DESIGN section answered

[Mursal]

Hi all CCIE 2B's

For anyone who has attempted or passed the lab - do these questions look accurate?

Not a new share 

No Contain sharing allowed in No Request Section only discussion -- GLAVIN

I'd like to use this thread to start answering the questions and discussing.  

[Mursal]

Yeah, based on the bad English in the questions, I doubt these are fully accurate, but maybe close enough that we can understand what the question is getting at and answer anyway. What I need from someone who has seen the exam, is to tell whether these are real questions or a fraud set to cause guys to fail. 

Loki's answers are really good. great work!

Edited October 12, 2021 by Mursal

[cshaw]

thks

[ccieeii]

CLC files are complete waste and even their solution is not worth so do not use this above file its not accurate.

Just follow the Chinesedumps CH files thats all needed to pass and even their answers are very accurate. 

[Mursal]

Do you have the latest files to link to please?

[hmizou]

anyone here can put some some useful links ?🤭

[Jocantaro]

I´m trying to resolve the design part from clc, I will paste here info for anyone who want to collaborate, maybe they are fake for the exam but could be a good training

 

Regards.

 

Spoiler

Question 2: C - Configure ports toward end hosts as edge ports

Question 3: B - Trunk ports are not considered as edge ports unless explicitly configured to.

Question 4: EIGRP DMVPN - Having doubts...

Question 5: 

Question 6:  Doubts.

Question 7:  Only a failure of a router or a link: Decrease dead interval  Only revival of a router or a link: Decrease hello timer, Both failure/revival: Deploy BFD and decrease initial spf delay

Question 8.1:  Prefix suppression

Question 8.2: Control LSA1-2: multiple areas, prefix-suppresion, Most cases config/forget: mult areas, prefix-supp, Most cases requires ongoing... Disgribute List, summarization, Filter list.

Question 8.3:   A - Incorrect deployment of distribute lists may cause permanent routing loops D - Distribute links in OSPF have no influence on the contents of the CEF FIB on the router

Question 9.1:  C - sw101, sw102, sw110 and sw211

Question 9.2: A - Port channels toward sw101 and sw102

Question 9.3: B - On switches performing DHCP Snooping, disable Option 82 insertion A? - On IOS based DHCP servers and relay agents, accept DHCP messages containing Option 82
having all-zero giaddr

Question 10: A - Shortcut switching is enabled on the DMVPN tunnel of r62 and r70 C - NHRP Redirects are enabled on the DMVPN tunnel of r24

Question 11: F - Private VLANs with an isolated and a community secondary VLAN

Question 12:  R24: Create parent Qos shaper 10 MB-config bhrp qos group name apply parent Qos policy as service policy on the tunnel. R70 Configure nhrp Qos group name

Question 13: I have doubts R3 is RR for R4 R5 and R6, R3 knows both paths to Branch#3 but as a RR only passes the bestpath to its clients not all paths, If we configure multipath? (C) I think It´s E) on R4 (RR client) bgp max path settings increased

 

 

 

[a7s]

9 hours ago, Jocantaro said:

I´m trying to resolve the design part from clc, I will paste here info for anyone who want to collaborate, maybe they are fake for the exam but could be a good training

 

Regards.

 

  Reveal hidden contents

Question 2: C - Configure ports toward end hosts as edge ports

Question 3: B - Trunk ports are not considered as edge ports unless explicitly configured to.

Question 4: EIGRP DMVPN - Having doubts...

Question 5: 

Question 6:  Doubts.

Question 7:  Only a failure of a router or a link: Decrease dead interval  Only revival of a router or a link: Decrease hello timer, Both failure/revival: Deploy BFD and decrease initial spf delay

Question 8.1:  Prefix suppression

Question 8.2: Control LSA1-2: multiple areas, prefix-suppresion, Most cases config/forget: mult areas, prefix-supp, Most cases requires ongoing... Disgribute List, summarization, Filter list.

Question 8.3:   A - Incorrect deployment of distribute lists may cause permanent routing loops D - Distribute links in OSPF have no influence on the contents of the CEF FIB on the router

Question 9.1:  C - sw101, sw102, sw110 and sw211

Question 9.2: A - Port channels toward sw101 and sw102

Question 9.3: B - On switches performing DHCP Snooping, disable Option 82 insertion A? - On IOS based DHCP servers and relay agents, accept DHCP messages containing Option 82
having all-zero giaddr

Question 10: A - Shortcut switching is enabled on the DMVPN tunnel of r62 and r70 C - NHRP Redirects are enabled on the DMVPN tunnel of r24

Question 11: F - Private VLANs with an isolated and a community secondary VLAN

Question 12:  R24: Create parent Qos shaper 10 MB-config bhrp qos group name apply parent Qos policy as service policy on the tunnel. R70 Configure nhrp Qos group name

Question 13: I have doubts R3 is RR for R4 R5 and R6, R3 knows both paths to Branch#3 but as a RR only passes the bestpath to its clients not all paths, If we configure multipath? (C) I think It´s E) on R4 (RR client) bgp max path settings increased

 

 

 

Where do you  have the question? I can help answering.

[Mursal]

@Jocantaro
Your answers are good - is what I have,

 Q4 Maybe R21 and R70 in fVRF? 
 Q6 - L2 L3 and L4 -  (answer on page 8 here: 

This is the hidden content, please

• Sign In
• or
• Sign Up

)
 
Have you got more answers?

I am research Q20 now... maybe M flag? 

Anyone else able to help with answers to Questions?

 

[Jocantaro]

8 hours ago, Mursal said:

@Jocantaro
Your answers are good - is what I have,

 Q4 Maybe R21 and R70 in fVRF? 
 Q6 - L2 L3 and L4 -  (answer on page 8 here: 

This is the hidden content, please

• Sign In
• or
• Sign Up

)
 
Have you got more answers?

I am research Q20 now... maybe M flag? 

Anyone else able to help with answers to Questions?

 

For the moment I havent more answers I´m busy with labs, maybe at the end of the week If I finish what I have planed I could answer the others, but feel free to contribute, It´s what I´m looking for and what will be the best, everyone interested doing the questions and then comment between all of us.

 

Regards.

[durisl]

Hello guys,

Could you please share the questions for design module? Above there are the answers but not the questions.

I found only deploy module from @Loki.

Thank you!

[durisl]

On 10/12/2021 at 3:32 AM, Mursal said:

Hi all CCIE 2B's

For anyone who has attempted or passed the lab - do these questions look accurate?

Not a new share 

No Contain sharing allowed in No Request Section only discussion -- GLAVIN

I'd like to use this thread to start answering the questions and discussing.  

Where are the questions?

[Mursal]

questions are in the share section of the site. Please go look.

[durisl]

4 hours ago, Mursal said:

questions are in the share section of the site. Please go look.

Hello Mursal, where I can find share section?

[adel]

thanks

 

[Glepers]

thanks

[Jocantaro]

I will paste all solutions I have, in some of them I have doubts or maybe the solutions are wrong, It will be appreciated If anyone contributes to solve it, I spend a lot of hours searching info and only one person answered 😕

Spoiler

Question 2: C - Configure ports toward end hosts as edge ports

Question 3: B - Trunk ports are not considered as edge ports unless explicitly configured to.

Question 4: EIGRP DMVPN

Question 5: Static (provides shortest, L3 and L2 support, LB), LACP ( misscabling, widest vendor, L3, L2, misconfig, LB)

Question 6: A - L2/L3/L4

Question 7: Decrease Dead int (only a failure...), Decrease hello (only a revival ¿? DOUBTS maybe BOTH?), BFD (both), decrese initial SPF (both ¿?)

Question 8.1: B- Distribute lists E - Prefix suppression

Question 8.2: Distribute List ( most cases...), Multi Areas (control dist, most cases config and forget), Summ (most cases requ.), Prefix supp (Control dist, Most cases...) Filter-List (most cases...) 

Question 8.3: A - Incorrect deployment of distribute lists may cause permanent routing loops D - Distribute links in OSPF have no influence on the contents of the CEF FIB on the router

Question 9.1:  C - sw101, sw102, sw110 and sw211

Question 9.2: A - Port channels toward sw101 and sw102

Question 9.3: B - On switches performing DHCP Snooping, disable Option 82 insertion A? - On IOS based DHCP servers and relay agents, accept DHCP messages containing Option 82
having all-zero giaddr

Question 10: A - Shortcut switching is enabled on the DMVPN tunnel of r62 and r70 C - NHRP Redirects are enabled on the DMVPN tunnel of r24

Question 11: F - Private VLANs with an isolated and a community secondary VLAN

Question 12: R24 -> Create parent Shaper, Create child QoS, apply the parent Qos policy....-> R70 Configure NHRP QoS Group name

Question 13: I have doubts R3 is RR for R4 R5 and R6, R3 knows both paths to Branch#3 but as a RR only passes the bestpath to its clients not all paths, If we configure multipath? (C) I think It´s E) on R4 (RR client) bgp max path settings increased

Question 14: D - 239.2.1.1 G - 239.1.1.1

Question 15: Option B in both sw101 and sw102

Question 16: B - R11 D - R21

Question 17: B - Loopback0 prefixes of all PE and P Routers

Question 18: E - LDS advertisement filter applied to PE and PE routers

Question 19: B - MPLS TTL Propagation disabled on PE routers

Question 20: C - The M-Flag was not set in RA

Question 21: Doubts I think E - The end host coult not locate their DHCPv6 server and F - The end host did not have...

Question 22: B - Enable RA Guard

Question 23.1: Non prop VRRP IPv6RA, active role can coupled HSRP, transparent to end host (HSRP, VRRP), BFD (HSRP, VRRP)

Question 23.2: DOUBTS D - VRRP only, ipv6 RA???

Question 24: B - E and doubts ( C or D)

Question 25: A - On the link..... C - Config a backup

Question 26: C and D

Question 27: D and doubts between A and C

Question 28: E - one /25 subnet

Question 29: ¿?

Question 30: C and doubts

Question 31: DNA GUI (SNMPv3, TACACS, Port Sec, App policy, anycast), DNA template (UDLD, MSTP,...) DOUBTS

Question 32: E - Set up fabric SGACLs... and A - Utilize and external FW...

Question 33: E - Use the DNA Center application policy.... ¡'

Question 34: C - D

Question 35: Requieres Guestshell (EEM python, EEM applet), Allow sharing (EEM applet), Allow sche (all), Allos trigger (EEM py, EMM app), Allows running (Standar python...)

Question 36: D

Question 37.1: B

Question 37.2: B

Question 37.3: A

Question 38: Doubts

            

 

 

[durisl]

Hello Jocantaro! Could you please share the questions?

[smak]

On 11/20/2021 at 2:04 PM, Jocantaro said:

I will paste all solutions I have, in some of them I have doubts or maybe the solutions are wrong, It will be appreciated If anyone contributes to solve it, I spend a lot of hours searching info and only one person answered 😕

  Reveal hidden contents

Question 2: C - Configure ports toward end hosts as edge ports

Question 3: B - Trunk ports are not considered as edge ports unless explicitly configured to.

Question 4: EIGRP DMVPN

Question 5: Static (provides shortest, L3 and L2 support, LB), LACP ( misscabling, widest vendor, L3, L2, misconfig, LB)

Question 6: A - L2/L3/L4

Question 7: Decrease Dead int (only a failure...), Decrease hello (only a revival ¿? DOUBTS maybe BOTH?), BFD (both), decrese initial SPF (both ¿?)

Question 8.1: B- Distribute lists E - Prefix suppression

Question 8.2: Distribute List ( most cases...), Multi Areas (control dist, most cases config and forget), Summ (most cases requ.), Prefix supp (Control dist, Most cases...) Filter-List (most cases...) 

Question 8.3: A - Incorrect deployment of distribute lists may cause permanent routing loops D - Distribute links in OSPF have no influence on the contents of the CEF FIB on the router

Question 9.1:  C - sw101, sw102, sw110 and sw211

Question 9.2: A - Port channels toward sw101 and sw102

Question 9.3: B - On switches performing DHCP Snooping, disable Option 82 insertion A? - On IOS based DHCP servers and relay agents, accept DHCP messages containing Option 82
having all-zero giaddr

Question 10: A - Shortcut switching is enabled on the DMVPN tunnel of r62 and r70 C - NHRP Redirects are enabled on the DMVPN tunnel of r24

Question 11: F - Private VLANs with an isolated and a community secondary VLAN

Question 12: R24 -> Create parent Shaper, Create child QoS, apply the parent Qos policy....-> R70 Configure NHRP QoS Group name

Question 13: I have doubts R3 is RR for R4 R5 and R6, R3 knows both paths to Branch#3 but as a RR only passes the bestpath to its clients not all paths, If we configure multipath? (C) I think It´s E) on R4 (RR client) bgp max path settings increased

Question 14: D - 239.2.1.1 G - 239.1.1.1

Question 15: Option B in both sw101 and sw102

Question 16: B - R11 D - R21

Question 17: B - Loopback0 prefixes of all PE and P Routers

Question 18: E - LDS advertisement filter applied to PE and PE routers

Question 19: B - MPLS TTL Propagation disabled on PE routers

Question 20: C - The M-Flag was not set in RA

Question 21: Doubts I think E - The end host coult not locate their DHCPv6 server and F - The end host did not have...

Question 22: B - Enable RA Guard

Question 23.1: Non prop VRRP IPv6RA, active role can coupled HSRP, transparent to end host (HSRP, VRRP), BFD (HSRP, VRRP)

Question 23.2: DOUBTS D - VRRP only, ipv6 RA???

Question 24: B - E and doubts ( C or D)

Question 25: A - On the link..... C - Config a backup

Question 26: C and D

Question 27: D and doubts between A and C

Question 28: E - one /25 subnet

Question 29: ¿?

Question 30: C and doubts

Question 31: DNA GUI (SNMPv3, TACACS, Port Sec, App policy, anycast), DNA template (UDLD, MSTP,...) DOUBTS

Question 32: E - Set up fabric SGACLs... and A - Utilize and external FW...

Question 33: E - Use the DNA Center application policy.... ¡'

Question 34: C - D

Question 35: Requieres Guestshell (EEM python, EEM applet), Allow sharing (EEM applet), Allow sche (all), Allos trigger (EEM py, EMM app), Allows running (Standar python...)

Question 36: D

Question 37.1: B

Question 37.2: B

Question 37.3: A

Question 38: Doubts

            

 

 

Not sure if this is allowed, but please add me on Skype at "live:.cid.5b7da97c94068eaa"

 

Seems like you are on the right track, and we agree on most of these. I have 30 or so answered with some good level of detail that I will share, and we can discuss. 

[routemap]

Question 13: I think the best answer is "B".

Technically it should be a combination of unique RD's and multipath. Unique RD configured on both PEs R5 & R6. And multipath configured in R4 (PE router) under VRF fabd2.

Since the RD (100000) is the same on all PEs, when the Branch3 prefix gets sent to the RR, it only reflects the best path to the RR clients, so only 1 of the prefix is advertised. If the RDs are unique then both prefixes will be advertised.

b) On r5 and r6, unique RDs need to be configured

c) On r3 as the route reflector, BGP Multipath feature must be enabled 

--> C is incorrect as the multipath should be configured on the PE, not on RR.

 

Question 24: B C E

Regarding Jocantaro's doubts if either C or D 
I think it should be C since as the vSmart learns the routes from the Branches, it advertises to other branches that those will have it's TLOC IP changed to the Hub's TLOC, making it a hub-and-spoke topology.

From the email it says "Any such communication be instead routed through
the data center where we have the necessary firewalls in place."

a) Create an ACI at Branch #1 and Branch #2 blocking their direct mutual communication
b) Create POS VPN AND VPN interface feature templates and apply them to Branch #1 and Branch
#2 device templates
c) Apply the policy outbound to the Site IDs of Branch #1 and Branch #2
d) Apply the policy outbound to the Site ID of the DC
e) Create a policy to set the TLOCs for Branch #1 and Branch #2 POS OMP routers to the DC
TLOC(s)
f) Block Branch #1 and Branch #2 from learning each other’s TLOC routers

 

Question 26: A C

B - Definitely not as it's VPN512
D - There's no direct Internet on vEdge52 VPN0 which is going to SP#2
E - Definitely not as there's no direct Internet from vEdge51 to the TLOC extension to vEdge52.

Based on the given constraints and existing design, which two steps can be performed to ensure that internet-bound traffic from Branch #2 is not sent via the data center?(Choose two.)

a) On Vedge52, configure NAT to VPN 0 on the interface connected to the vedge51 TLOC extension
interface for the internet transport.
b) On vedge51, configure NAT to VPN 512 on the interfaces toward the ISP.
c) On vedge51, configure NAT to VPN 0 on the interface toward the ISP.
d) On vedge52, configure NAT to VPN 0 on the interface toward SP #2.
e) On vedge51, configure NAT to VPN 0 on the TLOC extension interface for the internet transport.

 

Question 27: C D

C - Need to restrict the Guest VPN
D - For DIA

Which two steps are required to implement the desired Guest VPN design? (Choose two)

a) Implement a localized data policy that blocks Guest VPN traffic between SD-WAN branches.
b) Configure a centralized VPN membership policy that only allows Guest VPN prefix to be advertised in OMP.
c) Configure a centralized VPN membership policy that restricts the Guest VPN prefix from being advertised in OMP.
d) Configure centralized data policy that perform NAT of Guest VPN traffic to VPN 0.
e) Configure a localized control policy that rewrites the TLOC of Guest VPN routes in OMP to 0.0.0.0.

 

Edited November 24, 2021 by routemap

[Jocantaro]

I agree with 24, 26 and 27, after review them I saw my mistakes.

 

About 13: RR only advertise to it´s clients the best path, so one solution could be use shadow RR to add different paths to the Branch, using R5 and R6 as shadow RR with unique RDs we´ll have 2 different paths advertised one via R5-RD-1 and other via R6-RD-2 and as RR will send the route to their clients.

 

What do you think?

[routemap]

1 hour ago, Jocantaro said:

I agree with 24, 26 and 27, after review them I saw my mistakes.

 

About 13: RR only advertise to it´s clients the best path, so one solution could be use shadow RR to add different paths to the Branch, using R5 and R6 as shadow RR with unique RDs we´ll have 2 different paths advertised one via R5-RD-1 and other via R6-RD-2 and as RR will send the route to their clients.

 

What do you think?

Yes that also works. The simplest solution would be the unique RDs from the choices provided as the others (A, D, E) are not reasonable.

[routemap]

@Jocantaro Hello for item 14, may I ask how did you come up with the answer D and G? From my understanding the Administratively scoped block (239.0.0.0/8) can be used under RFC 2365.. But in the choices there are 4 items under that block. So c, d, f and g.  Letter F cannot be the answer since the RapidStreaming will co-exist with JustStreaming for a while.

So now the answers will fall on c, d, and g. Hope you can share your thoughts, thanks.

 

Which two addresses are the best choices for the Connected FABD2 and RapidStreaming multicast
groups? (Choose two.)

a) 232.2.1.1
b) 232.1.1.1
c) 239.129.1.2
d) 239.2.1.1
e) 232.129.1.1
f) 239.1.1.2
g) 239.1.1.1
 

Edited November 26, 2021 by routemap

[enterprise]

Guys,

Post it here better for all

It will really help you for sure if all on 1 page.

[Jocantaro]

On 11/26/2021 at 3:13 PM, routemap said:

@Jocantaro Hello for item 14, may I ask how did you come up with the answer D and G? From my understanding the Administratively scoped block (239.0.0.0/8) can be used under RFC 2365.. But in the choices there are 4 items under that block. So c, d, f and g.  Letter F cannot be the answer since the RapidStreaming will co-exist with JustStreaming for a while.

So now the answers will fall on c, d, and g. Hope you can share your thoughts, thanks.

 

Which two addresses are the best choices for the Connected FABD2 and RapidStreaming multicast
groups? (Choose two.)

a) 232.2.1.1
b) 232.1.1.1
c) 239.129.1.2
d) 239.2.1.1
e) 232.129.1.1
f) 239.1.1.2
g) 239.1.1.1
 

I choose D and G due to the adress usage in multicast.  239.129.1.2 and 239.1.1.2 will share the same mac, take a look at this link, has a converter and you can see it, so I choose it because of that, I think it´s better if they don´t share the same mac.

This is the hidden content, please

• Sign In
• or
• Sign Up