Share your TSHOOT v2.0 Experience

Hello guys, is it true that we can’t use “pipe” (|) in the tickets?
I have premium 9tut membership and i see that pipe is accepted. But what about the exam?

the access port had port security configuration but after checked show int fa1/0/1 the port was up up state although the sh port-sec int fa1/0/1 show 1 violation.

what was the violation on the interface? was it shutdown?restrict?protect?
anybody follow me?

@flamingo – I didn’t realize that Fa1/0/1 was shut down. I guess that warning needs to be added to the ticket. Cisco could easily put 2 duplicate tickets in for the Sw-to-Sw in which one has that interface down, and the other isn’t down. I’ll have to check that on the test to see if it is actually shut down.

@flamingo – On the VACL ticket. Yeah, I understand what you mean. I’ll have to check again to see if that vlan access-map is being used anywhere else. I believe that access-map 10 is the only access-map that matches the IP’s of the hosts. I believe the other access-maps are there just to confuse you. Also, being that this is a distrobution switch with only one connection upstream, there shouldn’t be ANYTHING that blocks traffic from the host, other than security related access-maps. ICMP should be allowed regardless. The access-map says to drop ALL traffic to that subnet. I would assume that if that access-map were confirgured anywhere else, it might still block the traffic. Another thing to check in the test. They could easily reference that access-map on the VLAN filter, as well as a VERY important interface.

This is why I wish networktut would confirm that the running-configs in the tickets here are the SAME as on the test.

@8alienHead – Thank you very much for this insight! I’ll have to look on the test to confirm that Fa1/0/1 is admin down. Here in the premium membership, the answer says to do the other, just remove the current VLANs, and add the new VLANs. Thank you for clarifying. I failed by 11 points. So, this will help me to pass, if I get the same tickets that is.

@Asari – Thank you for this information. The VACL answers are:

A. In configuration mode, using the “interface range port-channel 13, port-channel 23, then configure switchport trunk allowed vlan none followed by switchport trunk allowed vlan 109,200 commands.”

When Cisco does bold (which I used above as quotes) that typically means it is the command. I don’t know if this is a typo, or if they actually meant to put all of the quotes in bold. If that were the case, this answer DEFINITELY isn’t the correct answer.

B. In configuration mode, using the “interface range port-channel 13, port-channel 23”, then configure “switchport trunk allowed vlan 10,200” followed by “interface Fastethernet 1/0/1”, then “no shutdown” commands

@Hmmmmm – If the issue was with R4, you could do a “show ip eigrp neighbor” to see if there is a neighbor. If there is a neighbor, it is a redistribution issue, if there ISN’T a neighbor, there is a passive-interface issue. Congrats on passing your test!

@Hmmmmm – yes, on the port-security ticket. On the actual test, I did that as well. I did a “show port-security” and if I saw interfaces “shutdown” then I immediately said that port-security is the correct answer.

EVERYONE BEWARE!!!!!!!

Just as mentioned above, on the port-security/DHCP Helper tickets, it appears that both tickets have port-security violations. I would always do that SAML method, and if I couldn’t ping anything, I would do an “ipconfig.” If I got an APIPA IP, I would immediately go to ASW1 and do a “sho port” which is short for “show port-security”… On the premium memberhsip here, only 1 ticket would show a port-security issue and that was with the port-security on ASW1. It appears on the test that it could ALSO be with DHCP helper!!!! So, check that as well!!! That probably is the second answer that contributed to my 53% in L2 technologies.

@Ipsilantis – no, you can’t use pipe (|) in the exam.

@Lady – Yes, I know what you mean. I also tripped up here as well. There are a few tickets where port-security is enabled. It also appears that if you do a “show port-security” you’ll get an error on both tickets, the port-security and the DHCP helper ticket. I guess I’ll try doing a “show ip int br” to see if they are up/up, or down/down, etc. Also, I believe that the port-security ticket WON’T have an issue with DHCP helper. Jump over to DSW1 and check the DHCP Helper just to make sure.

Just cleared the exam with a perfect score 1000/1000

Nov. MCQ’s are still valid
Got the 2 SIMs – BGP and HSRP
Got 10 tickets. Everything is still valid on networktut material. Premium membership is worth it.

I see read here some confusions on Ticket 9 – Switchport trunk. The given solution here in networktut is correct, under interface Port-Channel 13, 23, add vlan 10,200 and then no shutdown interface fa1/0/1. Yup, fa1/0/1 is shut down initially as I have checked.

Passed today 1000/1000.
All materials in premuim sections are valid and yes, you have to also enable that port 1/0/1 in ticket related to inter-switch connection.

@inhin_yero – I have the premium membership and that’s not the answer given here. Not unless they just changed it in the past couple of days..

Regarding the HSRP debug message question check Question 2 on this site.
ACL 102 blocks the HSRP Hello messages so E is the correct answer.
https*//www*examtopics*com/exams/cisco/300-135/view/2/

@mind12 – what are the possible answers? I believe that NetworkTut has the correct answer on the HSRP sim

@mind12 – Yes, I just checked that question and you’re right. The answer is “The interface ACL is blocking the HSRP Hello packet exchange”…

@mind12 – check out this resource…

https :// www* alphaeducation* com/ download/ exam/ 300-135*pdf

Remove spaces and put . where there are *

@mind12 – I see what you mean. Both answers are right. There is a distribute-list applied to the OSPF process and that distribute-list references multiple access-lists.

Yeah, someone who got a 1000 recently. Can you look at this one? It could be either the distribute-list or the access-list.

I think it would be the distribute list because it denies both the 172.16.20.0/24 AND the 172.16.10.0/24 networks. answer “E” says “The ACL configured on R4 is blocking inbound traffic on the interface connected to R2″… They didn’t specify if that was just one ACL or multiple ACL’s.

Passed today 9xx , L2 76%

Nov MCQ’s are still valid
2 SIMs – BGP and HSRP

Thanks networktut!

@TO
There is an OSPF issue because of a DHCP issue. The routers don’t form neighbourship because R5 doesn’t have an IP on the interface. The answer is the DHCP issue.

Hi,

Anyone needs any help in clearing the TSHOOT Exam. mail me at gogoi.debojit @ gmail.com.

I will be glad to share my exam materials, with which I have cleared my TSHOOT exam.

Hi,

Anyone needs any help in clearing the TSHOOT Exam. mail me at gogoi.debojit84 @ gmail.com.

I will be glad to share my exam materials, with which I have cleared my TSHOOT exam.

Passed today with 1000/1000

Nov WCQ, BGP and HSRP sim, tickets all accurate.

Bit of a twist with the BGP sim that’s not here in this program …when you fix the iBGP portion you will get a message to create the peer group first. So you will need to type in ‘network IBGP remote-as 65xxx’ and then you can proceed as normal.

QUESTION FOR PEOPLE that gotten 1000 point
About VLAN access map ticket – What is the answer of the last question??

*no access vlan-map test1 10 command
or
*no vlan filter test1 vlan-list 10 command
??

passed yesterday, all tickets good and November MCQ. HSRP and BGP sims

I think its neighbor IBGP remote-as not network IBGP remote-as..!!!

@PeeWee about your comment:
– Is there space for 4 commands or 5? in the simulator are 4
so you are saying that the way is:
Fix IBGP issue first:
router bgp 64520
network IBGP remote-as 64520
neighbor IBGP remote-as 64520
Fix EBGP issue:
no neighbor 209.165.200.2 remote-as 64525
neighbor 209.165.201.2 remote-as 64525

Thank you for your help

@mind12 – that makes sense. But you think that the other question might be wrong? The one about the ACL rather than the distribute list?

@Layer – you don’t need the “network IBGP remote-as 64520” command.. only the 3 neighbor commands once in router bgp conifg

@TO and @Hario

for VACL question should be answer the “no vlan filter test1 vlan-list 10 command”

Because on instrucion (first page) say something with ‘proof-of-concept’ that requires both Client 1 and Client 2 to access the WEB Server at 209.65.200.241” (As I remember correct)

@Asari – thank you for the insight. Aren’t the two hosts in the same network defined in the access-map though? If so, then the access-map could still be correct.

@TO I know, I wanted to clarify/double check with @PeeWee

@Layer – understood. I took the test on the 2nd and got 100% on L3 technologies. So, I figure I’d answer. no worries.

@Asari

But the question of the specific ticket is: Client 1 cannot ping to 209.65.200.241, for that reason the specific solution will be: no access vlan-map test1 10 command

Did you get 1000 point in the exam? someone with 1000 point, what was the answer?

@TO thank you, but @PeeWee made this new and weird comment and wanted to clarify it.

@Asari,

I understand what you are saying….here is the issue there are many access lists on a router that may not be used….but you keep them on the router and implement them on the interface when needed. I actually came to an organization who used access maps instead of ACL’s and they weren’t all implemented. If they needed to implement them they would use the vlan filter command to implement it globally.

To take it a step further if DSW2 lost it’s connection to R4 it would then route through DSW1 which would in turn cut of 10.2.1.4 client workstation as well.

I had this question on my test yesterday and I made 1000/1000. I don’t know if this helps….but in this case Cisco is looking for the best answer…which is how Cisco would do it but I agree you are right but the other way may be better. Maybe not…I guess it depends on your perspective.