Home > Ticket 14 – EIGRP Passive Interface

Ticket 14 – EIGRP Passive Interface

April 23rd, 2018 in TSHOOT v2 Go to comments

the neighborship between R4 and DSW1 wasn’t establised. Client 1 can’t ping R4
Configuration on R4:
router eigrp 10
  passive-interface default
  redistribute ospf 1 route-map OSPF->EIGRP
  default-metric 10000 100 255 1 10000
  no auto-summary

Answer 1) R4
Answer 2) IPv4 EIGRP Routing
Answer 3)  enter no passive interface for interfaces connected to DSW1 under EIGRP process (or in Interface f0/1 and f0/0, something like this)

Note: There is a loopback interface on this device which has an IP address of so we have to include the “network” command.


* Just for your information, in fact Clients 1 & 2 in this ticket CANNOT receive IP addresses from DHCP Server because DSW1 cannot reach (an loopback interface on R4) because of the “passive-interface default” command. But in the exam you will see that Clients 1 & 2 can still get their IP addresses! It is a bug in the exam.

Comments (1) Comments
Comment pages
1 5 6 7 241
  1. Passed@965
    July 14th, 2019

    MCQ Are Valid! HSRP Simlet. Got tickets for all R4 issues.
    This is what I use for t-shoot plan, very effective. Found it here on this site, variation of post by “CCNP-1000” but with more details. Thanks All!

    [ R2 ] IPv6 OSPF Routing > Under the interface Serial 0/0/0/.23 configuration enter the ‘ipv6 OSPF 6 area 0 command’
    [ R3 ] IPv4 and IPv6 Interoperability > Under the interface Tunnel34, remove the “tunnel mode ipv6 command”
    [ R4 ] IPv6 OSPF Routing > Under OSPF process add the “Redistribute rip RIP_Zone include-connected command”

    Ping, If pingable check here, if not move to next ping. [AND check IPv6 Too – can’t rule it out at this point]
    [ R1 ] 1. BGP > delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command
    (change “neighbor remote-as 65002? to “neighbor remote-as 65002?)

    2. IP NAT > Under the ip access-list standard net_traffic configuration enter the
    “permit” command.

    3. IPv4 layer 3 security > Under the ‘ip access-list extended edge_security’ configuration add the ‘permit ip any’ command.

    Ping If pingable check here, if not move to next ping.
    [ R1 ] 4. IPv4 OSPF Routing > Enable OSPF authentication on the s0/0/0 interface using the “IP OSPF authentication message-digest” command.

    Ping If yes check here, if No check DS and AS.
    [ R4 ] 1. IPv4 EIGRP Routing > Enable EIGRP FastEthernet0/0 and Fasterethernet0/1 interface using the “no passive-interface’ command.

    2. IPv4 Route Redistribution (two versions)
    a. Under the EIGRP process, delete the ‘redistribute ospf 1 route-map OSPF->EIGRP’ command
    and enter ‘redistribute ospf 1 route-map OSPF_to_EIGRP’ command.

    b. Change the “route-map OSPF->EIGRP deny 20” to “route-map OSPF->EIGRP permit 20”

    Above Ping Fails
    [ DSW1 ] 1. VLAN ACL/Port ACL > Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

    2. DHCP > Under int vlan 10 , delete the command “ip helper-address”
    and enter the command “ip helper-address”

    [ ASW1 ] 1. Access Vlans > In Configuration mode, using the ‘interface range Fastethernet 1/0/1 – 2’, then ‘switchport access vlan 10’ command.

    2. Acess > In Configuration mode, using “interface range Fastethernet 1/0/1-2”,
    then “switchport mode access”, “no switchport trun encapsulation dot1q” commands.

    3. Switch to switch connectivity > Under interface Port-Channel 13, 23, add vlan 10,200 and then no shutdown interface fa1/0/1

    4. Port security > In Configuration mode, using the interface range Fa1/0/1 – 2, then no switchport port-security,
    followed by shutdown, no shutdown interface configuration commands.

Comment pages
1 5 6 7 241