Q1. - (Topic 7)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
The fault condition is related to switch technology?
A. NTP
B. Switch-to-Switch Connectivity
C. Loop Prevention
D. Access Vlans
E. VLAN ACL Port ACL
F. Switch Virtual Interface
G. Port Security
Answer: D
Explanation:
The problem here is that VLAN 10 is not configured on the proper interfaces on
switch ASW1.
Topic 8, Ticket 3 : OSPF Authentication
Topology Overview (Actual Troubleshooting lab design is for below network design)
. Client Should have IP 10.2.1.3
. EIGRP 100 is running between switch DSW1 & DSW2
. OSPF (Process ID 1) is running between R1, R2, R3, R4
. Network of OSPF is redistributed in EIGRP
. BGP 65001 is configured on R1 with Webserver cloud AS 65002
. HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own
issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
===================================================================== ==========
Client is unable to ping IP 209.65.200.241
Solution
Steps need to follow as below:-
. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4
Ipconfig ----- Client will be receiving IP address 10.2.1.3
. IP 10.2.1.3 will be able to ping from R4 , R3, R2 but not from R1
. Check for neighborship of ospf sh ip ospf nei ----- Only one neighborship is forming with R2 & i.e. with R3 Since R2 is connected to R1 & R3 with routing protocol ospf than there should be 2 neighbors seen but only one is seen
. Need to check running config of R2 & R3 for interface
Sh run -------------------------- Interface Serial0/0/0/0.12 on R2
Sh run -------------------------- Interface Serial0/0/0/0 on R1
. Change required: On R1, for IPV4 authentication of OSPF command is missing and required to configure------ ip ospf authentication message-digest
Q2. - (Topic 9)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing schemes, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
On which device is the fault condition located?
A. R1
B. R2
C. R3
D. R4
E. DSW1
F. DSW2
G. ASW1
Answer: A
Explanation:
The BGP neighbor statement is wrong on R1.
Q3. - (Topic 1)
Which statement is true about an IPsec/GRE tunnel?
A. The GRE tunnel source and destination addresses are specified within the IPsec transform set.
B. An IPsec/GRE tunnel must use IPsec tunnel mode.
C. GRE encapsulation occurs before the IPsec encryption process.
D. Crypto map ACL is not needed to match which traffic will be protected.
Answer: C
Topic 2, Troubleshooting VTP
7. - (Topic 2)
A customer network engineer has made configuration changes that have resulted in some loss of connectivity. You have been called in to evaluate a switch network and suggest resolutions to the problems.
PC2 in VLAN 200 is unable to ping the gateway address 172.16.200.1; identify the issue.
A. VTP domain name mismatch on SW4
B. VLAN 200 not configured on SW1
C. VLAN 200 not configured on SW2
D. VLAN 200 not configured on SW4
Q4. - (Topic 15)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
The fault condition is related to which technology?
A. Under the global configuration mode enter no access-list 10 command.
B. Under the global configuration mode enter no access-map vlan 10 command.
C. Under the global configuration mode enter no vlan access-map test1 10 command.
D. Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.
Answer: C
Explanation:
On DSW1, VALN ACL, Need to delete the VLAN access-map test1 whose action is to drop access-list 10; specifically 10.2.1.3
Q5. - (Topic 19)
The implementation group has been using the test bed to do an IPv6 'proof-of-concept1. After several changes to the network addressing and routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).
Use the supported commands to isolate the cause of this fault and answer the following question.
On which device is the fault condition located?
A. R1
B. R2
C. R3
D. R4
E. DSW1
F. DSW2
G. ASW1
H. ASW2
Answer: B
Explanation:
Start to troubleshoot this by pinging the loopback IPv6 address of DSW2 (2026::102:1). This can be pinged from DSW1, R4, and R3, which leads us to believe that the issue is with R2. Going further, we can see that R2 only has an IPV6 OSPF neighbor of R1, not R3:
We can then see that OSPFv3 has not been enabled on the interface to R3:
So the problem is with R2, related to IPV6 Routing, and the fix is to enable the "ipv6 ospf 6 area 0" command under the serial 0/0/0.23 interface.
Q6. - (Topic 10)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services,
NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. Under the interface Serial0/0/0 configuration enter the ip nat inside command.
B. Under the interface Serial0/0/0 configuration enter the ip nat outside command.
C. Under the ip access-list standard nat_trafic configuration enter the permit 10.2.0.0
0.0.255.255 command.
D. Under the ip access-list standard nat_trafic configuration enter the permit 209.65.200.0
0.0.0.255 command.
Answer: C
Explanation:
On R1 we need to add the client IP address for reachability to server to the access list that is used to specify which hosts get NATed.
Q7. - (Topic 1)
Exhibit:
A network administrator is troubleshooting an EIGRP connection between RouterA, IP address 10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two statements are true? (Choose two.)
A. RouterA received a hello packet with mismatched autonomous system numbers.
B. RouterA received a hello packet with mismatched hello timers.
C. RouterA received a hello packet with mismatched authentication parameters.
D. RouterA received a hello packet with mismatched metric-calculation mechanisms.
E. RouterA will form an adjacency with RouterB.
F. RouterA will not form an adjacency with RouterB.
Answer: D,F
Q8. - (Topic 1)
Which three features are benefits of using GRE tunnels in conjunction with IPsec for building siteto-site VPNs? (Choose three.)
A. allows dynamic routing over the tunnel
B. supports multi-protocol (non-IP) traffic over the tunnel
C. reduces IPsec headers overhead since tunnel mode is used
D. simplifies the ACL used in the crypto map
E. uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
Answer: A,B,D
Q9. - (Topic 16)
The implementations group has been using the test bed to do a ‘proof-of-concept'. After several changes to the network addressing, routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2(2026::102:1).
Use the supported commands to isolated the cause of this fault and answer the following questions.
On which device is the fault condition located?
A. R1
B. R2
C. R3
D. R4
E. DSW1
F. DSW2
G. ASW1
H. ASW2
Answer: B
Explanation:
R2 is missing the needed IPV6 OSPF for interface s0/0/0.23
Topic 17, Ticket 12 : HSRP Issue
Topology Overview (Actual Troubleshooting lab design is for below network design)
. Client Should have IP 10.2.1.3
. EIGRP 100 is running between switch DSW1 & DSW2
. OSPF (Process ID 1) is running between R1, R2, R3, R4
. Network of OSPF is redistributed in EIGRP
. BGP 65001 is configured on R1 with Webserver cloud AS 65002
. HSRP is running between DSW1 & DSW2 Switches
The company has created the test bed shown in the layer 2 and layer 3 topology exhibits.
This network consists of four routers, two layer 3 switches and two layer 2 switches.
In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1.
DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary.
R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range.
R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network.
ASW1 and ASW2 are layer 2 switches.
NTP is enabled on all devices with 209.65.200.226 serving as the master clock source.
The client workstations receive their IP address and default gateway via R4's DHCP server.
The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2.
In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6.
DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE.
The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary.
Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the
devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations.
Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution.
Each ticket has 3 sub questions that need to be answered & topology remains same.
Question-1 Fault is found on which device,
Question-2 Fault condition is related to,
Question-3 What exact problem is seen & what needs to be done for solution
Solution
Steps need to follow as below:-
. Since the problem is raised that DSW1 will not become active router for HSRP group 10
. we will check for the HSRP configuration…
. From snapshot we see that the track command given needs to be changed under active VLAN10 router
. Change Required: On DSW1, related to HSRP, under vlan 10 change the given track 1 command to instead use the track 10 command.
Q10. - (Topic 7)
The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address.
Use the supported commands to isolated the cause of this fault and answer the following questions.
What is the solution to the fault condition?
A. In Configuration mode, using the interface range Fastethernet 1/0/1 – 2, then switchport mode access vlan 10 command.
B. In Configuration mode, using the interface range Fastethernet 1/0/1 – 2, then switchport access mode vlan 10 command.
C. In Configuration mode, using the interface range Fastethernet 1/0/1 – 2, then switchport vlan 10 access command.
D. In Configuration mode, using the interface range Fastethernet 1/0/1 – 2, then switchport access vlan 10 command.
Answer: D
Explanation:
The problem here is that VLAN 10 is not configured on the proper interfaces on switch ASW1.