DIAG Answers And Ideas ccie lab material
PASSHOT shares some CCIE Lab learning materials. If you are studying CCIE R&S lab, it will be of great help to you!
DIAG If there are two options that are the same or optional, the previous option is preferred! =========================================================== ===================
DIAG 1
The first question is if SW3 has port-security or DIAG1 is not DIAG1+
The second question is if e16/0 of R16 ,the mask is /30 is DIAG1, if it is /29 it will be DIAG1+
DIAG1 Answer -------------
T1 STP
Q1: SW3, command: show ip int bri
Q2: What information is used to confirm the problem: HOST1, what the mac add of e0/0
T2 DMVPN
Q1: Problematic equipment: R15;
Q2: Solution: Remove E0/0 from EIGRP;
T3: URPF
Q1 drag title (abandon) remember that the traffic is from R1-->R3-->R2-->R1 drop
Q2: Asymmetric routing using URPF is selected
DIAG1+ answer -------------
T1 STP
Q1: SW3, command:show spanning-tree
Q2: Need help-desk engineer to confirm what information: SW3, show vtp password T2 DMVPN Q1: problematic device: R16;
Q2: Solution: increase the mask length of R16 E0/0; increase the mask length..
T3: URPF
Q1: Totu (abandon) remember that traffic is from R1-->R3-->R2-->R1 drop Q2: Select with strict URPF and destination-based load balancing options, strict uRPF and Per-destination load-balancing
=========================================================== ===================
DIAG 2
The second question is if the R2 has an RP route, it is DIAG2.
The second question is if the R2 has no RP route, it is DIAG2 + DIAG2 Answer -----------
T1
Q1 How to quickly confirm the problem: Configure CE2 to have a higher HSRPv6 priority;
Q2 1) The root cause of the current problem: the wrong HSRP configuration; 2) Which device is the problem? CE1; Which device is causing: unknown device in CE's LAN;
Q3 Select the first frame id from the capture packet To prove your guess: filter [ipcmpv6.type==134], select RA from FE80: 666, the answer is 193;
T2 multicast
Q1 What is the problem? R3 has no route to RP;
Q2 What questions would you ask your engineer? Why is 10.4.1.0/24 is not in R3's RIB Q3 How to solve this problem temporarily? Add an ipv4 route or mroute to R4 on R3;
DIAG2+ Answer----------
T1
Q1 How to quickly confirm the problem: shutdown CE1 's e0/0;
Q2 1) The root cause of the current problem: high preference gateway info is sent out; 2) Which device is the problem? unknow device in CE's LAN;
Q3 Select the first frame id from the capture packet To prove your guess: filter [ipcmpv6.type==134], select RA from FE80: 666, the answer is 227;
T2 multicast
Q1 What is the problem? R2 has no route to RP;
Q2 What questions would you ask your engineer? Why is 10.4.1.0/24 is not in R2's RIB
Q3 How to solve this problem temporarily? Add an ipv4 route to R4 on R2 or Mroute;
=========================================================== ===================
DIAG 3
T1 DAI
Q1 problematic device and search command: SW1, show ip dhcp relay info trusted-sources
Q2 Which capture package can help find the cause of the problem: [DIAG3 answer: seq 113; DIAG3+ Answer: 114; DIAG3+++ Answer: 114], [Filter bootp, discovery message with source address 0.0.0.0] The problem is that the source address is 0.0.0.0
Q3 capture location: between SW1 - SW3
T2 Sec filters [tcp.port==1337], and destination port 1337 corresponds to destinaion ip as the server address;
The 4 options in Q1 are
1) Server TCP is connected to the attacker's site or the server is connected to the router through a vty or router TCP connection to the attacker; (DIAG3++tcp session from 10.1.1.1 to the router Via vty, does this item mean to say that the server is actively connecting?)
2) The remote attacker connects to the server's tcp 1337 port;
3) Then download a tcl script via http;
4) A malware is installed through the back door;
The Q2 solution is to end the process with server power off or kill e;
The command used by the Q3 attacker is tclsh
Unfinished...
Comments
Post a Comment