.) If any of your devices is not working use below command

root@localhost#/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

This will fix some of your problem regarding IOU/IOL

Edited by i91u7, 25 November 2017 - 07:39 AM.

 Like This

 Back to top
 Quote
 MultiQuote
 Thanks

i91u7

Junior Member


 Members

 3 posts
 2936 thanks

Posted 30 November 2017 - 01:43 PM

sanger, on 30 November 2017 - 07:06 AM, said:

H3 can not start all devices, anyone has this problem?


On which devices you are facing problem i am able to start all devices please share the snapshot
here.

Posted 30 November 2017 - 08:55 PM

i91u7, on 30 November 2017 - 01:43 PM, said:

On which devices you are facing problem i am able to start all devices please share the snapshot here.
Thank for for your response
I just remove and import the EVE again and it works.

Posted 01 December 2017 - 12:36 AM

sanger, on 30 November 2017 - 08:55 PM, said:

Thank for for your response


I just remove and import the EVE again and it works.

if you face this problem again use below command

root@localhost#/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Clear your cookies and restart the lab

Edited by i91u7, 01 December 2017 - 12:37 AM.

Posted 12 December 2017 - 03:49 PM

i91u7, on 10 December 2017 - 02:06 PM, said:

Your vm kernel is not updated update the workstation to the latest version

you will get in help ==> softawre updates

Sorted thank you

Posted 31 January 2018 - 08:28 PM


alpslips, on 31 January 2018 - 10:40 AM, said:

I presume you are using the L3 image i86bi-linux-l3-adventerprisek9-ms.155-2.T.bin


This has an issue within itself, a command:"lbsd-client server url https://cloudsso.cisco.com/as/token.oauth2" in the
config.
Either you overwrite the config with "bsd-client server url 127.0.0.1" or use any older 15.4 image like i86bi-linux-l3-
adventerprisek9-15.4.1T.bin

I hope this helps

tried to change vmplayer version 12 and then to 14, now i cannot even conect through browser,
while i could ping it fine.
not sure, something screwed up

 Like This

 Back to top
 Quote
 MultiQuote
 Thanks
 Report

Thanked by 1 Member:

#41 alpslips

Junior Member


 Members

 6 posts
 79 thanks
Posted 01 February 2018 - 01:48 AM

online2ccie, on 31 January 2018 - 08:28 PM, said:

tried to change vmplayer version 12 and then to 14, now i cannot even conect through browser, while i
could ping it fine.
not sure, something screwed up

There is no issue with VMware.

Follow the below steps:

1. Connect to eve-ng VM via WinSCP or Filezilla.


2. Navigate to /opt/unetlabs/addons/iol/bin and copy the IOU images to your desktop
3. Navigate to /opt/unetlabs/labs and copy the lab files to your desktop
4. Remove the VM from your Player/Workstation
5. Delete it from your local files (C:\) drive
6. Import the ova file into VMware and setup again
7. Replace IOU and lab files into respective folders (using WinSCP/Filezilla)

Should work like a charm after this.

Also, make sure NOT to use the i86bi-linux-l3-adventerprisek9-ms.155-2.T.bin image

Edited by alpslips, 01 February 2018 - 02:10 AM.

 Like This

 Back to top
 Quote
 MultiQuote
 Thanks
 Report

Thanked by 1 Member:

#42 online2ccie

Member

 Members

 29 posts
 319 thanks

Posted 01 February 2018 - 03:54 AM

thank you, in fact, i kept respin vm multiple times, re-imaged host os, and reinstalled it back, i am
able to connect to EVE VM through browser as well.

sometimes i am getting error 500 fail some code number 900003 something did google, but luck,
could that be also due to the 15.5 image?

 Like This

 Back to top
 Quote
 MultiQuote
 Thanks

Posted 03 March 2018 - 06:19 AM

excuse me, anyone can explain for me ,

what is H1, H1+ H2 H2+ H3, A1, A2 ... (etc...) meaning ?

Thank you

 shikima likes this


 Like This

 Back to top
 Quote
 MultiQuote
 Thanks
 Report

Thanked by 1 Member:

#54 cciestudent1

Newbie


 Members

 0 posts
 155 thanks

Posted 07 March 2018 - 09:45 AM

Argentina, on 03 March 2018 - 06:19 AM, said:

excuse me, anyone can explain for me ,

what is H1, H1+ H2 H2+ H3, A1, A2 ... (etc...) meaning ?

Thank you

Yeah, please what are they? I'm new to CCIE lab preparation

 Like This

 Back to top
 Quote
 MultiQuote
 Thanks
 Report

Thanked by 1 Member:

#55 cciesphere

Member


 Members

 16 posts
 1223 thanks

Posted 07 March 2018 - 09:59 AM

Those are exam variations

for Config part there are five in total

H1 - H1+
H2 - H2+
H3

For TS is think two


TS1
TS2

For Diag.. not sure..

Posted 07 March 2018 - 11:34 AM


mikekaleny, on 07 March 2018 - 11:32 AM, said:

Where are the lab book questions and answers? Can't find it

And i think you wont find it all.

These are sold separately.. By SPOTO/C4C or some other "testing" company.

You should take a look in GB (Group Buy) Section.

Cheers