Welcome Guest, Not a member yet? Create Account  

Thread Contributor: dosccie CCIE R&S v5 LAB Exam Takers Review 14 Feb 2017


Hi guys

I will share my experience of the exam maybe you will see some mistakes i made  - its a bit strange because everything worked at the ent an i left only one section which is the DHCP SNOOPING section at the config section, for some reason it makes broadcast storm at the network and cisco also tell you " Be ware of broadcast storm " in this section - i could not figure out what is the reason of the storm so i just left this section.

TS - B12/13

Q1 - vlan access-map - only need to add access-map 20 action forward and to correct the dhcp lease to infinite - then shut to the host interface - clear ip dhcp bind *.

Q2 - there was no ping to -  i think i played only with ospf costs i dont remember it all.
note that in every dhcp server on the lab they did the lease command so be careful and change it to infinite.

Q3 - bgp load balance - needed to correct the access-lists on the routers - also the wanted load balance almost all the way so i needed to decrease one of the interfaces in order to do so.

Q4 - played with ospf costs and BGP LP route-maps to make the reflector to choose R21 as the exit router.

Q5 - dmvpn - easy - only tunnel key and no ip nhrp redirect & shortcut.

Q6 -  IPV6 - needed to advertise SW111 network on R15 BGP - thats it.

Q7 -   MPLS - needed to correct rt import export at the core routers, also R1 loopback was not into ospf , added a cost on SW100 interface pointing to R10 for the trace to be correct.

Q8 -  easy - dhcp snooping trust on uplinks , ip dhcp relay information trusted on the relay switches an correct the dhcp lease on the dhcp server - there is only one dhcp server all the time not 2.

Q9 - first nat - i dont remember but it was easy.

Q10 - needed to correct the nat statement on R25 and add " add route" to the correct address.


1. dhcp question:
where the pcap location : between SW2 - SW3.
what is the problem : option 82 exist but relay ip missing.
PCAP line num 113 - just search for BOOTP firs packet.

here i dont sure if my answers were correct :
I knew who is the attacker from the http GET packet - the address who does the GET is the victim.
What is happening in the network?
ransomware installed by backdoor
tcp session from attacket to victim on port 3***
HTTP session from victim to attacker
the last one i cant remember

Which command use to execute the attack
i choose telnet to victim | tclsh:/flash//b2d.tcl -  im not sure it is the right one - there was one more answer which could be true which is to do HTTP:/B2D.TCL

Which command if issued from the hacker end can do major damage
i saw on the script that if the attacker do the [Image: sad.png] sign it deletes the flash startup config so i choose it.


here i need your comments about my answers  - if im wrong in some of the sections it will be helpful if you will correct me:

VTP was already configured
lots of ports were in shutdown on all of the switches and on the routers as well
R17 R15 R16 R9 R10 and few more i think.
ospf was configured on core i just verified it.
on the DMVPN the tunnel came up fine but ospf didnt worked with point-to-multipoint so i added hellow-interval changed to broadvast , after changing the ospf worked but i got nhrp errors i dont know why everything was configured correct on the tunnel so i changed it again to point-top-multipoint and it worked suddenly.
on R17 default originate and area 51 stub no-summary.
R15 - R16 mutural redistribution with aggregate summary only for , also prefix list out to MPLS core allow just and
on ospf i did summary-address no-advertise and redistributed BGP.

R18 - R57 backdoor - i used prefix list that allow just and ant on R57 and
also redistributed on R18 to and from ospf with summary-address not-advertise.
on R57 redistributed bgp with route map deny

R55 AND R57 eigrp and bgp redistribution - again on bgp aggregate summary-only and prefix list allow only
redistribute to eigrp with route map deny aggregate

on the edge routers 11,12,13,14 ibgp next-hop-self - redistributer ospf into bgp with prefix list allow only the aggregate, in ospf default originate always and the switch is the DR with priority of 255 and passive interface on vlan 100.

on the core i created peer-groups in all of the router - the reflector puts all of the peers and the peers has only the reflector on the peer-group.
ospf was id 1 and no network command used.
ip ospf priority 255 on R1 and all the routers that connects to R2 and 254 on R2.
they wanted R11 to see backup path through R12 so i did diverse path from R1 to R8 and it worked fine.

on AS 65006 i did eigrp 64 bit with eigrp default route-tag and on R52 i redistributed LOOPBACK 52 with route-map add tag
for some reason they wanted to see specific metric on R10 and R9 for loopback 52 an i couldnt get to this metric - everything was the same like their output - the delay the bandwidth the hops but the metric was different i dont know why...
also distribute list route-map deny_tag in on R9 and R10

created the VRF's,
GREEN rd 65002:2
rt export 65002:2
rt import 65002:1 ,  65002:3 ,  65005:18 ,  65007:17
soo 65002:2

GREEN rd 65002:3
rt export 65002:3
rt import 65002:2,   65007:17
soo 65002:3

RED rd 65002:1
rt export 65002:1
rt import 65002:1 ,   65005:18 ,  65007:17
soo 65002:1

BLUE rd 65007:17
rt export 65007:17
rt import 65002:2 ,   65005:18 ,  65002:1 , 65002:3
soo 65007:17

GREEN rd 65005:18
rt export 65005:18
rt import 65002:2 ,   65005:18 ,  65002:1
soo 65005:18

as in forum
the client couldnt ping to the HSRP address

configured ip multicast-routing on R17 R19 R20 R21
R17 bsr priority 192
pings worked fine from SW3

i left DHCP SNOOPING because it caused broadcast storm and i dont know why...

Users browsing this thread:
1 Guest(s)