Home > Ticket 14 – EIGRP Passive Interface

Ticket 14 – EIGRP Passive Interface

April 23rd, 2018 in TSHOOT v2 Go to comments

the neighborship between R4 and DSW1 wasn’t establised. Client 1 can’t ping R4
Configuration on R4:
router eigrp 10
  passive-interface default
  redistribute ospf 1 route-map OSPF->EIGRP
  network 10.1.4.4 0.0.0.3
  network 10.1.4.8 0.0.0.3
  network 10.1.21.128 0.0.0.3
  default-metric 10000 100 255 1 10000
  no auto-summary

Answer 1) R4
Answer 2) IPv4 EIGRP Routing
Answer 3)  enter no passive interface for interfaces connected to DSW1 under EIGRP process (or in Interface f0/1 and f0/0, something like this)

Note: There is a loopback interface on this device which has an IP address of 10.1.21.129 so we have to include the “network 10.1.21.128 0.0.0.3” command.

 

* Just for your information, in fact Clients 1 & 2 in this ticket CANNOT receive IP addresses from DHCP Server because DSW1 cannot reach 10.1.21.129 (an loopback interface on R4) because of the “passive-interface default” command. But in the exam you will see that Clients 1 & 2 can still get their IP addresses! It is a bug in the exam.

Comments (17) Comments
Comment pages
1 5 6 7 241
  1. Passed@965
    July 14th, 2019

    MCQ Are Valid! HSRP Simlet. Got tickets for all R4 issues.
    This is what I use for t-shoot plan, very effective. Found it here on this site, variation of post by “CCNP-1000” but with more details. Thanks All!

    [IPv6]
    [ R2 ] IPv6 OSPF Routing > Under the interface Serial 0/0/0/.23 configuration enter the ‘ipv6 OSPF 6 area 0 command’
    [ R3 ] IPv4 and IPv6 Interoperability > Under the interface Tunnel34, remove the “tunnel mode ipv6 command”
    [ R4 ] IPv6 OSPF Routing > Under OSPF process add the “Redistribute rip RIP_Zone include-connected command”

    IPv4]
    Ping 10.1.1.1, If pingable check here, if not move to next ping. [AND check IPv6 Too – can’t rule it out at this point]
    [ R1 ] 1. BGP > delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command
    (change “neighbor 209.56.200.226 remote-as 65002? to “neighbor 209.65.200.226 remote-as 65002?)

    2. IP NAT > Under the ip access-list standard net_traffic configuration enter the
    “permit 10.2.0.0. 0.0.255.255” command.

    3. IPv4 layer 3 security > Under the ‘ip access-list extended edge_security’ configuration add the ‘permit ip 209.65.200.224 0.0.0.3 any’ command.

    Ping 10.1.1.2 If pingable check here, if not move to next ping.
    [ R1 ] 4. IPv4 OSPF Routing > Enable OSPF authentication on the s0/0/0 interface using the “IP OSPF authentication message-digest” command.

    Ping 10.2.1.1 If yes check here, if No check DS and AS.
    [ R4 ] 1. IPv4 EIGRP Routing > Enable EIGRP FastEthernet0/0 and Fasterethernet0/1 interface using the “no passive-interface’ command.

    2. IPv4 Route Redistribution (two versions)
    a. Under the EIGRP process, delete the ‘redistribute ospf 1 route-map OSPF->EIGRP’ command
    and enter ‘redistribute ospf 1 route-map OSPF_to_EIGRP’ command.

    b. Change the “route-map OSPF->EIGRP deny 20” to “route-map OSPF->EIGRP permit 20”

    Above Ping Fails
    [ DSW1 ] 1. VLAN ACL/Port ACL > Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

    2. DHCP > Under int vlan 10 , delete the command “ip helper-address 10.2.21.129”
    and enter the command “ip helper-address 10.1.21.129”

    [ ASW1 ] 1. Access Vlans > In Configuration mode, using the ‘interface range Fastethernet 1/0/1 – 2’, then ‘switchport access vlan 10’ command.

    2. Acess > In Configuration mode, using “interface range Fastethernet 1/0/1-2”,
    then “switchport mode access”, “no switchport trun encapsulation dot1q” commands.

    3. Switch to switch connectivity > Under interface Port-Channel 13, 23, add vlan 10,200 and then no shutdown interface fa1/0/1

    4. Port security > In Configuration mode, using the interface range Fa1/0/1 – 2, then no switchport port-security,
    followed by shutdown, no shutdown interface configuration commands.

  2. SKEME
    July 17th, 2019

    Thanks @Passed@965

    Where did you get valid MCQs? TSHOOT_Jun_2019.pdf?

  3. Anonymous
    July 24th, 2019

    where i can find the topologys ?

  4. Christos
    October 7th, 2019

    To any admin who may look at this, please correct Answer 3

    Answer 3) enter no passive-interface for interfaces connected to DSW1 under EIGRP process (or in Interface f0/1 and f0/0, something like this)

    The problem is on R4 which correctly presented on Answer 1, not on DSW1

  5. networktut
    October 8th, 2019

    @Christos: “for interfaces connected to DSW1” means “for interfaces on R4 which is connected to DSW1”. So the issue is still on R4.

  6. wedgym
    December 3rd, 2019

    But in the configure of R4 you found the passive word not under the interface configure its under the EIGRP process so that means i have to do no passive interface default under the EIGRP …… that true >>>> any update

  7. Chris
    December 4th, 2019

    Looks like same question is repeating twice for some Tickets, but the answer is different

    how to distinguish between which topology to use during troubleshoot ?

  8. Klimy
    December 28th, 2019

    “Client 1 can’t ping R4” ? Why ? DSW1 is directly connected to R4. I don’t see why would you need any IGP for the PING to work. You mean the loopback of R4 ?
    What’s in the real ticket ?

  9. wave06
    January 3rd, 2020

    R4# sh ip eigrp neighbor
    sh ip protocols
    sh run | s eigrp
    “passive interface default

  10. Anonymous
    January 9th, 2020

    In regards to the following note: “Just for your information, in fact Clients 1 & 2 in this ticket CANNOT receive IP addresses from DHCP Server because DSW1 cannot reach 10.1.21.129 (an loopback interface on R4) because of the “passive-interface default” command. But in the exam you will see that Clients 1 & 2 can still get their IP addresses! It is a bug in the exam.”

    THIS IS *NOT* A BUG. This case can happen in real life if the problem happened *after* the client got an IP address. Imagine the following case:

    1. All working
    2. Client gets IP address
    3. Someone breaks the config so dhcp is not reachable anymore (which is the case in this ticket)
    4. The client still has the IP address

    This is a good simlet in the sense that simulates what could actually happen in the real world.

  11. grizo
    January 9th, 2020

    I see that at least PC1 has static ip assigned, so no need of DHCP server here

  12. Henrico
    January 17th, 2020

    Guys,
    Is the note important at the exam ? or is it just for the packet-tracer lab ?

    Note: There is a loopback interface on this device which has an IP address of 10.1.21.129 so we have to include the “network 10.1.21.128 0.0.0.3” command.

  13. Majid
    January 18th, 2020

    @Henrico
    10.1.21.129 is a loopback address means (directly connected network) on R4.. It is also an IP-Helper address on DSW-1. Even if you don’t advertise this in EIGRP process, the clients (PC-1 or PC-2) can still get IP from DHCP server (R4). Do you know why ?? If you have good concepts of networking, then you will understand this scenerio in a minute.

    The clients can get DHCP IP from R4 without that network advertisement, because of the fact that “Default Route / Default Gateway” is installed on DSW-1 routing table which is EIGRP-EX route. This route will be installed after making EIGRP neighborship. So any request destined for 10.1.21.129 (even though this network is not visible in routing table, so it will be forwarded out through default route installed) will be forwarded out on R4’s interface.

  14. Majid
    January 18th, 2020

    So no need to add this command: “network 10.1.21.128 0.0.0.3” . But first check the DSW1’s routing table before closing this ticket.

  15. Anonymous
    January 18th, 2020

    @Majid,
    first of all, i appreciate your response.
    secondly, there is no default gateway installed in dsw1’s routing table.

    I think the note points out the result of issuing “no passive interface”.

  16. Veri
    January 19th, 2020

    Hi All,

    If R4 has no interfaces running EIGRP, then how is it that R3 has routes for the networks 10.2.0.0/16 as an N2 route? It means that those EIGRP routes were passed from DSW1 to R4 and redistributed into OSPF successfully.

    Please explain.

  17. Veri
    January 19th, 2020

    EIGRP PASSIVE INTERFACE TICKET

    Hi All,

    If R4 has no interfaces running EIGRP, then how is it that R3 has routes for the networks 10.2.0.0/16 as an N2 route?

    It means that those EIGRP routes were passed from DSW1 to R4 and redistributed into OSPF successfully.

    Please explain.

Comment pages
1 5 6 7 241