- 积分
- 0
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 0
- 听众
- 收听
游客
|
I tried my second attempt in Dubaï the June 2011, but I failed it.in attached the" H$ ]- J" j; }
topology of the troubleshooting section
: n% n/ Z G) v/ ]9 G( lMy configuration section(K1) was successful, but I failed troubleshooting section (68%).
. `* j* T, U4 `0 z D; |5 }; G e: {; u3 hBelow the kind of questions I got in troubleshooting section :
& D u/ @1 _: S8 V. X1- BGP peering issue. the question also said that you should establish the peering int the safest
& O, l/ M% Z& U) @way.7 K: P5 W" l5 k% j, p
When I check the config, I see that there is "neighbor xxxx password cisco".' c7 r, {) w7 n% ?; x7 b. \: @% J
I did " no neighbor xxxx password cisco", and then "neighbor xxxx password cisco" on each peer,
4 t/ B, E2 U% Z9 A/ I# `2 }+ j$ fand the peering comes up.$ e! Z2 g9 ]/ O: v |7 \& T
About the safest way, the use the "service password-encryption" command on each peer
; h V- z) ?+ @* n' ^, j" |8 T& d2- reachibility issue: PC1 in one AS(AS 300) cannot ping PC2 in another AS (AS 100)/ W1 G9 ] Q. g3 { F+ A0 q3 j9 M
I see that the router connected to PC1 do not have the route to PC2 , because there is already AS
6 q" B, I1 S% l300
" k3 c$ v Q: i8 lin the as-path to reach PC1.
D! @: U1 ]; `2 O+ Dto solve it, I modify the route-map on the router (on router on the path between the two PCs) on& E U* r/ M2 U6 t4 P; E$ Y
which the as-pas preprend is configured.
' G. i0 q9 t. N+ ~! l# L* oI just remove AS 300 in the as-path prepend command, and it worked.
8 u- L. j- v& K" K, w6 u% H$ I3- OSPF neighbor issue : R13 and R15 cannot establish ospf neighboring with R14.
- P4 K( O+ H5 P+ |6 \) `! I1 {* Ron R14, I see that the serial interface is configured as DCE, not DTE; also the lmi-type was ansi.
! [9 r! ~$ k2 d- s4 _I changed the interface to DTE and the lmi-type to cisco.
x% |$ [' w* i) ^1 {4- Load-balancing issue in EIGRP domain: there was on router with "bandwidth 1000" configured
' J3 O8 B; U6 Z5 _9 qon and interface,
! i; @9 h0 ^3 q6 h$ H: Oand another router configured with "delay 120". I delete these two commands, and I saw the two
, h T# F! k% C' ~4 H _paths in the routing table
6 G3 ^% I) @" u1 M1 U* ]3 j- k5- Reachibility issue between two PCs accross OSPF domain : here the problem was an virtual-link
! w5 [) y: y- l& B# `down, because of a network type mismatch
. v: q, z3 V F) ]1 s! w(between R16 and R17). I remove the network type pont-to-multipoint on R17 Ethernet
, L3 i) s$ b# r6 K+ tinterfaces connecting R16, and it worked.
. r6 z% y, G& G" N6- reachibility issue :there was a redistribution problem, missing default-metric when
' _* ]% t2 O: M( g% N K7 Bredistributing ospf in eigrp
- h8 \, ~# m7 Z- j1 p+ y- |1 l! x7- SNMP issue: failed to send link-status traps. I used these two commands:& | T' z) [3 Z( W
(conf-if)#snmp trap link-status)
5 W8 }7 R8 X9 n$ C/ ?(config)#snmp-server trap-source loopback 0. g/ j4 R' H5 M. \. u2 t+ j
8- Multicast issue (autorp): some routers (R11) are not able to get by autorp the addres of the rp6 \) d& G& Z" c$ [
(R3).
; C5 y' y$ K8 p* M C! eI did not resolved this issue.3 z3 C4 l- z! z: ^* u- g
There was an access-list in R3 with the wrong multicast-group. I changed the address from
/ c3 {, E3 f: m/ v9 ~' @* S224.1.1.2 (wrong address)to 224.1.1.1 (right address)
* ]+ N3 o5 @& H! h% e& Z9 iAfter that, R5 get the address of the RP, but not R9 nor R11. the PIM neighbor relationship was6 U5 Q, F4 U% d
OK between these router.% q- q* R, i, T! t7 c: k5 N
the "ip pim sparse-dense-mode " was configured on all interfaces between R3 and R11.8 m* }9 @, B/ A0 K6 W
9- Control-plane Policing issue. R9 loopback cannot telnet R10 loopback. there was many9 f) R9 v* ]6 p: j; @
restrictions on this question like:: U/ Y0 |( E3 \
-don't remove any configuration, don't remove any access-list, don't delete any line
1 J0 k' O6 G4 R0 S' Z, }. @configuration.But you can create your access-list8 @# M: m9 O Q5 }: C
When I check R9, I see that there is a CoPP , with a class-map (TELNET) which deny all telnet! Y- F3 e4 x2 Q, P. E) B+ I" I
traffic.$ U/ S( e. T! q. v
below what I did: k2 A- _/ z4 x5 ~0 ]% j
- create an access-list : access-list 101 permit tcp host R9_lo0 hos R10_lo0 eq telnet
' T4 h1 t4 g. s/ f1 p& I- create a class-map which matches the new access-list :8 D t& N8 J+ U" U; c! ?5 [# I
class-map ACCESS
# [ Y+ A: |" M4 a+ gmatch ip address 101' C: A+ \0 f+ w
- modify the policy-map like this :
) B* V$ `* k3 O# x) D9 r' bpolicy-map R10_POLICY
5 m; l1 J6 r- o7 w0 N0 C# Uno class TELNET, m+ T- E) M/ o7 V5 j- Z
class ACCESS
2 x x* ?* v" uclass TELNET' F( x& c% [1 U6 l, \
there was also "transport input none" in line vty of R9. I configured "transport input telnet" , and
v; h. ?8 x7 Fit worked: z! ^. K' u; D4 A( i# |% I
10- tunnel issue between R5 and R13: tunnel is flapping.I used the debug tunnel and I see a0 Q |" k! `% o# Q" h# L( d6 i
recursive routing issue.
1 k$ B# M; F7 V/ T7 M2 l$ ]After that, I check the routing table and the config of each router .We have the configuration' Z( ?9 L. h! _$ q
below:8 s2 d4 x8 m7 _/ b8 i
R5: U6 ^# Q5 I- {( _7 K1 ^2 i
int tunnel0
! ?6 [+ I0 Q' F! Qip address 135.0.0.5 255.255.255.04 G: t/ m8 `5 l- Y% `$ @, n6 T
tunnel source R5_lo0
5 n ?! r9 T. W5 f5 K$ Btunnel destination R13_lo0
0 {" `' b; F+ R( h3 R6 ]' n( D3 oip route 135.0.0.13 255.255.255.0 tunnel01 d3 ~$ K& w* Q. k9 x
R13% S; K) n" P8 v; n) w0 ^2 J
int tunnel0# q4 r+ U3 o' j) |: a4 Y3 r
ip address 135.0.0.13 255.255.255.0% E$ j. [" Q/ e9 ]3 x
tunnel source R5_lo0
* T, q) _) X$ ?# h& M3 k, l& u0 otunnel destination R13_lo0' i& V) x8 _" o$ M& k
ip route 135.0.0.5 255.255.255.0 tunnel0
1 }/ C) a$ s0 d1 @$ a {" N7 |2 keach router learn the loopback of the other by ospf. I delete the static route in each router, and it) b& _1 Q5 [0 h4 f4 S; k, ]
worked.
) V6 B! _) S2 r9 |1 P( bI was sure that I will pass the troubleshooting sestion, but no luck.
& I% y& ^" x1 |7 `5 WAt the break, when we discuss with the proctor, he said that there is only one way to solve each
$ L, {' i8 r: n7 M8 W! {# n- D/ ^) @issue in troubleshooting section.
\1 d2 e" w- _+ f+ ?Also, I see that there is a lot of restrictions on each ticket, so be very careful about that.1 \: ~4 P. G1 p1 d
I also see that Cisco can smoothly modify each question by adding restrictions, so two guys can
( ~- o( w, _5 thave the same topology, apparently
" k6 b* ]& u* vthe same kind of questions, but different way to solve these tickets because of restrictions.
! k% V5 M+ s8 ~: `( UWhen I see my troubleshooting score (68%) , I'm sure that my tickets 2,3,4,5,6,7 was good. I'm
: p, p: ^+ g9 f% u. r) onot sure about the other.- V2 M, `; k6 v3 M
I want to share this experience with you because I think we can all get this CCIE number.
* E7 f) I$ U I, T5 L. nplease , if somebody in the forum get the same tickets and pass this section, please share with- V' ~: N$ ~: p4 ?8 X" |6 v
me your answer.! |4 Q% N3 V: d) r* Q+ o7 i, i7 e
I don't want to make the CCIE exam all my life. I want to make my third and last attempt next! n% \8 c+ X+ m
month. |
|