CCIE pass

zhaoke0727

I tried my second attempt in Dubaï the June 2011, but I failed it.in attached the
topology of the troubleshooting section
My configuration section(K1) was successful, but I failed troubleshooting section (68%).
2 u  l( {- }8 ]1 U# c0 cBelow the kind of questions I got in troubleshooting section :
1- BGP peering issue. the question also said that you should establish the peering int the safest
way.
When I check the config, I see that there is "neighbor xxxx password cisco".
& k, a* J& q9 y, l$ w2 y' _  g: vI did " no neighbor xxxx password cisco", and then "neighbor xxxx password cisco" on each peer,
- h$ I5 k! ?3 jand the peering comes up.
About the safest way, the use the "service password-encryption" command on each peer
2- reachibility issue: PC1 in one AS(AS 300) cannot ping PC2 in another AS (AS 100)
/ f! [# s2 P* V; R' G, r' T3 VI see that the router connected to PC1 do not have the route to PC2 , because there is already AS
# D0 `- u8 [. e6 h300
in the as-path to reach PC1.
" t! l7 k; I2 T6 v, _7 ~# W# @to solve it, I modify the route-map on the router (on router on the path between the two PCs) on
which the as-pas preprend is configured.
. F0 d6 e/ }8 RI just remove AS 300 in the as-path prepend command, and it worked.
: Z$ G' r( B" V3 W9 n3- OSPF neighbor issue : R13 and R15 cannot establish ospf neighboring with R14.
& W2 b- @5 @8 U! x5 son R14, I see that the serial interface is configured as DCE, not DTE; also the lmi-type was ansi.
& A: L$ s6 h, VI changed the interface to DTE and the lmi-type to cisco.
: R" Y! c9 i6 s2 i. }4- Load-balancing issue in EIGRP domain: there was on router with "bandwidth 1000" configured
on and interface,
and another router configured with "delay 120". I delete these two commands, and I saw the two
! ~& w; w/ p2 G; J8 Tpaths in the routing table
5- Reachibility issue between two PCs accross OSPF domain : here the problem was an virtual-link
down, because of a network type mismatch
(between R16 and R17). I remove the network type pont-to-multipoint on R17 Ethernet
interfaces connecting R16, and it worked.
  {$ h& v2 ?' J  p% J3 \- ]+ C6- reachibility issue :there was a redistribution problem, missing default-metric when
redistributing ospf in eigrp
, K* w& r8 O: }. R7- SNMP issue: failed to send link-status traps. I used these two commands:
4 [' e3 v/ D+ B0 @(conf-if)#snmp trap link-status)
) r0 @' a" t% m, E(config)#snmp-server trap-source loopback 0
( R3 d+ R0 ^; \# a4 {8- Multicast issue (autorp): some routers (R11) are not able to get by autorp the addres of the rp
(R3).
I did not resolved this issue.
There was an access-list in R3 with the wrong multicast-group. I changed the address from
224.1.1.2 (wrong address)to 224.1.1.1 (right address)
After that, R5 get the address of the RP, but not R9 nor R11. the PIM neighbor relationship was
OK between these router.
the "ip pim sparse-dense-mode " was configured on all interfaces between R3 and R11.
9- Control-plane Policing issue. R9 loopback cannot telnet R10 loopback. there was many
" {% n1 [' |& c. Q/ grestrictions on this question like:
-don't remove any configuration, don't remove any access-list, don't delete any line
; a; J, X, P8 Q+ x+ I! K& K' rconfiguration.But you can create your access-list
7 r( o! S0 [8 ^+ Q$ E: SWhen I check R9, I see that there is a CoPP , with a class-map (TELNET) which deny all telnet
traffic.
below what I did:
- create an access-list : access-list 101 permit tcp host R9_lo0 hos R10_lo0 eq telnet
0 O% p$ `; F7 Y; V/ G  z- create a class-map which matches the new access-list :
0 ^7 L4 p" O9 ?+ ?: f8 Z0 N2 j- lclass-map ACCESS
- b" }5 K+ r1 n# l% {; O3 Mmatch ip address 101
- modify the policy-map like this :
policy-map R10_POLICY
no class TELNET
. `7 _. ^! g: I/ ~) c) Gclass ACCESS
class TELNET
there was also "transport input none" in line vty of R9. I configured "transport input telnet" , and
it worked
4 H) V. Q' d- k# P4 |/ r10- tunnel issue between R5 and R13: tunnel is flapping.I used the debug tunnel and I see a
recursive routing issue.
; t7 n# \+ s2 NAfter that, I check the routing table and the config of each router .We have the configuration
& {. |0 N; h% `; wbelow:
R5
* P" k( |7 f- T" h) ]int tunnel0
% w( m1 t  N$ j* E& Iip address 135.0.0.5 255.255.255.0
" |( J* S* a, Xtunnel source R5_lo0
tunnel destination R13_lo0
ip route 135.0.0.13 255.255.255.0 tunnel0
R13
int tunnel0
ip address 135.0.0.13 255.255.255.0
3 s; G& t# c* r1 k/ h: V6 u) ?% Q# wtunnel source R5_lo0
+ J/ l. a6 k$ jtunnel destination R13_lo0
2 |8 O/ M" h% h; S6 J  ^7 A: Y' Wip route 135.0.0.5 255.255.255.0 tunnel0
% K$ @( s6 r( |each router learn the loopback of the other by ospf. I delete the static route in each router, and it
! D+ \, z2 h, j' t4 pworked.
; c* F7 X& V; y7 D( o1 @I was sure that I will pass the troubleshooting sestion, but no luck.
At the break, when we discuss with the proctor, he said that there is only one way to solve each
1 z9 Z( W2 h0 I( \  |issue in troubleshooting section.
" S$ Z- z& C3 e8 j6 bAlso, I see that there is a lot of restrictions on each ticket, so be very careful about that.
I also see that Cisco can smoothly modify each question by adding restrictions, so two guys can
# g3 q& j3 b5 e( y7 ~have the same topology, apparently
the same kind of questions, but different way to solve these tickets because of restrictions.
When I see my troubleshooting score (68%) , I'm sure that my tickets 2,3,4,5,6,7 was good. I'm
& |: V+ \$ I5 hnot sure about the other.
2 O/ L; y$ c3 A3 f5 Q5 q3 @* i/ dI want to share this experience with you because I think we can all get this CCIE number.
' x* f, W, u* n& W9 F1 v2 s1 i: zplease , if somebody in the forum get the same tickets and pass this section, please share with
2 M" M  ^- U2 H, zme your answer.
I don't want to make the CCIE exam all my life. I want to make my third and last attempt next
month.

ozweego

英文不好捉寄

shidi

谢谢楼主分享！！！！！

tonyshengxia

aaaaaaaaaa

JamesSmith001

1111111