Akss Nageswar (TS2, DIAG H3+, CFG H3)
Jan 14, 2019 Admin CCIE RS Feedback

The first, I'd like to thank Combat, CC Dreamer and this group members.
My Feedback
lab at Tokyo,Japan.
I got TS2, Diag H3+ and CFG H3.

8:30 - 9:40 = lab env description and Demo.
9:41 = start
12:51 - 13:21 = lunch
18:00 = end

LAB room is low temperature recommended prepare a jacket.

TS2
Q1
wrong ACL .
check 'show ip access-lists '

ip access-list ex 111
10 permit XXXX
20 permit ip any any <<< change deny

Q2
no next-hop-self peer group DCs
int vlan 2001
ip os 1 are 0

Q3
R13 lo0 ospf process-id is 10.
other DC#1 Routers and Swithces has 1.

Q4
restrict!!! don't change BGP attribute!
wrong ip prefix-list.

Q5
R60 int tu 0
ip ospf network P2P

Q6
SW111 is not adv VLAN2001.

Q7
restriction !! you change two misses.
1, R3 e0/1 is mpls ip disable.
2,R10 ospf distance 19

Q8
ARP inspection enable, but no trusted port.

Q9
R71 mask length 32.

R70
NAT inside <=> outside

I finished 1 hour.
remaining times prepaer CFG.

open a notepad.
write commands
en
cisco
conf t
do ter len 0
do sh run
do sh ip os int br
do sh ip os neig
do cle ip bg * so
do sh bg
do sh bg vpnv4 uni all etc....


Diag H3+
same WB
Q1
i use filter "bootp".
this filter enable => 3 through 5 packets matches
top of the packets contain option(82) and src address 0.0.0.0
then filter "cdp"
src and dst mac address checke => between SW1 and SW3

Q2
filter "http.request.method==GET" (attention , no get,yes GET)
1 packet match.
data contain
http://10.1.1.1/bd2.tcl

CFG H3
almost same WB.
a part of finish, but no perfect.
(ex; Jamesons network Routers and Switches are enable ospf. but no router-id )
some port is shutdown status.
some port is wrong ip address.


H3 cfg:
==============
Section 1.1 1.4
-------------------------------
Same as WB <<<<< Be mindful of the interfaces in the Port channels.
Mine was not the same on all sites. Some had Access Switch using e2/0-1 for Po1 and another E2/2-3 for Po1.
Also distribution switches, one site used both devices e2/0-1 for respective Portchannels.
Another site, one switch had e2/0-1 and the other e2/2-3 <<<< Its clear in the diagram, jut pay attention.

==============
Section 2.1
Same as WB

Section 2.2
OSPF preconfigured, but none of the devices had router-ids
Note that ips were a little different throughout the LAB especially on the MPLS Cloud.
Once I added the router IDs and reloaded the OSPF process, all I had to do is add the prefix-suppression and all worked.
Also, Lo1's of the RP's (100 and 101) didn't have ospf enabled.

Section 2.3
PPP same as WB nothing different.

Section 2.4
Same as WB I had to remove/reapply the bgp listen range as neighbors werent coming up (especially after reload for mcast | see below)

Section 2.5
Same as WB

Section 2.6
Same as WB, added weight on R20 as output requested it.

Section 2.7
Prefix filter requested on 14 and 15 as well, but at the end of the lab NATing wouldnt work.
I removed the prefix FILTER from 14 and 15 and all worked I just took that loss instead of no pings to internet!!!

Section 2.8
Same as WB identical BGP on VRF was preconfigured on both R60 and R51.
R60 actually had the config as well as SW600 (directly connected). Just check the router-id not configured anywhere.

Section 2.9
Same as WB just had to enable ipv6 unicast-routing.

Section 2.10
Got the variation where RP Source was the lo1 not the 10.1.113.2, so didn't have to advertise that link in BGP.
Had some trouble with rp-mapping few reloads later (one reloaded from device mgr) fixed it. <<<<<<<<<<<<<<<<<<<<< SOMETHING I WASTED PLENTY OF TIME, and made me sweat towards the end as after reloads BGP was not coming up till I removed/replaced bgp listen range (see above BGP section)

Section 2.11
Straight mcast config no issues.

==============
Section 3.1
Same as WB. There were no RD nor RTs configured.
I configured same as TS 65001:1 65001:2 65001:3 65001:4

Section 3.2
Same as WB. Crypto was preconfigured on all 3 routers. Only thing missing from crypto was the key on all 3 routers.

Section 3.3
Same as WB 100%

Section 3.4
Same as WB (LOGIC).
R24 was fully preconfigured, only thing I had to add was the static route (which is allowed) and also helps 10.7.0.0/16 go out (redistribute static preconfigured).
R71 had most of the ACLs preconfigured and the NAT Pool, so used their templates.
However, all of them were missing/wrong ACL definitions.
I redid all the ACL/POOL, but used the name that they had pre-config.

==============
Section 4 and 5
Same as WB.


CCIE

CONNECT TO US
CCIE DC
CCIE RS
CCIE SECURITY
CCIE SP
JNCIE DC
JNCIE ENT
JNCIE SEC
JNCIE SP


Last News