CCIE pass

zhaoke0727

I tried my second attempt in Dubaï the June 2011, but I failed it.in attached the
topology of the troubleshooting section
My configuration section(K1) was successful, but I failed troubleshooting section (68%).
Below the kind of questions I got in troubleshooting section :
$ n/ Y+ D* |6 P& H2 W1- BGP peering issue. the question also said that you should establish the peering int the safest
: @9 T4 Y9 k9 R( w. D: X% Gway.
% l. j! o& ^: tWhen I check the config, I see that there is "neighbor xxxx password cisco".
8 E& o( H+ J( C8 rI did " no neighbor xxxx password cisco", and then "neighbor xxxx password cisco" on each peer,
and the peering comes up.
5 ]0 F) G. \8 r( f: i' @+ nAbout the safest way, the use the "service password-encryption" command on each peer
: l8 y5 ?( e* F) w2- reachibility issue: PC1 in one AS(AS 300) cannot ping PC2 in another AS (AS 100)
I see that the router connected to PC1 do not have the route to PC2 , because there is already AS
! O) x* ]5 o3 J, S$ i300
9 ?( y% h) H$ l1 C; k4 lin the as-path to reach PC1.
0 j- o4 H5 j5 Ito solve it, I modify the route-map on the router (on router on the path between the two PCs) on
9 P9 x% K6 L8 Y# u, n1 e7 ywhich the as-pas preprend is configured.
I just remove AS 300 in the as-path prepend command, and it worked.
9 _. |6 W3 |( @& t; ^, w: t3- OSPF neighbor issue : R13 and R15 cannot establish ospf neighboring with R14.
9 c2 a% i6 h' `- Ron R14, I see that the serial interface is configured as DCE, not DTE; also the lmi-type was ansi.
/ m" w$ \, ^! i3 e6 z* II changed the interface to DTE and the lmi-type to cisco.
4 j, W4 z* R8 _7 p4 M4 |4 ^4 `4- Load-balancing issue in EIGRP domain: there was on router with "bandwidth 1000" configured
on and interface,
and another router configured with "delay 120". I delete these two commands, and I saw the two
paths in the routing table
5- Reachibility issue between two PCs accross OSPF domain : here the problem was an virtual-link
down, because of a network type mismatch
(between R16 and R17). I remove the network type pont-to-multipoint on R17 Ethernet
8 G, D( ]  w9 Y, tinterfaces connecting R16, and it worked.
6- reachibility issue :there was a redistribution problem, missing default-metric when
redistributing ospf in eigrp
7- SNMP issue: failed to send link-status traps. I used these two commands:
6 o/ K; X$ N( @8 C2 @4 U(conf-if)#snmp trap link-status)
4 m+ E+ m" |$ n  k(config)#snmp-server trap-source loopback 0
8- Multicast issue (autorp): some routers (R11) are not able to get by autorp the addres of the rp
2 T9 Q5 w1 i6 `# A6 B# M$ }3 v9 d(R3).
I did not resolved this issue.
There was an access-list in R3 with the wrong multicast-group. I changed the address from
224.1.1.2 (wrong address)to 224.1.1.1 (right address)
2 q: t9 Y/ P9 L$ S2 y9 T0 c6 S) zAfter that, R5 get the address of the RP, but not R9 nor R11. the PIM neighbor relationship was
/ R$ U2 ~4 J/ l+ NOK between these router.
the "ip pim sparse-dense-mode " was configured on all interfaces between R3 and R11.
9- Control-plane Policing issue. R9 loopback cannot telnet R10 loopback. there was many
restrictions on this question like:
& }( z  V8 z; U  P: w-don't remove any configuration, don't remove any access-list, don't delete any line
- ~3 Y: [/ R; K# m3 M6 v4 Y1 Zconfiguration.But you can create your access-list
When I check R9, I see that there is a CoPP , with a class-map (TELNET) which deny all telnet
traffic.
below what I did:
- create an access-list : access-list 101 permit tcp host R9_lo0 hos R10_lo0 eq telnet
* ^) B# J  F$ q/ ]* _$ K+ V) X. P- create a class-map which matches the new access-list :
7 s, t6 ^$ ~4 b5 e, Pclass-map ACCESS
. }1 k# ]0 L: j8 O0 ?" J1 umatch ip address 101
7 c4 B* q4 l- a* ~- modify the policy-map like this :
policy-map R10_POLICY
no class TELNET
class ACCESS
class TELNET
there was also "transport input none" in line vty of R9. I configured "transport input telnet" , and
it worked
10- tunnel issue between R5 and R13: tunnel is flapping.I used the debug tunnel and I see a
recursive routing issue.
After that, I check the routing table and the config of each router .We have the configuration
below:
R5
' I0 O3 B! }" w; \  C: @4 nint tunnel0
ip address 135.0.0.5 255.255.255.0
tunnel source R5_lo0
tunnel destination R13_lo0
ip route 135.0.0.13 255.255.255.0 tunnel0
R13
4 G1 ~) `3 G+ \( K! wint tunnel0
& Y' D8 c% n# Z- jip address 135.0.0.13 255.255.255.0
. I5 E5 f" [& c: E+ T0 W! ~1 Ktunnel source R5_lo0
tunnel destination R13_lo0
ip route 135.0.0.5 255.255.255.0 tunnel0
1 Q5 H; l; }$ p8 p  B2 Keach router learn the loopback of the other by ospf. I delete the static route in each router, and it
3 b; h, [: ^8 `7 Lworked.
- c- [9 U+ J6 QI was sure that I will pass the troubleshooting sestion, but no luck.
At the break, when we discuss with the proctor, he said that there is only one way to solve each
issue in troubleshooting section.
Also, I see that there is a lot of restrictions on each ticket, so be very careful about that.
I also see that Cisco can smoothly modify each question by adding restrictions, so two guys can
, W/ T! S8 X4 a: U4 Ihave the same topology, apparently
the same kind of questions, but different way to solve these tickets because of restrictions.
When I see my troubleshooting score (68%) , I'm sure that my tickets 2,3,4,5,6,7 was good. I'm
  j7 h1 D% s' `1 o0 d  l. dnot sure about the other.
; f* x2 y- H# G8 U7 J) Z- [I want to share this experience with you because I think we can all get this CCIE number.
. W4 Y3 M' a3 k0 w) a' Y6 kplease , if somebody in the forum get the same tickets and pass this section, please share with
me your answer.
I don't want to make the CCIE exam all my life. I want to make my third and last attempt next
4 ]' A/ l& d0 t: \, F6 Lmonth.

ozweego

英文不好捉寄

shidi

谢谢楼主分享！！！！！

tonyshengxia

aaaaaaaaaa

JamesSmith001

1111111