Q1. - (Topic 18) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing schemes, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address. 

Use the supported commands to isolate the cause of this fault and answer the following question. 

On which device is the fault condition located? 

A. R1 

B. R2 

C. R3 

D. R4 

E. DSW1 

F. DSW2 

G. ASW1 

H. ASW2 

Answer:

Explanation: 

On R4 the DHCP IP address is not allowed for network 10.2.1.0/24 which clearly shows the problem lies on R4 & the problem is with DHCP 


Q2. - (Topic 4) 

Scenario: 

You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the network problems. 

The following debug messages are noticed for HSRP group 2. But still neither R1 nor R2 has identified one of them as standby router. Identify the reason causing the issue. 

Note: only show commands can be used to troubleshoot the ticket. 

R1# 

'Mar 26 11:17:39.234: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 

172.16.20.254 

'Mar 26 11:17:40.034: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 

172.16.10.254 

R1# 

'Mar 26 11:17:40.364: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 

172.16.10.254 

R1# 

'Mar 26 11:17:41.969: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254 

'Mar 26 11:17:42.719: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 

172.16.10.254 

'Mar 26 11:17:42.918: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 

172.16.10.254 

R1# 

'Mar 26 11:17:44.869: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 

172.16.20.254 

'Mar 26 11:17:45.485: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 

172.16.10.254 

'Mar 26 11:17:45.718: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 

172.16.10.254 

R1# 

'Mar 26 11:17:47.439: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 

172.16.20.254 

'Mar 26 11:17:48.252: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 

172.16.10.254 

'Mar 26 11:17:48.322: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 

172.16.10.254 

R1# 

'Mar 26 11:17:50.389: HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 

172.16.20.254 

'Mar 26 11:17:50.735: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 

172.16.10.254 

'Mar 26 11:17:50.921: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 

172.16.10.254 

R1# 

'Mar 26 11:17:53.089: HSRP: Et1/0 Grp2 Hello out 172.16.20.2 Active pri 100 vIP 

172.16.20.254 

'Mar 26 11:17:53.338: HSRP: EtO/0 Grp 1 Hello out 172.16.10.2 Active pri130vlP 

172.16.10.254 

'Mar 26 11:17:53.633: HSRP: EtO/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 

172.16.10.254 

A. HSRP group priority misconfiguration 

B. There is an HSRP authentication misconfiguration 

C. There is an HSRP group number mismatch 

D. This is not an HSRP issue: this is DHCP issue. 

E. The ACL applied to interface is blocking HSRP hello packet exchange 

Answer:

Explanation: 

On R1 we see that access list 102 has been applied to the Ethernet 1/0 interface: 

This access list is blocking all traffic to the 224.0.0.102 IP address, which is the multicast address used by HSRP. 

Topic 5, Troubleshooting OSPF 

17. - (Topic 5) 

Scenario: 

A customer network engineer has edited their OSPF network configuration and now your customer is experiencing network issues. They have contacted you to resolve the issues and return the network to full functionality. 

Connectivity from R3 to R4, R5 and R6 has been lost. How should connectivity be reestablished? 

A. Configure R4 with a virtual link to 192.168.13.2 

B. Change the R3 and R4 hello-interval and retransmit-interface timers to zero so the link won't go down. 

C. Add an OSPF network statement for 4.4.4.4 0.0.0.0 area 1 in R3 

D. Add an OSPF network statement for 192.168.34.3 0.0.0.255 area 2 in R3 

E. Add an OSPF network statement for 192.168.34.0 0.0.0.255 area 1 in R3 

Answer:

Explanation: 

Based on the network diagram, we know that a virtual link will need to be configured to logically connect area 2 to the back area 0. However, this is not the problem as we can see that R3 has been correctly configured to do this. It is, however, missing the network statement for the link to R4. Here, we see that the link to R4 is using the 192.168.34.0 network, but that this network has not been added to OSPF 

Based on the network diagram, this link should be added to Area 1, not Area 2. 


Q3. - (Topic 10) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

The fault condition is related to which technology? 

A. BGP 

B. NTP 

C. IP NAT 

D. IPv4 OSPF Routing 

E. IPv4 OSPF Redistribution 

F. IPv6 OSPF Routing 

G. IPv4 layer 3 security 

Answer:

Explanation: 

On R1 we need to add the client IP address for reachability to server to the access list that is used to specify which hosts get NATed. 

Topic 11, Ticket 6 : R1 ACL 

Topology Overview (Actual Troubleshooting lab design is for below network design) 

. Client Should have IP 10.2.1.3 

. EIGRP 100 is running between switch DSW1 & DSW2 

. OSPF (Process ID 1) is running between R1, R2, R3, R4 

. Network of OSPF is redistributed in EIGRP 

. BGP 65001 is configured on R1 with Webserver cloud AS 65002 

. HSRP is running between DSW1 & DSW2 Switches 

The company has created the test bed shown in the layer 2 and layer 3 topology exhibits. 

This network consists of four routers, two layer 3 switches and two layer 2 switches. 

In the IPv4 layer 3 topology, R1, R2, R3, and R4 are running OSPF with an OSPF process number 1. 

DSW1, DSW2 and R4 are running EIGRP with an AS of 10. Redistribution is enabled where necessary. 

R1 is running a BGP AS with a number of 65001. This AS has an eBGP connection to AS 65002 in the ISP's network. Because the company's address space is in the private range. 

R1 is also providing NAT translations between the inside (10.1.0.0/16 & 10.2.0.0/16) networks and outside (209.65.0.0/24) network. 

ASW1 and ASW2 are layer 2 switches. 

NTP is enabled on all devices with 209.65.200.226 serving as the master clock source. 

The client workstations receive their IP address and default gateway via R4's DHCP server. 

The default gateway address of 10.2.1.254 is the IP address of HSRP group 10 which is running on DSW1 and DSW2. 

In the IPv6 layer 3 topology R1, R2, and R3 are running OSPFv3 with an OSPF process number 6. 

DSW1, DSW2 and R4 are running RIPng process name RIP_ZONE. 

The two IPv6 routing domains, OSPF 6 and RIPng are connected via GRE tunnel running over the underlying IPv4 OSPF domain. Redistribution is enabled where necessary. 

Recently the implementation group has been using the test bed to do a ‘proof-of-concept' on several implementations. This involved changing the configuration on one or more of the devices. You will be presented with a series of trouble tickets related to issues introduced during these configurations. 

Note: Although trouble tickets have many similar fault indications, each ticket has its own issue and solution. 

Each ticket has 3 sub questions that need to be answered & topology remains same. 

Question-1 Fault is found on which device, 

Question-2 Fault condition is related to, 

Question-3 What exact problem is seen & what needs to be done for solution 

Client is unable to ping IP 209.65.200.241… 

Solution 

Steps need to follow as below:-

. When we check on client 1 & Client 2 desktop we are not receiving DHCP address from R4 

. Ipconfig ----- Client will be receiving IP address 10.2.1.3 

. IP 10.2.1.3 will be able to ping from R4 , R3, R2, R1 

. Look for BGP Neighbourship 

. Sh ip bgp summary ----- State of BGP will be in active state. This means connectivity issue between serial 

. Check for running config. i.e sh run --- over here check for access-list configured on interface as BGP is down (No need to check for NAT configuration as its configuration should be right as first need to bring BGP up) 

. In above snapshot we can see that access-list of edge_security on R1 is not allowing wan IP network 

. Change required: On R1, we need to permit IP 209.65.200.222/30 under the access list. 


Q4. - (Topic 20) 

The implementation group has been using the test bed to do an IPv6 'proof-of-concept1.

After several changes to the network addressing and routing schemes, a trouble ticket has been opened indicating that the loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).

Use the supported commands to isolate the cause of this fault and answer the following question.

On which device is the fault condition located?

A. R1

B. R2

C. R3

D. R4

E. DSW1

F. DSW2

G. ASW1

H. ASW2

Answer: D

Explanation:

Start to troubleshoot this by pinging the loopback IPv6 address of DSW2 (2026::102:1). This can be pinged from DSW1, and R4, but not R3 or any other devices past that point. If we look at the diagram, we see that R4 is redistributing the OSPF and RIP IPV6 routes. However, looking at the routing table we see that R4 has the 2026::102 network in the routing table known via RIP, but that R3 does not have the route:

When we look more closely at the configuration of R4, we see that it is redistributing OSPF routes into RIP for IPv6, but the RIP routes are not being redistributed into OSPF. That is why R3 sees R4 as an IPV6 OSPF neighbor, but does not get the 2026::102 network installed.

So, problem is with route redistribution on R4.


Q5. - (Topic 6) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, and FHRP services, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

What is the solution to the fault condition? 

A. In Configuration mode, using the interface port-channel 13 command, then configure switchport trunk allowed vlan none followed by switchport trunk allowed vlan 20,200 commands. 

B. In Configuration mode, using the interface port-channel 13, port-channel 23, then configure switchport trunk none allowed vlan none followed by switchport trunk allowed vlan 10,200 commands. 

C. In Configuration mode, using the interface port-channel 23 command, then configure switchport trunk allowed vlan none followed by switchport trunk allowed vlan 20,200 commands. 

D. In Configuration mode, using the interface port-channel 23, port-channel, then configure switchport trunk allowed vlan none followed by switchport trunk allowed vlan 10,20,200 commands. 

Answer:

Explanation: 

We need to allow VLANs 10 and 200 on the trunks to restore full connectivity. This can be accomplished by issuing the "switchport trunk allowed vlan 10,200" command on the port channels used as trunks in DSW1. 


Q6. - (Topic 1)

Exhibit:

A network administrator is troubleshooting an EIGRP connection between RouterA, IP address 10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two statements are true? (Choose two.)

A. RouterA received a hello packet with mismatched autonomous system numbers.

B. RouterA received a hello packet with mismatched hello timers.

C. RouterA received a hello packet with mismatched authentication parameters.

D. RouterA received a hello packet with mismatched metric-calculation mechanisms.

E. RouterA will form an adjacency with RouterB.

F. RouterA will not form an adjacency with RouterB.

Answer: D,F


Q7. - (Topic 15) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

The fault condition is related to which technology? 

A. Under the global configuration mode enter no access-list 10 command. 

B. Under the global configuration mode enter no access-map vlan 10 command. 

C. Under the global configuration mode enter no vlan access-map test1 10 command. 

D. Under the global configuration mode enter no vlan filter test1 vlan-list 10 command. 

Answer:

Explanation: 

On DSW1, VALN ACL, Need to delete the VLAN access-map test1 whose action is to drop access-list 10; specifically 10.2.1.3 


Q8. - (Topic 14) 

The implementations group has been using the test bed to do a ‘proof-of-concept' that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241. After several changes to the network addressing, routing scheme, DHCP services, NTP services, layer 2 connectivity, FHRP services, and device security, a trouble ticket has been opened indicating that Client 1 cannot ping the 209.65.200.241 address. 

Use the supported commands to isolated the cause of this fault and answer the following questions. 

What is the solution to the fault condition? 

A. Disable auto summary on the EIGRP process 

B. Enable EIGRP on the FastEthernet0/0 and FastEthernet0/1 interface using the no passive-interface command. 

C. Change the AS number on the EIGRP routing process from 1 to 10 to much the AS number used on DSW1 and DSW2. 

D. Under the EIGRP process, delete the network 10.1.4.0 0.0.0.255 command and enter the network 10.1.4.4 0.0.0.252 and 10.1.4.8 0.0.0.252 commands. 

Answer:

Explanation: 

On R4, IPV4 EIGRP Routing, need to change the EIGRP AS number from 1 to 10 since DSW1 & DSW2 is configured to be in EIGRP AS number 10. 


Q9. - (Topic 3) 

You have been brought in to troubleshoot an EIGRP network. A network engineer has made configuration changes to the network rendering some locations unreachable. You are to locate the problem and suggest solution to resolve the issue. 

R5 has become partially isolated from the remainder of the network. R5 can reach devices on directly connected networks but nothing else. What is causing the problem? 

A. An outbound distribute list in R3 

B. Inbound distribute lists in R5 

C. An outbound distribute list in R6 

D. Incorrect EIGRP routing process ID in R5 

Answer:

Explanation: 

Here we see that distribute list 3 has been applied to EIGRP on router R%, but access-list 3 contains only deny statements so this will effectively block all routing advertisements from its two EIGRP neighbors, thus isolating R5 from the rest of the EIGRP network: 

Topic 4, Troubleshooting HSRP 

13. - (Topic 4) 

Scenario: 

You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the network problems. 

Examine the configuration on R4. The routing table shows no entries for 172.16.10.0/24 and 172.16.20.0/24. Identify which of the following is the issue preventing route entries being installed on R4 routing table? 

A. HSRP issue between R4 and R2 

B. This is an OSPF issue between R4 and R2 

C. This is a DHCP issue between R4 and R2 

D. The distribute-list configured on R4 is blocking route entries 

E. The ACL configured on R4 is blocking inbound traffic on the interface connected to R2 

Answer:

Explanation: 

If we look at the configuration on R4 we see that there is a distribute list applied to OSPF, which blocks the 172.16.20.0/24 and 172.16.10.0/24 networks. 


Q10. - (Topic 4) 

Scenario: 

You have been asked by your customer to help resolve issues in their routed network. Their network engineer has deployed HSRP. On closer inspection HSRP doesn't appear to be operating properly and it appears there are other network problems as well. You are to provide solutions to all the network problems. 

You have received notification from network monitoring system that link between R1 and R5 is down and you noticed that the active router for HSRP group 1 has not failed over to the standby router for group 1. You are required to troubleshoot and identify the issue. 

A. There is an HSRP group track command misconfiguration 

B. There is an HSRP group priority misconfiguration 

C. There is an HSRP authentication misconfiguration 

D. There is an HSRP group number mismatch 

E. This is not an HSRP issue; this is routing issue. 

Answer:

Explanation: 

When looking at the HSRP configuration of R1, we see that tracking has been enabled, but that it is not tracking the link to R5, only the link to R2: 

R1 should be tracking the Eth 0/1 link, not 0/0 to achieve the desired affect/