Share your TSHOOT Experience

August 30th, 2010 in TSHOOT Go to comments

The TSHOOT 642-832 exam has been used to replace the old ISCW & ONT exams so this
article is devoted for candidates who took this exam sharing their experience. Please tell with us
what are your materials, the way you learned, your feeling and experience after taking the
TSHOOT exam
Your posts are warmly welcome!
Some information I have gathered so far:
The exam is very different with other Cisco exams. You have 3 hours for this exam.
Exams Structure:
+ About 3 Multichoice questions
+ 2 Drag and Drop Questions
+ 13 lab-sim Questions with the same network topology (13 troubleshooting tickets or you can
call it one big question). Each lab-sim is called a ticket and you can solve them in any order
you like.
Topics of the lab-sims:
1- IPv6
2- OSPF
3- OSPFv3
4- Frame Relay
5- GRE
6- EtherChannel
7- RIPng
8- EIGRP
9- Redistribution
10- NTP
11- NAT
12- BGP
13- HSRP
14- STP
15- DHCP
The problems are rather simple. For example wrong IP assignment, disable or enable a
command, authentication
In each tickets you will have to answers three types of questions:

+ Which device causes problem

+ Which technology is used
+ How to fix it
When you press Done to finish each case, you cant go back.
A demo of the TSHOOT Exam can be found at:
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html
Note: We have gathered many questions about TSHOOT exam and posted them at TSHOOT
FAQs & Tips, surely you will find useful information about the TSHOOT exam there!
In short, unlike other Cisco exams, we can go backward in this exam. That means we can choose
a Troubleshooting Ticket, browse all the configurations and hit Abort to ignore that Ticket.
We can come back to that Ticket any time.
Below are the topologies of the real TSHOOT exam, you are allowed to study these topologies
before taking the exam. It surely saves you some invaluable time when sitting in the exam room
(Thanks rrg for sharing this).

IPv4 Layer 3 Topology

IPv6 Layer 3 Topology

Layer 2-3 Topology

Luckily we have a link to download this lab (open it with Packet Tracer v.5.3+) (Thanks Ali and
many people for sharing this)
http://www.networktut.com/download/TSHOOT_LAB.zip
Below is the screenshot of this file

A newer version of the TSHOOT exam has been added on Nov-20-2011 (Thanks zero point zero
for sharing this)
http://www.networktut.com/download/TSHOOT_Exam.zip
Or you can download the GNS3 version of the TSHOOT exam here:
http://dl.dropbox.com/u/2749921/GNS_Tshoot.tar.gz (thanks for someone who created them)
If you have any new information about this exam, please share with us!
Below is the strategy that has been used by many candidates to pass TSHOOT. Thanks to ENA
for posting this.
I just come from MY exam and i passed T-shoot 1000/1000
i want share some experience there i had Only one BUG IN exam For question access map
U need to choice Aswn1 to get correct Answer

because if u make Dwsn1 U will see not there Option to get correct answer..
Well
all those TT are the same all
The TTs that I got are mentioned below:
1. ASW1 Allowed Vlan
2. ASW1 Port Security
3. ASW1 Access Vlan
4. DSW1 Access Map
5. DSW1 HSRP
6. R4 IP DHCP first delete ip dhcp excluded-address 10.2.1.1 10.2.1.253 and then enter ip
dhcp excluded-address 10.2.1.1 10.2.1.2
9. R2 IPv6
10. R1 NAT ACL
11. R1 L3 Security ACL
12. R1 BGP Wrong BGP Neighbor Address
13. R1 OSPF Authentication
I didnt get there any IP Helper there also i checked all TT and IP helper was not configured
there..
Well now I want to Describe how to find more easy the TT
first with 3 TT which be ON R1..
IN 3 TT U can Ping 10.1.1.1 which tickets are Nat , BGP , Access list , remember IN 3 TT U can
ping 10.1.1.1 which is R1
totally are 4 TT on R1 which IN one Ticket u cannot ping 10.1.1.1 but u can ping 10.1.1.2
which Ticket is Ospf authentication.
Dont lose ur time use abort abort abort and abort First I found those 3 TT where I can ping
10.1.1.1 and one ticket when u cannot ping 10.1.1.1 but u can ping 10.1.1.2 which is
ospf authenteticaton
4 TT Gone of R4
now Find 2 TT HSRP and IPV6 which are so clearly as question.. Now totally 6 TT GOneeeee
Next steeep
FIND 4 TT which Client 1 Get IP address 169.x.x
which are Access vlan 10 , port security issused on f0/1/0 , Trunking Interface Those 3 TT u
Must must must Check ON ASW1 Remember
One TT is ON R4 Layer 3 Topology which Client get IP 169.x.x.x
which Is DHCP ON R4 router R4 IP DHCP first delete ip dhcp excluded-address 10.2.1.1
10.2.1.253 and then enter ip dhcp excluded-address 10.2.1.1 10.2.1.2
Now 10 TT Goneeeeeeeeeee
now Find TT which Client get IP address 10.x.x.x but cannot ping the Gateway
Using abort
that Is Access Map but in this TT is one BUG and U need to choice ASW1 to get Correct answer
because doesnt see any option Vlan acl / Port ACL *
IF u select AWS1 U will see this One Vlan Acl POrt
now 11 TT GONeeee
now 2 TT Of R4 which Client get IP address 10..x.x.x
Route Redistribute , and Passive Interfaceee ,,

I played with those 2 TT for more 20 MIN just to play and to spend the time because i did
exaaamm so fast 30 MIN
and i stayed for 1 Hour
well now are ONLY 2 TT
When select One TT of them
IN one U will see wrong redistribute I mean name of spelling of Route map
if U use abort and JUMP another TT U will see then Correctly Route map spelling name and u
will see another one new with Passive Interface Under EIGRP
Well the First I end this one with wrong spelling route map..
and for this one the last with passive interface i did in the end
and u must select
R4
EIGRP
no passive interface under eigrp process in Interface f0/1 and f0/0
now 13 TT GOneeeee 100%
Well also i want tell YOU something is better to Useeee 46Q there are all all all all all the
answers the same when U select just there in that DUMP
are 2 questions WRONG
Interface Trunking allow vlan 10 , correct answer is 10.200
now as that dump 10.20.200 keep this In Mind..
and another one Port security In this dump 46Q are Wrong
for this one port security need to choice with shutdown and no shutdown there on dump write
somthing different right
I hope this have been Information for all OF you
Here is the strategy which I Useddddddd
Problem Device Problem Description
A > ASW1 > Access VLAN 10 ( Layer 2 )host 1- 169.x.x.x
P > ASW1 > Port-Channel not allowing VLAN 10 ( layer 2 )host 1- 169.x.x.x
S > ASW1 > Port Security needs to be disabled ( layer 2 )host 1- 169.x.x.x
H > DSW1 > HSRP Track 10 ( layer 3 ) host 10.x.x.x
V > DSW1 > VLAN Filter ( layer 2 ) host 1 -10.x.x.x
E > R4 > DHCP wrong exclude address host 1- 169.x.x.x
P > R4 -> Passive Interface Under eigrp 10 host 1 10.x.x.x
R > R4 > Route Redistribution ( layer 3 )host 1- 10.x.x.x
6 > R2 > IPv6 OSPF ( Ipv6 topology ) ipv6 ip add
B > R1 > BGP wrong Neighbor IP ( layer 3 )host 1 10.x.x.x
N > R1 > NAT ACL miss configured ( layer 3 ) host 1- 10.x.x.x
A > R1 > ACL blocking traffic on int ( layer 3 )host 1- 10.x.x.x
O > R1 > OSPF Authentication issue ( layer 3 ) host 1 10.x.x.x
Try the following strategy.. if you have got time This i have found from one of the post.
your strategy is good, but how will you find out which ticket is having that particular issues
this may help you

If you can ping 10.1.1.1 Then faulty device is definitely R1. Check this website. This is 100%
correct. From client ping 10.1.1.1. If successful then R1 is the faulty device. It is simple concept.
Any device before that does not have faulty configuration. Because you can reach R1 it means
DSW1, R4, R3, R2 is allowing you to reach R1. If any of them had wrong configuration then
you would not be able to ping 10.1.1.1. From client I pinged 10.1.1.1 more frequently then
others. Once you can ping 10.1.1.1 then you definitely know the fault is with R1. No doubt about
about that.
1. Can be faulty BGP neighbour. Wrong ip address of neighbour. Use show run. You know
where to look. Under router bgp 65001.> sh ip bgp sum
2. Check NAT access list. Look for permit statement. If permit 10.2.0.0 0.0.255.255 is not
present then it is NAT Access list.
3. Check edge_security access list. If the permit statement is missing for permit
209.65.200.224 0.0.0.3 then it is IPV4 layer 3 security.
So, you can see that if you can ping 10.1.1.1 but can not ping 209.65.200.241 then 3 TT for R1.
Now if you can ping to 10.1.1.2 but can not ping 10.1.1.1 then it is definitely R1. ip ospf
authentication message-digest on serial0/0/0/0.12 interface. Check configuration on R1. You will
see that ip ospf authentication message-digest is missing. So it R1, OSPF, ip ospf
authentication message digest.
In total R1 has 4 TT.
3 TT You can ping R1 but can not ping 209.65.200.241
1 TT You can ping 10.1.1.2 but can not ping 10.1.1.1.
As soon as I opened a TT > I used ipconfig to see the ip address. If it is 169.XXX then 3 TT for
ASW1. If it has valid ip address such as 10.2.1.3 then i immediately pined 10.1.1.1 to see if the
fault is with R1. 3 TT gone.
Total 6 TT gone in the blink of an eye.
ASW1 3 TT if ip address is 169.xxxx
(1.switch port security: Symptoms for this ticket:1- Client 1 is getting 169.x.x.x ip address
2- Client 1 is unable to ping Client 2 as well as DSW1.
3- sh interfaces fa1/0/1 will show following message in the first line
enFastEthernet1/0/1 is down, line protocol is down (err-disabled)
4- sh running-config, you will see switchport port-security mac-address 0000.0000.0001
configured under fa1/0/1.
if u did not have the port in err-disable mode but in the config there was a port security mac
0.0.0.0.. command assigned
so if u do show int fa 1/0/1 it will show it as UP so do not get confused)
(2.vlan1> vlan10)
(3.trunk allowed: int range portchannel13,portchannel23
switchport trunk allowed vlan none
switchport trunl allowed vlan 10,200)
R1 3TT if you can ping R1 10.1.1.1
R1 1TT if you can ping 10.1.1.2 but can not ping 10.1.1.1
If HSRP mentioned then you know it is DSW1

If ipv6 or ospfV3 mentioned then you know it is R2.

9 TT very simple.
Now if you can not ping 10.1.1.1 or 10.1.1.2 then you come back near client. Like DSW1, R4.
DSW1 1 more TT Vlan ACL Look for VLAN Access Map
R4 3 TT: EIGRP Passive interface , DHCP on R4 which get IP add 169.x.x , OSPF-to-EIGRP
(OSPF->EIGRP).
also now we have 2 TT new to idendify them if client now get ip add 169.x.x also check ON R4
for DHCP
this new One again ON R4 for passive Interface
now totally we have 3 TT ON R4
4 TT on R1
Dws1 2 TT
R2 1 TT
Asw1 3 TT
* Note: The bug has been fixed recently so you can select DSW1 device, next page you have to
scroll down and you will find the VLAN Access List/PACL option.