CCIE pass

zhaoke0727

I tried my second attempt in Dubaï the June 2011, but I failed it.in attached the
topology of the troubleshooting section
My configuration section(K1) was successful, but I failed troubleshooting section (68%).
Below the kind of questions I got in troubleshooting section :
+ O5 n( D' u) z9 Y; {/ s1- BGP peering issue. the question also said that you should establish the peering int the safest
way.
When I check the config, I see that there is "neighbor xxxx password cisco".
( W7 R5 F; b1 c+ e; wI did " no neighbor xxxx password cisco", and then "neighbor xxxx password cisco" on each peer,
and the peering comes up.
About the safest way, the use the "service password-encryption" command on each peer
2- reachibility issue: PC1 in one AS(AS 300) cannot ping PC2 in another AS (AS 100)
3 \; B# U  Y# [3 F/ X; {- q8 SI see that the router connected to PC1 do not have the route to PC2 , because there is already AS
300
  y; k# F  N; l5 m+ n" Cin the as-path to reach PC1.
to solve it, I modify the route-map on the router (on router on the path between the two PCs) on
7 y% d2 e3 `: g9 i  s! L/ lwhich the as-pas preprend is configured.
$ m8 p+ r. @3 S# b9 \I just remove AS 300 in the as-path prepend command, and it worked.
3- OSPF neighbor issue : R13 and R15 cannot establish ospf neighboring with R14.
on R14, I see that the serial interface is configured as DCE, not DTE; also the lmi-type was ansi.
) J* L9 t4 R9 @& `: `I changed the interface to DTE and the lmi-type to cisco.
4- Load-balancing issue in EIGRP domain: there was on router with "bandwidth 1000" configured
on and interface,
and another router configured with "delay 120". I delete these two commands, and I saw the two
paths in the routing table
' m. P- v( ~; q! s$ x8 v2 j, n5- Reachibility issue between two PCs accross OSPF domain : here the problem was an virtual-link
down, because of a network type mismatch
(between R16 and R17). I remove the network type pont-to-multipoint on R17 Ethernet
* j. B" h+ g1 v; A' n# Yinterfaces connecting R16, and it worked.
6- reachibility issue :there was a redistribution problem, missing default-metric when
redistributing ospf in eigrp
! [# V  R3 \2 v6 s' O/ R' ]* P7- SNMP issue: failed to send link-status traps. I used these two commands:
' E# D' V/ _( z0 B. [% B(conf-if)#snmp trap link-status)
  b% J5 i- i: I' G' N: {(config)#snmp-server trap-source loopback 0
8- Multicast issue (autorp): some routers (R11) are not able to get by autorp the addres of the rp
(R3).
* I& B, k" b2 n& I: c# b. pI did not resolved this issue.
There was an access-list in R3 with the wrong multicast-group. I changed the address from
224.1.1.2 (wrong address)to 224.1.1.1 (right address)
& x  {; F' t) P% f- q) B4 iAfter that, R5 get the address of the RP, but not R9 nor R11. the PIM neighbor relationship was
OK between these router.
/ g% ~! t& R, N! Q; Wthe "ip pim sparse-dense-mode " was configured on all interfaces between R3 and R11.
* T; J% l7 z0 [/ v3 X9- Control-plane Policing issue. R9 loopback cannot telnet R10 loopback. there was many
restrictions on this question like:
-don't remove any configuration, don't remove any access-list, don't delete any line
configuration.But you can create your access-list
When I check R9, I see that there is a CoPP , with a class-map (TELNET) which deny all telnet
traffic.
below what I did:
- create an access-list : access-list 101 permit tcp host R9_lo0 hos R10_lo0 eq telnet
  \3 X/ \# y- E! M- create a class-map which matches the new access-list :
class-map ACCESS
5 t$ @; g6 Z- H# p# F" G3 tmatch ip address 101
, M/ ?& r8 @4 v4 g2 ^) w2 A; ]# S- modify the policy-map like this :
+ B* {1 b" N5 E$ l3 Spolicy-map R10_POLICY
6 t; O- X4 h2 q4 E9 {  F2 \2 \7 Ino class TELNET
) [/ N7 Q9 R3 J" Jclass ACCESS
class TELNET
there was also "transport input none" in line vty of R9. I configured "transport input telnet" , and
! O& f8 T0 w  a% I6 Cit worked
10- tunnel issue between R5 and R13: tunnel is flapping.I used the debug tunnel and I see a
recursive routing issue.
After that, I check the routing table and the config of each router .We have the configuration
below:
R5
0 w1 A) l9 s3 w# N8 }3 ^; E/ Oint tunnel0
* |* y! X* l& w: C7 w" Hip address 135.0.0.5 255.255.255.0
+ o, b7 L# A: A% vtunnel source R5_lo0
tunnel destination R13_lo0
ip route 135.0.0.13 255.255.255.0 tunnel0
R13
: H7 m, I. G+ Jint tunnel0
ip address 135.0.0.13 255.255.255.0
tunnel source R5_lo0
) A; |3 y! A2 C5 t- L  xtunnel destination R13_lo0
ip route 135.0.0.5 255.255.255.0 tunnel0
' `0 P# _% X) f- Z7 k5 r9 g/ ^! Deach router learn the loopback of the other by ospf. I delete the static route in each router, and it
- P) _- }/ s% [2 Cworked.
I was sure that I will pass the troubleshooting sestion, but no luck.
At the break, when we discuss with the proctor, he said that there is only one way to solve each
& }, O; e& @2 \- y+ lissue in troubleshooting section.
4 @/ h3 o$ M+ K8 ]# U8 }) ^Also, I see that there is a lot of restrictions on each ticket, so be very careful about that.
% N1 n- R7 L2 A$ tI also see that Cisco can smoothly modify each question by adding restrictions, so two guys can
4 H3 V. r$ g2 \. @! bhave the same topology, apparently
4 O1 p9 S! z- Vthe same kind of questions, but different way to solve these tickets because of restrictions.
; h4 i. R* M! LWhen I see my troubleshooting score (68%) , I'm sure that my tickets 2,3,4,5,6,7 was good. I'm
not sure about the other.
I want to share this experience with you because I think we can all get this CCIE number.
6 ^0 z8 {' X3 h: l! H4 b! Fplease , if somebody in the forum get the same tickets and pass this section, please share with
; F5 }! d/ v/ N9 Xme your answer.
! K- P9 v& m! @) m& vI don't want to make the CCIE exam all my life. I want to make my third and last attempt next
month.

ozweego

英文不好捉寄

shidi

谢谢楼主分享！！！！！

tonyshengxia

aaaaaaaaaa

JamesSmith001

1111111