Q21. - (Topic 8) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

What is the solution to the fault condition? 

A. Enable OSPF authentication on the s0/0/0 interface using the ip ospf authentication message-digest command 

B. Enable OSPF routing on the s0/0/0 interface using the network 10.1.1.0 0.0.0.255 area 12 command. 

C. Enable OSPF routing on the s0/0/0 interface using the network 209.65.200.0 0.0.0.255 area 12 command. 

D. Redistribute the BGP route into OSPF using the redistribute BGP 65001 subnet command. 

Answer:

Explanation: 

On R1, for IPV4 authentication of OSPF the command is missing and required to configure------ ip ospf authentication message-digest 

Topic 9, Ticket 4 : BGP Neighbor 

Topology Overview (Actual Troubleshooting lab design is for below network design) 

. Client Should have IP 10.2.1.3 

. EIGRP 100 is running between switch DSW1 & DSW2 

. OSPF (Process ID 1) is running between R1, R2, R3, R4 

. Network of OSPF is redistributed in EIGRP 

. BGP 65001 is configured on R1 with Webserver cloud AS 65002 

. HSRP is running between DSW1 & DSW2 Switches 

The company has created the test bed shown in the layer 2 and layer 3 topology exhibits. 

This network consists of four routers, two layer 3 switches and two layer 2 switches. 

In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1. 

DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary. 

R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range. 

R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network. 

ASW1 and ASW2 are layer 2 switches. 

NTP is enabled on all devices with 209.65.200.226 serving as the master clock source. 

The client workstations receive their IP address and default gateway via R4's DHCP server. 

The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2. 

In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6. 

DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE. 

The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary. 

Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations. 

Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution. 

Each ticket has 3 sub questions that need to be answered & topology remains same. 

Question-1 Fault is found on which device, 

Question-2 Fault condition is related to, 

Question-3 What exact problem is seen & what needs to be done for solution 

Client is unable to ping IP 209.65.200.241 

Solution 

Steps need to follow as below:-

. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4

ipconfig ----- Client will be receiving IP address 10.2.1.3 

. IP 10.2.1.3 will be able to ping from R4 , R3, R2, R1 

. Look for BGP Neighbourship 

Sh ip bgp summary ----- No O/P will be seen 

. Check for interface IP & ping IP 209.65.200.225 ---- Reply will be received from Webserver interface 

. Look for peering IP address via sh run on R1 interface serial 0/0/1 

. Since we are receiving icmp packets from Webserver interface on R1 so peering IP address under router BGP is configured wrong IP but with correct AS nos. 

. Change required: On R1 under router BGP Change neighbor 209.56.200.226 remote-as 65002 statement to neighbor 209.65.200.226 remote-as 65002 


Q22. - (Topic 17) 

The implementations group has been using the test bed to do a ‘proof-of-concept' 

that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing schemes, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened DSW1 will not become the active router for HSRP group 10. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

The fault condition is related to which technology? 

A. NTP 

B. HSRP 

C. IP DHCP Helper 

D. IPv4 EIGRP Routing 

E. IPv6 RIP Routing 

F. IPv4 layer 3 security 

G. Switch-to-Switch Connectivity 

H. Loop Prevention 

I. Access Vlans 

Answer:

Explanation: 

On DSW1, related to HSRP, under VLAN 10 change the given track 1 command to instead use the track 10 command. 


Q23. - (Topic 1)

Which IPsec mode will encrypt a GRE tunnel to provide multiprotocol support and reduced overhead?

A. 3DES

B. multipoint GRE

C. tunnel

D. transport

Answer: D


Q24. - (Topic 21) 

The implementation group has been using the test bed to do an IPv6 'proof-of-concept1.

After several changes to the network addressing and routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).

Use the supported commands to isolate the cause of this fault and answer the following question.

On which device is the fault condition located?

A. R1

B. R2

C. R3

D. R4

E. DSW1

F. DSW2

G. ASW1

H. ASW2

Answer: C

Explanation:

Start to troubleshoot this by pinging the loopback IPv6 address of DSW2 (2026::102:1). This can be pinged from DSW1, and R4, but not R3 or any other devices past that point. If we look at the routing table of R3, we see that there is no OSPF neighbor to R4:

This is due to mismatched tunnel modes between R3 and R4:

Problem is with R3, and to resolve the issue we should delete the "tunnel mode ipv6" under interface Tunnel 34.


Q25. - (Topic 17) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing schemes, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened DSW1 will not become the active router for HSRP group 10. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

On which device is the fault condition located? 

A. R1 

B. R2 

C. R3 

D. R4 

E. DSW1 

F. DSW2 

G. ASW1 

H. ASW2 

Answer:

Explanation: 

DSW references the wrong track ID number. 

Topic 18, Ticket 13 : DHCP Issue 

Topology Overview (Actual Troubleshooting lab design is for below network design) 

. Client Should have IP 10.2.1.3 

. EIGRP 100 is running between switch DSW1 & DSW2 

. OSPF (Process ID 1) is running between R1, R2, R3, R4 

. Network of OSPF is redistributed in EIGRP 

. BGP 65001 is configured on R1 with Webserver cloud AS 65002 

. HSRP is running between DSW1 & DSW2 Switches 

The company has created the test bed shown in the layer 2 and layer 3 topology exhibits. 

This network consists of four routers, two layer 3 switches and two layer 2 switches. 

In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1. 

DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary. 

R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range. 

R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network. 

ASW1 and ASW2 are layer 2 switches. 

NTP is enabled on all devices with 209.65.200.226 serving as the master clock source. 

The client workstations receive their IP address and default gateway via R4's DHCP server. 

The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2. 

In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6. 

DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE. 

The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary. 

Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations. 

Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution. 

Each ticket has 3 sub questions that need to be answered & topology remains same. 

Question-1 Fault is found on which device, 

Question-2 Fault condition is related to, 

Question-3 What exact problem is seen & what needs to be done for solution 

Solution 

Steps need to follow as below:-

. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4 

ipconfig ----- Client will be receiving Private IP address 169.254.X.X 

. From ASW1 we can ping 10.2.1.254…. 

. On ASW1 VLAN10 is allowed in trunk & access command will is enabled on interface but DHCP IP address is not recd. 

On R4 the DHCP IP address is not allowed for network 10.2.1.0/24 which clearly shows the problem lies on R4 & the problem is with DHCP 


Q26. - (Topic 1)

Exhibit:

A network administrator is troubleshooting an EIGRP connection between RouterA, IP address 10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two statements are true? (Choose two.)

A. RouterA received a hello packet with mismatched autonomous system numbers.

B. RouterA received a hello packet with mismatched hello timers.

C. RouterA received a hello packet with mismatched authentication parameters.

D. RouterA received a hello packet with mismatched metric-calculation mechanisms.

E. RouterA will form an adjacency with RouterB.

F. RouterA will not form an adjacency with RouterB.

Answer: D,F


Q27. - (Topic 16) 

The implementations group has been using the test bed to do a ‘proof-of-concept'. After several changes to the network addressing, routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2(2026::102:1). 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

On which device is the fault condition located? 

A. R1 

B. R2 

C. R3 

D. R4 

E. DSW1 

F. DSW2 

G. ASW1 

H. ASW2 

Answer:

Explanation: 

R2 is missing the needed IPV6 OSPF for interface s0/0/0.23 

Topic 17, Ticket 12 : HSRP Issue 

Topology Overview (Actual Troubleshooting lab design is for below network design) 

. Client Should have IP 10.2.1.3 

. EIGRP 100 is running between switch DSW1 & DSW2 

. OSPF (Process ID 1) is running between R1, R2, R3, R4 

. Network of OSPF is redistributed in EIGRP 

. BGP 65001 is configured on R1 with Webserver cloud AS 65002 

. HSRP is running between DSW1 & DSW2 Switches 

The company has created the test bed shown in the layer 2 and layer 3 topology exhibits. 

This network consists of four routers, two layer 3 switches and two layer 2 switches. 

In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1. 

DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary. 

R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range. 

R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network. 

ASW1 and ASW2 are layer 2 switches. 

NTP is enabled on all devices with 209.65.200.226 serving as the master clock source. 

The client workstations receive their IP address and default gateway via R4's DHCP server. 

The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2. 

In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6. 

DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE. 

The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary. 

Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the 

devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations. 

Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution. 

Each ticket has 3 sub questions that need to be answered & topology remains same. 

Question-1 Fault is found on which device, 

Question-2 Fault condition is related to, 

Question-3 What exact problem is seen & what needs to be done for solution 

Solution 

Steps need to follow as below:-

. Since the problem is raised that DSW1 will not become active router for HSRP group 10 

. we will check for the HSRP configuration… 

. From snapshot we see that the track command given needs to be changed under active VLAN10 router 

. Change Required: On DSW1, related to HSRP, under vlan 10 change the given track 1 command to instead use the track 10 command. 


Q28. - (Topic 10) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, 

NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

What is the solution to the fault condition? 

A. Under the interface Serial0/0/0 configuration enter the ip nat inside command. 

B. Under the interface Serial0/0/0 configuration enter the ip nat outside command. 

C. Under the ip access-list standard nat_trafic configuration enter the permit 10.2.0.0 

0.0.255.255 command. 

D. Under the ip access-list standard nat_trafic configuration enter the permit 209.65.200.0 

0.0.0.255 command. 

Answer:

Explanation: 

On R1 we need to add the client IP address for reachability to server to the access list that is used to specify which hosts get NATed. 


Q29. - (Topic 5) 

Scenario: 

A customer network engineer has edited their OSPF network configuration and now your customer is experiencing network issues. They have contacted you to resolve the issues and return the network to full functionality. 

After resolving the issues between R3 and R4. Area 2 is still experiencing routing issues. Based on the current router configurations, what needs to be resolved for routes to the networks behind R5 to be seen in the company intranet? 

A. Configure R4 and R5 to use MD5 authentication on the Ethernet interfaces that connect to the common subnet. 

B. Configure Area 1 in both R4 and R5 to use MD5 authentication. 

C. Add ip ospf authentication-key 7 BEST to the R4 Ethernet interface that connects to R5 and ip ospf authentication-key 7 BEST to R5 Ethernet interface that connects to R4. 

D. Add ip ospf authentication-key CISCO to R4 Ethernet 0/1 and add area 2 authentication to the R4 OSPF routing process. 

Answer:

Explanation: 

Here, we see from the running configuration of R5 that OSPF authentication has been configured on the link to R4: 

However, this has not been done on the link to R5 on R4: 


Q30. - (Topic 14) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

The fault condition is related to which technology? 

A. NTP 

B. IP DHCP Server 

C. IPv4 OSPF Routing 

D. IPv4 EIGRP Routing 

E. IPv4 Route Redistribution 

F. IPv6 RIP Routing 

G. IPv6 OSPF Routing 

H. IPv4 and IPv6 Interoperability 

I. IPv4 layer 3 security 

Answer:

Explanation: 

On R4, IPV4 EIGRP Routing, need to change the EIGRP AS number from 1 to 10 since DSW1 & DSW2 is configured to be in EIGRP AS number 10. 

Topic 15, Ticket 10 : VLAN Access Map 

Topology Overview (Actual Troubleshooting lab design is for below network design) 

. Client Should have IP 10.2.1.3 

. EIGRP 100 is running between switch DSW1 & DSW2 

. OSPF (Process ID 1) is running between R1, R2, R3, R4 

. Network of OSPF is redistributed in EIGRP 

. BGP 65001 is configured on R1 with Webserver cloud AS 65002 

. HSRP is running between DSW1 & DSW2 Switches 

The company has created the test bed shown in the layer 2 and layer 3 topology exhibits. 

This network consists of four routers, two layer 3 switches and two layer 2 switches. 

In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1. 

DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary. 

R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range. 

R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network. 

ASW1 and ASW2 are layer 2 switches. 

NTP is enabled on all devices with 209.65.200.226 serving as the master clock source. 

The client workstations receive their IP address and default gateway via R4's DHCP server. 

The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2. 

In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6. 

DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE. 

The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistrution is enabled where necessary. 

Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations. 

Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution. 

Each ticket has 3 sub questions that need to be answered & topology remains same. 

Question-1 Fault is found on which device, 

Question-2 Fault condition is related to, 

Question-3 What exact problem is seen & what needs to be done for solution 

Client 1 is unable to ping IP 209.65.200.241 

Solution 

Steps need to follow as below:-

. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4 

ipconfig ----- Client will be receiving IP address 10.2.1.3 

. From Client PC we can ping 10.2.1.254…. 

. But IP 10.2.1.3 is not able to ping from R4, R3, R2, R1 

. Change required: On DSW1, VALN ACL, Need to delete the VLAN access-map test1 whose action is to drop access-list 10; specifically 10.2.1.3