- 积分
- 0
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2010-9-23
- 最后登录
- 1970-1-1
- 阅读权限
- 0
- 听众
- 收听
游客
|
I tried my second attempt in Dubaï the June 2011, but I failed it.in attached the
! r! m* u# F2 g# Z Vtopology of the troubleshooting section" q: n2 j$ J4 A) z1 E, F
My configuration section(K1) was successful, but I failed troubleshooting section (68%).
0 g( K. w- u5 |9 e& V4 c+ KBelow the kind of questions I got in troubleshooting section :
5 R" V6 r4 t+ j1- BGP peering issue. the question also said that you should establish the peering int the safest/ i* _( a6 D# R% o) X% l$ ]
way.: e" r& _+ c& L" k6 o
When I check the config, I see that there is "neighbor xxxx password cisco".
, j) O+ d g( m7 SI did " no neighbor xxxx password cisco", and then "neighbor xxxx password cisco" on each peer,# I) e+ o4 s# o) [
and the peering comes up.$ e2 ?0 L! V1 X' T7 R3 _$ x1 o, C) \6 z
About the safest way, the use the "service password-encryption" command on each peer5 O' d( ^% Z" S' ?
2- reachibility issue: PC1 in one AS(AS 300) cannot ping PC2 in another AS (AS 100)
+ J& h) ~; b3 m* fI see that the router connected to PC1 do not have the route to PC2 , because there is already AS2 R0 {. o) \/ Q, G7 I4 K# T4 u& V% g
300; L3 L; n9 D9 G5 w+ a6 }
in the as-path to reach PC1.2 z7 H3 H) d! ^! K# x6 ~
to solve it, I modify the route-map on the router (on router on the path between the two PCs) on
" i& c' u* j5 j+ N& swhich the as-pas preprend is configured./ Z* t$ n1 X& M D, i
I just remove AS 300 in the as-path prepend command, and it worked.
3 N% l: Q6 P) w5 M3- OSPF neighbor issue : R13 and R15 cannot establish ospf neighboring with R14.7 e& w3 |6 M5 i( g$ l
on R14, I see that the serial interface is configured as DCE, not DTE; also the lmi-type was ansi.
w1 E2 J9 k3 F2 pI changed the interface to DTE and the lmi-type to cisco.& Y" O) T/ M& Z6 e
4- Load-balancing issue in EIGRP domain: there was on router with "bandwidth 1000" configured
5 I1 O4 Y( a1 ^- x. ^on and interface,
B. B E" }+ a3 K* jand another router configured with "delay 120". I delete these two commands, and I saw the two
* I! u; z- b j" Ipaths in the routing table# |$ v2 E! G# a3 c- ?
5- Reachibility issue between two PCs accross OSPF domain : here the problem was an virtual-link
2 Y( ^+ ~5 g- b% tdown, because of a network type mismatch' Y* ?" c0 Y+ ~0 @
(between R16 and R17). I remove the network type pont-to-multipoint on R17 Ethernet' J t7 U( |1 Z4 E6 i) L
interfaces connecting R16, and it worked.. i) T+ }( n: u6 \1 L( f
6- reachibility issue :there was a redistribution problem, missing default-metric when9 a2 o: M; D. j' g/ o9 k
redistributing ospf in eigrp
5 \& @! @8 l9 [4 w7- SNMP issue: failed to send link-status traps. I used these two commands:
z' m1 ? Q1 Q. l(conf-if)#snmp trap link-status)0 i' e7 y9 q3 M; {' C1 A. S) J1 I& c
(config)#snmp-server trap-source loopback 04 [% w& M! M4 ~2 O
8- Multicast issue (autorp): some routers (R11) are not able to get by autorp the addres of the rp7 D- u2 `) P! f# ~) V
(R3).
, T% N1 x1 x# z' N' cI did not resolved this issue.( y# w0 h' J3 ~; F
There was an access-list in R3 with the wrong multicast-group. I changed the address from
( g g- F& c1 c( y! U8 u0 y224.1.1.2 (wrong address)to 224.1.1.1 (right address)
/ N& ?5 `: |8 X" k JAfter that, R5 get the address of the RP, but not R9 nor R11. the PIM neighbor relationship was) d/ |( p: a8 V9 X, R n
OK between these router.$ J$ W8 J, A) C4 u: k; q J
the "ip pim sparse-dense-mode " was configured on all interfaces between R3 and R11.
9 }5 H" s' w U0 d; n& |9- Control-plane Policing issue. R9 loopback cannot telnet R10 loopback. there was many
4 `1 K% j* O( Y/ i- Urestrictions on this question like:5 v/ Q! g: G3 r+ v7 _2 j
-don't remove any configuration, don't remove any access-list, don't delete any line0 U" C T& ]$ [) y6 Y
configuration.But you can create your access-list' }, w7 l+ p- I. e, G2 G- {
When I check R9, I see that there is a CoPP , with a class-map (TELNET) which deny all telnet
8 e: c$ T' }; S9 f, ptraffic.
# l1 s$ D* n# F/ Sbelow what I did:
5 V3 \; p9 ^4 @+ ~+ A* V: T- create an access-list : access-list 101 permit tcp host R9_lo0 hos R10_lo0 eq telnet
3 `. n! X( Y1 u6 l+ n' K d) F0 e- create a class-map which matches the new access-list :6 j% v" R0 w$ ~3 A* V
class-map ACCESS
' K+ x* F {8 nmatch ip address 1016 g! p5 p1 _/ G: d& C1 @
- modify the policy-map like this :
- w/ k: y/ `/ ^3 ?2 G' t3 E: `7 _policy-map R10_POLICY
/ @$ e: ]9 ]" Z+ U/ d7 k4 ono class TELNET6 s9 A0 m% Y3 W9 l0 A
class ACCESS2 F% d1 L5 ~- I
class TELNET
& r( V' \" |1 U, [there was also "transport input none" in line vty of R9. I configured "transport input telnet" , and
. y. X" V7 _- z2 ~) n6 B, ~it worked* R* p- Z1 o: P! W
10- tunnel issue between R5 and R13: tunnel is flapping.I used the debug tunnel and I see a
% H5 C/ `% N' ~" F2 V. Wrecursive routing issue.
7 V/ p3 D }, r/ Z8 P) |After that, I check the routing table and the config of each router .We have the configuration' {2 ]( g# k+ j4 |: g3 A
below:
/ m4 H& F! [' A7 ~) A/ lR5
& O# N* F5 I. vint tunnel0- |8 n, S2 c( Q# t$ u1 w: H6 d' K
ip address 135.0.0.5 255.255.255.0
. U2 m0 H" x3 w n; L3 z0 htunnel source R5_lo0
0 ~4 s( ~" i6 ^/ S8 D9 n) U! I4 B& ?tunnel destination R13_lo0
( G3 u! k2 V6 o9 Eip route 135.0.0.13 255.255.255.0 tunnel0
, N9 s3 g. G: \+ u9 IR13/ W; Y/ b' A3 ?9 f
int tunnel0 ~) O/ E% F3 f( M. Z
ip address 135.0.0.13 255.255.255.0' M5 W5 |8 x& ?8 N3 [
tunnel source R5_lo0
/ b0 h+ d4 ~! L B% T! K" g% Jtunnel destination R13_lo0
6 u! t+ b4 i+ j) ?6 [/ jip route 135.0.0.5 255.255.255.0 tunnel08 L7 x6 Y0 C9 O/ D
each router learn the loopback of the other by ospf. I delete the static route in each router, and it
1 L; {+ C% v \* T. `3 B) aworked.% E% Y) _, m2 ?
I was sure that I will pass the troubleshooting sestion, but no luck.
: w! R% |. w7 x0 Z) aAt the break, when we discuss with the proctor, he said that there is only one way to solve each
. A, m& A2 I+ r, T7 [issue in troubleshooting section.# n$ O* x; [- A' c; Q
Also, I see that there is a lot of restrictions on each ticket, so be very careful about that.
) H1 ^& `, c8 b5 D4 e: `- b& OI also see that Cisco can smoothly modify each question by adding restrictions, so two guys can
2 r6 Y0 ^' H5 J1 T- Xhave the same topology, apparently2 Z+ `# ]. p; O4 H
the same kind of questions, but different way to solve these tickets because of restrictions.- Y4 F/ G, n! M/ C/ `
When I see my troubleshooting score (68%) , I'm sure that my tickets 2,3,4,5,6,7 was good. I'm# K9 G3 \2 T1 B5 e) s
not sure about the other.
3 @. c9 X( p, r4 b1 m' @I want to share this experience with you because I think we can all get this CCIE number.9 ^, j+ z" R! o% W3 N
please , if somebody in the forum get the same tickets and pass this section, please share with
: X9 D5 p- p6 }- U7 Eme your answer.4 F2 ] ]* _3 Q& x4 b$ ?' V
I don't want to make the CCIE exam all my life. I want to make my third and last attempt next
5 g. w8 S1 z$ u! X+ zmonth. |
|