TSHOOT
TSHOOT
TSHOOT
Ticket 1 OSPF Authentication Ticket 2 HSRP Track Ticket 3 BGP Neighbor Ticket 4 NAT ACL Ticket 5 R1 ACL Ticket 6 VLAN filter Ticket 7 Port Security Ticket 8 Switchport VLAN 10 Ticket 9 Switchport trunk Ticket 10 EIGRP AS Ticket 11 EIGRP to OSPF Ticket 12 IPv6 OSPF Ticket 13 DHCP Range Ticket 14 EIGRP Passive Interface
Solution:
R1 OSPF ip ospf authentication message-digest command must be given on s0/0/0/0.12
Explanation:
Authentication types: - 0 means that there is a null authentication. - 1 means that the authentication type is plain text. - 2 means that the authentication type is MD5.
R1(config-if)#ip ospf authentication ? message-digest Use message-digest authentication null Use no authentication <cr> R1(config-if)#ip ospf authentication-key ? <0-7> Encryption type (0 for not yet encrypted, 7 for proprietary) LINE The OSPF password (key) (maximum 8 characters) R1(config-if)#ip ospf message-digest-key 1 md5 ? <0-7> Encryption type (0 for not yet encrypted, 7 for proprietary) LINE The OSPF password (key) (maximum 16 characters) R1(config)#router ospf 1 R1(config-router)#area 1 authentication ? message-digest Use message-digest authentication <cr>
Troubleshooting:
R1#show ip ospf interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Internet Address 12.0.0.1/24, Area 0 Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 2.2.2.2, Interface address 12.0.0.2 Backup Designated router (ID) 1.1.1.1, Interface address 12.0.0.1 Message digest authentication enabled Youngest key id is 1 R1#show ip ospf External flood list length 0 Area BACKBONE(0) Number of interfaces in this area is 1 Area has simple password authentication Area 1 Number of interfaces in this area is 0 Area has message digest authentication
Area 2 Number of interfaces in this area is 0 Area has no authentication R1# R1# debug ip ospf adj *Mar 1 01:03:07.207: OSPF: Rcv pkt from 12.0.0.2, FastEthernet0/0 : Mismatch Authentication Key - No message digest key 0 on interface *Mar 1 01:04:57.311: OSPF: Rcv pkt from 12.0.0.2, FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1 *Mar 1 01:06:57.287: OSPF: Rcv pkt from 12.0.0.2, FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 1, we use type 2 *Mar 1 01:09:00.419: OSPF: Rcv pkt from 12.0.0.1, FastEthernet0/0 : Mismatch Authentication Key - Clear Text
Solution:
DSW1 HSRP Delete the command with track 1 and enter the command with track 10 (standby 10 track 10 decrement 60).
Explanation:
Router(config-if)# standby 39 ip 10.0.0.1 Router(config-if)# stand 2 authentication md5 key-string cisco Router(config-if)# standby 39 priority 150 Router(config-if)# standby 39 preempt Router(config-if)# standby 39 preempt delay minimum 90 Router(config-if)# standby 39 timers 1 3 Router(config-if)# standby 39 track s1/0/0 100 R2(config-if)#standby track 1 decrement 33 R2(config)#track 1 ip route 200.0.0.0/24 ? metric Route metric reachability Route reachability state R2(config)#track 1 ip route 200.0.0.0/24 metric threshold R2(config-track)#threshold metric up 100 down 150
Troubleshooting:
R2#show standby FastEthernet0/0 - Group 0 State is Standby 3 state changes, last state change 00:22:00 Virtual IP address is 10.0.0.254 Active virtual MAC address is 0000.0c07.ac00 Local virtual MAC address is 0000.0c07.ac00 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.000 secs Preemption enabled Active router is 10.0.0.1, priority 99 (expires in 7.960 sec) Standby router is local Priority 67 (default 100) Track object 1 state Down decrement 33 IP redundancy name is "hsrp-Fa0/0-0" (default)
R2#show track 1 Track 1 IP route 200.0.0.0 255.255.255.0 metric threshold Metric threshold is Down (EIGRP/409600/160) 2 changes, last change 00:22:28 Metric threshold down 150 up 100 First-hop interface is FastEthernet0/1 Tracked by: HSRP FastEthernet0/0 0
Solution:
R1 BGP Delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change neighbor 209.56.200.226 remote-as 65002 to neighbor 209.65.200.226 remote-as 65002)
Explanation:
Troubleshooting:
*Mar 1 00:18:55.191: %BGP-3-NOTIFICATION: received from neighbor 1.1.1.1 2/2 (peer in wrong AS) 2 bytes 0001
R2#show ip bgp summary BGP router identifier 22.0.0.1, local AS number 2 BGP table version is 1, main routing table version 1 2 network entries using 234 bytes of memory 2 path entries using 104 bytes of memory 3/0 BGP path/bestpath attribute entries using 372 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 734 total bytes of memory BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs Neighbor 1.1.1.1 3.3.3.3 V 4 4 AS MsgRcvd MsgSent 1 4 3 3 0 0 InQ OutQ 0 0 0 0 Up/Down State/PfxRcd 00:00:50 1 never Active
R2# show ip bgp neighbors 3.3.3.3 BGP neighbor is 3.3.3.3, remote AS 3, external link BGP version 4, remote router ID 0.0.0.0 BGP state = Active Last read 00:02:50, last write 00:02:50, hold time is 180, keepalive interval is 60 seconds Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 0 0 Notifications: 0 0 Updates: 0 0 Keepalives: 0 0 Route Refresh: 0 0 Total: 0 0 Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 3, neighbor version 0/0 Output queue size : 0 Index 1, Offset 0, Mask 0x2 1 update-group member Sent Rcvd Prefix activity: -------
Prefixes Current: Prefixes Total: Implicit Withdraw: Explicit Withdraw: Used as bestpath: Used as multipath:
2 0 0 0 n/a n/a
0 0 0 0 0 0
Outbound Inbound Local Policy Denied Prefixes: -------------Total: 0 0 Number of NLRIs in the update sent: max 0, min 0 Connections established 0; dropped 0 Last reset never External BGP neighbor may be up to 10 hops away. No active TCP connection R2#
Solution:
R1 NAT Add the command permit 10.2.0.0 in the nat_pool access-list
Explanation:
R2(config)#ip nat ? Stateful Stateful NAT configuration commands create Create flow entries inside Inside address translation log NAT Logging outside Outside address translation pool Define pool of addresses service Special translation for application using nonstandard port source Source address translation translation NAT translation entry configuration
Troubleshooting:
R2#show ip nat translations Pro Inside global Inside local icmp 20.0.0.1:2 11.0.0.1:2 icmp 20.0.0.1:3 11.0.0.1:3 Outside local 33.0.0.1:2 33.0.0.1:3 Outside global 33.0.0.1:2 33.0.0.1:3
R2#show ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 18 Misses: 2 CEF Translated packets: 20, CEF Punted packets: 0 Expired translations: 2 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface FastEthernet0/1 refcount 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0
Ticket 5 R1 ACL
Configuration: R1
router bgp 65001 no synchronization bgp log-neighbor-changes network 209.65.200.224 mask 255.255.255.252 neighbor 209.65.200.226 remote-as 65002 no auto-summary ! access-list 30 permit host 209.65.200.241 access-list 30 deny 10.1.0.0 0.0.255.255 access-list 30 deny 10.2.0.0 0.0.255.255 ! interface Serial0/0/0/1 ip address 209.65.200.224 255.255.255.252 ip nat outside ip access-group 30 in
Solution:
R1 IP Access list Add permit 209.65.200.224 0.0.0.3 to R1s ACL
Explanation:
Routing protocols and BGP will fail due to this ACL
Troubleshooting:
R2#show ip access-lists R2#show ip bgp neighbors R2#show ip bgp summary
Solution:
DSW1 (but in the exam maybe you have to choose ASW1) Vlan access map Remove VLAN filter test1 from DSW1
Explanation:
Switch(config)# vlan access-map Drop101 10 Switch(config-access-map)# match ip address 101 Switch(config-access-map)# action drop ! Switch(config-access-map)# vlan access-map Drop101 20 Switch(config-access-map)# action forward ! Switch(config)# vlan filter Drop101 vlan-list 10
Troubleshooting:
show vlan access-map vacl_name or show vlan filter access-map Vlan access-map access_map_example_1 match: ip address 13 action: forward capture
Solution:
ASW1 Port security issue no switchport port-security mac-address 0000.0000.0001 command followed by shutdown & no shutdown commands on port fa1/0/1 on ASW1
Explanation:
Troubleshooting:
Switch# show port-security Port Security : Enabled Port Status : Secure-Up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging Maximum MAC Addresses : 2 Total MAC Addresses : 0 Configured MAC Addresses : Sticky MAC Addresses : 0 Last Source Address:Vlan : Security Violation Count : interface fa 1/0/15
: Disabled
0 0000.0000.0000:0 0
Solution:
ASW1 Vlan Give command: interface range fa1/0/1-/2 & switchport access vlan 10
Explanation:
Creating a VLAN and Assigning Ports (config)# vlan 12 (config-vlan)# name MYVLAN (config-if)# switchport mode access (config-if)# switchport access vlan 12
Troubleshooting:
Verifying VLAN Configuration ASW# show vlan brief VLAN Name Status Ports - 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/10,Fa0/11,Fa0/12 20 VLAN0020 active Fa0/5,Fa0/6,Fa0/7 21 VLAN0021 active Fa0/8,Fa0/9 1002 fddi-default active 1003 trcrf-default active 1004 fddinet-default active 1005 trbrf-default active
ASW# show run interface fa0/5 Building configuration... Current configuration 64 bytes interface FastEthernet 0/5 switchport access vlan 20 switchport mode access ASW# show mac address-table interface fa0/1 Mac Address Table Vlan Mac Address Type Ports - 1 0030.b656.7c3d DYNAMIC Fa0/1 Total Mac Addresses for this criterion: 1 ASW# show interfaces fa0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Protected: false Unknown unicast blocked: false Unknown multicast blocked: false Broadcast Suppression Level: 100 Multicast Suppression Level: 100 Unicast Suppression Level: 100
Solution:
ASW1 Switch to switch connectivity Int range portchannel13, portchannel23 switchport trunk allowed vlan none, switchport trunk allowed vlan 10,200
Explanation:
By default, a trunk carries traffic for all VLANs. You can change that behavior for a particular trunk link by giving thefollowing command at the interface config mode: switchport trunk allowed vlan vlans
Troubleshooting:
ASW# show interfaces fastethernet 0/1 trunk Port Mode Encapsulation Status Native vlan Fa0/1 desirable n-802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-150 <further output omitted>
Ticket 10 EIGRP AS
Configuration:
DSW1 can ping fa0/1 of R4 but cant ping s0/0/0/0.34
Solution:
R4 EIGRP Change EIGRP AS number from 1 to 10
Explanation:
EIGRP AS Numbers have to match.
Troubleshooting:
R2#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Pending Interface Peers Un/Reliable Routes Fa0/0 0 0/0 0 Lo1 0 0/0 0 R2#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold (sec) 0 12.0.0.1 Fa0/0 14 00:00:01
Mean SRTT 0 0
SRTT 822
RTO
Q Cnt 0
Seq Num 18
R2#show ip eigrp traffic IP-EIGRP Traffic Statistics for AS 1 Hellos sent/received: 15/15 Updates sent/received: 11/13 Queries sent/received: 0/0 Replies sent/received: 0/0 Acks sent/received: 4/5 SIA-Queries sent/received: 0/0 SIA-Replies sent/received: 0/0 Hello Process ID: 157 PDM Process ID: 155 IP Socket queue: 0/2000/5/0 (current/max/highest/drops) Eigrp input queue: 0/2000/5/0 (current/max/highest/drops)
Solution:
R4 Route redistribution Change the name of the route-map under the router EIGRP or router OSPF process from EIGRP_to_OSPF to EIGRP->OSPF.
Explanation:
Route-map name has to be the same
Troubleshooting:
R2#show route-map route-map TEST, permit, sequence 10 Match clauses: ip address (access-lists): 1 Set clauses: tag 2 Policy routing matches: 0 packets, 0 bytes
Solution:
R2 OSPFv3 On the serial interface of R2, enter the command ipv6 ospf 6 area 0 (notice that it is area 0, not area 12)
Explanation:
IP addresses are already in place, the commands to implement basic OSPFv3 are shown in the following example.
Router(config)# ipv6 router ospf process-id Router(config-rtr)# router-id 32bit-address ! Router(config-rtr)# interface type number Router(config-if)# ipv6 ospf process-id area area
Troubleshooting:
R2#show ipv6 interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::C201:CFF:FE2C:0 Global unicast address(es): 2001::2, subnet is 2001::/64 Joined group address(es): FF02::1 FF02::2 FF02::5 FF02::6 FF02::1:FF00:2 FF02::1:FF2C:0 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds R2#show ipv6 Interface Fa0/0 Lo1 ospf interface brief PID Area 1 0 1 1 Intf ID 4 10 Cost 10 1 State Nbrs F/C BDR 1/1 LOOP 0/0
R2#show ipv6 ospf interface FastEthernet0/0 is up, line protocol is up Link Local Address FE80::C201:CFF:FE2C:0, Interface ID 4 Area 0, Process ID 1, Instance ID 0, Router ID 2.2.2.2 Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 1.1.1.1, local address FE80::C200:CFF:FE2C:0 Backup Designated router (ID) 2.2.2.2, local address FE80::C201:CFF:FE2C:0 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 1.1.1.1 (Designated Router Loopback1 is up, line protocol is up Link Local Address FE80::C201:CFF:FE2C:0, Interface ID 10 Area 1, Process ID 1, Instance ID 0, Router ID 2.2.2.2 Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host
*Mar
1 00:06:55.979: %OSPFv3-4-AREA_MISMATCH: Received packet with incorrect area from FE80::C200:CFF:FE2C:0, FastEthernet0/0, area 0.0.0.2, packet area 0.0.0.0
Solution:
R4 DHCP On R4 delete ip dhcp exclude 10.2.1.1-10.2.1.253 and apply ip dhcp-excluded 10.2.1.1-10.2.1.2
Explanation:
ip dhcp excluded-address 192.168.100.0 192.168.100.100 ! ip dhcp pool TEST network 192.168.100.0 255.255.255.0 dns-server 80.80.160.80 default-router 192.168.100.254 !
Troubleshooting:
R2#show ip dhcp pool Pool TEST : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 254 Leased addresses : 1 Pending event : none 1 subnet is currently in the pool : Current index IP address range 192.168.100.102 192.168.100.1 - 192.168.100.254
Leased addresses 1
R2#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Hardware address/ User name 192.168.100.101 0063.6973.636f.2d63. Mar 02 2002 12:15 AM 030.302e.3063.3263. 2e30.3030.302d.4661. 302f.30
Type
Automatic
Solution:
R4 IPv4 EIGRP Routing Remove Passive interface under EIGRP 10 (or in Interface f0/1 and f0/0, something like this)
Explanation:
R1(config-router)#passive-interface fastEthernet 0/1 R1(config-router)#passive-interface default R1(config-router)#no passive-interface fastEthernet 0/2 Troubleshooting: R1#show ip protocols Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 1 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is not in effect Maximum path: 4 Routing for Networks: 192.168.100.0 200.0.0.0 Passive Interface(s): FastEthernet0/1 Routing Information Sources: Gateway Distance Last Update Distance: internal 90 external 170
The highest level is level 0 (emergencies). The lowest level is level 7. If you specify a level with the logging console level command, that level and all the higher levels will be displayed. For example, by using the logging console warnings command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed.
In this question, E is also correct but it is less information -> C is the best answer. 3) You have 2 commands used for ftp: ip ftp username xxxxxx ip ftp password yyyyyy Which two commands will be used when switching from ftp to http? Answer: ip http client username xxxxxx ip http client password yyyyyy 4) Which two of the following options are categories of Network Maintenance tasks? A Firefighting B Interrupt-driven C Policy-based D Structured E Foundational Answer: B D 5) The following commands are issued on a Cisco router:
Router(config)#access-list 199 permit tcp host 10.1.1.1 host 172.16.1.1 Router(config)#access-list 199 permit tcp host 172.16.1.1 host 10.1.1.1 Router#debug ip packet 199
What would be the output shown on the console? A All IP packets passing through the router B Only IP packets with the source address of 10.1.1.1 C All IP packets from 10.1.1.1 to 172.16.1.1 D All IP packets between 10.1.1.1 to 172.16.1.1 Answer: D Only communication between host 10.1.1.1 and host 172.16.1.1
6) You have two NTP servers 10.1.1.1 & 10.1.1.2 and want to configure a router to use 10.1.1.2 as its NTP server before falling back to 10.1.1.1. Which command will you use? Answer:
ntp server 10.1.1.1 ntp server 10.1.1.2 prefer
(notice the answer with the word prefer) 7) The interface is up and protocol is up. What level of logging is enabled when you get these messages? %LINEPROTO5UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up %LINKDOWN3SERIAL: A -alerts B errors C critical D notifications Answer: D 8) Two Cisco routers are connected to each other and are enabled CDP. Serial line is up,protocol is also up but cdp neighbor not working. What layer of the OSI model does the problem most likely exist? Answer: Data link layer. Here you will find answers to Drag and Drop Questions
Question 2
FCAPSmodel defined by the International Organization for Standardization (ISO). ITIL framework for it prof TNMnetwork management model is the Telecommunications Standardization Sectors (ITU-T) Cisco lifecyclemodel is often referred to as the PPDIOO model
Question 3
EEM CLI based for Management and Monitoring SDM provide a GUI for Administration FTP Used for Backup and restore