A guide for the TSHOOT Exam

For the TSHOOTv2 exam we will encounter:

+ 2 Simlet (small troubleshooting sims)

+ Multiple Choice Questions
+ 12 Troubleshooting Tickets (check them at the right-side menu)

Below is a summary of 16 Tickets you will see in the exam:

Device Error Description

1. Access port not in VLAN 10 (removed)
ASW1 2. Port Channel not allowing VLAN 10
3. Ports should be in access mode instead of trunking
1. HSRP track 10 (removed)
DSW1 2. VLAN filter
3. DHCP IP Helper-address (APIPA addresses on clients)
1. Wrong IP of BGP neighbor
2. NAT Outside misconfigured
R1
3. WAN access-list statement missing
4. OSPF Authentication
R2 1. IPv6: enable OSPF
R3 1. IPv6: remove ―tunnel mode ipv6‖
1. EIGRP – wrong AS (removed)
2. Redistribute Route-map
R4
3. EIGRP Passive Interface (removed)
4. missing Redistribution from RIPng to OSPFv3

Notice that in the exam, the tickets are randomly given so the best way to troubleshooting is to
try pinging to all the devices from nearest to farthest from the client until you don‘t receive the
replies.

In each ticket you will have to answers three types of questions:

+ Which device causes problem

+ Which technology is used
+ How to fix it

One more thing to remember: you can only use ―show‖ commands to find out the problems and
you are not allowed to make any changes in the configuration. In fact, in the exam you can not
enter the global configuration mode!
Multiple Choice Questions
http://www.networktut.com/multiple-choice-questions

Question 1

Drag and drop the sequence for configuring SSH in correct order.

A. ip ssh ver 2
B. ip domain-name cisco.com
C. crypto-key generate rsa
D. line vty 0 4
E. Transport input ssh
Transport input telnet

Answer: B -> C -> A -> D -> E

Question 2

Drag and drop about uRPF strict and loose mode

Option 1. Must have the source IP in routing table (IPv4 Source IP address must be the part of
the routing table)
Option 2. Must have the same path back
Option 3. Supports asymmetric routing feature
Option 4. Can be used to configure on the inside interface of the Internet router
Option 5. Can be used to configure on the outside interface of the Internet router
Option 6. Supports symmetric routing feature

Answer:

Strict mode:
+ Must have the same path back
+ Can be used to configure on the inside interface of the Internet router
+ Supports symmetric routing feature

Loose mode:
+ Must have the source IP in routing table (IPv4 Source IP address must be the part of the
routing table)
+ Can be used to configure on the outside interface of the Internet router

Question 3

Which protocol does mGRE use to send packets?

A. DMVPN
B. NHRP
C. OSPF
D. IPSec

Answer: B

Question 4

Which protocols are supported with MPP? (choose three)

A. HTTP only
B. HTTP and HTTPS
C. SSH
D. FTP
E. SFTP
F. TFTP

Answer: B C F

Explanation

The Management Plane Protection (MPP) feature in Cisco IOS software provides the capability
to restrict the interfaces on which network management packets are allowed to enter a device.
The MPP feature allows a network operator to designate one or more router interfaces as
management interfaces. Device management traffic is permitted to enter a device only through
these management interfaces. After MPP is enabled, no interfaces except designated
management interfaces will accept network management traffic destined to the device.

Reference:
https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_mgmt_plane_prot.h
tml#wp1047623

Following are the management protocols that the management plane protection (MPP) feature
supports. These management protocols are also the only protocols affected when MPP is
enabled.

+ SSH, v1 and v2
+ SNMP, all versions
+ Telnet
+ TFTP
+ HTTP
+ HTTPS

Reference: https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-
1/security/configuration/guide/syssec_cg41crs_chapter7.html#con_1013398

Question 5
Which topologies are allowed with p2p GRE over IPsec? (Choose two)

A. Hub and Spoke

B. Partial mesh
C. Point to multipoint
D. Bus
E. Star

Answer: A B

Question 6

Which keywords can be used with debug condition to filter output? (Choose two)

A. Username
B. Interface ID
C. Port number
D. Protocol
Ε. Packet Size

Answer: A B

Reference:
https://www.cisco.com/c/en/us/td/docs/ios/12_2/debug/command/reference/122debug/dbfcndtr.
html

Question 7

Output of sh access-list, what can you do to correct SSH?

Extended IP access-list 100

Deny tcp any any eq 22
Permit ip any any
Extended IP access-list 150
Permit tcp any any eq 23
Deny tcp any any eq 22
Permit ip any any
Extended IP access-list 175
Permit tcp any any eq 22
Permit tcp any any eq 23
Line vty 0 4
Access-class 100 in
Transport input ssh

A. Change access-class 100 in with access-class 150 in

B. Change transport input ssh with transport input telnet
C. Change access-class 100 in with access-class 100 out
D. Change access-class 100 in with access-class 175 in

Answer: D

Question 8

How will you troubleshoot OSPF adjacency issue?

A. Using ‗debug ospf adj‘ command on a router

B. Process ID on the routers should match
C. Router IDs should match
D. Using ‗debug ospf nsf‘ command
E. Hello timers mismatch (or Subnets should match)

Answer: A E (in fact the correct answer on answer A should be ―debug ip ospf adj‖)

Question 9

Which IPSec mode with least overhead?

A. dynamic
B. transport
C. transparent
D. tunnel

Answer: B

Explanation

IPsec supports two encryption modes: Transport mode and Tunnel mode. Transport mode
encrypts only the data portion (payload) of each packet and leaves the packet header untouched.

Tunnel mode is more secure than Transport mode because it encrypts both the payload and the
header.

Reference: https://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-
0/ip_security/provisioning/guide/IPsecPG1.html

GRE IPsec tunnel mode consists of the following overhead:

ESP Overhead: 52 Bytes

GRE Overhead: 20 (GRE IP Hdr) + 4 (GRE) = 24 Bytes
Total Overhead: 52 + 24 = 76 Bytes
GRE IPsec transport mode consists of the following overhead:

ESP Overhead: 52 Bytes

GRE Overhead: 4 (GRE) = 4 Bytes
Total Overhead: 52 + 4 = 56 Bytes

Question 10

A question showing EIGRP logs, something like this:

*Aug 1 13:09:38.896: EIGRP: received packet with MD5 authentication, key id = 1234
*Aug 1 13:09:38.896: EIGRP: Received HELLO on Gi0/0 – paklen 70 nbr 192.168.1.2
*Aug 1 13:09:38.897: AS 10, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0
*Aug 1 13:09:38.898: EIGRP: Add Peer: Total 1 (3/0/0/0/0)
*Aug 1 13:09:38.898: K-value mismatch
*Aug 1 13:09:38.899: EIGRP: Sending TIDLIST on GigabitEthernet0/0 – 1 items0
*Aug 1 13:09:38.902: EIGRP: Sending HELLO on Gi0/0 – paklen 70
*Aug 1 13:09:38.903: AS 10, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0
*Aug 1 13:09:38.904: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 192.168.1.2
(GigabitEthernet0/0) is down: K-value mismatch
R1#
*Aug 1 13:09:38.905: EIGRP: Lost Peer: Total 1 (2/0/0/0/0)
*Aug 1 13:09:39.894: EIGRP: Gi0/1: ignored packet from 192.168.2.3, opcode = 5 (missing
authentication)
R1#
*Aug 1 13:09:40.204: EIGRP: Sending HELLO on Gi0/1 – paklen 60
*Aug 1 13:09:40.204: AS 10, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0

A. Hello Timers mismatches

B. Hold Timers mismatches
C. AS mismatches
D. Metric calculation mismatches
E. Authentication mismatches

Answer: D E

Simlet
BGP Sim
http://www.networktut.com/bgp-sim
Loopback0 is used for IBGP peering while physical interface address is used for EBGP.
Identify the IBGP issues on R1 to R2, R3 and EBGP issues to RA and fix them so that the
―show ip bgp‖ command on R1 will display all loopback interfaces of other routers.

Configs on R1:

This lab is for BGP only so we only need to check BGP section

R1#show running-config
—-output omitted—-
router bgp 64520
neighbor IBGP peer-group
neighbor IBGP remote-as 64550
neighbor IBGP update-source loopback0
neighbor 172.16.2.2 peer-group IBGP
neighbor 172.16.3.3 peer-group IBGP
neighbor 209.165.200.2 remote-as 64525

—-output omitted—-

HSRP Sim
Refer to the topology. Your customer network is using HSRP but it does not appear to be
operating properly. They have contacted you to provide solutions for their problems
Note: The problems in the exam may be different so please grasp the concept well.

Question 1

Your customer have reported that when the link between R1 and R5 is down, they notice that
the active router for HSRP group 1 has not failed over to the standby router for group 1. Identify
the problem.

A. An HSRP group track command is misconfigured

B. An HSRP group priority is misconfigured
C. An HSRP authentication is misconfigured
D. An HSRP group number is mismatched
E. This is not an HSRP problem; this is routing problem.

Answer: A

Question 2

The following debug messages are noticed for HSRP group 2. But still neither R1 nor R2 has
identified one of them as standby router. Identify the issue.
Note: only show commands can be used to troubleshoot the ticket.
R1#
HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active prj 130 vIP 172.16.10.254
R1#
HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
R1#
HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
R1#
HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
R1#
HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
R1#
HSRP: Et1/0 Grp 2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254
HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
R1#
HSRP: Et1/0 Grp2 Hello out 172.16.20.2 Active pri 100 vIP 172.16.20.254
HSRP: Et0/0 Grp 1 Hello out 172.16.10.2 Active pri 130 vIP 172.16.10.254
HSRP: Et0/0 Grp 1 Hello in 172.16.10.1 Standby pri 100 vIP 172.16.10.254

A. HSRP group priority misconfiguration

B. There is an HSRP authentication misconfiguration
C. There is an HSRP group number mismatch
D. This is not an HSRP issue: this is DHCP issue.
E. The ACL applied to interface is blocking HSRP hello packet exchange

Answer: E

Question 3

The routing table of R4 shows no entries for 172.16.10.0/24 and 172.16.20.0/24. Identify which
of the following is the issue preventing route entries being installed on R4 routing table?

A. HSRP issue between R4 and R2

B. This is an OSPF issue between R4 and R2
C. This is a DHCP issue between R4 and R2
D. The distribute-list configured on R4 is blocking route entries
E. The ACL configured on R4 is blocking inbound traffic on the interface connected to R2

Answer: D

Question 4
Router R5 do not see any route entries learned from R4; what could be the issue?

A. HSRP issue between R5 and R4

B. There is an OSPF issue between R5 and R4
C. There is a DHCP issue between R5 and R4
D. The distribute-list configured on R5 is blocking route entries
E. The ACL configured on R5 is blocking traffic for the subnets advertised from R4.

Answer: C

Ticket 1 – OSPF Authentication

1.Client is unable to ping R1‘s serial interface from the client.

Problem was disable authentication on R1, check where authentication is not given under router
ospf of R1. (use ipv4 Layer 3)

Configuration of R1:

interface Serial0/0/0
description Link to R2
ip address 10.1.1.1 255.255.255.252
ip nat inside
encapsulation frame-relay
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf network point-to-point
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 10.1.2.0 0.0.0.255 area 12
network 10.1.10.0 0.0.0.255 area 12
default-information originate always
!

Configuration of R2:
interface Serial0/0/0.12 point-to-point
ip address 10.1.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TSHOOT
!

Answer: on R1 need command “ip ospf authentication message-digest‖

Ans1) R1
Ans2) IPv4 OSPF Routing
Ans3) Enable OSPF authentication on the s0/0/0 interface using the ―ip ospf authentication
message-digest‖ command.

Ticket 2 – HSRP Track (removed)

HSRP was configured on DSW1 & DSW2. DSW1 is configured to be active but it does not
become active.

Configuration of DSW1:

track 1 ip route 10.2.21.128 255.255.255.224 metric threshold

threshold metric up 1 down 2
!
track 10 ip route 10.1.21.128 255.255.255.224 metric threshold
threshold metric up 63 down 64
!

interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60

Answer: (use IPv4 Layer 3 Topology)

On DSW1 interface vlan 10 mode, type these commands:

no standby 10 track 1 decrement 60
standby 10 track 10 decrement 60
(ip for track command not exact for real exam)

Note: 10.1.21.129 is the IP address of a loopback interface on R4. This IP belongs to subnet
10.1.21.128/27.

Ans1) DSW1
Ans2) HSRP
Ans3) delete the command with track 1 and enter the command with track 10 (standby 10 track
10 decrement 60).

Note: For more information about IP route tracking and why the command ―threshold metric up
63 down 64″ is used here please read this tutorial: http://networktut.iptut.com/hsrp-ip-route-
tracking.

Ticket 3 – BGP Neighbor

Problem: Client 1 is able to ping 209.65.200.226 but can‘t ping the Web Server 209.65.200.241.
Configuration of R1:
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.56.200.226 remote-as 65002
no auto-summary

check bgp neighborship. **** show ip bgp sum****

The neighbor‘s address in the neighbor command is wrong under router BGP. (use ipv4 Layer
3)

Answer: need change on router mode on R1 neighbor 209.65.200.226

Ans1) R1
Ans2) BGP
Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the
neighbor command (change ―neighbor 209.56.200.226 remote-as 65002″ to ―neighbor
209.65.200.226 remote-as 65002″)

Ticket 4 – NAT Outside

Configuration of R1
ip nat inside source list nat_pool interface s0/0/1 overload

interface Serial0/0/0
description Link to R2
ip address 10.1.1.1 255.255.255.252
ip nat outside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest
!
interface Serial0/0/1
description Link to ISP
ip address 209.65.200.225 255.255.255.252
ip nat outside
!

Ans1) R1
Ans2) NAT
Ans3) Under the interface Serial0/0/0 configuration enter the ‗ip nat inside‘ command.

Ticket 5 – R1 ACL
Configuration on R1
interface Serial0/0/1
description Link to ISP
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group edge_security in
!
ip access-list extended edge_security
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny 127.0.0.0 0.255.255.255 any
permit ip host 209.65.200.241 any
!

Answer:

Ans1) R1
Ans2) IPv4 layer 3 security
Ans3) Under the ‗ip access-list extended edge_security‘ configuration add the ‗permit ip
209.65.200.224 0.0.0.3 any‘ command.

Note:

+ This is the only ticket the extended access-list edge_security exists. In other tickets, the
access-list 30 is applied to the inbound direction of S0/0/1 of R1.

+ Although host 209.65.200.241 is permitted to go through the access-list (permit ip host

209.65.200.241 any) but clients cannot ping the web server because R1 cannot establish BGP
session with neighbor 209.65.200.226.

Ticket 6 – VLAN filter

Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2
Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3

Configuration on DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Ans1) DSW1
Ans2) VLAN ACL/Port ACL
Ans3) Under the global configuration mode enter no vlan filter test1 vlan-list 10 command.

Note: After choosing DSW1 for Ans1, next page (for Ans2) you have to scroll down to find the
VLAN ACL/Port ACL option. The scroll bar only appears in this ticket and is very difficult to
be seen. Also make sure you choose DSW1 (not ASW1) for the first question as there is also
"VLAN ACL/Port ACL" option for answer 2 if you choose ASW1 but it is wrong.

Ticket 7 – Port Security

Client 1 is unable to ping Client 2 as well as DSW1. The command ‗sh interfaces fa1/0/1′ will
show following message in the first line
‗FastEthernet1/0/1 is down, line protocol is down (err-disabled)‘

On ASW1 port-security mac 0000.0000.0001, interface in err-disable state

Configuration of ASW1
interface fa1/0/1
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001

Answer: on ASW1 delele port-security & do on interfaces shutdown, no shutdown

Ans1) ASW1
Ans2) Port security
Ans3) In Configuration mode, using the interface range Fa1/0/1 – 2, then no switchport port-
security, followed by shutdown, no shutdown interface configuration commands.

Ticket 8 – Switchport VLAN 10 (removed)

Configuration of ASW1
interface FastEthernet1/0/1
switchport mode access
!
interface FastEthernet1/0/2
 switchport mode access
!

Answer:

Ans1) ASW1
Ans2) Access Vlans
Ans3) In Configuration mode, using the ‗interface range Fastethernet 1/0/1 – 2‘, then
‗switchport access vlan 10‘ command.

Ticket 9 – Switchport trunk

Configuration of ASW1
interface PortChannel13
switchport mode trunk
switchport trunk allowed vlan 20,200
!
interface PortChannel23
switchport mode trunk
switchport trunk allowed vlan 20,200
!
interface FastEthernet1/0/1
switchport mode access
switchport access vlan 10
shutdown
!
interface FastEthernet1/0/2
switchport mode access
switchport access vlan 10

Ans1)ASW1
Ans2)Switch to switch connectivity
Ans3)Under interface Port-Channel 13, 23, add vlan 10,200 and then no shutdown interface
fa1/0/1

Ticket 10 – EIGRP AS (removed)

Client 1 is not able to ping the Webserver
DSW1 can ping fa0/1 of R4 but can‘t ping s0/0/0.34

Check ip eigrp neighbors from DSW1 you will not see R4 as neighbor.(use ipv4 Layer 3)
‗Show ip route‘ on DSW1 you will not see any 10.x.x.x network route.
On DSW1 & DWS2 the EIGRP AS number is 10 (router eigrp 10) but on R4 it is 1 (router eigrp
1)

Answer: change router AS on R4 from 1 to 10

Ans1) R4
Ans2) EIGRP
Ans3) Change EIGRP AS number from 1 to 10

Ticket 11 – Redistribution Route-map

On R4:
router eigrp 10
redistribute ospf 1 route-map OSPF->EIGRP
network 10.1.4.0 0.0.0.255
network 10.1.10.0 0.0.0.255
network 10.1.21.128 0.0.0.3
default-metric 100000 100 100 1 1500
no auto-summary
!

route-map OSPF->EIGRP deny 10

match tag 90
route-map OSPF->EIGRP deny 20
set tag 110

Ans1) R4
Ans2) IPv4 Route Redistribution
Ans3) Change the ‗route-map OSPF->EIGRP deny 20‘ to ‗route-map OSPF->EIGRP permit
20‘.

Explanation for this ticket:

In this topology, we are doing mutual redistribution at multiple points (between OSPF and
EIGRP on R4, DSW1 & DSW2), which is a very common cause of network problems,
especially routing loops so you should use route-map to prevent redistributed routes from
redistributing again into the original domain.

In this ticket, route-map is also used for this purpose. For example, the route-map ―EIGRP-
>OSPF‖ is used to prevent any routes that have been redistributed into OSPF from redistributed
again into EIGRP domain by tagging these routes with tag 90. These routes are prevented from
redistributed again by route-map OSPF->EIGRP by denying any routes with tag 90 set.

Ticket 12 – IPv6 OSPF

DSW1 & R4 can‘t ping R2‘s loopback interface or s0/0/0.12 IPv6 address.
R2 is not an OSPFv3 neighbor on R3
Situation: ipv6 ospf was not enabled on R2‘s serial interface connecting to R3. (use ipv6 Layer
3)

Configuration of R2
ipv6 router ospf 6
router-id 2.2.2.2
!
interface s0/0/0.23
ipv6 address 2026::1:1/122

Configuration of R3
ipv6 router ospf 6
router-id 3.3.3.3
!
interface s0/0/0.23
ipv6 address 2026::1:2/122
ipv6 ospf 6 area 0

Answer:

In interface configuration mode of s0/0/0.23 on R2:

ipv6 ospf 6 area 12

Ans1) R2
Ans2) IPv6 OSPF Routing
Ans3) on the serial interface of R2, enter the command ipv6 ospf 6 area 0 (notice that it is ―area
0″, not ―area 12″)

Ticket 13 – DHCP Helper-address

Note: Currently the link above is not up-to-date. We will update it soon.

Configuration on DSW1:

!
interface Vlan 10
ip address 10.2.1.1 255.255.255.0
ip helper-address 10.2.21.129
!

Note: In this ticket you will find port-security configured on ASW1 but it is not the problem.

Ans1) DSW1
Ans2) IP DHCP Server (or DHCP)
Ans3) on DSW1 delete ―ip helper-address 10.2.21.129‖ and apply ―ip helper-address
10.1.21.129‖ command

Ticket 14 – EIGRP Passive Interface

the neighborship between R4 and DSW1 wasn‘t establised. Client 1 can‘t ping R4
Configuration on R4:
router eigrp 10
passive-interface default
redistribute ospf 1 route-map OSPF->EIGRP
network 10.1.4.4 0.0.0.3
network 10.1.4.8 0.0.0.3
network 10.1.21.128 0.0.0.3
default-metric 10000 100 255 1 10000
no auto-summary

Answer 1) R4
Answer 2) IPv4 EIGRP Routing
Answer 3) enter no passive interface for interfaces connected to DSW1 under EIGRP process
(or in Interface f0/1 and f0/0, something like this)

Note: There is a loopback interface on this device which has an IP address of 10.1.21.129 so we
have to include the ―network 10.1.21.128 0.0.0.3‖ command.

* Just for your information, in fact Clients 1 & 2 in this ticket CANNOT receive IP addresses
from DHCP Server because DSW1 cannot reach 10.1.21.129 (an loopback interface on R4)
because of the ―passive-interface default‖ command. But in the exam you will see that Clients 1
& 2 can still get their IP addresses! It is a bug in the exam.

Ticket 15 – IPv6 GRE Tunnel

Problem: Loopback address on R1 (2026::111:1) is not able to ping the loopback address on
DSW2 (2026::102:1).

Configuration of R3:
!
interface Tunnel34
no ip address
ipv6 address 2026::34:1/122
ipv6 enable
ipv6 ospf 6 area 34
tunnel source Serial0/0/0.34
tunnel destination 10.1.1.10
tunnel mode ipv6
!

Configuration of R4:
interface Tunnel34
no ip address
ipv6 address 2026::34:2/122
ipv6 enable
ipv6 ospf 6 area 34
 tunnel source Serial0/0/0
tunnel destination 10.1.1.9
!

Answer:
Ans1) R3
Ans2) Ipv4 and Ipv6 Interoperability
Ans3) Under the interface Tunnel34, remove ‗tunnel mode ipv6′ command

Ticket 16 – IPv6 RIPng OSPFv3

Redistribution
Problem: Loopback address on R1 (2026::111:1) is not able to ping the loopback address on
DSW2 (2026::102:1).

Configuration of R4:
ipv6 router ospf 6
log-adjacency-changes
!
ipv6 router rip RIP_ZONE
redistribute ospf 6 metric 2 include-connected
!

Answer:
Ans1) R4
Ans2) Ipv6 OSPF Routing
Ans3) Under ipv6 ospf process add the ‗redistribute rip RIP_Zone include-connected‘ command

Ticket 17 – Switchport Encapsulation

On ASW1:

interface fa1/0/1
switchport access vlan 10
switport mode trunk
switport trunk encapsulation dot1q
interface fa1/0/2
switchport access vlan 10
switport mode trunk
switport trunk encapsulation dot1q

Answer:

Ans1) ASW1
Ans2) Access VLANs
Ans3) In configuration mode, use ‗interface range fa1/0/1-2‘ then ‗switchport mode access‘,
then ‗no switchport trunk encapsulation dot1q‘