ShoIProute

I think I finally found the link. And it looks like the answer is Auto RP: [Hidden Content]

Hey Bengini, I hope ur doing well, "In my opinion it should be a specific request, such as: Ospf should be on L3 links as it is for the Ipv6 EIGRP and make sure that there is an alternative way for traffic if other Ospf areas will be added in a future" I agree with u 100% here. But this comment is only relevant to whether or not u configure the vlan2000-2001 SVIs as "passive-interfaces" or not. To respond to ur comment about whether the Virtual-Link is necessary or not, as an experiment, can u please post a traceroute to sw211 (10.2.255.211) from host12 without the Virtual-Link configured and tell us all which path it takes? And then can u do a "show ip route ospf" on sw102 without the Virtual-Link configured and tell us what the next hop is for all of the DC prefixes? (For everything in the 10.2.0.0/16 range). Then u can let us know what the Primary path for traffic from HQ to the DC is. Does it fulfil the requirement in the Task where it says: The primary traffic path must be the link between sw101 & sw201 and the link between sw102 & sw202 must become primary path during primary link failover. Does host 11, host12, sw101, sw102, r11 and r12 all take the Primary Path? (sw101-sw201) with ur configuration (the one without the virtual-link)? Please post those traceroutes and the output for the routing table on sw102 🙂

This is actually incorrect. Configuring "no passive-interface vlan 2000 (and 2001)" will not prevent traffic from the DC to go thru sw201/sw101 link. Whether u configure those SVIs as passive or not passive will have no bearing on which path the DC devices take to enter into HQ, since they those devices will always seek to take the path with the lowest cost. Advertising a more attractive metric (For example: sw101 advertise 10.1.0.0/16 with the lowest cost and sw102 will advertise 10.1.0.0/16 with a higher cost) will fulfil that requirement. Because the DC will always want to enter into HQ via the sw201/sw101 link. On the other side, traffic from HQ going into the DC, will need to see a more attractive path to the DC on the sw101/sw201 link, but the problem is that traffic from host12 will always hit sw102 and from there it will exit out of sw102's g0/2 interface directly connected with sw202 because sw102 is receiving INTRA-Area (Area 0) LSAs from its link with sw202. Therefore, it will always prefer going out of its directly connected link to reach the DC, instead of forwarding the packets to sw101, since it will only see INTER-Area LSAs (In Area 1) from sw101. And in OSPF: Intra-Area LSAs always wins over Inter-Area. In order to solve this dilemma, sw102 needs to form a Virtual-Link with sw101 in order to receive Intra-Area Backbone routes from the DC via sw101. With this accomplished, u can now configure a higher cost on sw102's g0/2 interface so that it prefers to route thru sw101 to send packets to the DC. Without the Virtual-Link, it would only go thru its directly connected link with sw202. Whether or not the Data Plane forwards packets thru routers r11 and r12 is of no consequence and does not matter. The Task is not concerned with whether or not the solution is "optimal" or "suboptimal", even tho, passing the packets thru r11 and r12 instead of going thru the directly connected VLAN 2000 and 2001 Interfaces is actually suboptimal to me in my opinion, because those VLANs are directly connected between sw101 and sw102. Sending the packets downstream to the routers is adding an extra hop to the entire path. But my point is, whether or not u decide to configure the vlan 2000 and vlan 2001 interfaces as passive or not, it shouldn't really matter. It's configuring the Virtual-Link between sw101 and sw102 that will help u accomplish ur goal of making the link between sw101 and sw201 the primary link for traffic destined to the DC. It doesn't matter which path inside of HQ that the packets take in order to get to sw101. And yes, the task states that we are not allowed to touch sw201 or sw202 to accomplish this task: "The primary traffic path must be the link between sw101 & sw201 and the link between sw102 & sw202 must become primary path during primary link failover. For achieving this requirement you are not allowed to configure on sw201 & sw202"

I agree with not making the interfaces passive, although I'm not sure if it really makes a big difference in terms of what they want us to accomplish. And I think u mean adding the cost of 100 to the g0/2 interface of sw102, since we're not allowed to modify sw201/sw202 to solve that requirement.

Yup, that's exactly why. And the fact that u made the vl2000-2001 interfaces passive, so the data traffic can't pass thru that link, so it can only go thru r11/r12. Recall that a Virtual-Link is a Control Plane solution (for exchanging routing information). No data traffic can actually pass thru it. The actual packets still have to route hop by hop to the destination and cannot route thru the logical Virtual-Link.

Yes: Administration>Identity Management/Settings>User Authentication Settings Uncheck everything that would prevent u from using the username and pw that they want us to use.

Like what??

What were some of the new questions that u ran into? 🤨

Congratulations bro!!!

I think it would be ridiculous for them to expect u to open each Task/Section before u configure it. What if u took the exam already and ur anticipating what the questions will be? I can see what visasman is saying about all Tabs need to be in "unread" status. That makes sense. Because if u never opened up the Task or Section, how would u know exactly what the question is asking and what u need to do? Maybe they modified a question and have some variation. I think they would be suspicious if u didn't look at some of the Tasks or Sections and just entered in configurations for everything.

@benginiHave u actually done a debug and tested how long it takes for the Routers to failover? Can u post a debug with the Timestamp? The config that I posted above was actually tested. Do u not need to still lower the RA Lifetime in order for the Node to consider that particular Router unreachable? Have u tested the failover urself?

Hey @bengini I disagree with ur suggestion for Task 1.6 Check out this blog: [Hidden Content] and this one: [Hidden Content] For the reason why.

Right, what I'm saying is that if u reference a route-map that matches the prefixes, then u break the restrictions and miss the requirement, because u have to configure the entire solution in the "router ospf" mode, similar to the example that u provided. But I think if u reference a route-map, u won't get the points, since part of ur solution is configured outside of the route-map. I so have one problem with that config tho. I'm wondering why u guys are tagging the EIGRP/DMVPN routes??? I don't think that's necessary, because there are no requirements to filter those routes.

Interesting that u did everything similar to visasman's solutions and still failed. If u used a route-map for Task 1.8 then u definitely lost 4 points, because the requirement says: "The configuration of this requirement must be completed exclusively within the router ospf and interface vlan context " So the route-map breaks that requirement. 2 Questions for u: Were u at least close to passing the DOO module according to ur score? did u pass the Design module on that attempt or did u Fail it?

Congratulations!!! And thanks for the solutions and tips!!