- 积分
- 0
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 0
- 听众
- 收听
游客
|
I tried my second attempt in Dubaï the June 2011, but I failed it.in attached the
. R$ X' O: |5 }5 z. b) ftopology of the troubleshooting section
a) m$ C/ ^% \8 SMy configuration section(K1) was successful, but I failed troubleshooting section (68%).
3 t3 ]$ K3 v: i9 T- fBelow the kind of questions I got in troubleshooting section :& G8 v6 A9 F. _" z7 A3 H
1- BGP peering issue. the question also said that you should establish the peering int the safest+ U4 m6 W0 H# C
way.: V& d5 ^! G. w u( y8 Y7 d6 ^
When I check the config, I see that there is "neighbor xxxx password cisco".; V6 g `4 J( T
I did " no neighbor xxxx password cisco", and then "neighbor xxxx password cisco" on each peer, i9 Q6 V5 q0 E) L7 {
and the peering comes up.
% E$ z+ f; C6 |. i# R( ]5 JAbout the safest way, the use the "service password-encryption" command on each peer
- k# g" H, O# C+ V( ?2- reachibility issue: PC1 in one AS(AS 300) cannot ping PC2 in another AS (AS 100)! q: b" Y Q& x4 v; L
I see that the router connected to PC1 do not have the route to PC2 , because there is already AS! R- D4 F5 L; E/ I# B9 p$ S
300
: {- h3 Z! t+ E/ G( H- u7 ^in the as-path to reach PC1.
# a: z( k9 x7 Y6 F8 F7 tto solve it, I modify the route-map on the router (on router on the path between the two PCs) on" E2 V* A/ K# l H' n! `; }% }
which the as-pas preprend is configured.
! C( C, h0 V! M3 h' fI just remove AS 300 in the as-path prepend command, and it worked.
8 L% t+ S( U; [3- OSPF neighbor issue : R13 and R15 cannot establish ospf neighboring with R14.
. ~( \* P: i0 T& ~* ]/ Mon R14, I see that the serial interface is configured as DCE, not DTE; also the lmi-type was ansi.4 \6 K2 ?9 v# F% ] w) f E
I changed the interface to DTE and the lmi-type to cisco.
5 ] V3 F i& U$ i* k e4- Load-balancing issue in EIGRP domain: there was on router with "bandwidth 1000" configured
8 Z: e$ V+ k/ P5 L( `on and interface,
( M" z. s9 g* {4 F6 k! wand another router configured with "delay 120". I delete these two commands, and I saw the two
% p& L9 u! c1 n) T+ wpaths in the routing table
; P. @ H1 e# @7 v% l: u3 M5- Reachibility issue between two PCs accross OSPF domain : here the problem was an virtual-link
+ s+ d, m1 M7 G( _# _down, because of a network type mismatch
3 V! n6 f! v8 I1 T(between R16 and R17). I remove the network type pont-to-multipoint on R17 Ethernet
, [3 h! G$ j7 Kinterfaces connecting R16, and it worked.5 p3 D0 M) P3 y6 Y
6- reachibility issue :there was a redistribution problem, missing default-metric when
8 n( @. W0 Y/ r1 o4 G4 @$ b/ ^redistributing ospf in eigrp& n, |# ~2 @6 E6 R3 A4 Q% H7 F
7- SNMP issue: failed to send link-status traps. I used these two commands:* E1 B% L* T; f
(conf-if)#snmp trap link-status)" g9 T. ]! j6 ?0 X& B
(config)#snmp-server trap-source loopback 0
& w3 e2 @" k$ x8 G3 y9 g8- Multicast issue (autorp): some routers (R11) are not able to get by autorp the addres of the rp
4 P5 W2 ^& d% x& ^, g(R3).
. m" X$ S. Q; u9 BI did not resolved this issue.
' o" N# X: c- ?. KThere was an access-list in R3 with the wrong multicast-group. I changed the address from8 Q2 E) ~) H3 `% H) L
224.1.1.2 (wrong address)to 224.1.1.1 (right address); o; T, p P( L' R! O. u2 a- E
After that, R5 get the address of the RP, but not R9 nor R11. the PIM neighbor relationship was
. u4 `2 n( a, `* J8 R! BOK between these router.
. y& F# f8 @9 S1 k( i4 Xthe "ip pim sparse-dense-mode " was configured on all interfaces between R3 and R11.1 o9 f2 n: |5 |- R- m- |! l& g
9- Control-plane Policing issue. R9 loopback cannot telnet R10 loopback. there was many3 ^/ }# L; y0 W
restrictions on this question like:2 f* w6 ?9 @2 T$ v. h
-don't remove any configuration, don't remove any access-list, don't delete any line
. `0 h. f' _5 ~: J8 U2 |1 hconfiguration.But you can create your access-list J% ]4 [3 o; E( ?
When I check R9, I see that there is a CoPP , with a class-map (TELNET) which deny all telnet
+ s' W. F8 _4 j. g, U! B. qtraffic., R$ x4 t; D! V9 P: E
below what I did:2 _+ z) F& N0 A, Z. R
- create an access-list : access-list 101 permit tcp host R9_lo0 hos R10_lo0 eq telnet B7 Z$ G% [; h0 p2 e1 z/ ~. I
- create a class-map which matches the new access-list :. J6 F6 }4 G! ~4 K" v; _/ i
class-map ACCESS
9 B& u' ?; w! | C9 F* {match ip address 101
( V. ~( @7 e! E9 \/ T/ r- modify the policy-map like this :3 B) t* Z9 w) S# g. q# \( h0 }$ l
policy-map R10_POLICY
; `+ p1 f* Y6 O+ h. K9 p: b& Fno class TELNET: L' l8 Z, j( C+ d/ p
class ACCESS- A) J6 t! g, b3 V
class TELNET
* D3 o/ _6 t! t- }there was also "transport input none" in line vty of R9. I configured "transport input telnet" , and
7 f/ r3 g+ M0 |% K* Mit worked0 x8 ^) N( L5 X' y
10- tunnel issue between R5 and R13: tunnel is flapping.I used the debug tunnel and I see a
. V1 f' W2 u) U4 c7 D+ ?recursive routing issue.
8 p6 h! X) o8 c3 ], |, uAfter that, I check the routing table and the config of each router .We have the configuration
) P t. l0 L) ]/ r! K# ibelow:
d" _0 F" s2 GR5# i9 q1 o( ?0 L
int tunnel0
2 k: k' R- u/ \) w1 O& i, L3 gip address 135.0.0.5 255.255.255.0
& f# R9 p( m# n3 }tunnel source R5_lo0
( x" [4 b# q0 \) ~" u9 Stunnel destination R13_lo0
: l% t5 v$ w! ^& Hip route 135.0.0.13 255.255.255.0 tunnel0/ t" P- x9 X: b% Q# m7 F# {& a
R135 u1 S+ G+ U, |7 v
int tunnel0
/ q z# ^( [6 V1 f& ]ip address 135.0.0.13 255.255.255.0$ M/ K9 o# U( {' F
tunnel source R5_lo0
$ t" s( }1 N* d5 Htunnel destination R13_lo0/ K; W# U* a. T7 _' ^9 \0 Y3 B6 a& I
ip route 135.0.0.5 255.255.255.0 tunnel0# p. }3 O& |. S* H! [ f
each router learn the loopback of the other by ospf. I delete the static route in each router, and it
/ Z4 \4 g. K; k) ~8 l2 C$ Fworked." N" @( B! ]# @) h
I was sure that I will pass the troubleshooting sestion, but no luck.$ _6 {9 H2 y2 f% I0 j- h2 i0 Y
At the break, when we discuss with the proctor, he said that there is only one way to solve each4 |' m, {3 |& ?4 r4 \8 [" j+ T
issue in troubleshooting section.. z& L" R( _1 U0 }
Also, I see that there is a lot of restrictions on each ticket, so be very careful about that.
X- v6 {/ m( V! {/ k$ |/ uI also see that Cisco can smoothly modify each question by adding restrictions, so two guys can- y9 L+ u0 @) w+ _0 k+ u
have the same topology, apparently s7 I% f7 [0 h4 q6 [" C
the same kind of questions, but different way to solve these tickets because of restrictions.
$ |; {& W5 A$ V7 G& `, SWhen I see my troubleshooting score (68%) , I'm sure that my tickets 2,3,4,5,6,7 was good. I'm: o$ } T( L# k
not sure about the other.
# ~( l$ u9 ^8 q6 R* h) _I want to share this experience with you because I think we can all get this CCIE number.
% a4 `4 c; w( @& F; t. M6 g: Dplease , if somebody in the forum get the same tickets and pass this section, please share with
# h; p9 D2 j' B. B" Z$ b% {me your answer.9 f, C( V# i+ Y* x' u4 D- b7 a
I don't want to make the CCIE exam all my life. I want to make my third and last attempt next
" B0 ?( Q& p& h p1 vmonth. |
|