Академический Документы
Профессиональный Документы
Культура Документы
Document Information
Author Combat C4C, CC Dreamer C4C
Skype ID1: ccie04final (NOT live:ccie04final)
Please Contact
Skype ID2: nguyenbich279 (NOT live:nguyenbich279)
Change Authority Advanced Team Focus
Version 1.5
Date updated 4/16/2019
Comment History Updated Solution
CONTENTS
1. H3 .................................................................................................................................................... 3
1.1 Ticket 1 ..................................................................................................................................... 3
1.2 Ticket 2 ..................................................................................................................................... 5
2. H3+ ................................................................................................................................................. 8
2.1 Ticket 1 ..................................................................................................................................... 8
1
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
2
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
1. H3
1.1 Ticket 1
3
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Question 1:
Device: SW1
Question 2:
Seq: 113, the packet is about DHCP discovery, source ip address of relay agent is
0.0.0.0
Question 3:
Between SW1-SW3
//How to find out the sequence 113 (or other sequence) to answer for question 2?
You have a clould shark file, you filter with command “bootp”. FIND the FIRST DHCP
Discovery packet and Select. Get your Sequence from that one. (you can see the
option is 82 and Relay agent (GIADDR) address is 0.0.0.0)
Sequence: 114
Between SW1-SW3
1.3 Ticket 2
The material is capturing packets. You could find the capture packet in that link:
C4C DIAG Packet Capture
Question 1:
What does the capture effetiverly shows? Select all that apply
TCP Connection from a remote host to the router’s IP address 10.1.1.2 on port 1337.
TCP Connection from a remote host to the router’s IP address 10.1.1.1 on port 1337.
TCP Connection from a remote host to the router’s IP address 10.1.1.2 on port 1337.
5
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
TCP connection from a remote host to router’s IP address of Victim on port 1337
The key here is find out which is IP address of Hacker and IP address of Victim.
Use the command “http.request.method==GET”, the Source who do the GET are
Victim , the Dest are Hacker
Question 2:
Which command if issued from the hacker end can bring down the complete
system?
Sharkfest
Su env
Poweroff
Poweroff
Method 1 : tcp.stream eq 4
7
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Question 3:
tclsh http://10.1.1.1/bd2.tcl
2. H3+
2.1 Ticket 1
8
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Question 1:
9
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Question 2:
Seq: 114, the packet is about DHCP discovery, cource ip address is 0.0.0.0
Question 3:
Between SW1-SW3
//Find the Sequence number for Question 2 here are same with H3 Ticket 1 question
2 above.
2.2 Ticket 2
The material is capturing packets. You could find the capture packet in the link:
C4C DIAG Packet Capture
Question 1:
What does the capture effetiverly shows? Select all that apply
TCP Connection from a remote host to the router’s IP address 10.1.1.2 on port 1337.
TCP Connection from a remote host to the router’s IP address 10.1.1.1 on port 1337.
TCP Connection from a remote host to the router’s IP address 10.1.1.1 on port 1337.
Question 2:
Which command if issued from the hacker end can bring down the complete
system?
Sharkfest
Su env
Poweroff
Poweroff
Question 3:
tclsh http://10.1.1.2/bd2.tcl
3. H2
3.1 Ticket 1
Customer just setup a IPv6 Network, with HSRPv6 on R1 & R2. After setting up, all
hosts lose connection. What would you recommend to your L1 Engineer as a Quick
Fix?
CE1 key configuration
11
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
standby 1 priority 200
standby 1 preempt
ipv6 nd router-preference low
Description:
No IPv6 connection from LAN to Internet. CE1 and CE2 are configured in HSRP for
IPv6, CE1 is Active with Router-Preference Low and HSRP priority 200, CE2 is Standby
with RouterPreference High and HSRP priority 100. HSRP Preemption is configured
on both.
Issue:
Check console logs on Host, default route is pointing to FE80:::666. (because the
router with higher Router-preference, must have been configured with higher HSRP
priority. Only one router in HSRP groups is active, and current Active HSRP has “Low”
router-preference, but there is rouge device in LAN which has “Medium” better
router-preference, and hosts use information ND RA from Rouge device and select it
as Gateway)
Question 1:
12
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Configure CE2 with highest HSRP priority. (Make priority higher than CE1’s 200, so it
would become Active HSRP Router and start making Router Advertisements with
Route-Preference High)
Question 2:
What is the root cause of the problem caused by the current? Which deivce?
ARP snooping.
Routing issue.
Access-list blocking.
Miss default-gateway.
Device?
CE1
CE2
PE1
PE2
Host1
Host2
CE_DC
Server
13
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Question 3:
Answer:
Active: #193
//Below is example help you to find out the frame number in Cloudshark/Wireshark.
You could find the capture packet in the link: C4C DIAG Packet Capture
14
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
3.2 Ticket 2
You are working in the network team and one of your responsibilities is to solve
problems. There is a problem in multicast network in this morning and R3 cannot use
IPTV services. (it can be R2 as well)
Question 1:
Question 2:
Question 3:
15
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
4. H2+
4.1 Ticket 1
Customer just setup a IPv6 Network, with HSRPv6 on R1 & R2. After setting up, all
hosts lose connection. What would you recommend to your L1 Engineer as a Quick
Fix?
CE1 key configuration
standby 1 priority 200
standby 1 preempt
ipv6 nd router-preference low
standby version 2
Description:
No IPv6 connection from LAN to Internet. CE1 and CE2 are configured in HSRP for
IPv6, CE1 is Active with Router-Preference Low and HSRP priority 200, CE2 is Standby
with RouterPreference High and HSRP priority 100. HSRP Preemption is configured
on both.
Issue:
Check console logs on Host, default route is pointing to FE80:::666. (because the
router with higher Router-preference, must have been configured with higher HSRP
priority. Only one router in HSRP groups is active, and current Active HSRP has “Low”
16
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
router-preference, but there is rouge device in LAN which has “Medium” better
router-preference, and hosts use information ND RA from Rouge device and select it
as Gateway)
Question 1:
Question 2:
What is the root cause of the problem caused by the current? Which deivce?
1. ARP snooping.
2. Routing issue.
3. Access-list blocking.
8. Miss default-gateway.
17
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Device?
1. CE1
2. CE2
3. PE1
4. PE2
5. Host1
6. Host2
7. CE_DC
8. Server
Which device:
Question 3:
Active: #227
//use the same method with ticket 1 H2 to find out the Frame number.
You could find the capture packet in the link: C4C DIAG Packet Capture
18
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
4.2 Ticket 2
You are working in the network team and one of your responsibilities is to solve
problems. There is a problem in multicast network in this morning and R3 cannot use
IPTV services. (it can be R2 as well)
Question 1:
Question 2:
Question 3:
19
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
5. H1
5.1 Ticket 1
PC cannot get ip address and access network after a maintenance. During the
maintenance yesterday, SW3 has been replaced by a new switch and tier 1 engineer
copy the output of show run and paste to the new deivce. Tier 1 engineer think it
may be a spanning-tree or vtp problem. Choose where and what information you
need to troubleshoot the problem.
SW1/SW2/SW3/SW4
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
SW3
interface Ethernet1/0
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security mac-address aabb.cc00.2111
20
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
SW3
SW2#show ip int br
Interface IP-Address OK? Method Status
Protocol
Ethernet0/0 unassigned YES unset down down
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset up up
Ethernet0/3 unassigned YES unset up up
Ethernet1/0 unassigned YES unset up up
Ethernet1/1 unassigned YES unset up up
Ethernet1/2 unassigned YES unset up up
Ethernet1/3 unassigned YES unset up up
Question 1:
The material provided in which one of the best to help you determine fault? Indicate
which command executed on which device provides the most important information
about the possible cause of this issue?
Device: SW3.
Question 2:
Indicate which information collected on which device you require from the helpdesk
in order to confirm your suspicion
21
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
5.2 Ticket 2
Logging Message
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.17 (Tunnel0) is up: new adjacency
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.17 (Tunnel0) is down: holding time expired
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.18 (Tunnel0) is up: new adjacency
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.18 (Tunnel0) is down: holding time expired
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.19 (Tunnel0) is up: new adjacency
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.19 (Tunnel0) is down: holding time expired
R16
interface Ethernet0/1
ip address 145.67.89.14 255.255.255.252
duplex auto
speed auto
!
router eigrp 200
network 200.100.0.6 0.0.0.0
network 200.100.0.17 0.0.0.0
network 200.100.0.3 0.0.0.0
redistribute connected metric 1 1 1 1 1
R15
22
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
router eigrp 200
network 200.15.15.15 0.0.0.0
network 200.100.0.1 0.0.0.0
network 200.100.0.5 0.0.0.0
network 200.100.0.9 0.0.0.0
network 215.0.0.1 0.0.0.0
redistribute connected metric 1 1 1 1 1
Question 1:
After considering all information provide. Point and click on the device that is
respoinsible for causing the reported symptoms.
Answer:
R15
Question 2:
Answer:
5.3 Ticket 3
R1
interface FastEthernet0/0
ip nat inside
interface FastEthernet0/1
ip nat inside
interface FastEthernet1/0
23
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ip nat outside
interface FastEthernet0/0
ip nat outside
interface loopback 11
ip address 11.11.11.11 255.255.255.255
interface loopback 12
ip address 12.12.12.12 255.255.255.255
access-list 1 permit 10.1.0.0 0.0.255.255
access-list 2 permit 10.2.0.0 0.0.255.255
ip nat inside source list 1 interface loopback 11 overload
ip nat inside source list 2 interface loopback 12 overload
PC1
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
PC2
interface FastEthernet0/0
ip address 10.2.1.1 255.255.255.0
Question 1:
URPF has been configured. The link between PE1 and CE is the main link, the link
between PE2 and CE is a backup link. After the main link failed, user inside can not
access through the backup link. Select step to troubleshooting
1. R1 looks up its RIB and select interface e2/0 as the egress interface.
11. R1 looks up its RIB and selects interface E1/0 as the egress interface.
24
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
13. R2 and R3 drop the packet due to missing routing information for the
destination.
14. The destination does not reply with an ICMP echo reply.
17. R2 and R3 drop the packet due to missing routing information for the source.
21. R1 Looks up its RIB ans selects interface e2/0 as the egress interface.
1. R1 looks up its RIB and selects interface E2/0 as the egress interface.
Question 2:
25
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
6. H1+
6.1 Ticket 1
PC cannot get ip address and access network after a maintenance. During the
maintenance yesterday, SW3 has been replaced by a new switch and tier 1 engineer
copy the output of show run and paste to the new deivce. Tier 1 engineer think it
may be a spanning-tree or vtp problem. Choose where and what information you
need to troubleshoot the problem.
SW1/SW2/SW3/SW4
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
26
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
SW3
interface Ethernet1/0
switchport access vlan 10
switchport mode access
Question 1:
The material provided in which one of the best to help you determine fault? Indicate
which command executed on which device provides the most important information
about the possible cause of this issue?
Device: SW3.
Question 2:
Indicate which information collected on which device you require from the helpdesk
in order to confirm your suspicion
6.2 Ticket 2
27
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
Logging Message
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.17 (Tunnel0) is up: new adjacency
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.17 (Tunnel0) is down: holding time expired
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.18 (Tunnel0) is up: new adjacency
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.18 (Tunnel0) is down: holding time expired
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.19 (Tunnel0) is up: new adjacency
%DUAL-5_NBRCHANGE: EIGRP-IPv4 200: neighbor 215.0.0.19 (Tunnel0) is down: holding time expired
R16
interface Ethernet0/1
ip address 145.67.89.14 255.255.255.248
duplex auto
speed auto
!
router eigrp 200
network 200.100.0.6 0.0.0.0
network 200.100.0.17 0.0.0.0
network 200.100.0.3 0.0.0.0
redistribute connected metric 1 1 1 1 1
R15
router eigrp 200
network 200.15.15.15 0.0.0.0
network 200.100.0.1 0.0.0.0
network 200.100.0.5 0.0.0.0
network 200.100.0.9 0.0.0.0
network 215.0.0.1 0.0.0.0
redistribute bgp 65200 metric 1 1 1 1 1 route-map CCIE
28
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ip prefix-list CCIE seq 5 permit 0.0.0.0/0
route-map CCIE permit 10
match ip address prefix-list CCIE
Question 1:
After considering all information provide. Point and click on the device that is
respoinsible for causing the reported symptoms.
R16
Question 2:
6.3 Ticket 3
R1
interface FastEthernet0/0
ip nat inside
interface FastEthernet0/1
ip nat inside
interface FastEthernet1/0
ip nat outside
interface FastEthernet0/0
29
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.
Ccie4career.com Skype ID 1: ccie04final
Skype ID 2: nguyenbich279
ip nat outside
interface loopback 11
ip address 11.11.11.11 255.255.255.255
interface loopback 12
ip address 12.12.12.12 255.255.255.255
access-list 1 permit 10.1.0.0 0.0.255.255
access-list 2 permit 10.2.0.0 0.0.255.255
ip nat inside source list 1 interface loopback 11 overload
ip nat inside source list 2 interface loopback 12 overload
PC1
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
PC2
interface FastEthernet0/0
ip address 10.2.1.1 255.255.255.0
Note:
1. R1 is configured for eBGP multipath and uRPF loose mode; uses per destination
load-balance.
2. R2 and R3 are both uRPF Strict mode, they prefer route to Loopback11 and
Loopback 12 via R3-R1.
3. Logs on R1 (show ip cef exact route <hosts> internet> shows that if path is
towards R2, it is dropped on R2; if path is towards R3, it will NOT be dropped.
Question 1:
URPF has been configured. The link between PE1 and CE is the main link, the link
between PE2 and CE is a backup link. After the main link failed, user inside can not
access through the backup link. Select step to troubleshooting
8. R3 received the packet and check with its own ACL and determines R2 as
destination.
9. R2 received the packet and check with its own ACl and determines R1 as
destination.
10. R3 forwards the packet to R2 and R2 send it back to R3 and back and back and
forth.
11. R2 forwards the packet to R3 and R3 send it back to R2 and back and aback
and forth.
5. R3 received the packet and check with its own ACL and determines R2 as
destination.
6. R2 received the packet and check with its own ACl and determines R1 as
destination.
8. URPF fail
Question 2:
31
CCIE4Career.com
The best solution, very clear Workbook The best way you can get CCIE Certificate.