SPOTO benefits Latest Feedback of the CCIE RS LAB TS2+ Diag3 CFG H3
SPOTO candidates passed the CCIE RS LAB exam on Sept 6, 2019. He wanna share the latest feedback to anyone who wanna pass it.
1. The first question: User104 ping nowhere R40 loopback0
This problem user104 did not get the address. I showed no in the show int status err on SW410 so I think there is no problem with the port security on the SW410. Then, I go check other places and check it for a long time is normal. Go back and shut down user 104 port and Shutdown still can't get the address. After watching the time has passed ten minutes, skip the next question. After finishing all, I look back at this question and show port-security on SW410 Port security is set on display port e0/0. The bound mac is not the same as the port mac on user104. This finds the problem. First follow the user104's mac to change the port to the mac, showing a conflict. Then, I follow the port security binding mac, repair User104 on mac, restart port 10, and then got the address. Phenomenon appear.
2. The third question: Parity vlan separate routing:
Loopback0 on R23 is not planned for ospf 10. Change it to ospf 1
R10 is equipped with a route-map which sets the local-preference to 1000. Change local-preference to the default 100 (Feeling that as long as it is related to ospf, you should pay attention to the configuration on R10)
The bgp on R12/13 and R22/23 is equipped with a maximum number of neighbors of 8. I think there should be 9 neighbors, and the maximum number is changed to 9
SWlan vlan2000 on AS65001, vlan on SW111 2001 did not announce in ospf. But the announcement was under bgp. Thus, the routes of 10.2.100.0/24 and 10.2.101.0/24 on R12/R13 are learned by bgp so that it is not loaded. I have int vlan 2000 on SW110 and int vlan 2001 on SW111 have been notified to ospf so that on R12/13, 10.2.100.0/24, 10.2.101.0/24 is learned by ospf and is loaded.
3. The ninth question that user7 telnet 10.2.200.100 :
First, I confirm that R71 can ping the R24's external network port, the result is also ping nowhere and I looked at the nat on the R24 Configuration (specifically cannot remember the address) is not the same as the rack. I tried to delete the nat related to 22.214.171.124. No matter how the R71 can ping the R24's external network port but from the R24 can ping the R70's external network port. Then, I did not study the issue of the external network interoperability. Directly look at the R24 and R71 on the tunnel port and crypto related configuration. The place is changed to unity. Just put it over there and skip the next question. When I went back and found that the ospf neighbors of R71 and R24 were built up, I couldn't believe it. I didn't ping the neighbors on both sides and then I saw each other's routes. So my main question this time still in the tunnel and crypto encryption sections. Test phenomenon appear.
4. The quesion of NSA on telnet 126.96.36.199:
This question is the same as the wrong point on the rack. However, it is impossible to ping the external network port on the R25 to the last NSA. Finally, the external network port of ping R24 on R71 is also unreachable.
1. Enter bootp in the wireshark and it shows about 5 to 6 DHCP messages. All of DHCP messges which are DHCP Discovery messages. Select the first packet and number 133.
2. SW1 -- show ip relay information tru
3. Capture the link SW1-SW3 (In wireshark search cdp that you can see the device name, port number, back answer is also 30 minutes boring can look at this message to confirm)
In the wireshark , search tcp.port==1337 and see the destination port is 1337. The destination address is the address of the router is 1 and just do it later
Tclsh hacker's address
1. Pay attention to the AS65003 three switches. There have added no spanning-tree mst ... remember to remove no and then match again otherwise spanning-tree Mst related configuration does not take effect
2. The e0/0 on the R70 is shutdown. The port on the R42 that is interconnected with the R100 is also shutdown.
3. The multicast part is the same as that encountered by the previous classmates but also the display is a little different from the rack. There is a tube because the topic explicitly requires the use of loopbcak1 of SW100/SW101 as the RP, RP mapping agent. I did it by the rack solution.
4. SW200 cannot knock out dot1dbridge can only knock the number 188.8.131.52.2.1.17 and knock out show run | se snmp that see the display is dot1dbridge
5. SW111 has a limit of up to 2 hops
6. In QOS part, it finally explicitly asked qos to be applied to ipv4 and ipv6. I just used SPOTO solution with ipv4 and I don’t know about the ipv6 .
7. R60 has a requirement: do not have too many arp responses on e0/0 , close the arp mapping proxy on e0/0.
In general, the solution of SPOTO CCIE R&S LAB is still very accurate. Everyone will be sure to pass the exam in accordance with the solution.
Finally, I would like to thank the teacher for helping me. The SPOTO teacher is very responsible, thank you very much!
Start the discussion...