TSHOOT v2 Category

BGP Sim

February 4th, 2017 networktut 50 comments

Question

Loopback0 is used for IBGP peering while physical interface address is used for EBGP. Identify the IBGP issues on R1 to R2, R3 and EBGP issues to RA and fix them so that the “show ip bgp” command on R1 will display all loopback interfaces of other routers.

BGP_Topology.jpg

Read more…

TSHOOT FAQs & Tips

April 3rd, 2015 networktut 1,175 comments

TSHOOT is one of the three exams in the CCNP certification. The TSHOOT exam is a chance for you to review your knowledge about ROUTE & SWITCH exams and test your troubleshooting skill. From the comments here and other places, this article tries to summarize all the TSHOOT frequently asked questions to save you some time. Please feel free to ask anything that you are unclear about TSHOOT so that all of us can help you. I will update this article frequently to bring you the newest information about this exam.

1. How much does the TSHOOT Exam 300-135 cost? And the passing score of TSHOOT?

It now costs $300.

The passing score of TSHOOTv2 is 846/1000

2. Please tell me how many questions in the real TSHOOT exam, and how much time to answer them?

Unlike other Cisco exams, the TSHOOT exam tests your ability to troubleshoot the problem so in this exam you have to solve 3 multiple choice questions (or 2 multiple choice questions and 1 drag and drop question) and troubleshooting 13 “tickets”. Each ticket is a problem about a specific technology used in Cisco routers or switches.

You will have 135 minutes to answer them. If your native language is not English, Cisco allows you a 30-minute exam time extension (165 minutes in total).

3. Am I allowed to study the topology used in the real exam and where can I find it ?

Yes, you are! Because the purpose of this exam is testing a candidate’s ability to troubleshoot issues, not to understand a complex topology so Cisco publicizes the topology used in the real TSHOOT exam. You can find the topologies at http://www.networktut.com/share-your-tshoot-v2-0-experience.

To save time on the exam, and to better understand the topology used in all of the trouble tickets, you should spend time familiarizing yourself with the topology used in the exam.

4. Where can I find the demo of this exam?

There is a very good demo of TSHOOT exam published by Cisco and you can find it at http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html. But notice that the topology in this link is not the topology used in the real exam. This demo is also a good practical topology and we also explained about the configuration of this demo in four articles: Frame Relay Point-to-Point SubInterface GNS3 Lab, EIGRP over Frame Relay and EIGRP Redistribute Lab, VLAN Routing and HSRP IP Route Tracking.

5. During the exam, we must only identify the problem or we must also make the correct configuration?

We are only allowed to choose the solution for the problem. We are not allowed to make any changes on the routers and switches. You cannot enter global configuration mode either. You have to answer three types of questions:

+ Which device causes problem
+ Which technology is used
+ How to fix it

6. Can someone please tell me in the real exam it gives the ticket names just like in this site (for example “Ticket 1 – OSPF Authentication “) or is it going to say ticket 1 , ticket 2 only?

It only says ticket 1, ticket 2 only. In most cases you have to use the “show running-config” command to find out the wrong configuration.

7. Please give me some guideline when using the TSHOOT simulator.

Below is some guideline when using the TSHOOT simulator in the exam

demo_TSHOOT_1.jpg

demo_TSHOOT_2.jpg

7. Can I go back in the TSHOOT exam?

As shown in the above question, you can press “Previous Question” to go back to previous questions in the same ticket only. If you press “Done” button then you can’t come back to this ticket anymore.

Note: In TSHOOT 300-135 (TSHOOTv2), the “Abort” button no longer exists. That means you cannot cancel a ticket after choosing it. You have to complete that ticket before moving to another one.

8. Can we take TSHOOT exam before the ROUTE or SWITCH exam?

Yes, you can. There is no order to take these exams. But the TSHOOT exam tests your skills to troubleshoot router & switch errors so I highly recommend you take the ROUTE and SWITCH exams first. The TSHOOT exam is very good to review your knowledge of what you learned in ROUTE & SWITCH.

9. Can I solve the tickets in any order I want, for example, I solve Ticket 8 first, then Ticket 3, Ticket 1…?

Yes, you can solve them in any order until you click Done button. After clicking Done you cannot go back to this ticket again. Also notice that when you entering a Ticket, you have to solve it (answer all 3 questions) before moving to another ticket.

10. As I see there are 3 topologies in the exam. My question is to how to find which topology to use when doing a trouble ticket. Does it clearly state in exam whether to use this topology (layer 2 or layer 3, for example)?

In the exam, it doesn’t say clearly which topology you need to use. But a reader on networktut.com has shared this tip:

“There is no really best way to choose which topology to use.
This is my style:
Most of the time I was using the ipv4 topology as it contains most of the nodes with ip addresses and in the cause of your troubleshooting and you discovered that you need more details on the ASW1 & 2 switches that is when I used the Layer 2 topology except for the ipv6 topology.
Any node on IPV4 topology that is in Layer 2 topology have same configuration irrespective of where you click on the nodes.
Study all tickets here and use the following elimination style below:
List out all the trouble ticket on the white little board you will be giving and tick each ticket as you answer them because this will let you know which tickets are remaining to look out for.”

11. In the exam can I use “traceroute” or “tracert” command?

According to some reports, “tracert” commands cannot be used on Clients but “traceroute” command can be used on DSW1. But of course you can use “ping” command. According to some candidates’ reports on the exam, maybe you should not believe too much on the output of the traceroute command in the exam.

12. Please let me know in the exam can we issue “pipe” commands such as: sh run | section eigrp; sh run | begin router?

No, you cannot use “pipe” commands in the TSHOOT exam.

13. Does each ticket state it is an IPv4 or IPv6 issue?

Yes, it does! But it does not clearly state that. Please read each ticket carefully, if it states like this “loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1)” then surely it is an IPv6 ticket. Otherwise it is an IPv4 ticket.

14. Why in each ticket I only see the same description, same wording, either ticket 1, 2 or 3. How can I see the difference or the problem of each ticket?

The descriptions of each ticket are very identical to each other. In general the very long description can be summarized “Client 1 cannot ping the 209.65.200.241” (for IPv4 ticket), that’s all! So you have to use your troubleshooting skill to find out where the issue (it is also the meaning of this exam – TSHOOT). The only obvious difference among the tickets is the statement “loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1)”, which indicates an IPv6 ticket.

15. Why don’t I see any questions and answers on networktut.com? I only see the explanation…

Because of copyrighted issues, we had to remove all the questions and answers. You can download a PDF file to see the questions at this link: http://www.networktut.com/questions-and-answers

16. How can I join the Premium Membership on networktut.com?

You can join the Premium Membership on networktut.com at this link. After the registration you can login via this link.

If you have any questions about the TSHOOT exam, please don’t hesitate to ask. All of us will help you!

Multiple Choice Questions

April 2nd, 2015 networktut 292 comments

Question 1

Explanation

First we need some basic knowledge about GRE tunnel:

GRE tunnels are designed to be completely stateless. This means that each tunnel endpoint does not keep any information about the state or availability of the remote tunnel endpoint. A consequence of this is that, by default, the local tunnel endpoint router does not have the ability to bring the line protocol of the GRE Tunnel interface down if the remote end of the tunnel is unreachable. The ability to mark an interface as down when the remote end of the link is not available is used in order to remove any routes (specifically static routes) in the routing table that use that interface as the outbound interface. Specifically, if the line protocol for an interface is changed to down, then any static routes that point out that interface are removed from the routing table. This allows for the installation of an alternate (floating) static route or for Policy Based Routing (PBR) in order to select an alternate next-hop or interface.

(Reference: http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118361-technote-gre-00.pdf)

An example of configuring a GRE tunnel:

interface Tunnel1
ip address 1.1.1.1 255.255.255.0
tunnel source Loopback1
tunnel destination 10.0.0.1
end

In order to make this interface up/up, a valid tunnel source and tunnel destination must be configured.
+ A valid tunnel source means any interface that is itself in the up/up state and has an IP address configured on it. For example, if the tunnel source was changed to Loopback0 (which has not been assigned an IP address), the tunnel interface would go down even though Loopback0 is in the up/up state.
+ A valid tunnel destination is one which is routable. However, it does not have to be reachable, which can be seen from this ping test:

Router# show ip route 10.0.0.1
% Network not in table
Router# show ip route | inc 0.0.0.0
Gateway of last resort is 172.16.52.100 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 172.16.52.100
Router#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

In this case the tunnel1 is still up/up because it has a default route. From this we can deduce answer C is not correct but answer D is correct.

GRE tunnel keepalives timers on each side are independent and do not have to match (answer E is not correct). The problem with the configuration of keepalives only on one side of the tunnel is that only the router that has keepalives configured marks its tunnel interface as down if the keepalive timer expires. The GRE tunnel interface on the other side, where keepalives are not configured, remains up even if the other side of the tunnel is down. The tunnel can become a black-hole for packets directed into the tunnel from the side that did not have keepalives configured.

Answer A is not correct because normal GRE tunnel is always required to be in up/up state.

Question 2

Explanation

OSPF routers go through the seven states while building neighbor relationship with other routers.

+ Down state: no Hellos have been received on the interface. All OSPF routers begin in this state. It begins by sending a hello packet through each of its interfaces participating in OSPF, even though it does not know the identity of the DR or of any other routers. The hello packet is sent out using the multicast address 224.0.0.5.
+ Attempt/Init state: Hello packet received
+ 2-way state: the router received the Hello message and replied with a Hello message of his own. Receiving a Database Descriptor (DBD) packet from a neighbor in the init state will also a cause a transition to 2-way state.
+ Exstart state: beginning of the LSDB exchange between both routers. Routers will start to exchanging link state information. This state specifies that DR and BDR have been elected and master-slave relation is determined.
+ Exchange state: DBD packets are exchanged. DBDs contain LSAs headers. Routers will use this information to see what LSAs need to be exchanged.
+ Loading state: one neighbor sends LSRs (Link State Requests) for every network it doesn’t know about. The other neighbor replies with the LSUs (Link State Updates) which contain information about requested networks. After all the requested information have been received, other neighbor goes through the same process.
+ Full state: both routers have synchronized the link state database and are fully adjacent with each other. OSPF routing can now begin.

In the above output we see that R4 received the first DBD from 192.168.1.3 (line 4) which cause it to move from INIT to 2-way state (line 5). Then it received the second DBD from 192.168.1.3. That means it is in Exstart state and two OSPF routers are exchanging DBD packets. In fact the DBD packets are also exchanged in Exchange state but they have to pass the Exstart state first so Exstart state is the best answer in this case.

Question 3

Question 4

Explanation

Two GRE tunnels (190.0.4.1 & 190.0.4.2) are considered directly connected so no routing protocol needs to be used so that they can see each other. But we have to configure a routing protocol (static routing in this case) so that they R1 can reach 10.0.3.0/24 network via Tunnel1.

Note: The “U” letter (short for Unreachable) we see above when pinging typically means there is no available route to the destination.

Question 5

Explanation

From the “show ip route ospf” output on R2 we notice that it does not know how to reach Lo0 of R5 (5.5.5.5). Therefore we need to advertise this prefix on R5 to R2 via:
+ Redistribute connected routes (which includes Loopback’s IP addresses) to OSPF on R5
+ Advertise Lo0 interface to OSPF on R5 (via the “network” command under OSPF process on R5)

Question 6

Explanation

From the outputs above we can imagine the topology of them

OSPF_Broadcast.jpgIn this topology:
+ There are only two routers and a loopback interface -> A is not correct.
+ R1 learn route to 2.2.2.2/32 as O IA as they are in different OSPF area -> B is not correct, E is correct.
+ R2 is an OSPF ABR -> C is not correct
+ E0/0 of R1 is elected DR so it was configured as OSPF type broadcast, not point-to-point (which does not elect DR/BDR) -> D is not correct
+ R1 is DR and R2 is BDR as seen in “State” column of above outputs -> F is correct.

Ticket 1 – OSPF Authentication

March 30th, 2015 networktut 1,250 comments

1.Client is unable to ping R1’s serial interface from the client.

Problem was disable authentication on R1, check where authentication is not given under router ospf of R1. (use ipv4 Layer 3)

Configuration of R1:

interface Serial0/0/0
 description Link to R2
 ip address 10.1.1.1 255.255.255.252
 ip nat inside
 encapsulation frame-relay
 ip ospf message-digest-key 1 md5 TSHOOT
 ip ospf network point-to-point
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 10.1.2.0 0.0.0.255 area 12
 network 10.1.10.0 0.0.0.255 area 12
 default-information originate always
!

Configuration of R2:
interface Serial0/0/0.12 point-to-point
 ip address 10.1.1.2 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 TSHOOT
!

Answer: on R1 need command ip ospf authentication message-digest”

Ans1) R1
Ans2) IPv4 OSPF Routing
Ans3) Enable OSPF authentication on the s0/0/0 interface using the “ip ospf authentication message-digest” command.

Note:

There are two ways of configuring OSPF authentication:

interface Serial0/0/0
  ip ospf message-digest-key 1 md5 TSH00T
!
router ospf 1
  area 12 authentication message-digest

OR

interface Serial0/0/0
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 TSH00T

So you have to check carefully in both interface mode and “router ospf 1”. If none of them has authentication then it is a fault.

Ticket 2 – HSRP Track (removed)

March 29th, 2015 networktut 497 comments

HSRP was configured on DSW1 & DSW2. DSW1 is configured to be active but it does not become active.

Configuration of DSW1:

track 1 ip route 10.2.21.128 255.255.255.224 metric threshold
threshold metric up 1 down 2
!
track 10 ip route 10.1.21.128 255.255.255.224 metric threshold
threshold metric up 63 down 64
!

interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60

 

Answer: (use IPv4 Layer 3 Topology)

On DSW1 interface vlan 10 mode, type these commands:
no standby 10 track 1 decrement 60
standby 10 track 10 decrement 60
(ip for track command not exact for real exam)

Note: 10.1.21.129 is the IP address of a loopback interface on R4. This IP belongs to subnet 10.1.21.128/27.

Ans1) DSW1
Ans2) HSRP
Ans3) delete the command with track 1 and enter the command with track 10 (standby 10 track 10 decrement 60).

Note: For more information about IP route tracking and why the command “threshold metric up 63 down 64” is used here please read this tutorial: http://www.networktut.com/hsrp-ip-route-tracking.

Ticket 3 – BGP Neighbor

March 28th, 2015 networktut 282 comments

Problem: Client 1 is able to ping 209.65.200.226 but can’t ping the Web Server 209.65.200.241.

Configuration of R1:
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.56.200.226 remote-as 65002
no auto-summary

check bgp neighborship. **** show ip bgp sum****
The neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)

Answer: need change on router mode on R1 neighbor 209.65.200.226

Ans1) R1
Ans2) BGP
Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change “neighbor 209.56.200.226 remote-as 65002″ to “neighbor 209.65.200.226 remote-as 65002″)

Ticket 4 – NAT ACL

March 27th, 2015 networktut 238 comments

Client 1 & 2 are not able to ping the web server 209.65.200.241, but all the routers & DSW1,2 can ping the server.

NAT problem. (use ipv4 Layer 3)
problem on R1 Nat acl

Configuration of R1
ip nat inside source list nat_pool interface s0/0/1 overload

ip access-list standard nat_pool
permit 10.1.0.0
!
interface serial0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat outside
!
interface Serial0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

Answer:add to acl 1 permit ip 10.2.1.0 0.0.0.255

Ans1) R1
Ans2) NAT
Ans3) Add the command permit 10.2.0.0 in the nat_pool access-list

Ticket 5 – R1 ACL

March 26th, 2015 networktut 302 comments

Client is not able to ping the server. no one can ping the server.

Problem:on R1 acl blocking ip
Configuration on R1

interface Serial0/0/1
 description Link to ISP
 ip address 209.65.200.225 255.255.255.252
 ip nat outside
 ip access-group edge_security in
!

ip access-list extended edge_security
 deny ip 10.0.0.0 0.255.255.255 any
 deny ip 172.16.0.0 0.15.255.255 any
 deny ip 192.168.0.0 0.0.255.255 any
 deny 127.0.0.0 0.255.255.255 any
 permit ip host 209.65.200.241 any
!

Answer: add permit ip 209.65.200.224 0.0.0.3 any command to R1’s ACL

Ans1) R1
Ans2) IPv4 Layer 3 Security
Ans3) Under the ip access-list extended edge-security configuration add the permit ip 209.65.200.224 0.0.0.3 any command

Note:
+ This is the only ticket the extended access-list edge_security exists. In other tickets, the access-list 30 is applied to the inbound direction of S0/0/1 of R1.
+ Although host 209.65.200.241 is permitted to go through the access-list (permit ip host 209.65.200.241 any) but R1 cannot ping the web server because R1 cannot establish BGP session with neighbor 209.65.200.226.

Ticket 6 – VLAN filter

March 25th, 2015 networktut 583 comments

Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3

Configuration on DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Ans1) DSW1
Ans2) VLAN ACL/Port ACL
Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to be seen.

Nirmala

Ticket 7 – Port Security

March 24th, 2015 networktut 279 comments

Client 1 is unable to ping Client 2 as well as DSW1. The command ‘sh interfaces fa1/0/1′ will show following message in the first line
‘FastEthernet1/0/1 is down, line protocol is down (err-disabled)’

On ASW1 port-security mac 0000.0000.0001, interface in err-disable state

Configuration of ASW1
interface fa1/0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0000.0000.0001

 

Answer: on ASW1 delele port-security & do on interfaces shutdown, no shutdown

Ans1) ASW1
Ans2) Port security
Ans3) In Configuration mode, using the interface range Fa1/0/1 – 2, then no switchport port-security, followed by shutdown, no shutdown interface configuration commands.

Ticket 8 – Switchport VLAN 10

March 23rd, 2015 networktut 167 comments

Client 1 & 2 can’t ping DSW1 or FTP Server but they are able to ping each other.
Configuration of ASW1
interface FastEthernet1/0/1
switchport mode access
!
interface FastEthernet1/0/2
switchport mode access
!

Interfaces Fa1/0/1 & Fa1/0/2 are in Vlan 1 (by default) but they should be in Vlan 10.

Answer:

Ans1)ASW1
Ans2)Vlan
Ans3)give command: interface range fa1/0/1-/2 & switchport access vlan 10

Ticket 9 – Switchport trunk

March 22nd, 2015 networktut 233 comments

Client 1 & 2 can ping each other but they are unable to ping DSW1 or FTP Server  (Use L2/3 Diagram)
Configuration of ASW1
interface PortChannel13
switchport mode trunk
switchport trunk allowed vlan 1-9
!
interface PortChannel23
switchport mode trunk
switchport trunk allowed vlan 1-9
!
interface FastEthernet1/0/1
switchport mode access
switchport access vlan 10
!
interface FastEthernet1/0/2
switchport mode access
switchport access vlan 10

Answer: on port channel 13, 23 disables all vlans and give switchport trunk allowed vlan 10,200

Ans1)ASW1
Ans2)Switch to switch connectivity
Ans3)int range portchannel13,portchannel23
switchport trunk allowed vlan none
switchport trunk allowed vlan 10,200

Ticket 10 – EIGRP AS (removed)

March 21st, 2015 networktut 207 comments

Client 1 is not able to ping the Webserver
DSW1 can ping fa0/1 of R4 but can’t ping s0/0/0.34

Check ip eigrp neighbors from DSW1 you will not see R4 as neighbor.(use ipv4 Layer 3)
‘Show ip route’ on DSW1 you will not see any 10.x.x.x network route.

On DSW1 & DWS2 the EIGRP AS number is 10 (router eigrp 10) but on R4 it is 1 (router eigrp 1)

Answer: change router AS on R4 from 1 to 10

Ans1) R4
Ans2) EIGRP
Ans3) Change EIGRP AS number from 1 to 10

Ticket 11 – OSPF to EIGRP

March 20th, 2015 networktut 219 comments

Client 1 is not able to ping the Webserver
DSW1 can ping fa0/1 of R4. However clients and DSW1 can’t ping R4′s S0/0/0.34 interface (10.1.1.10)

On R4 in router eigrp:
router eigrp 10
  network 10.1.4.5 0.0.0.0
  no auto-summary
  redistribute ospf 1 metric 100 10 255 1 1500 route-map OSPF_to_EIGRP
!
router ospf 1
  network 10.1.1.8 0.0.0.0 area 34
  redistribute eigrp 10 subnets
!

route-map OSPF->EIGRP
  match ip address 1

Answer:change in router eigrp router-map name

Ans1) R4
Ans2) IPv4 Route Redistribution
Ans3) Under the EIGRP process, delete the redistribute ospf 1 route-map OSPF_to_EIGRP command and enter the redistribute ospf 1 route-map OSPF->EIGRP command.

Ticket 12 – IPv6 OSPF

March 19th, 2015 networktut 214 comments

DSW1 & R4 can’t ping R2’s loopback interface or s0/0/0.12 IPv6 address.
R2 is not an OSPFv3 neighbor on R3
Situation: ipv6 ospf was not enabled on R2’s serial interface connecting to R3. (use ipv6 Layer 3)

Configuration of R2
ipv6 router ospf 6
 router-id 2.2.2.2
!
interface s0/0/0.23
 ipv6 address 2026::1:1/122

Configuration of R3
 ipv6 router ospf 6
 router-id 3.3.3.3
!
interface s0/0/0.23
 ipv6 address 2026::1:2/122
 ipv6 ospf 6 area 0

Answer:

In interface configuration mode of s0/0/0.23 on R2:
ipv6 ospf 6 area 12

Ans1) R2
Ans2) IPv6 OSPF Routing
Ans3) Under the interface Serial 0/0/0.23 configuration enter the ‘ipv6 ospf 6 area 0’ command. (notice that it is “area 0”, not “area 12”)

OSPF Sim

March 18th, 2015 networktut 148 comments

Ticket 13 – DHCP Range (removed)

March 18th, 2015 networktut 213 comments

In this ticket, if you see the  “ip dhcp exclude 10.2.1.1-1.10.2.1.253” then the DHCP range has been misconfigured.

Configuration on R4:

!
ip dhcp excluded-address 10.2.1.1 10.2.1.253
!

Ans1) R4
Ans2) IP DHCP Server
Ans3) on R4 delete ip dhcp excluded-address 10.2.1.1 10.2.1.253 and apply ip dhcp excluded-address 10.2.1.1 10.2.1.2

Ticket 14 – EIGRP Passive Interface

March 17th, 2015 networktut 269 comments

the neighborship between R4 and DSW1 wasn’t establised. Client 1 can’t ping R4
Configuration on R4:
router eigrp 10
  passive-interface default
  redistribute ospf 1 route-map OSPF->EIGRP
  network 10.1.4.4 0.0.0.3
  network 10.1.4.8 0.0.0.3
  network 10.1.21.128 0.0.0.3
  default-metric 10000 100 255 1 10000
  no auto-summary

Answer 1) R4
Answer 2) IPv4 EIGRP Routing
Answer 3)  enter no passive interface for interfaces connected to DSW1 under EIGRP process (or in Interface f0/1 and f0/0, something like this)

Note: There is a loopback interface on this device which has an IP address of 10.1.21.129 so we have to include the “network 10.1.21.128 0.0.0.3” command.

 

* Just for your information, in fact Clients 1 & 2 in this ticket CANNOT receive IP addresses from DHCP Server because DSW1 cannot reach 10.1.21.129 (an loopback interface on R4) because of the “passive-interface default” command. But in the exam you will see that Clients 1 & 2 can still get their IP addresses! It is a bug in the exam.

Ticket 15 – IPv6 GRE Tunnel

March 16th, 2015 networktut 128 comments

Problem: Loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).

Configuration of R3:
!
interface Tunnel34
 no ip address
 ipv6 address 2026::34:1/122
 ipv6 enable
 ipv6 ospf 6 area 34
 tunnel source Serial0/0/0.34
 tunnel destination 10.1.1.10
 tunnel mode ipv6
!

Configuration of R4:
interface Tunnel34
 no ip address
 ipv6 address 2026::34:2/122
 ipv6 enable
 ipv6 ospf 6 area 34
 tunnel source Serial0/0/0
 tunnel destination 10.1.1.9
!

Answer:
Ans1) R3
Ans2) Ipv4 and Ipv6 Interoperability
Ans3) Under the interface Tunnel34, remove ‘tunnel mode ipv6’ command

Ticket 16 – IPv6 RIPng OSPFv3 Redistribution

March 16th, 2015 networktut 149 comments

Problem: Loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).

Configuration of R4:
ipv6 router ospf 6
 log-adjacency-changes
!
ipv6 router rip RIP_ZONE
 redistribute ospf 6 metric 2 include-connected
!

Answer:
Ans1) R4
Ans2) Ipv6 OSPF Routing
Ans3) Under ipv6 ospf process add the ‘redistribute rip RIP_Zone include-connected’ command

HSRP Sim

March 15th, 2015 networktut 129 comments

EIGRP Sim

March 10th, 2015 networktut 32 comments

A network engineer has made configuration changes to the network rendering some locations unreachable. You are to locate the problem and suggest solution to resolve the issue.

Read more…

Switch Sim

March 10th, 2015 networktut 75 comments

A customer network engineer has made configuration changes that have resulted in some loss of connectivity. You have been called in to evaluate a switch network and suggest resolutions to the problems.

Read more…

Share your TSHOOT v2.0 Experience

January 22nd, 2015 networktut 8,225 comments

The TSHOOT 300-135 (TSHOOT v2.0) exam has been used to replace the old TSHOOT 642-832 exam so this article is devoted for candidates who took this exam sharing their experience. Please tell with us what are your materials, the way you learned, your feeling and experience after taking the TSHOOT v2.0 exam… But please DO NOT share any information about the detail of the exam or your personal information, your score, exam date and location, your email…

Your posts are warmly welcome!

Exam’s Structure:

+ Some Multiple choice questions
+ Some Simlets
+ 13 lab-sim Questions with the same network topology (13 troubleshooting tickets or you can call it one “big” question). Each lab-sim is called a ticket and you can solve them in any order you like.

Topics of the lab-sims:

1- IPv6
2- OSPF
3- OSPFv3
4- Frame Relay
5- GRE
6- EtherChannel
7- RIPng
8- EIGRP
9- Redistribution
10- NTP
11- NAT
12- BGP
13- HSRP
14- STP
15- DHCP

The problems are rather simple. For example wrong IP assignment, disable or enable a command, authentication…

In each tickets you will have to answers three types of questions:

+ Which device causes problem
+ Which technology is used
+ How to fix it

When you press Done to finish each case, you can’t go back.

A demo of the TSHOOT Exam can be found at: http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html

Note:

+ In the new TSHOOTv2, you cannnot use the “Abort” button anymore. Therefore you cannot check the configuration of another ticket before completing the current ticket.

+ We have gathered many questions about TSHOOT exam and posted them at TSHOOT FAQs & Tips, surely you will find useful information about the TSHOOT exam there!

Below are the topologies of the real TSHOOT exam, you are allowed to study these topologies before taking the exam. It surely saves you some invaluable time when sitting in the exam room (Thanks rrg for sharing this).

IPv4 Layer 3 Topology

IPv4Layer3Topology_networktut.com.jpg

IPv6 Layer 3 Topology

IPv6Layer3Topology_networktut.com.jpg

Layer 2-3 Topology

Layer2_3_Topology.jpg

You can download the Metodo strategy here (specially thanks to David who created this strategy):

http://www.networktut.com/download/TSHOOT_Metodo.pdf