Q1. - (Topic 20)
The implementation group has been using the test bed to do an IPv6 'proof-of-concept1. After several changes to the network addressing and routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).
Use the supported commands to isolate the cause of this fault and answer the following question.
What is the solution to the fault condition?
A. Under the interface Tunnel34 configuration enter the ipv6 ospf 6 area 34 command.
B. Under the interface Loopback6 configuration enter the ipv6 ospf 6 area 34 command.
C. Under the interface Serial0/0/0.34 configuration enter the ipv6 ospf 6 area 34 command.
D. Under ipv6 router ospf 6 configuration enter the redistribute rip RIP_ZONE include-connected command.
Answer: D
Explanation:
As explained earlier, the problem is with route redistribution on R4 of not redistributing RIP routes into OSPF for IPV6.
Topic 21, Ticket 16: IPv6 Routing Issue 3
Topology Overview (Actual Troubleshooting lab design is for below network design)
-Client Should have IP 10.2.1.3
-EIGRP 100 is running between switch DSW1 & DSW2
-OSPF (Process ID 1) is running between R1, R2, R3, R4
-Network of OSPF is redistributed in EIGRP
-BGP 65001 is configured on R1 with Webserver cloud AS 65002
-HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices.
You will be presented with a series of trouble tickets related to issues introduced during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
===============================================================================
Q2. - (Topic 16)
The implementations group has been using the test bed to do a ‘proof-of-concept'. After several changes to the network addressing, routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2(2026::102:1).
Use the supported commands to isolated the cause of this fault and answer the following questions.
On which device is the fault condition located?
A. R1
B. R2
C. R3
D. R4
E. DSW1
F. DSW2
G. ASW1
H. ASW2
Answer: B
Explanation:
R2 is missing the needed IPV6 OSPF for interface s0/0/0.23
Topic 17, Ticket 12 : HSRP Issue
Topology Overview (Actual Troubleshooting lab design is for below network design)
. Client Should have IP 10.2.1.3
. EIGRP 100 is running between switch DSW1 & DSW2
. OSPF (Process ID 1) is running between R1, R2, R3, R4
. Network of OSPF is redistributed in EIGRP
. BGP 65001 is configured on R1 with Webserver cloud AS 65002
. HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the
devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
Solution
Steps need to follow as below:-
. Since the problem is raised that DSW1 will not become active router for HSRP group 10
. we will check for the HSRP configuration…
. From snapshot we see that the track command given needs to be changed under active VLAN10 router
. Change Required: On DSW1, related to HSRP, under vlan 10 change the given track 1 command to instead use the track 10 command.
Q3. - (Topic 14)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
The fault condition is related to which technology?
A. NTP
B. IP DHCP Server
C. IPv4 OSPF Routing
D. IPv4 EIGRP Routing
E. IPv4 Route Redistribution
F. IPv6 RIP Routing
G. IPv6 OSPF Routing
H. IPv4 and IPv6 Interoperability
I. IPv4 layer 3 security
Answer: D
Explanation:
On R4, IPV4 EIGRP Routing, need to change the EIGRP AS number from 1 to 10 since DSW1 & DSW2 is configured to be in EIGRP AS number 10.
Topic 15, Ticket 10 : VLAN Access Map
Topology Overview (Actual Troubleshooting lab design is for below network design)
. Client Should have IP 10.2.1.3
. EIGRP 100 is running between switch DSW1 & DSW2
. OSPF (Process ID 1) is running between R1, R2, R3, R4
. Network of OSPF is redistributed in EIGRP
. BGP 65001 is configured on R1 with Webserver cloud AS 65002
. HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
Client 1 is unable to ping IP 209.65.200.241
Solution
Steps need to follow as below:-
. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4
ipconfig ----- Client will be receiving IP address 10.2.1.3
. From Client PC we can ping 10.2.1.254….
. But IP 10.2.1.3 is not able to ping from R4, R3, R2, R1
. Change required: On DSW1, VALN ACL, Need to delete the VLAN access-map test1 whose action is to drop access-list 10; specifically 10.2.1.3
Q4. - (Topic 1)
Which IPsec mode will encrypt a GRE tunnel to provide multiprotocol support and reduced overhead?
A. 3DES
B. multipoint GRE
C. tunnel
D. transport
Answer: D
Q5. - (Topic 4)
Scenario:
You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the network problems.
The following debug messages are noticed for HSRP group 2. But still neither R1 nor R2 has identified one of them as standby router. Identify the reason causing the issue.
Note: only show commands can be used to troubleshoot the ticket.
R1#
'Mar 26 11:17:39.234: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP
172.16.20.254
'Mar 26 11:17:40.034: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP
172.16.10.254
R1#
'Mar 26 11:17:40.364: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP
172.16.10.254
R1#
'Mar 26 11:17:41.969: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
'Mar 26 11:17:42.719: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP
172.16.10.254
'Mar 26 11:17:42.918: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP
172.16.10.254
R1#
'Mar 26 11:17:44.869: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP
172.16.20.254
'Mar 26 11:17:45.485: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP
172.16.10.254
'Mar 26 11:17:45.718: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP
172.16.10.254
R1#
'Mar 26 11:17:47.439: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP
172.16.20.254
'Mar 26 11:17:48.252: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP
172.16.10.254
'Mar 26 11:17:48.322: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP
172.16.10.254
R1#
'Mar 26 11:17:50.389: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP
172.16.20.254
'Mar 26 11:17:50.735: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP
172.16.10.254
'Mar 26 11:17:50.921: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP
172.16.10.254
R1#
'Mar 26 11:17:53.089: HSRP: Et1/0 Grp2 Hello out 172.16.20.2 Active pri 100 vIP
172.16.20.254
'Mar 26 11:17:53.338: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active pri130vlP
172.16.10.254
'Mar 26 11:17:53.633: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP
172.16.10.254
A. HSRP group priority misconfiguration
B. There is an HSRP authentication misconfiguration
C. There is an HSRP group number mismatch
D. This is not an HSRP issue: this is DHCP issue.
E. The ACL applied to interface is blocking HSRP hello packet exchange
Answer: E
Explanation:
On R1 we see that access list 102 has been applied to the Ethernet 1/0 interface:
This access list is blocking all traffic to the 224.0.0.102 IP address, which is the multicast address used by HSRP.
Topic 5, Troubleshooting OSPF
17. - (Topic 5)
Scenario:
A customer network engineer has edited their OSPF network configuration and now your customer is experiencing network issues. They have contacted you to resolve the issues and return the network to full functionality.
Connectivity from R3 to R4, R5 and R6 has been lost. How should connectivity be reestablished?
A. Configure R4 with a virtual link to 192.168.13.2
B. Change the R3 and R4 hello-interval and retransmit-interface timers to zero so the link won't go down.
C. Add an OSPF network statement for 4.4.4.4 0.0.0.0 area 1 in R3
D. Add an OSPF network statement for 192.168.34.3 0.0.0.255 area 2 in R3
E. Add an OSPF network statement for 192.168.34.0 0.0.0.255 area 1 in R3
Q6. - (Topic 16)
The implementations group has been using the test bed to do a ‘proof-of-concept'. After several changes to the network addressing, routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2(2026::102:1).
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to fault condition?
A. Under the interface Serial 0/0/0.23 configuration enter the ipv6 ospf 6 area 0 command.
B. Under the interface Serial0/0/0.12 configuration enter the ipv6 ospf 6 area 12 command.
C. Under ipv6 router ospf 6 configuration enter the network 2026::1:/122 area 0 command.
D. Under ipv6 router ospf 6 configuration enter no passive-interface default command.
Answer: A
Explanation:
On R2, IPV6 OSPF routing, configuration is required to add ipv6 ospf 6 area 0 under interface serial 0/0/0.23
Q7. - (Topic 10)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services,
NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. Under the interface Serial0/0/0 configuration enter the ip nat inside command.
B. Under the interface Serial0/0/0 configuration enter the ip nat outside command.
C. Under the ip access-list standard nat_trafic configuration enter the permit 10.2.0.0
0.0.255.255 command.
D. Under the ip access-list standard nat_trafic configuration enter the permit 209.65.200.0
0.0.0.255 command.
Answer: C
Explanation:
On R1 we need to add the client IP address for reachability to server to the access list that is used to specify which hosts get NATed.
Q8. - (Topic 9)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing schemes, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
On which device is the fault condition located?
A. R1
B. R2
C. R3
D. R4
E. DSW1
F. DSW2
G. ASW1
Answer: A
Explanation:
The BGP neighbor statement is wrong on R1.
Q9. - (Topic 14)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. Disable auto summary on the EIGRP process
B. Enable EIGRP on the FastEthernet0/0 and FastEthernet0/1 interface using the no passive-interface command.
C. Change the AS number on the EIGRP routing process from 1 to 10 to much the AS number used on DSW1 and DSW2.
D. Under the EIGRP process, delete the network 10.1.4.0 0.0.0.255 command and enter the network 10.1.4.4 0.0.0.252 and 10.1.4.8 0.0.0.252 commands.
Answer: C
Explanation:
On R4, IPV4 EIGRP Routing, need to change the EIGRP AS number from 1 to 10 since DSW1 & DSW2 is configured to be in EIGRP AS number 10.
Q10. - (Topic 21)
The implementation group has been using the test bed to do an IPv6 'proof-of-concept1. After several changes to the network addressing and routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).
The fault condition is related to which technology?
A. NTP
B. IPv4 OSPF Routing
C. IPv6 OSPF Routing
D. IPV4 and IPV6 Interoperability
E. IPv4 layer 3 security
Answer: D
Explanation:
Q11. - (Topic 8)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. Enable OSPF authentication on the s0/0/0 interface using the ip ospf authentication message-digest command
B. Enable OSPF routing on the s0/0/0 interface using the network 10.1.1.0 0.0.0.255 area 12 command.
C. Enable OSPF routing on the s0/0/0 interface using the network 209.65.200.0 0.0.0.255 area 12 command.
D. Redistribute the BGP route into OSPF using the redistribute BGP 65001 subnet command.
Answer: A
Explanation:
On R1, for IPV4 authentication of OSPF the command is missing and required to configure------ ip ospf authentication message-digest
Topic 9, Ticket 4 : BGP Neighbor
Topology Overview (Actual Troubleshooting lab design is for below network design)
. Client Should have IP 10.2.1.3
. EIGRP 100 is running between switch DSW1 & DSW2
. OSPF (Process ID 1) is running between R1, R2, R3, R4
. Network of OSPF is redistributed in EIGRP
. BGP 65001 is configured on R1 with Webserver cloud AS 65002
. HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
Client is unable to ping IP 209.65.200.241
Solution
Steps need to follow as below:-
. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4
ipconfig ----- Client will be receiving IP address 10.2.1.3
. IP 10.2.1.3 will be able to ping from R4 , R3, R2, R1
. Look for BGP Neighbourship
Sh ip bgp summary ----- No O/P will be seen
. Check for interface IP & ping IP 209.65.200.225 ---- Reply will be received from Webserver interface
. Look for peering IP address via sh run on R1 interface serial 0/0/1
. Since we are receiving icmp packets from Webserver interface on R1 so peering IP address under router BGP is configured wrong IP but with correct AS nos.
. Change required: On R1 under router BGP Change neighbor 209.56.200.226 remote-as 65002 statement to neighbor 209.65.200.226 remote-as 65002
Q12. - (Topic 1)
Refer to the exhibit.
How would you confirm on R1 that load balancing is actually occurring on the default-network (0.0.0.0)?
A. Use ping and the show ip route command to confirm the timers for each default network resets to 0.
B. Load balancing does not occur over default networks; the second route will only be used for failover.
C. Use an extended ping along with repeated show ip route commands to confirm the gateway of last resort address toggles back and forth.
D. Use the traceroute command to an address that is not explicitly in the routing table.
Answer: D
Q13. - (Topic 7)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. In Configuration mode, using the interface range Fastethernet 1/0/1 – 2, then switchport mode access vlan 10 command.
B. In Configuration mode, using the interface range Fastethernet 1/0/1 – 2, then switchport access mode vlan 10 command.
C. In Configuration mode, using the interface range Fastethernet 1/0/1 – 2, then switchport vlan 10 access command.
D. In Configuration mode, using the interface range Fastethernet 1/0/1 – 2, then switchport access vlan 10 command.
Answer: D
Explanation:
The problem here is that VLAN 10 is not configured on the proper interfaces on switch ASW1.
Q14. - (Topic 15)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
The fault condition is related to which technology?
A. Under the global configuration mode enter no access-list 10 command.
B. Under the global configuration mode enter no access-map vlan 10 command.
C. Under the global configuration mode enter no vlan access-map test1 10 command.
D. Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.
Answer: C
Explanation:
On DSW1, VALN ACL, Need to delete the VLAN access-map test1 whose action is to drop access-list 10; specifically 10.2.1.3
Q15. - (Topic 7)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
The fault condition is related to switch technology?
A. NTP
B. Switch-to-Switch Connectivity
C. Loop Prevention
D. Access Vlans
E. VLAN ACL Port ACL
F. Switch Virtual Interface
G. Port Security
Answer: D
Explanation:
The problem here is that VLAN 10 is not configured on the proper interfaces on
switch ASW1.
Topic 8, Ticket 3 : OSPF Authentication
Topology Overview (Actual Troubleshooting lab design is for below network design)
. Client Should have IP 10.2.1.3
. EIGRP 100 is running between switch DSW1 & DSW2
. OSPF (Process ID 1) is running between R1, R2, R3, R4
. Network of OSPF is redistributed in EIGRP
. BGP 65001 is configured on R1 with Webserver cloud AS 65002
. HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own
issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
===================================================================== ==========
Client is unable to ping IP 209.65.200.241
Solution
Steps need to follow as below:-
. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4
Ipconfig ----- Client will be receiving IP address 10.2.1.3
. IP 10.2.1.3 will be able to ping from R4 , R3, R2 but not from R1
. Check for neighborship of ospf sh ip ospf nei ----- Only one neighborship is forming with R2 & i.e. with R3 Since R2 is connected to R1 & R3 with routing protocol ospf than there should be 2 neighbors seen but only one is seen
. Need to check running config of R2 & R3 for interface
Sh run -------------------------- Interface Serial0/0/0/0.12 on R2
Sh run -------------------------- Interface Serial0/0/0/0 on R1
. Change required: On R1, for IPV4 authentication of OSPF command is missing and required to configure------ ip ospf authentication message-digest
Q16. - (Topic 12)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. In Configuration mode, using the interface range Fa 1/0/1 – 2, then no switchport port-security interface configuration commands. Then in exec mode clear errdisable interface fa 1/01 – 2 vlan 10 command
B. In Configuration mode, using the interface range Fa 1/0/1 – 2, then no switchport port-security, followed by shutdown, no shutdown interface configuration commands.
C. In Configuration mode, using the interface range Fa 1/0/1 – 2, then no switchport port-security interface configuration commands.
D. In Configuration mode, using the interface range Fa 1/0/1 – 2, then no switchport port-security interface configuration commands. Then in exec mode clear errdisable interface fa 1/0/1, then clear errdisable interface fa 1/0/2 commands.
Answer: B
Explanation:
On ASW1, we need to remove port-security under interface fa1/0/1 & fa1/0/2.
Reference: http://www.cisco.com/en/US/tech/ABC389/ABC621/technologies_tech_note09186a00806c d87b.shtml
Q17. - (Topic 9)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. Under the BGP process, enter the bgp redistribute-internal command.
B. Under the BGP process, bgp confederation identifier 65001command.
C. Deleted the current BGP process and reenter all of the command using 65002 as the AS number.
D. Under the BGP process, delete the neighbor 209.56.200.226 remote-as 65002 command and enter the neighbor 209.65.200.226 remote-as 65002 command.
Answer: D
Explanation:
On R1 under router BGP change neighbor 209.56.200.226 remote-as 65002 statement to neighbor 209.65.200.226 remote-as 65002
Topic 10, Ticket 5 : NAT ACL
Topology Overview (Actual Troubleshooting lab design is for below network design)
. Client Should have IP 10.2.1.3
. EIGRP 100 is running between switch DSW1 & DSW2
. OSPF (Process ID 1) is running between R1, R2, R3, R4
. Network of OSPF is redistributed in EIGRP
. BGP 65001 is configured on R1 with Webserver cloud AS 65002
. HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced
during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
Client is unable to ping IP 209.65.200.241
Solution
Steps need to follow as below:-
. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4
Ipconfig ----- Client will be receiving IP address 10.2.1.3
. IP 10.2.1.3 will be able to ping from R4 , R3, R2, R1
. Look for BGP Neighbourship
Sh ip bgp summary ----- State of BGP will be in established state & will be able to receive I prefix (209.65.200.241)
. As per troubleshooting we are able to ping ip 10.2.1.3 from R1 & BGP is also receiving prefix of webserver & we are able to ping the same from R1. Further troubleshooting needs to be done on R1 on serial 0/0/1
. Check for running config. i.e sh run for interface serial 0/0/1..
!
!
From above snapshot we are able to see that IP needs to be PAT to serial 0/0/1 to reach web server IP (209.65.200.241). But in access-list of NAT IP allowed IP is 10.1.0.0/16 is allowed & need 10.2.0.0 /16 to
. As per troubleshooting we are able to ping ip 10.2.1.3 from R1 & BGP is also receiving prefix of web server & we are able to ping the same from R1. Its should be checked further for running config of interface for stopping
. Change required: On R1 we need to add the client IP address for reachability to server to the access list that is used to specify which hosts get NATed.
Q18. - (Topic 11)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. Under the interface Serial0/0/1 enter the ip access-group edge_security out command.
B. Under the ip access-list extended edge_security configuration add the permit ip
209.65.200.224 0.0.0.3 any command.
C. Under the ip access-list extended edge_security configuration delete the deny ip
10.0.0.0.0 0.255.255.255 any command.
D. Under the interface Serial0/0/0 configuration delete the ip access-group edge_security in command and enter the ip access-group edge_security out command.
Answer: B
Explanation:
On R1, we need to permit IP 209.65.200.222/30 under the access list.
Topic 12, Ticket 7 : Port Security
Topology Overview (Actual Troubleshooting lab design is for below network design)
. Client Should have IP 10.2.1.3
. EIGRP 100 is running between switch DSW1 & DSW2
. OSPF (Process ID 1) is running between R1, R2, R3, R4
. Network of OSPF is redistributed in EIGRP
. BGP 65001 is configured on R1 with Webserver cloud AS 65002
. HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
Client is unable to ping IP 209.65.200.241
Solution
Steps need to follow as below:-
. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4
ipconfig ----- Client will be getting 169.X.X.X
. On ASW1 port Fa1/0/ 1 & Fa1/0/2 access port VLAN 10 was assigned but when we checked interface it was showing down
Sh run ------- check for running config of int fa1/0/1 & fa1/0/2 (switchport access Vlan 10 will be there with switch port security command). Now check as below Sh int fa1/0/1 & sh int fa1/0/2
. As seen on interface the port is in err-disable mode so need to clear port.
. Change required: On ASW1, we need to remove port-security under interface fa1/0/1 & fa1/0/2.
Q19. - (Topic 20)
The implementation group has been using the test bed to do an IPv6 'proof-of-concept1.
After several changes to the network addressing and routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).
Use the supported commands to isolate the cause of this fault and answer the following question.
On which device is the fault condition located?
A. R1
B. R2
C. R3
D. R4
E. DSW1
F. DSW2
G. ASW1
H. ASW2
Answer: D
Explanation:
Start to troubleshoot this by pinging the loopback IPv6 address of DSW2 (2026::102:1). This can be pinged from DSW1, and R4, but not R3 or any other devices past that point. If we look at the diagram, we see that R4 is redistributing the OSPF and RIP IPV6 routes. However, looking at the routing table we see that R4 has the 2026::102 network in the routing table known via RIP, but that R3 does not have the route:
When we look more closely at the configuration of R4, we see that it is redistributing OSPF routes into RIP for IPv6, but the RIP routes are not being redistributed into OSPF. That is why R3 sees R4 as an IPV6 OSPF neighbor, but does not get the 2026::102 network installed.
So, problem is with route redistribution on R4.