YOUTUBE LINK:
Please find playlist in Hindi & English below:https://www.youtube.com/playlist?list=PL1PiPEQOeKMYqOvyKpym_dkoFY2y5BKt0https://www.youtube.com/playlist?list=PL1PiPEQOeKMY3r659R5gyWt4ScTzpyg6w
Sometimes to write every thing is very difficult so you please watch the videos associated with this page.
How to pass CCNP TSHOOT EXAM:
CISCO CCNP TSHOOT CONTAINS DIFFERENT TYPES OF TROUBLE TICKETS:
when you are dealing with Tshoot you have three options
a. top to bottom
b. bottom to top
c. mid to top or mid to bottom
and it is very important to understand the three things at the time of Tshooting
a. which device is causing the trouble
b. which technology is involved into it
c. how to detect and provide solution
naturally after resolving the ticket you do the needful testing.
Cisco divide Tshoot exam in different types of tickets and mind that placement of these tickets are really interesting in Tshoot exams: Each ticket carries three sub-questions.
these are the tickets in the exam i simulate these tickets into packet tracer and provide you the necessary keys:
1. PROBLEM RELATES TO AUTHENTICATION
2. PROBLEM RELATES TO HSRP
3. PROBLEM RELATES TO BGP NEIGHBOR RELATIONSHIP
4. NAT ACL RELATED PROBLEM
5. ACL
6. VLAN FILTER
7. PORT SECURITY
8. SWITCHPORT VLAN
9. SWICHPORT TRUNK
10.EIGRP AS MISMATCH
11.EIGRP OSPF REDISTIBUTION PROBLEM
12.IPv6 OSPF AREA MISMATCH
13.DHCP RANGE PROBLEM
14.EIGRP PASSIVE INTERFACE
1. PROBLEM RELATES TO AUTHENTICATION
Ticket 1. OSPF Authentication
1.Client is unable to ping R1’s serial interface from the client.
Problem was disable authentification on R1, check where authentication is not given under
router ospf of R1. (use ipv4 Layer 3)
Configuration on R1 was:
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
!
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
default-information originate always
Configuration on R2 was:
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TSHOOT
!
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
Answer: on R1 need command in router mode
area 12 authentication message-digest
Ans1) R1
Ans2) OSPF
Ans3) ip ospf authentication message-digest command must be given on s0/0/0/0.12
2. PROBLEM RELATES TO HSRP
HSRP was configured on DSW1 & DSW2. DSW1 is configured to be active but it does not become active.
Configuration on DSW1:
track 1 ip route 10.1.21.128 255.255.0.0 metric threshold
threshold metric up 1 down 2
!
track 10 ip route 10.2.21.128 255.255.255.0 metric threshold
threshold metric up 63 down 64
!
interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60
Answer: (use IPv4 Layer 3 Topology)
On dsw 1 interface vlan 10 mode run:
no standby 10 track 1 decrement 60
standby 10 track 10 decrement 60
(ip for track command not exact for real exam)
Ans1) DSW1
Ans2) HSRP
Ans3) delete the command with track 1 and enter the command with track 10 (standby 10 track 10 decrement 60).
3. PROBLEM RELATES TO BGP NEIGHBOR RELATIONSHIP
Problem: Client 1 is able to ping 209.65.200.226 but can’t ping the Web Server 209.65.200.241.
Configuration on R1:
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.56.200.226 remote-as 65002
no auto-summary
check bgp neighborship. **** show ip bgp sum****
The neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)
Answer: need change on router mode on R1 neighbor 209.65.200.226
Ans1) R1
Ans2) BGP
Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command
(change “neighbor 209.56.200.226 remote-as 65002? to “neighbor 209.65.200.226 remote-as 65002?)
4. NAT ACL RELATED PROBLEM
Client 1 & 2 are not able to ping the web server 209.65.200.241, but all the routers & DSW1,2 can ping the server.
NAT problem. (use ipv4 Layer 3)
problem on R1 Nat acl
Configuration on R1
ip nat inside source list nat_pool interface s0/0/0/1 overload
ip access-list standard nat_pool
permit 10.1.0.0
!
interface serial0/0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat outside
!
interface Serial0/0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest
Answer:add to acl 1 permit ip 10.2.1.0 0.0.0.255
Ans1) R1
Ans2) NAT
Ans3) Add the command permit 10.2.0.0 in the nat_pool access-list
5. ACL
Client is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)
Problem:on R1 acl blocking ip
Configuration on R1
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.65.200.226 remote-as 65002
no auto-summary
!
access-list 30 permit host 209.65.200.241
access-list 30 deny 10.1.0.0 0.0.255.255
access-list 30 deny 10.2.0.0 0.0.255.255
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group 30 in
Answer: add permit 209.65.200.224 0.0.0.3 command to R1's ACL
Ans1) R1
Ans2) IP Access list
Ans3) Add permit 209.65.200.224 0.0.0.3 to R1's ACL
6. VLAN FILTER
Client 1 is getting the correct IP address from DHCP but Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).
Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3
Configuration on DSW1
vlan access-map test1 10
drop
match ip address 10
!
vlan filter test1 vlan-list 10
!
ip access-list standard 10
permit 10.2.0.0 0.0.255.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0
Ans1) DSW1 (but in the exam maybe you have to choose ASW1)
Ans2) Vlan access map
Ans3)Remove vlan filter test1 from DSW1
Note: There was a bug in this ticket but now it has been fixed so you can select DSW1 device,
next page you have to scroll down to find the VLAN Access List/PACL option.
7. PORT SECURITY
Client 1 is getting a 169.x.x.x IP address & is unable to ping Client 2 as well as DSW1.
The command ‘sh interfaces fa1/0/1' will show following message in the first line
‘enFastEthernet1/0/1 is down, line protocol is down (err-disabled)’
On ASW1 port-security mac 0000.0000.0001, interface in err-disable state
Configuration of ASW1
interface fa1/0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001
Answer:on asw1 delele portsecurity & do on interfaces shutdown, no shutdown
Ans1)ASW1
Ans2)Port security
Ans3)issue “no switchport port-security mac-address 0000.0000.0001 command followed by shutdown
& no shutdown commands on port fa1/0/1 on ASW1
No comments:
Post a Comment