Lab 3-1, Assembling Maintenance and Troubleshooting Tools

CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Physical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Objectives
•
Assign responsibility for a device or set of devices to team members (optional).
•
Load the baseline configuration for each device in the topology.
•
Use available tools to document key device configuration parameters, such as the interfaces in use,
IP addressing, routing protocols, VLANs, logging mechanisms, and security measures.
•
Document the physical topology to support future troubleshooting tasks.
•
Document the logical topology to support future troubleshooting tasks.
Background
You have been employed as a network engineering consultant by a company that has made a recent
acquisition. The documentation for the acquired company’s network is incomplete and outdated, so you need
to inventory their network architecture both logically and physically, per company documentation standards.
This will help you learn about the design and implementation of their network and ensure that you have
access to up-to-date and accurate network documentation to reference during future troubleshooting
procedures. One directive to your predecessor was to transition access layer switches to multilayer switches,
so static routing is implemented on the access layer switches until new multilayer switches are procured.
In this lab, you survey the baseline TSHOOT network. No problems are introduced in this lab. The TSHOOT
network will evolve over time as changes and enhancements are made. You will analyze and document the
current topology and device configuration parameters to develop familiarity with the baseline configurations
and network connections. You will review and fill out the provided documentation as you analyze the network.
You will assess and assemble tools that can be used for future maintenance and troubleshooting tasks.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The switches have Fast Ethernet interfaces, so the routing metrics for all
Ethernet links in the labs are calculated based on 100 Mb/s, although the routers have Gigabit Ethernet
interfaces. The 3560 and 2960 switches are configured with the SDM templates dual-ipv4-and-ipv6 routing
and lanbase-routing, respectively. Depending on the router or switch model and Cisco IOS Software version,
the commands available and output produced might vary from what is shown in this lab.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark.
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
•
Rollover cables to configure the routers and switches via the console
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Task 1: Assign Responsibility for Each Device (optional)
Step 1: Review the lab topology together with your team members.
Step 2: Assign responsibility for each device to a team member.
a. The team member who has primary responsibility for a device is in control of the console of that
device and changes to that device. No other team member should access the console, make
changes to the device, or execute disruptive actions, such as reloading or debugging, without
permission from the responsible team member.
b. All team members can access all devices via Telnet or SSH for non-disruptive diagnostic action
without permission of the responsible team member. Responsibilities can be reassigned during later
labs if necessary.
c.
If working in teams, document responsibilities in the Device Responsibilities table.
Device Responsibilities Table
Device
Description
Responsible Team Member
R1
Core Router 1
R2
ISP Router
R3
Core Router 2
ALS1
Access Layer Switch 1
DLS1
Distribution Layer Switch 1
DLS2
Distribution Layer Switch 2
SRV1
TFTP, syslog, SNMP
PC-B
User PC
PC-C
User PC
Task 2: Load the Baseline Device Configuration Files
Use the following procedure on each device in the network to load the baseline configuration. The procedure
shown here is for a switch, but it is very similar to that of a router.
Note: The configuration files for this lab include ip host name ip-addr entries for all devices. This can be
helpful in accessing devices using Telnet with this lab. The ip host entries are only provided in this BASE lab,
as the device IP addresses will change in subsequent labs.
Step 1: Verify the existence and location of the lab configuration files.
The course lab configuration files for a particular device should be in flash under the tshoot directory. Use the
show flash command to verify the presence of this directory. You can also verify the contents of the directory
using the cd and dir commands. If the directory and files are not present, contact your instructor.
Note: When the show flash command is used on a switch, it lists the directories and files at the root directory
but not the files within the directories. The following example uses the cd and dir commands on switch ALS1.
ALS1# show flash
Directory of flash:/
9
-rwx
916
Feb 28 1993 16:04:03 -08:00
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
vlan.dat
Page 3 of 43
CCNPv7 TSHOOT
3
5
6
7
8
10
drwx
-rwx
-rwx
-rwx
-rwx
-rwx
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
512
11792247
7192
106
1906
7199
Sep
Feb
Sep
Feb
Sep
Sep
22
28
26
28
26
26
2014
1993
2014
1993
2014
2014
10:40:59
16:24:48
10:53:31
18:13:09
10:53:31
10:53:31
-07:00
-08:00
-07:00
-08:00
-07:00
-07:00
tshoot
c2960-lanbasek9-mz.150-2.SE6.bin
multiple-fs
info
private-config.text
config.text
27998208 bytes total (16070656 bytes free)
ALS1# cd tshoot
ALS1# dir
Directory of flash:/tshoot/
9 -rwx
<output omitted>
7979
Sep 22 2014 11:26:14 -07:00
BASE-ALS1-Cfg.txt
Alternatively, you can see the contents of the directory by specifying its name using the dir command. For
example:
ALS1# cd
ALS1# pwd
flash:
ALS1# dir flash:/tshoot
Directory of flash:/tshoot/
9 -rwx
<output omitted>
7979
Sep 22 2014 11:26:14 -07:00
BASE-ALS1-Cfg.txt
Note: When the show flash command is used on a router, it lists the directories and the files within them. The
following example uses only the show flash command on router R1. The tshoot directory and its contents are
listed.
R1# show flash:
-#- --length-- -----date/time-----1
103727964 Sep 18 2014 05:20:10
2
2857 Feb 22 2014 01:01:52
3
0 Sep 22 2014 11:39:18
4
3887 Sep 22 2014 11:42:20
<output omitted>
path
-07:00
-08:00
-07:00
-07:00
c2900-universalk9-mz.SPA.154-3.M.bin
pre_autosec.cfg
tshoot
tshoot/BASE-R1-Cfg.txt
Step 2: Erase startup-config from NVRAM, and then reset the SDM template.
ALS1# erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
ALS1#
Sep 26 22:00:26.222: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
ALS1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ALS1(config)# sdm prefer lanbase-routing
ALS1(config)#
Sep 26 22:00:45.155: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:sdm
prefer lanbase-routing
ALS1(config)# exit
ALS1#
Sep 26 22:00:48.393: %SYS-5-CONFIG_I: Configured from console by console
ALS1# show sdm prefer
The current template is "lanbase-routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 255 VLANs.
number of unicast mac addresses:
number of IPv4 IGMP groups + multicast routes:
number of IPv4 unicast routes:
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
4K
0.25K
4.25K
Page 4 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
number of directly-connected IPv4 hosts:
number of indirect IPv4 routes:
number of IPv6 multicast groups:
number of IPv6 unicast routes:
number of directly-connected IPv6 addresses:
number of indirect IPv6 unicast routes:
number of IPv4 policy based routing aces:
number of IPv4/MAC qos aces:
number of IPv4/MAC security aces:
number of IPv6 policy based routing aces:
number of IPv6 qos aces:
number of IPv6 security aces:
4K
256
0.375k
1.25K
0.75K
448
0
0.125k
0.375k
0
0.375k
127
Note: For a 3560 switch, use the “dual-ipv4-and-ipv6 routing” template. If using another type of Cisco switch,
choose an SDM template that supports IPv4/IPv6 routing and IPv4/IPv6 ACEs. The SDM setting reverts to
the “default” template on a 2960 and the “desktop default” template on the 3560 after deleting startup-config,
so it is important to change the SDM template setting after deleting startup-config. Most time-stamped
logging messages, as seen in the output above, will be removed from the lab outputs going forward.
Step 3: Delete the VLAN database from flash (switches only).
ALS1# delete vlan.dat
Delete flash:/vlan.dat? [confirm]
Step 4: Reload the device, but do not save the system configuration if prompted.
ALS1# reload
System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]
Step 5: When the device restarts, do not enter the initial configuration dialog.
Press RETURN to get started!
--- System Configuration Dialog --Enable secret warning
---------------------------------In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable
secret
If you choose not to enter the intial configuration dialog, or if you exit setup
without setting the enable secret,
please set an enable secret using the following CLI in configuration modeenable secret 0 <cleartext password>
---------------------------------Would you like to enter the initial configuration dialog? [yes/no]: no
Note: On some platform/IOS combinations, a message appears after choosing not to enter the initial
configuration dialog, asking whether or not to “terminate autoinstall”. If this message appears, enter yes to
terminate autoinstall.
Step 6: Copy the specified lab device configuration file from flash to running-config.
Switch> enable
Switch# copy flash:/tshoot/BASE-ALS1-Cfg.txt running-config
Destination filename [running-config]?
Note: Although it is possible to copy the file to startup-config and reload the device, the RSA keys for SSH
cannot be generated from the startup-config file. The device configuration files loaded from flash contain
commands that remove any existing keys and create new keys. It is also possible to cut-and-paste the
configuration command sequences comprising the device configuration files into global configuration mode.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Step 7: Copy the running config to the startup config.
Depending on the platform/IOS combination, AUTOSAVE may automatically save a copy of runningconfig to NVRAM for startup. AUTOSAVE does not copy the console line and vty line configurations from
running-config to startup-config. To ensure that the startup configuration is complete, manually copy:
ALS1# copy running-config startup-config
Building configuration...
[OK]
Note: If the device is rebooted at this point, you can log in with the username cisco and the password cisco.
To access privileged EXEC mode, use the enable secret: cisco.
Step 8: Repeat Steps 1 through 7 for the other devices in the network.
Step 9: Configure the PCs.
a. Configure SRV1 with the static IPv4 address 10.1.100.1/24 and default gateway 10.1.100.254 (on
DLS1). Configure SRV1 with the static IPv6 address 2001:DB8:CAFE:100::1 and default gateway
2001:DB8:CAFE:100::D1 (on DLS1).
b. Configure PC-B and PC-C as DHCP clients for both IPv4 and IPv6.
Note: Make sure the PCs learn addresses of the form 2001:DB8:CAFE:x:ABCD:u:v:w where x is the
VLAN for the respective PC. Use ipconfig/release6 followed by ipconfig/renew6 to
release and renew the stateful IPv6 data. If necessary, reset the NIC. The SVI commands for VLANs
110, 120, and 200,
ipv6 nd prefix 2001:DB8:CAFE:x::/64 no-autoconfig
ipv6 nd managed-config-flag
set the IPv6 RA M, O, and A flags so that the Windows 7 stateful DHCPv6 clients populate a singular
GUA and appropriate link-local default routes, as seen in the ipconfig and route print outputs.
Step 10: Test basic network connectivity between devices.
a. Ping from PC-B to SRV1 at 10.1.100.1 and 2001:DB8:CAFE:100::1. Were the pings successful?
_________________________________________________________________________
b. Ping from ALS1 to R2 Lo1 at 2.2.2.2 and 2001:DB8:EFAC::2. Were the pings successful?
____________________________________________________________________________
Note: If the pings are not successful, contact your instructor.
Task 3: Analyze and Document the Physical Lab Topology
Note: At this time, only examine and document the physical connections. Documenting the logical topology, such
as subnets, IP addresses, and routing protocols, is addressed in Task 4 of this lab.
Step 1: Review the physical topology diagram on page 1 of the lab.
Step 2: Use Cisco Discovery Protocol and show commands to verify the Layer 1 and Layer 2
connections of the lab topology.
a. Use the show cdp command to discover the interfaces associated with the physical connections.
Fill in the correct device and interface designators in the following Device Links Table and label them
on the physical topology diagram on the first page of the lab.
b. Review the configurations of the devices for using Layer 1 and Layer 2 features, such as trunks and
EtherChannels. Fill in the information in the Device Links Table and add it to the diagram. If a link is
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
accounted for from one device to another, it is not necessary to repeat the entry from the other
device. The first entry for ALS1, interface F0/1 is filled in as an example.
Which other commands could you use to identify Layer 1 and Layer 2 characteristics?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Device Links Table
From Device
Interface
To Device
Interface
Layer 1 and 2 Features
and Protocols Used
ALS1
F0/1
DLS1
F0/1
EtherChannel Po1,
802.1Q
c.
Verify that all physical links shown in the diagram are operational. Which commands did you use?
_______________________________________________________________________________
_______________________________________________________________________________
Step 3: Map the VLANs used in the lab to the devices in the diagram.
Fill in the VLAN Definition table and label the physical topology diagram with the VLANs used for this topology.
Identify all host devices that are members of each VLAN. The first entry for VLAN 99 is filled in as an example.
VLAN Definition Table
VLAN #
Name
Description
VLAN Members
99
MANAGEMENT
Management VLAN
ALS1, DLS1, DLS2
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Step 4: Analyze spanning tree for the Layer 2 switched domain.
a. Analyze the spanning tree characteristics of the Layer 2 switched portion of the network. Which type
of spanning-tree mode is implemented?
_______________________________________________________________________________
b. Which switch is the root switch for each VLAN, and what are the configured spanning-tree priorities?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
c.
What is the resulting spanning-tree topology for VLANs that have client devices connected?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
d. Which commands did you use to analyze the spanning-tree characteristics?
_______________________________________________________________________________
_______________________________________________________________________________
Step 5: Diagram the spanning tree for VLAN 120.
a. Label the STP role and port status for each port channel used in the physical topology diagram
below.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
b. If working as a team, discuss your findings with your teammates to ensure that all team members
understand the physical and data link aspects of the network design.
Student Notes
Use this space to make any additional notes regarding the physical configuration and the commands used.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 4: Analyze and Document the Logical Lab Topology
Step 1: Review the logical lab diagram and the subnets.
Review the IP subnets in the Subnet table for the VLANs and WAN links that are used in the lab network.
Router interface designations from the physical topology diagram are provided in two copies of the logical
topology, one to be used for IPv4 data and one for IPv6 data.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Subnet Table
Description
IPv4 Subnet
IPv6 Prefix
Devices
Management VLAN 99
10.1.99.0/24
2001:DB8:CAFE:99::/64
ALS1,DLS1,DLS2
Servers VLAN 100
10.1.100.0/24
2001:DB8:CAFE:100::/64
SRV1
Guest VLAN 110
10.1.110.0/24
2001:DB8:CAFE:110::/64
PC-C
Office VLAN 120
10.1.120.0/24
2001:DB8:CAFE:120::/64
PC-B
Management VLAN
10.1.99.0/24
2001:DB8:CAFE:200::/64
ALS1, DLS1, DLS2
DLS1 – R1
10.1.2.0/30
2001:DB8:CAFE:20::/64
DLS1 and R1 GE link
DLS2 – R3
10.1.2.12/30
2001:DB8:CAFE:212::/64
DLS2 and R3 GE link
R1 – R2
10.1.1.0/30
2001:DB8:CAFE:10::/64
R1 and R2 serial link
R2 – R3
10.1.1.4/30
2001:DB8:CAFE:14::/64
R2 and R3 serial link
VLANs
WAN Links
Step 2: Map the subnet scheme to the logical diagram.
In the previous step, the subnets were documented in the Subnet table. Now document the host portion
of the addresses. To document the host part, research the routing tables and interface IP addresses of all
the devices. Document the interface IPv4 and IPv6 addresses in the IP Address table and on the
associated logical topology diagram. Use only the number of the last octet for IPv4 addresses and the last
hextet for IPv6 addresses in the respective diagrams. The device names and interfaces are listed to help
identify the IP addresses. The entry for ALS1 VLAN 99 is shown as an example. If an interface is not in
use, indicate this in the Additional Information column. Account for all physical and virtual interfaces.
IP Address Table
Device Name
Interface
IPv4 Address/Prefix
IPv6 Address/Prefix
Additional Information
ALS1
Vlan 99
10.1.99.251/24
2001:DB8:CAFE:99::A1/64
SVI
ALS1
Vlan 110
ALS1
Vlan 120
ALS1
Vlan 200
DLS1
Vlan 99
DLS1
Vlan 100
DLS1
Vlan 110
DLS1
Vlan 120
DLS1
Vlan 200
DLS1
F0/5
DLS2
Vlan 99
DLS2
Vlan 100
DLS2
Vlan 110
DLS2
Vlan 120
DLS2
Vlan 200
DLS2
F0/5
R1
G0/0
R1
G0/1
R1
S0/0/0
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
R1
S0/0/1
R1
Loopback 0
R2
G0/0
R2
G0/1
R2
S0/0/0
R2
S0/0/1
R2
Loopback 0
R2
Loopback 1
R3
G0/0
R3
G0/1
R3
S0/0/0
R3
S0/0/1
R3
Loopback 0
SRV1
NIC
PC-B
NIC
PC-C
NIC
Step 3: Analyze and document control plane logical configuration features.
Analyze the configurations of the devices for control plane features such as routing protocols, First Hop
Redundancy Protocols (FHRPs), dynamic host configuration protocol (DHCP), and network address
translation (NAT). Review, document, and discuss the following aspects of the logical network
configuration.
a. Is dynamic or static routing being used?
_______________________________________________________________________________
_______________________________________________________________________________
b. If dynamic, which routing protocol?
_______________________________________________________________________________
c.
Are FHRPs in use, such as the Hot Standby Router Protocol (HSRP), Virtual Router Redundancy
Protocol (VRRP), or Gateway Load Balancing Protocol (GLBP)? If yes, which one?
_______________________________________________________________________________
d. What is the active router for all relevant VLANs?
_______________________________________________________________________________
_______________________________________________________________________________
e. From the PC-B command prompt, issue the tracert command to router R2 Lo0 at 10.1.202.1 for
IPv4 and 2001:DB8:CAFE:202:2 for IPv6. What path did the packets take in each case?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
f.
Are any access lists used to filter traffic on the network? If yes, describe their function.
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
g. Is DHCP in use? If yes, which DHCP server is used and for which VLANs present in the logical
topology diagram?
_______________________________________________________________________________
_______________________________________________________________________________
h. How does ALS1 send ICMP echo requests to SRV1 in VLAN 100, when ALS1 has no VLAN 100?
_______________________________________________________________________________
i.
If working as a team, discuss your findings with your teammates to ensure that all team members
understand the high-level design of the network.
Notes
Use this space to make any additional notes regarding the logical configuration and the commands used.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 5: Identify Troubleshooting and Maintenance Tools
Step 1: Analyze device configurations for troubleshooting and maintenance features.
Analyze the configurations of the devices for services that support troubleshooting and maintenance, such as
syslog, Simple Network Management Protocol (SNMP), and other network management features.
Step 2: Document the troubleshooting and maintenance features.
a. Document the troubleshooting and maintenance applications or tools in use with the network devices
in the Troubleshooting and Maintenance Tools table. An entry for system logging is provided as an
example.
Troubleshooting and Maintenance Tools Table
Configured Feature
Devices
Target Server
Target Tool or Application
System message logging
All
SRV1
Syslog server
b. If working as a team, discuss your findings with your teammates to ensure that all team members
know which maintenance and troubleshooting tools are available in the network.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Notes
Use this space to make any additional notes regarding troubleshooting and maintenance applications or tools.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 6: Identify the Security Measures Implemented
Step 1: Analyze device configurations for security-related features.
Analyze the configurations of your assigned devices for configuration options that help support a more
secure network implementation, such as password security, login authentication, secure remote
management, switch trunk and access port security, and VLANs. Record your entries in the Security
Features table. An entry for password security is provided as an example.
Security Features Table
Security Feature Configured
Implementation Method or Commands
Password security
Enable secret, password encryption
Notes
Use this space to make any additional notes regarding security measures.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Note: Configuration command sequences for all devices are provided at the end of the lab. These are not
outputs resulting from entering the show running-config command. Only the non-default commands
used to configure the devices are included (along with no shutdown on appropriate interfaces).
Lab Debrief Notes
Use this space to make notes regarding the key concepts learned during the lab debrief discussions with your
instructor. This may include alternate solutions, methods, and processes; this may include procedure and
communication improvements; and this may include key commands and tools.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Note: This is your primary opportunity to document a baseline of the lab network before starting the
troubleshooting exercises. During the debrief session, ask your instructor for clarification of any aspects of the
network design and configurations that are unclear.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Device Configurations
Switch ALS1
!BASE ALS1 Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALS1
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
system mtu routing 1500
vtp domain TSHOOT
vtp mode transparent
ip routing
!
!
no ip domain-lookup
ip domain-name tshoot.net
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host ALS1 10.1.99.1
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
ipv6 unicast-routing
!
errdisable recovery cause psecure-violation
errdisable recovery interval 120
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan 99
name MANAGEMENT
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
ip telnet source-interface Vlan99
ip ssh source-interface Vlan99
!
!
interface Port-channel1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel2
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS2
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/5
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/6
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 18 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description To PC-B
switchport access vlan 120
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security mac-address sticky
spanning-tree portfast
no shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 19 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:99::A1/64
no shutdown
!
interface Vlan110
ip address 10.1.110.251 255.255.255.0
ipv6 address FE80::A1 link-local
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 20 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
ipv6 address 2001:DB8:CAFE:110::A1/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
no shutdown
!
interface Vlan120
ip address 10.1.120.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:120::A1/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
no shutdown
!
interface Vlan200
ip address 10.1.200.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:200::A1/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
no shutdown
!
crypto key gen rsa general-keys modulus 1024
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.99.254
logging source-interface Vlan99
logging host 10.1.100.1
ipv6 route ::/0 2001:DB8:CAFE:99::D1
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact support@tshoot.net
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps vlan-membership
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** BASE ALS1 Config ***^
!
ipv6 access-list REMOTEv6
deny ipv6 any any
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
ipv6 access-class REMOTEv6 in
logging synchronous
length 0
transport input telnet ssh
!
ntp source Vlan99
ntp server 10.1.202.1
!
archive
log config
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 21 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
file prompt quiet
!
end
!
Switch DLS1
!BASE DLS1 Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DLS1
!
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
system mtu routing 1500
vtp domain TSHOOT
vtp mode transparent
ip routing
no ip domain-lookup
ip domain-name tshoot.net
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host ALS1 10.1.99.251
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
!
ip dhcp excluded-address 10.1.120.251 10.1.120.254
ip dhcp excluded-address 10.1.200.251 10.1.200.254
ip dhcp excluded-address 10.1.110.251 10.1.110.254
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
default-router 10.1.120.254
!
!
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 22 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
ipv6 unicast-routing
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6VOICE
address prefix 2001:DB8:CAFE:200:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6GUEST
address prefix 2001:DB8:CAFE:110:ABCD::/80
domain-name tshoot.net
!
!
errdisable recovery cause bpduguard
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 99,110,120 priority 24576
spanning-tree vlan 100,200 priority 28672
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
ip telnet source-interface Vlan99
ip ssh source-interface Vlan99
!
!
interface Port-channel1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel10
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200
switchport mode trunk
switchport nonegotiate
no shutdown
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 23 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
!
interface FastEthernet0/1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/4
description Channel to DLS2
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/5
description FE to R1
no switchport
ip address 10.1.2.1 255.255.255.252
speed 100
duplex full
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:20::D1/64
ipv6 eigrp 1
spanning-tree bpduguard enable
no shutdown
!
interface FastEthernet0/6
description FE to SRV1
switchport access vlan 100
switchport mode access
switchport nonegotiate
spanning-tree portfast
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 24 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 25 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 26 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.252 255.255.255.0
standby 99 ip 10.1.99.254
standby 99 priority 110
standby 99 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:99::D1/64
ipv6 eigrp 1
no shutdown
!
interface Vlan100
ip address 10.1.100.252 255.255.255.0
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:100::D1/64
ipv6 eigrp 1
no shutdown
!
interface Vlan110
ip address 10.1.110.252 255.255.255.0
standby 110 ip 10.1.110.254
standby 110 priority 110
standby 110 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:110::D1/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 eigrp 1
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.252 255.255.255.0
standby 120 ip 10.1.120.254
standby 120 priority 110
standby 120 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:120::D1/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 eigrp 1
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.252 255.255.255.0
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:200::D1/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 27 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
ipv6 nd managed-config-flag
ipv6 eigrp 1
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
!
router eigrp 1
network 10.1.0.0 0.0.255.255
passive-interface default
no passive-interface FastEthernet0/5
no passive-interface Vlan99
no passive-interface Vlan100
no passive-interface Vlan110
no passive-interface Vlan120
no passive-interface Vlan200
!
crypto key gen rsa general-keys modulus 1024
!
no ip http server
no ip http secure-server
!
!
logging source-interface Vlan99
logging host 10.1.100.1
ipv6 router eigrp 1
eigrp router-id 1.1.1.1
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact support@tshoot.net
snmp-server enable traps eigrp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** BASE DLS1 Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input telnet ssh
!
ntp source Vlan99
ntp server 10.1.202.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 28 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!
Switch DLS2
!BASE DLS2 Config
!
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
!
hostname DLS2
!
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
system mtu routing 1500
vtp domain TSHOOT
vtp mode transparent
ip routing
no ip domain-lookup
ip domain-name tshoot.net
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host ALS1 10.1.99.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
!
!
ipv6 unicast-routing
!
!
errdisable recovery cause bpduguard
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 99,110,120 priority 28672
spanning-tree vlan 100,200 priority 24576
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 29 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
ip telnet source-interface Vlan99
ip ssh source-interface Vlan99
!
!
interface Port-channel2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface Port-channel10
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200
switchport mode trunk
switchport nonegotiate
no shutdown
!
interface FastEthernet0/1
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/2
description Channel to ALS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
no shutdown
!
interface FastEthernet0/3
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 30 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
no shutdown
!
interface FastEthernet0/4
description Channel to DLS1
switchport trunk encapsulation dot1q
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200
switchport mode trunk
switchport nonegotiate
channel-group 10 mode on
no shutdown
!
interface FastEthernet0/5
description FE to R3
no switchport
ip address 10.1.2.13 255.255.255.252
speed 100
duplex full
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:212::D2/64
ipv6 eigrp 1
spanning-tree bpduguard enable
no shutdown
!
interface FastEthernet0/6
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/7
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/8
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/9
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/10
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/11
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 31 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
shutdown
!
interface FastEthernet0/12
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/13
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/14
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/15
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/16
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/17
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/18
description FE to PC-C
switchport access vlan 110
switchport mode access
switchport nonegotiate
spanning-tree portfast
no shutdown
!
interface FastEthernet0/19
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/20
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 32 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
shutdown
!
interface FastEthernet0/21
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/22
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/23
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/1
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
description PARKING_LOT
switchport access vlan 999
switchport mode access
switchport nonegotiate
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.253 255.255.255.0
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:99::D2/64
ipv6 eigrp 1
no shutdown
!
interface Vlan100
ip address 10.1.100.253 255.255.255.0
standby 100 ip 10.1.100.254
standby 100 priority 110
standby 100 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:100::D2/64
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 33 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
ipv6 eigrp 1
no shutdown
!
interface Vlan110
ip address 10.1.110.253 255.255.255.0
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:110::D2/64
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 eigrp 1
no shutdown
!
interface Vlan120
ip address 10.1.120.253 255.255.255.0
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:120::D2/64
ipv6 nd prefix 2001:DB8:CAFE:120::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 eigrp 1
no shutdown
!
interface Vlan200
ip address 10.1.200.253 255.255.255.0
standby 200 ip 10.1.200.254
standby 200 priority 110
standby 200 preempt
ipv6 address FE80::D2 link-local
ipv6 address 2001:DB8:CAFE:200::D2/64
ipv6 nd prefix 2001:DB8:CAFE:200::/64 no-autoconfig
ipv6 nd managed-config-flag
ipv6 eigrp 1
no shutdown
!
!
router eigrp 1
network 10.1.0.0 0.0.255.255
passive-interface default
no passive-interface FastEthernet0/5
no passive-interface Vlan99
no passive-interface Vlan100
no passive-interface Vlan110
no passive-interface Vlan120
no passive-interface Vlan200
!
crypto key gen rsa general-keys modulus 1024
!
no ip http server
no ip http secure-server
!
!
logging source-interface Vlan99
logging host 10.1.100.1
ipv6 router eigrp 1
eigrp router-id 2.2.2.2
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 34 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
snmp-server contact support@tshoot.net
snmp-server enable traps eigrp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** BASE DLS2 Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input telnet ssh
!
ntp source Vlan99
ntp server 10.1.202.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!
Router R1
!BASE R1 Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
logging buffered 16384
enable secret cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
!
!
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 35 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
no ip domain lookup
ip domain name tshoot.net
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host ALS1 10.1.99.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
username cisco secret cisco
!
!
ip telnet source-interface Loopback0
ip ssh source-interface Loopback0
!
!
interface Loopback0
ip address 10.1.201.1 255.255.255.255
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:201::1/64
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
description FE to DLS1
ip address 10.1.2.2 255.255.255.252
ip flow ingress
duplex full
speed 100
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:20::1/64
no shutdown
!
interface Serial0/0/0
description WAN link to R2: 2 Mbps leased line
ip address 10.1.1.1 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:10::1/64
clock rate 2000000
no shutdown
!
interface Serial0/0/1
description WAN link to R3 (not used)
no ip address
shutdown
!
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 36 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
!
af-interface Loopback0
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 0.0.0.0
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
topology base
exit-af-topology
exit-address-family
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
!
logging source-interface Loopback0
logging host 10.1.100.1
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact support@tshoot.net
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** BASE R1 Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input telnet ssh
!
ntp source Loopback0
ntp update-calendar
ntp server 10.1.202.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 37 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!
Router R2
!BASE R2 Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
logging buffered 16384
enable secret cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
!
!
no ip domain lookup
ip domain name tshoot.net
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host ALS1 10.1.99.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
ip cef
ipv6 unicast-routing
ipv6 cef
!
username cisco secret cisco
!
!
ip telnet source-interface Loopback0
ip ssh source-interface Loopback0
!
!
interface Loopback0
ip address 10.1.202.1 255.255.255.255
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:202::2/64
!
interface Loopback1
ip address 2.2.2.2 255.0.0.0
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:EFAC::2/48
!
interface GigabitEthernet0/0
no ip address
shutdown
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 38 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
duplex auto
speed auto
!
interface GigabitEthernet0/1
description optional connection for PC-C w/ static address
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description WAN link to R1: 2 Mbps leased line
ip address 10.1.1.2 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:10::2/64
no shutdown
!
interface Serial0/0/1
description WAN link to R3: 2 Mbps leased line
ip address 10.1.1.6 255.255.255.252
ip flow ingress
encapsulation ppp
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:CAFE:14::2/64
clock rate 2000000
no shutdown
!
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
af-interface GigabitEthernet0/1
passive-interface
exit-af-interface
!
af-interface Loopback0
passive-interface
exit-af-interface
!
af-interface Loopback1
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 0.0.0.0
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
topology base
exit-af-topology
exit-address-family
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 39 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
!
logging source-interface Loopback0
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact support@tshoot.net
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** BASE R2 Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input telnet ssh
!
ntp master 3
!
!
archive
log config
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!
Router R3
!BASE R3 Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R3
!
!
logging buffered 16384
enable secret cisco
!
aaa new-model
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 40 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
!
!
no ip domain lookup
ip domain name tshoot.net
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host ALS1 10.1.99.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
ip cef
ipv6 unicast-routing
ipv6 cef
!
username cisco secret cisco
!
!
ip telnet source-interface Loopback0
ip ssh source-interface Loopback0
!
!
interface Loopback0
ip address 10.1.203.1 255.255.255.255
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:203::3/64
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1
description FE to DLS2
ip address 10.1.2.14 255.255.255.252
ip flow ingress
duplex full
speed 100
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:212::3/64
no shutdown
!
interface Serial0/0/0
description WAN link to R1 - (Not used)
no ip address
encapsulation ppp
shutdown
clock rate 2000000
!
interface Serial0/0/1
description WAN link to R2: 2 Mbps leased line
ip address 10.1.1.5 255.255.255.252
ip flow ingress
encapsulation ppp
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 41 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
ipv6 address FE80::3 link-local
ipv6 address 2001:DB8:CAFE:14::3/64
no shutdown
!
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
af-interface Loopback0
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 0.0.0.0
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
!
topology base
exit-af-topology
exit-address-family
!
crypto key gen rsa general-keys modulus 1024
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
!
logging source-interface Loopback0
logging host 10.1.100.1
!
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Loopback0
snmp-server location TSHOOT Lab Facility
snmp-server contact support@tshoot.net
snmp-server enable traps eigrp
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** BASE R3 Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
!
line vty 0 4
exec-timeout 0 0
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 42 of 43
CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools
logging synchronous
transport input telnet ssh
!
ntp source Loopback0
ntp update-calendar
ntp server 10.1.202.1
!
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!
TCL Script for testing ping connectivity to all IPv4 addresses in baseline:
tclsh
foreach i {
10.1.100.1
10.1.100.252
10.1.100.253
10.1.100.254
10.1.99.251
10.1.99.252
10.1.99.253
10.1.99.254
10.1.110.1
10.1.110.251
10.1.110.252
10.1.110.253
10.1.110.254
10.1.120.1
10.1.120.251
10.1.120.252
10.1.120.253
10.1.120.254
10.1.200.251
10.1.200.252
10.1.200.253
10.1.200.254
10.1.2.1
10.1.2.2
10.1.1.1
10.1.1.2
10.1.2.13
10.1.2.14
10.1.1.5
10.1.1.6
10.1.201.1
10.1.202.1
10.1.203.1
2.2.2.2
} { puts [exec "ping $i"] }
tclquit
To use this script, paste it into User EXEC mode on any Cisco networking device.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 43 of 43
CCNPv7 TSHOOT
Chapter 4 Lab 4-1, Layer 2 Issues
Physical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 10
CCNPv7 TSHOOT
Lab 4-1, Layer 2 Issues
Logical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 10
CCNPv7 TSHOOT
Lab 4-1, Layer 2 Issues
Objectives
•
Load the device configuration files for each trouble ticket.
•
Diagnose and resolve Layer 2 connectivity problems.
•
Diagnose and resolve spanning-tree problems.
•
Document the troubleshooting progress, configuration changes, and problem resolution.
Background
User computers, servers, and printers all connect to the access layer of the hierarchical model. With hundreds
or thousands of hosts attached, access devices such as Layer 2 switches are a common source of
networking issues. Physical and data-link problems at the access layer can include hardware, cabling, VLAN
assignment, spanning tree, trunking protocol, or port security issues.
In this lab, you will troubleshoot various Layer 2 problems. For each task or trouble ticket, the scenario and
symptoms are described. While troubleshooting, you will discover the cause of the problem, correct it, and
then document the process and results.
Physical and Logical Topology Diagrams
The physical and logical topologies are provided at the beginning of the lab, including interface designations
and IPv4/IPv6 addresses, to assist the troubleshooting effort.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces), running SDM templates that support IPv4/IPv6 addressing/routing/ACLs
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 10
CCNPv7 TSHOOT
Lab 4-1, Layer 2 Issues
Task 1: Trouble Ticket Lab 4-1 TT-A
Step 1: Review trouble ticket Lab 4-1 TT-A.
Late yesterday afternoon, access switch ALS1 failed, and you discovered that the power supply was not working.
A junior colleague was tasked with replacing ALS1 with a comparable switch.
When you arrived this morning, you asked him how things went. He told you that he had stayed late trying to
reconfigure ALS1, but was not entirely successful. Users on VLAN 120 have started to complain that they cannot
get access to the network server SRV1, and you are unable to use SSH to connect to ALS1 from SRV1. In
addition, syslog messages from ALS1 are not being received on SRV1.
Your task is to diagnose the issues and restore switch ALS1 as a fully functional access switch on the network.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the configuration files indicated in the Device Configuration File Table.
Note: The following device access methods are in effect after loading the configuration files:
•
Console access requires no username or password.
•
SSH requires username cisco and password cisco.
•
The enable password is cisco.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab41-ALS1-TT-A-Cfg.txt
DLS1
Lab41-DLS1-TT-A-Cfg.txt
DLS2
Lab41-DLS2-TT-A-Cfg.txt
R1
Lab41-R1-TT-A-Cfg.txt
R2
Lab41-R2-TT-A-Cfg.txt
R3
Lab41-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device configurations)
PC-C
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Ensure that SRV1 has static IP addresses as indicated in the Device Configuration File Table.
Start the syslog server on SRV1, which is the syslog server for the entire network. When the network is properly
configured, all devices send syslog messages to SRV1.
Start the TFTP server on SRV1, which is the archive server for the entire network. When the network is properly
configured, all devices send archives of their running configurations to this server whenever the running-config is
copied to the startup config. Ensure that the default TFTP directory on SRV1 is set to the directory where you
want to store the archives.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
Ensure that PC-B and PC-C are configured as DHCP clients for IPv4 and IPv6.
After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig /renew commands on
PC-B and PC-C.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 10
CCNPv7 TSHOOT
Lab 4-1, Layer 2 Issues
Note: Problems introduced into the network by the trouble ticket might prevent one or both of these PCs from
acquiring an IP address. Do not assign either PC a static address.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information and, as you progress, record your thoughts as to what you think the problem might be
and what actions you will take to correct the problems.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 10
CCNPv7 TSHOOT
Device
Lab 4-1, Layer 2 Issues
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions, methods, and processes, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 10
CCNPv7 TSHOOT
Lab 4-1, Layer 2 Issues
Task 2: Trouble Ticket Lab 4-1 TT-B
Step 1: Review trouble ticket Lab 4-1 TT-B.
After an equipment failure, a network technician was asked to configure bundled Ethernet links between the ALS1
access switch and the two distribution layer switches in the network (DLS1 and DLS2). Shortly after the changes
were made, users on ALS1 were unable to access the Internet (simulated by Lo1 on R2). You have been asked
to look into the problem and have determined that you are able to ping the Internet from SRV1.
Your task is to diagnose the issues, allow hosts on ALS1 to connect to the Internet via DLS1 or DLS2, and verify
that the switching environment redundant paths are functional.
Note: To simulate an Internet connection, you can ping the R2 Lo1 address at 2.2.2.2. Alternately, you can use
the PC browser to connect to 2.2.2.2. You will then be prompted for a login to the router management GUI by R2.
Enter the username cisco and enable password cisco.
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab41-ALS1-TT-B-Cfg.txt
DLS1
Lab41-DLS1-TT-B-Cfg.txt
DLS2
Lab41-DLS2-TT-B-Cfg.txt
R1
Lab41-R1-TT-B-Cfg.txt
R2
Lab41-R2-TT-B-Cfg.txt
Notes
R3
Lab41-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and
2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading
device configurations)
PC-C
N/A
DHCP (release and renew for IPv4 and IPv6 after loading
device configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers as described in Task 1.
Step 4: Release and renew the DHCP lease for PC-B and PC-C as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved. .
Troubleshooting approaches to select from include follow-the-path, perform-comparison, bottom-up, top-down,
divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 10
CCNPv7 TSHOOT
Lab 4-1, Layer 2 Issues
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and what actions you
will take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions, methods and processes, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 10
CCNPv7 TSHOOT
Lab 4-1, Layer 2 Issues
Task 3: Trouble Ticket Lab 4-1 TT-C
Step 1: Review trouble ticket Lab 4-1 TT-C.
This morning, the help desk received a call from an external consultant that needed access to the SRV1 guest
account (simulated by ping). Her PC, PC-C, was plugged into one of the outlets that is patched to the guest VLAN
on switch DLS2. However, she has not been able to get an IPv4 address and cannot get onto the network.
Your task is to diagnose and solve this problem, making sure that the consultant gets access to SRV1.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab41-ALS1-TT-C-Cfg.txt
DLS1
Lab41-DLS1-TT-C-Cfg.txt
DLS2
Lab41-DLS2-TT-C-Cfg.txt
R1
Lab41-R1-TT-C-Cfg.txt
R2
Lab41-R2-TT-C-Cfg.txt
R3
Lab41-R3-TT-C-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and
2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading
device configurations)
PC-C
N/A
DHCP (release and renew for IPv4 and IPv6 after loading
device configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP lease for PC-B and PC-C as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved. .
Troubleshooting approaches to select from include follow-the-path, perform-comparison, bottom-up, top-down,
divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 10
CCNPv7 TSHOOT
Lab 4-1, Layer 2 Issues
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 10
CCNPv7 TSHOOT
Chapter 4 Lab 4-2, Mixed Layer 2-3 Connectivity
Physical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 12
CCNPv7 TSHOOT
Lab 4-2, Mixed Layer 2-3 Connectivity
Logical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 12
CCNPv7 TSHOOT
Lab 4-2, Mixed Layer 2-3 Connectivity
Objectives
•
Load the trouble ticket device configuration files for each trouble ticket.
•
Diagnose and resolve problems related to switch virtual interfaces and multilayer switching.
•
Diagnose and resolve problems related to First Hop Redundancy Protocols.
•
Document troubleshooting progress, configuration changes, and problem resolution.
Background
Multilayer switches have the capability to act as routers by way of switch virtual interfaces (SVIs), routed
interfaces, and routing protocols. SVIs are Layer 3 logical interfaces representing VLANs and routed ports are
Layer 3 physical interfaces. Multilayer switches are frequently used as part of the LAN switch fabric and can
be configured with a First Hop Redundancy Protocol (FHRP). Two or more Layer 3 switches (or routers) can
provide redundant paths to the network edge for local hosts. A host is configured with a virtual default
gateway address. If one of the gateways goes down, the other can take over for the client without the client’s
knowledge. FHRPs used in CCNPv7.0 are Hot Standby Router Protocol (HSRP), Virtual Router Redundancy
Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP).
In this lab, you will troubleshoot problems related to Layer 3 switching and FHRPs. For each task or trouble
ticket, the scenario and problem symptoms are described. While troubleshooting, you will discover the cause
of the problem, correct it, and then document the process and results.
Physical and Logical Topology Diagrams
The physical and logical topologies, including interface designations and IPv4/IPv6 addresses, are provided
to assist the troubleshooting effort.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 12
CCNPv7 TSHOOT
Lab 4-2, Mixed Layer 2-3 Connectivity
Task 1: Trouble Ticket Lab 4-2 TT-A
Step 1: Review trouble ticket Lab 4-2 TT-A.
During last Friday’s maintenance window, a series of failover tests at headquarters and the branch offices were
executed. It was discovered during a reboot of switch DLS1 that connectivity between clients in OFFICE VLAN
120 and the Internet was lost. After router DLS1 came back online, the clients regained connectivity. This was not
the expected behavior, because the network provides gateway first-hop redundancy for clients in the OFFICE
VLAN to ensure correct failover during outages: If one of the HSRP switches fails, the hosts on the OFFICE VLAN
should still be able to access the Internet (by pinging R2 Lo1 2.2.2.2 during the outage).
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table.
Note: You can test the simulated Internet access by opening a browser and entering the IP address of the R2 Lo1
interface 2.2.2.2. You will be prompted for a username and password. You can gain access to the router GUI
management interface by entering username cisco and the enable password cisco.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab42-ALS1-TT-A-Cfg.txt
DLS1
Lab42-DLS1-TT-A-Cfg.txt
DLS2
Lab42-DLS2-TT-A-Cfg.txt
R1
Lab42-R1-TT-A-Cfg.txt
R2
Lab42-R2-TT-A-Cfg.txt
R3
Lab42-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
PC-C
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers.
a. Ensure that SRV1 has the static IP address 10.1.100.1 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1, which is the syslog server for the entire network. When the network
is properly configured, all devices send syslog messages to SRV1.
c.
Start the TFTP server on SRV1, which is the archive server for the entire network. When the network
is properly configured, all devices send archives of their running configurations to this server
whenever the running config is copied to the startup config. Ensure that the default TFTP directory on
SRV1 is set to the directory where you want to store the archives.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
a. Ensure that PC-B and PC-C are configured as DHCP clients.
b. After loading all TT-A device configuration files, issue the ipconfig/release and
ipconfig/renew commands on PC-B and PC-C. You might need to repeat this process after the
TT problems have been resolved.
Note: Problems introduced into the network by the trouble ticket might prevent one or both of the PCs
from acquiring an IP address. Be sure to attempt to release and renew the DHCP leases on PC-B and
PC-C. Do not assign either PC a static address.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 12
CCNPv7 TSHOOT
Lab 4-2, Mixed Layer 2-3 Connectivity
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 12
CCNPv7 TSHOOT
Lab 4-2, Mixed Layer 2-3 Connectivity
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, and useful commands
employed. It can also include alternate solutions, methods, and procedures and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 2: Trouble Ticket Lab 4-2 TT-B
Step 1: Review trouble ticket Lab 4-2 TT-B.
Upon arriving at the office this morning, you find the following ticket in the system:
Switch ALS1 has been showing CRC errors on a group of eight ports for several days. It was suspected that
hardware was the cause. During yesterday evening’s maintenance window, the switch was replaced with a similar
switch from the lab. After this replacement, clients could connect, and no errors were shown on the ports.
However, making a backup of the ALS1 configuration to server SRV1 did not work, and no syslog messages from
ALS1 are being received by SRV1. The switch is not reachable via SSH from server SRV1. There was no time for
further research yesterday so, because there is no impact to users, it was decided to leave the switch and pick up
this issue the next day.
Your task is to diagnose the issue and restore connectivity between switch ALS1 and server SRV1. After
resolving the problem, make a backup of the configuration to server SRV1.
Step 2: Load the device trouble ticket configuration files for TT-B.
Load the proper configuration files indicated in the Device Configuration File Table.
Note: The following device access methods are in effect after loading the configuration files:
•
•
•
Console access requires no username or password.
SSH requires the username admin and password cisco.
The enable password is cisco.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab42-ALS1-TT-B-Cfg.txt
DLS1
Lab42-DLS1-TT-B-Cfg.txt
DLS2
Lab42-DLS2-TT-B-Cfg.txt
R1
Lab42-R1-TT-B-Cfg.txt
R2
Lab42-R2-TT-B-Cfg.txt
Notes
R3
Lab42-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 12
CCNPv7 TSHOOT
PC-C
Lab 4-2, Mixed Layer 2-3 Connectivity
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include follow-the-path, perform-comparison, bottom-up, top-down,
divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 12
CCNPv7 TSHOOT
Device
Lab 4-2, Mixed Layer 2-3 Connectivity
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions, methods and processes, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 3: Trouble Ticket Lab 4-2 TT-C
Step 1: Review trouble ticket Lab 4-2 TT-C.
Mary performed a password recovery on ALS1 last night after hours so that no users would be affected. This
morning no trouble tickets were posted and apparently employees have normal network access. You went to
reconfigure a switch port on ALS1 to the OFFICE VLAN for a new cubicle, but ping, Telnet, and SSH to ALS1 via
IPv4 are failing from the ISP management station at 10.1.202.1. You can ping ALS1 interfaces using IPv6. You try
to SSH via IPv6, but you get the message % Connection refused by remote host; you then recall
baseline policy dictates ALS1 to have an IPv6 ACL applied to its vty lines to prevent IPv6 access.
You check the logs on SRV1 and notice that all network devices indicate periodic entries from this morning,
except ALS1. You can SSH into DLS1 and DLS2, which have networks in common with ALS1; thinking that it may
be easier to attempt SSH from a device on the same network as VLAN 99, you try to SSH from SVI 99 on DLS1
directly to SVI 99 on ALS1. But Mary changed the account information for remote access on ALS1! You have no
option but to console into ALS1 to troubleshoot – fortunately you still have console access. Your task is to
reestablish remote access functionality to ALS1 via IPv4 from the ISP management station and reestablish
logging to SRV1 from ALS1.
Step 2: Load the device trouble ticket configuration files for TT-C.
Load the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab42-ALS1-TT-C-Cfg.txt
DLS1
Lab42-DLS1-TT-C-Cfg.txt
DLS2
Lab42-DLS2-TT-C-Cfg.txt
Notes
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 12
CCNPv7 TSHOOT
Lab 4-2, Mixed Layer 2-3 Connectivity
R1
Lab42-R1-TT-C-Cfg.txt
R2
Lab42-R2-TT-C-Cfg.txt
R3
Lab42-R3-TT-C-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
PC-C
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include follow-the-path, perform-comparison, bottom-up, top-down,
divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 12
CCNPv7 TSHOOT
Device
Lab 4-2, Mixed Layer 2-3 Connectivity
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, and useful commands
employed. It can also include alternate solutions, methods, and procedures and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 4: Trouble Ticket Lab 4-2 TT-D
Step 1: Review trouble ticket Lab 4-2 TT-D.
You assigned John the task of securing the HSRP implementation with MD5 authentication on the SERVERS
VLAN. After John completes the task, initial reports are promising, but turn out to be premature. Some company
guests are complaining about intermittent server access that seems to correlate with the HSRP authentication
changes. John often performs above-and-beyond expectations, and he took it upon himself to improve LAN
security by adding configuration commands on the multilayer switches to prevent traffic storms. Your task is to
review and verify the implementation of HSRP and fix issues that remain to return the network to a stable state.
Step 2: Load the device trouble ticket configuration files for TT-D.
Load the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab42-ALS1-TT-D-Cfg.txt
DLS1
Lab42-DLS1-TT-D-Cfg.txt
DLS2
Lab42-DLS2-TT-D-Cfg.txt
R1
Lab42-R1-TT-D-Cfg.txt
R2
Lab42-R2-TT-D-Cfg.txt
R3
Lab42-R3-TT-D-Cfg.txt
Notes
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 12
CCNPv7 TSHOOT
Lab 4-2, Mixed Layer 2-3 Connectivity
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
PC-C
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.
Step 5: Simulate traffic load from PC-C to SRV1.
Simulate server traffic load on from company guests: Enter the user EXEC mode commands ttcp receive on
R1 and ttcp transmit 10.1.2.2 on R3. A TTCP session can be stopped by entering Ctrl+Shift+6 followed
by x. Reenter the TTCP commands on R1 and R3 as necessary throughout this ticket.
To simulate the intermittent server access experienced by company guests, enter ping -t -l 19500
10.1.100.1 on PC-C – antivirus and firewall software may need to be disabled on some PCs to permit this
command. If requests are periodically timing out then the server access issue has not been resolved!
Step 6: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include follow-the-path, perform-comparison, bottom-up, top-down,
divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 7: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Note: You might need to issue the ipconfig /release and ipconfig /renew commands on DHCP clients after the
network device problems are resolved.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 12
CCNPv7 TSHOOT
Device
Lab 4-2, Mixed Layer 2-3 Connectivity
Actions and Results
Two useful commands for this ticket are described below. In this ticket the focus is on the unicast option.
Command
show storm-control [interface-id] [broadcast | multicast |
unicast]
Key Information Displayed
Displays storm control suppression levels set on the specified interface
for the specified traffic type. Interfaces will appear as Forwarding or
Blocking or Link Down.
Displays the state of syslog error and event logging, and whether
show logging
console logging is enabled. It also displays SNMP configuration
parameters.
Step 8: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, and useful commands
employed. It can also include alternate solutions, methods, and procedures and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 12
CCNPv7 TSHOOT
Chapter 5 Lab 5-1, Second Base
Physical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
Objectives
•
Establish an experimental baseline with support for IPv4 and IPv6 in first hop redundancy.
•
Establish a second baseline with support for DHCP redundancy and stronger authentication, as well
as a consolidated and integrated FHRP solution for IPv4 and IPv6.
Background
Technologies are emerging and changing as rapidly as ever. Network administrators and network architects
have difficult decisions regarding the implementation of technology upgrades while maintaining security,
availability, reliability, and scalability. FHRP support for IPv6 is as important as it is for IPv4: HSRP and GLBP
both have IPv6 implementations. GLBP has the advantage of built-in load balancing functionality. Finally,
current Cisco IOS releases support HMAC-SHA-256 routing protocol authentication.
Less cutting-edge, but very practical solutions are also recommended for a network upgrade. Redundant
DHCP servers improve reliability and availability for network users. MD5 authentication is supported for
routing protocols on multilayer switches, as well as for first hop redundancy protocols on distribution and core
layer devices.
To implement these technologies and solutions, two additional baselines, “Experimental BASE” and “Second
BASE”, are recommended. These baselines are developed beginning with the original baseline.
In the end, the Second BASE network baseline will be well-positioned for the implementation of additional
technologies to optimize network performance. GLBP supports weighted load balancing for active forwarding
routers. Object tracking with IP SLAs extends FHRP redundancy options, compared to the more traditional
solutions involving HSRP with interface tracking. And Cisco IPv6 implementations support options to improve
performance in a redundant DHCP server environment.
For each task, the updated baseline specifications are described. Any troubleshooting that is required will
stem from issues naturally arising during the implementation of the new technologies. As always, problems
and solutions that present during network upgrades should be documented.
Physical and Logical Topology Diagrams
The new physical topology reflects a change to trunk links between the distribution and core devices. The
Experimental BASE and Second BASE logical topologies presented at the beginning of each task include
references and labeling to reflect updates with addressing, DHCP, FHRP, and protocol authentication.
The Experimental BASE logical topology describes the topology that results after completing Task 1. The
Second BASE logical topology describes the topology that results after completing Task 2.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
Task 1: Network Baseline Upgrade Lab 5-1 TT-A
Logical Topology (Experimental Base)
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
Step 1: Review requirements ticket Lab 5-1 TT-A.
Your company network is already running a dual stack environment. But there is currently no FHRP support for
IPv6. The directive to you is to implement a two-stage migration plan with several objectives. In this first stage, the
distribution-to-core layer links change to trunks, as indicated in the logical topology. HSRP for IPv6 is to be
implemented at the distribution layer and GLBP for IPv4 is to be implemented at the core layer – FHRP VLAN
priorities defined by the BASE configuration are maintained. Additional IPv4 excluded addresses are necessary to
accommodate the addressing changes.
You have the following tasks:
•
Remove the HSRPv1 for IPv4 configurations.
•
Configure HSRP for IPv6 on DLS1 and DLS2 SVIs 99, 100, 110, 120, and 200.
•
Exclude additional IPv4 addresses for DHCP to accommodate the addressing changes specified in the
logical topology.
•
Change the routed links between the distribution and core layers to trunk links, using the addressing
specified in the logical topology.
•
Configure GLBP on R1 and R3 for IPv4 on VLANs 99, 100, 110, 120, and 200.
•
Verify the DHCP, FHRP, and EIGRP functionality.
Step 2: Load the pre-upgrade configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table (pre-upgrade)
Device Name
File to Load
ALS1
Lab51-ALS1-TT-A-Cfg.txt
DLS1
Lab51-DLS1-TT-A-Cfg.txt
DLS2
Lab51-DLS2-TT-A-Cfg.txt
Notes
R1
Lab51-R1-TT-A-Cfg.txt
R2
Lab51-R2-TT-A-Cfg.txt
R3
Lab51-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Remove HSRP Version 1.
On DLS1 and DLS2, remove all configuration commands pertaining to HSRP. If any existing HSRP commands
are present when implementing HSRP for IPv6, errors will result. To speed up the process, you can copy the SVI
portions of the show run output into Notepad, delete the interface commands unrelated to HSRP, prepend each
HSRP command with no, and paste the resulting configuration sequence back into global configuration mode; this
same Notepad text can be edited in Step 4, if desired, to speed up the configuration of HSRP for IPv6 on the
SVIs.
Step 4: Implement HSRP for IPv6.
a. HSRP for IPv6 requires HSRPv2 to be enabled on an interface. For SVI 99, 100, 110, 120, and 200, enter
the interface configuration mode command standby version 2. Note that HSRPv2 is an IPv4-specific
FHRP which serves as an upgraded version of HSRPv1.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
b. On each SVI, enter the command standby x ipv6 autoconfig where x is the VLAN number. This
command indicates that a virtual link-local IPv6 address will be generated automatically from the link-local
prefix, FE80:/64, and a modified EUI-64 format interface identifier, where the EUI-64 interface identifier is
created from the relevant HSRP for IPv6 virtual MAC address, which has the form 0005.73A0.0xyz (there
are 163 = 4096 possible HSRP IPv6 groups). For example, 0005.73A0.0063 is the virtual MAC address
for group 99 because 99 in hexadecimal is 63; the associated EUI-64 interface identifier is
0005.73FF.FEA0.0063 (the seventh bit in the EUI-64 address is not flipped because the interface
identifier is locally administered); so the virtual link-local IPv6 address is FE80::0005:73FF:FEA0:0063.
The remaining SVI commands are configured exactly the same as in HSRPv1. For example, for SVI 99
on DLS1:
standby 99 priority 110
standby 99 preempt
c.
Verify the configuration. DLS1 output shows the HSRP for IPv6 active routers:
DLS1# show standby brief
P indicates configured to preempt.
|
Interface
Grp Pri P State
Active
Standby
Vl99
99
110 P Active local
FE80::D2
Vl100
100 100 P Standby FE80::D2
local
Vl110
110 110 P Active local
FE80::D2
Vl120
120 110 P Active local
FE80::D2
Vl200
200 100 P Standby FE80::D2
local
Virtual IP
FE80::5:73FF:FEA0:63
FE80::5:73FF:FEA0:64
FE80::5:73FF:FEA0:6E
FE80::5:73FF:FEA0:78
FE80::5:73FF:FEA0:C8
More detail is shown here for SVI 99 on DLS1:
DLS1# show standby vlan 99
Vlan99 - Group 99 (version 2)
State is Active
2 state changes, last state change 00:40:52
Link-Local Virtual IPv6 address is FE80::5:73FF:FEA0:63 (conf auto EUI64)
Active virtual MAC address is 0005.73a0.0063
Local virtual MAC address is 0005.73a0.0063 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.632 secs
Preemption enabled
Active router is local
Standby router is FE80::D2, priority 100 (expires in 11.008 sec)
Priority 110 (configured 110)
Group name is "hsrp-Vl99-99" (default)
d. Change the IPv6 address on SRV1 to 2001:DB8:CAFE:100::5. Change the IPv6 default gateway on
SRV1 to the virtual IPv6 address for VLAN 100: FE80::5:73FF:FEA0:64. Verify with an IPv6 ping to
2001:DB8:EFAC::2 (Lo1 on R2) that there is connectivity to the Internet from SRV1.
e. PC-B and PC-C lose IPv4 connectivity because their respective IPv4 default gateways are still the
HSRPv1 virtual IP addresses for the associated VLANs.
f.
Change the IPv6 default route on ALS1 to point to the virtual IP for VLAN 99, FE80::5:73FF:FEA0:63:
ALS1(config)# ipv6 route ::/0 VLAN99 FE80::5:73FF:FEA0:63
g. IPv6 connectivity for PC-B and PC-C should be functional (if necessary, perform a NIC reset).
h. Perform a continuous IPv6 ping from PC-B to the Internet (Lo1 on R2) and simulate a failure of the active
router:
DLS1(config)# interface range f0/1-4
DLS1(config-if-range)# shutdown
Only a few ICMP request timeouts should occur during failover to DLS2.
Step 5: Exclude DHCPv4 addresses to be configured on the G0/1 subinterfaces of R1 and R3.
G0/1 on R1 and R3 requires subinterfaces corresponding to VLANs 99, 100, 110, 120, 200, and 666 (NATIVE).
Each of the corresponding addresses ending in .1 and .3 must be excluded from use by DHCPv4 on DLS1.
Extend the set of excluded addresses on DLS1 to include the first five addresses:
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
ip dhcp excluded-address 10.1.110.1 10.1.110.5
ip dhcp excluded-address 10.1.120.1 10.1.120.5
ip dhcp excluded-address 10.1.200.1 10.1.200.5
The SRV1 address 10.1.100.1 and configuration references to 10.1.100.1 will soon be replaced by 10.1.100.5.
Step 6: Change the routed links to trunk links between the core and distribution layers.
a. On DLS1 and DLS2 port F0/5, enter the command command switchport. The IPv4 and IPv6
configuration commands are automatically removed. Enter the trunk commands commands to complete
the configuration on the multilayer switches:
switchport
switchport
switchport
switchport
trunk encapsulation dot1q
trunk allowed vlan 99,100,110,120,200
mode trunk
nonegotiate
b. On R1 and R3 interface G0/1, remove the IPv4 and IPv6 addressing.
c.
On R1 and R3, create the the native VLAN subinterface. Here is the R1 configuration:
R1(config)# interface g0/1.666
R1(config-subif)# encapsulation dot1q 666 native
d. On R1 and R3, create the subinterfaces for VLANs 99, 100, 110, 120, and 200. For example, configure
R1 with a subinterface associated with VLAN 99 as follows:
R1(config)# interface g0/1.99
R1(config-subif)# encapsulation dot1q 99
R1(config-subif)# ip address 10.1.99.1 255.255.255.0
R1(config-subif)# ipv6 address fe80::1 link-local
R1(config-subif)# ipv6 address 2001:DB8:CAFE:99::1/64
Because Classic EIGRP is already configured on the distribution switch SVIs and Named EIGRP is
already configured on the core routers, the IPv4 and IPv6 EIGRP adjacencies will automatically form!
Note that there are now four EIGRP multi-access neighbors on each VLAN (99, 100, 110, 120, and 200).
The subinterface IPv4 and IPv6 addresses on DLS2 end with .3 and ::3, respectively, as seen in the
logical topologies at the beginning of Task 1 (TT-A).
Step 7: Implement GLBP for IPv4.
a. GLBP supports IPv4 and IPv6. In this, the first stage of the network baseline upgrade, GLBP will only be
used for IPv4 support. Configure GLBP for IPv4 on subinterfaces 99, 100, 110, 120, and 200 of G0/0 of
R1 and R3, with the same priorities that are used with HSRP for IPv6. Use the VLAN number for the
GLBP-for-IPv4 group number. For example, here are the required GLBP commands for VLAN 99
interface GigabitEthernet0/1.99
glbp 99 ip 10.1.99.254
glbp 99 priority 110
glbp 99 preempt
and the required GLBP commands for VLAN 100
interface GigabitEthernet0/1.100
glbp 100 ip 10.1.100.254
glbp 100 preempt
b. After completing the GLBP configuration, verify the AVG and AVF status. For example, the output
R1# show glbp gigabitEthernet 0/1.99 brief
Interface
Grp Fwd Pri State
Address
Gi0/1.99
99
110 Active
10.1.99.254
Gi0/1.99
99
1
Listen
0007.b400.6301
Gi0/1.99
99
2
Active
0007.b400.6302
Active router
local
10.1.99.3
local
Standby router
10.1.99.3
-
shows that
•
R1 is the AVG for VLAN 99
•
R1 is currently an AVF for the GLBP virtual MAC address 0007.b400.6302: R1 serves as the
default gateway for hosts that receive ARP replies from the AVG with virtual MAC address
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
0007.b400.6302 – note that your output may be reversed by the nature of GLBP’s round-robin
behavior, with R1 the AVF associated with MAC address 0007.b400.6301
•
R3 (we can infer) is currently an AVF for the GLBP virtual MAC address 0007.b400.6301: R3
serves as the default gateway for hosts that receive ARP replies from the AVG with virtual MAC
address 0007.b400.6301 – note that your output may be reversed by the nature of GLBP’s roundrobin behavior, with R3 the AVF associated with MAC address 0007.b400.6302
Because weighting has not been configured, GLBP uses the default method, round-robin, resulting in one
AVF for each virtual MAC address. If weighting were configured, R1 and R3 could both be AVFs for each
virtual MAC address.
c.
After releasing and renewing, the IPv4 addresses for PC-B and PC-C should now be in the new excluded
ranges for DHCPv4. Verify Internet IPv4 connectivity from PC-B and PC-C.
d. Change the IPv4 static IP address on SRV1 to 10.1.100.5/24 to remove the IP address conflict with
G0/1.100 on R1! Verify Internet IPv4 connectivity from SRV1.
e. Replace all instances of archiving, syslog, and SNMP commands containing “10.1.100.1” on all devices
with “10.1.100.5”. Restart the program(s) on SRV1 that handle archiving, syslog, and SNMP. Verify that
archiving, syslog, and SNMP are operating correctly.
f.
Verify GLBP failover by performing a continuous IPv4 ping to the Internet from PC-B and SRV1 and
shutting down G0/1 on R1. Only a few ICMP echo requests should time out during failover and recovery.
Note: The configuration files to be loaded on the devices in Task 2 are obtained from the configuration files of the
devices at the end of Task 1. So one option is to continue at this point with Task 2 using the configurations
obtained by completing Task 1 (without loading the configuration files for TT-B).
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
Task 2: Network Baseline Upgrade Lab 5-1 TT-B
Logical Topology (Second BASE)
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
Step 1: Review requirements ticket Lab 5-1 TT-B.
Some noticeable improvements in redundancy are now in place with the completion of stage one of the network
baseline upgrade (Experimental BASE). However, network technicians are reporting that some of the failover
behaviors and DHCP allocation behaviors are inconsistent. In order to provide a more reliable solution for the
employees, it is time to implement the second stage of the network baseline upgrade (Second BASE).
Both IPv4 and IPv6 FHRP redundancy will be handled by the core routers with GLBP. DLS2 will serve as a
redundant DHCP server for IPv4 and IPv6 to improve DHCP allocation performance and consistency. Route
authentication will be implemented on core and distribution devices to complete the network baseline upgrade.
And FHRP authentication for both IPv4 and IPv6 will be implemented. The new baseline will put the network in a
ready position for additional improvements, such as weighted load balancing and object tracking with IP SLAs.
Beginning with the Experimental BASE, you have the following tasks:
•
Remove the HSRP for IPv6 configurations.
•
Configure GLBP for IPv6 on R1 and R3 for VLANs 99, 100, 110, 120, and 200.
•
Verify the GLBP functionality for both IPv4 and IPv6. Add 400 to the GLBP-for-IPv4 group numbers to
obtain the GLBP-for-IPv6 group numbers.
•
Configure DLS2 as a redundant DHCP server for IPv4 and IPv6.
•
Configure MD5 route authentication for EIGRP at the at the distribution layer, and between the
distribution and core devices. Configure HMAC-SHA-256 authentication for EIGRP between the core
devices.
•
Configure GLBP MD5 authentication for IPv4 and IPv6.
•
Verify GLBP and EIGRP functionality.
Step 2: Load the Experimental BASE configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table (from Experimental BASE)
Device Name
File to Load
ALS1
Lab51-ALS1-TT-B-Cfg.txt
DLS1
Lab51-DLS1-TT-B-Cfg.txt
DLS2
Lab51-DLS2-TT-B-Cfg.txt
Notes
R1
Lab51-R1-TT-B-Cfg.txt
R2
Lab51-R2-TT-B-Cfg.txt
R3
Lab51-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.5 and 2001:DB8:CAFE:100::5
Default gateway: 10.1.100.254 and FE80::5:73FF:FEA0:64
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Note that the static IP address has changed for SRV1 to 10.1.100.5 because R1 G0/1.100 now has the IP
address 10.1.100.1. The IPv6 address and gateway on SRV1 are indicated in the table above; recall that the
gateway IPv6 address is the HSRP virtual IPv6 address for VLAN 100.
Step 4: Remove HSRP for IPv6.
On DLS1 and DLS2, remove all configuration commands pertaining to HSRP.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
Step 5: Implement GLBP for IPv6.
a. GLBP is the only FHRP option that simultaneously supports IPV4 and IPv6 redundancy on the same
interface. The distribution layer devices do not support GLBP. The core routers support GLBP. Configure
GLBP for IPv6 on the subinterfaces of R1 and R3 corresponding to VLANs 99, 100, 110, 120, and 200.
The same group number cannot be used for IPv4 and IPv6: the network design prescribes adding 400 to
each GLBP-for-IPv4 group number to obtain the respective GLBP-for-IPv6 group number. Use the same
priorities as were configured for GLBP for IPv4 (from Experimental BASE).
To illustrate, the IPv6 GLBP configuration for G0/1.99 on R1 introduces GLBP virtual IPv6
autoconfiguration, raises the default priority of 100 to 110, and implements preemptive AVG election:
interface
glbp 499
glbp 499
glbp 499
GigabitEthernet0/1.99
ipv6 autoconfig
priority 110
preempt
The autoconfig keyword indicates that a virtual link-local IPv6 address for each AVF will be generated
automatically from the link-local prefix, FE80:/64, and a modified EUI-64 format interface identifier, where
the EUI-64 interface identifier is created from the relevant GLBP virtual MAC address. For example,
0007.B401.F302 is the virtual MAC address for AVF2 of GLBP group 499 in the GLBP format because
499 in hexadecimal is 1F3, so the virtual link-local IPv6 address for AFV2 is FE80::7:B4FF:FE01:F300.
This is the virtual IP address for all AVFs in GLBP group 499 (a GLBP group can have up to four AVFs).
For another illustration, the IPv6 GLBP configuration on G0/1.200 of R3 is consistent with that for IPv4:
interface
glbp 600
glbp 600
glbp 600
GigabitEthernet0/1.200
ipv6 autoconfig
priority 110
preempt
b. Verify the IPv6 GLBP configuration. For example, since 600 in hexadecimal is 258, the output
R3# show glbp brief | include 600
Gi0/1.200
600 110 Active
FE80::7:B4FF:FE02:5800
Gi0/1.200
600 1
Active
0007.b402.5801 FE80::3
Gi0/1.200
600 2
Listen
0007.b402.5802 local
-
indicates that the virtual IP address for AVFs in VLAN 200 is FE80::7:B4FF:FE02:5800, and that R3 is the
AVG for IPv6 GLBP group 600.
c.
Change the IPv6 default gateway on SRV1 to FE80::7:B4FF:FE01:F400, the GLBP virtual IPv6 address
for VLAN 100.
d. Change the default route on ALS1 to point to FE80::7:B4FF:FE01:F300, the GLBP virtual IPv6 address
for VLAN 99.
e. Release and renew the IPv4/6 configurations on PC-B and PC-C. Verify that PC-B and PC-C have full
IPv4/6 connectivity.
f.
Verify that SRV1 has full IPv4/6 connectivity.
g. Test IPv4 and IPv6 failover by performing simultaneous continuous pings from two command prompts on
SRV1 to 2.2.2.2 and 2001:DB8:ECAF::2 and then shutting down interface G0/1 on R3. Failover should
result in the timeout of just a few ICMP echo requests. Upon bringing G0/1 back up the network
reconvergence will result in more timeouts.
h. Generate a continuous ping to 2.2.2.2 from PC-B and a continuous ping from PC-C to 2001:DB8:EFAC::2
and then shut down interface G0/1 on R1. The results should be similar to that from SRV1.
Step 6: Configure DHCP redundancy for IPv4 and IPv6.
a. Configure DLS2 as a redundant DHCP server. For the DHCPv6 configuration on DLS2, the DHCPv6
configuration on DLS1 can be copied onto DLS2. For the DHCPv4 configuration on DLS2, configure the
address space so that addresses are allocated from 10.1.x.129 through 10.1.x.250 on VLANs 110, 120,
and 200. To this end, paste the following command sequence into global configuration mode on DLS2:
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
ip dhcp excluded-address 10.1.120.251 10.1.120.254
ip dhcp excluded-address 10.1.200.251 10.1.200.254
ip dhcp excluded-address 10.1.110.251 10.1.110.254
ip dhcp excluded-address 10.1.110.1 10.1.110.128
ip dhcp excluded-address 10.1.120.1 10.1.120.128
ip dhcp excluded-address 10.1.200.1 10.1.200.128
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
default-router 10.1.120.254
!
ipv6 unicast-routing
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6VOICE
address prefix 2001:DB8:CAFE:200:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6GUEST
address prefix 2001:DB8:CAFE:110:ABCD::/80
domain-name tshoot.net
!
interface Vlan110
ipv6 dhcp server DHCPv6GUEST
!
interface Vlan120
ipv6 dhcp server DHCPv6OFFICE
!
interface Vlan200
ipv6 dhcp server DHCPv6VOICE
If you have not already, increase the line delay in your terminal emulator to at least 100 ms to avoid a
buffer overflow, resulting in some commands not being processed when you paste this configuration into
global configuration mode of DLS2.
b. On DLS1, add the following lines:
ip dhcp excluded-address 10.1.120.129 10.1.120.250
ip dhcp excluded-address 10.1.200.129 10.1.200.250
ip dhcp excluded-address 10.1.110.129 10.1.110.250
At this point, the addresses that DLS1 can allocate are:
10.1.110.6 to 10.1.110.128
10.1.120.6 to 10.1.120.128
10.1.200.6 to 10.1.200.128
And the addresses that DLS2 can allocate are:
10.1.110.129 to 10.1.110.250
10.1.120.129 to 10.1.120.250
10.1.200.129 to 10.1.200.250
The specifications for the IPv6 Neighbor Discovery Protocol (NDP) include the duplicate address
detection feature (DAD) to ensure that hosts are assigned unique IPv6 addresses. Note that the DHCPv6
address pool for each VLAN has over a trillion addresses.
Now, DLS1 allocates addresses from the first half of the IPv4 address space in each VLAN and DLS2
allocates addresses in the second half of the IPv4 address space in each VLAN.
This completes the implementation of redundant DHCP servers for the network.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
Step 7: Configure MD5 route authentication for EIGRP within the distribution layer and between
the distribution layer and the core layer.
a. Rotation of keys is enabled by the use of key chains. Each key is valid for the period defined by the
accept-lifetime and send-lifetime commands. Set the clock on the NTP master so that the time
is current. The setting here is just an example:
R2# clock set 09:05:00 Oct 29 2014
Create key chains on DLS1, DLS2, R1, and R3, starting in global configuration mode:
key chain morphism
key 3
key-string finite
accept-lifetime 00:00:00 Jun 1 2014 00:00:00 Sep 12 2015
send-lifetime 00:00:00 Jun 1 2014 00:00:00 Aug 12 2015
key 4
key-string smooth
accept-lifetime 00:00:00 Aug 12 2015 00:00:00 Dec 12 2016
send-lifetime 00:00:00 Sep 12 2015 00:00:00 Nov 12 2016
key 5
key-string flat
accept-lifetime 00:00:00 Nov 12 2016 00:00:00 Mar 12 2017
send-lifetime 00:00:00 Dec 12 2016 00:00:00 Feb 12 2017
The key lifetimes for the keys in the key chain overlap to avoid neighbor authentication failure during a
transition between keys.
Note: The key lifetimes on the distribution and core devices require the correct date and time for EIGRP
operation. If the current time does not fall in the range June 1, 2014 to February 12, 2017, EIGRP will not
converge – in this case, add a fixed number n as appropriate to each year appearing above (six times) so
that the resulting time ranges encompass the current time.
b. On each of SVI 99, 100, 110, 120, and 200 of DLS1 and DLS2, enter the following four commands:
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 morphism
ipv6 authentication mode eigrp 1 md5
ipv6 authentication key-chain eigrp 1 morphism
c. On R1 and R3 configure the following commands, starting from global configuration mode:
router eigrp HQ
address-family ipv4 unicast autonomous-system 1
af-interface g0/1.99
authentication key-chain morphism
authentication mode md5
exit-af-interface
af-interface g0/1.100
authentication key-chain morphism
authentication mode md5
exit-af-interface
af-interface g0/1.110
authentication key-chain morphism
authentication mode md5
exit-af-interface
af-interface g0/1.120
authentication key-chain morphism
authentication mode md5
exit-af-interface
af-interface g0/1.200
authentication key-chain morphism
authentication mode md5
exit-af-interface
exit-address-family
!
address-family ipv6 unicast autonomous-system 1
af-interface g0/1.99
authentication key-chain morphism
authentication mode md5
exit-af-interface
af-interface g0/1.100
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
authentication key-chain
authentication mode md5
exit-af-interface
af-interface g0/1.110
authentication key-chain
authentication mode md5
exit-af-interface
af-interface g0/1.120
authentication key-chain
authentication mode md5
exit-af-interface
af-interface g0/1.200
authentication key-chain
authentication mode md5
exit-af-interface
exit-address-family
morphism
morphism
morphism
morphism
Step 8: Configure HMAC-SHA-256 route authentication for EIGRP within the core layer.
On R1, R2, and R3, configure the following commands, starting from global configuration mode:
key chain manifold
key 0
key-string riemannian
accept-lifetime 00:00:00 Jun 1 2014 00:00:00 Sep 12 2015
send-lifetime 00:00:00 Jun 1 2014 00:00:00 Aug 12 2015
key 1
key-string symplectic
accept-lifetime 00:00:00 Aug 12 2015 00:00:00 Dec 12 2016
send-lifetime 00:00:00 Sep 12 2015 00:00:00 Nov 12 2016
key 2
key-string lie-group
accept-lifetime 00:00:00 Nov 12 2016 00:00:00 Mar 12 2017
send-lifetime 00:00:00 Dec 12 2016 00:00:00 Feb 12 2017
!
router eigrp HQ
address-family ipv4 unicast autonomous-system 1
af-interface s0/0/0
authentication mode hmac-sha-256 scheme
authentication key-chain manifold
exit-af-interface
af-interface s0/0/1
authentication mode hmac-sha-256 scheme
authentication key-chain manifold
exit-af-interface
exit-address-family
address-family ipv6 unicast autonomous-system 1
af-interface s0/0/0
authentication mode hmac-sha-256 scheme
authentication key-chain manifold
exit-af-interface
af-interface s0/0/1
authentication mode hmac-sha-256 scheme
authentication key-chain manifold
exit-af-interface
exit-address-family
Note that authentication commands on the unused interfaces S0/0/1 of R1 and S0/0/0 of R3 is for future use.
This completes the configuration of EIGRP route authentication for Second BASE.
Step 8: Configure GLBP MD5 authentication for IPv4 and IPv6.
On R1 and R3 configure the following commands, starting from global configuration mode:
interface GigabitEthernet0/1.99
glbp 99 authentication md5 key-chain morphism
glbp 499 authentication md5 key-chain morphism
!
interface GigabitEthernet0/1.100
glbp 100 authentication md5 key-chain morphism
glbp 500 authentication md5 key-chain morphism
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
!
interface
glbp 110
glbp 510
!
interface
glbp 120
glbp 520
!
interface
glbp 200
glbp 600
GigabitEthernet0/1.110
authentication md5 key-chain morphism
authentication md5 key-chain morphism
GigabitEthernet0/1.120
authentication md5 key-chain morphism
authentication md5 key-chain morphism
GigabitEthernet0/1.200
authentication md5 key-chain morphism
authentication md5 key-chain morphism
The same keys are used for GLBP as are used for route authentication between the distrubtion and core devices.
Step 9: Verify EIGRP and GLBP functionality.
a. There are many ways to verify EIGRP functionality. DLS1 has all IPv4 and IPv6 EIGRP routes:
DLS1# show ip route eigrp
<output omitted>
D
2.0.0.0/8 [90/2170144] via 10.1.100.3, 01:08:11, Vlan100
[90/2170144] via 10.1.100.1, 01:08:11, Vlan100
[90/2170144] via 10.1.99.3, 01:08:11, Vlan99
[90/2170144] via 10.1.99.1, 01:08:11, Vlan99
10.0.0.0/8 is variably subnetted, 19 subnets, 3 masks
D
10.1.1.0/30 [90/2170112] via 10.1.200.1, 01:08:11, Vlan200
[90/2170112] via 10.1.110.1, 01:08:11, Vlan110
[90/2170112] via 10.1.100.1, 01:08:11, Vlan100
[90/2170112] via 10.1.99.1, 01:08:11, Vlan99
D
10.1.1.1/32 [90/2682112] via 10.1.200.3, 01:08:09, Vlan200
[90/2682112] via 10.1.110.3, 01:08:09, Vlan110
[90/2682112] via 10.1.100.3, 01:08:09, Vlan100
[90/2682112] via 10.1.99.3, 01:08:09, Vlan99
D
10.1.1.2/32 [90/2170112] via 10.1.200.1, 01:08:11, Vlan200
[90/2170112] via 10.1.110.1, 01:08:11, Vlan110
[90/2170112] via 10.1.100.1, 01:08:11, Vlan100
[90/2170112] via 10.1.99.1, 01:08:11, Vlan99
D
10.1.1.4/30 [90/2170112] via 10.1.200.3, 01:08:09, Vlan200
[90/2170112] via 10.1.110.3, 01:08:09, Vlan110
[90/2170112] via 10.1.100.3, 01:08:09, Vlan100
[90/2170112] via 10.1.99.3, 01:08:09, Vlan99
D
10.1.1.5/32 [90/2682112] via 10.1.200.1, 01:08:11, Vlan200
[90/2682112] via 10.1.110.1, 01:08:11, Vlan110
[90/2682112] via 10.1.100.1, 01:08:11, Vlan100
[90/2682112] via 10.1.99.1, 01:08:11, Vlan99
D
10.1.1.6/32 [90/2170112] via 10.1.200.3, 01:08:09, Vlan200
[90/2170112] via 10.1.110.3, 01:08:09, Vlan110
[90/2170112] via 10.1.100.3, 01:08:09, Vlan100
[90/2170112] via 10.1.99.3, 01:08:09, Vlan99
D
10.1.201.1/32 [90/2848] via 10.1.200.1, 01:08:11, Vlan200
[90/2848] via 10.1.110.1, 01:08:11, Vlan110
[90/2848] via 10.1.100.1, 01:08:11, Vlan100
[90/2848] via 10.1.99.1, 01:08:11, Vlan99
D
10.1.202.1/32 [90/2170144] via 10.1.100.3, 01:08:11, Vlan100
[90/2170144] via 10.1.100.1, 01:08:11, Vlan100
[90/2170144] via 10.1.99.3, 01:08:11, Vlan99
[90/2170144] via 10.1.99.1, 01:08:11, Vlan99
D
10.1.203.1/32 [90/2848] via 10.1.200.3, 01:08:09, Vlan200
[90/2848] via 10.1.110.3, 01:08:09, Vlan110
[90/2848] via 10.1.100.3, 01:08:09, Vlan100
[90/2848] via 10.1.99.3, 01:08:09, Vlan99
DLS1# show ipv6 route eigrp
<output omitted>
D
2001:DB8:CAFE:10::/64 [90/2170112]
via FE80::1, Vlan99
via FE80::1, Vlan120
via FE80::1, Vlan100
via FE80::1, Vlan110
via FE80::1, Vlan200
D
2001:DB8:CAFE:14::/64 [90/2170112]
via FE80::3, Vlan99
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
D
D
D
D
via FE80::3, Vlan100
via FE80::3, Vlan110
via FE80::3, Vlan200
via FE80::3, Vlan120
2001:DB8:CAFE:201::/64 [90/2848]
via FE80::1, Vlan99
via FE80::1, Vlan120
via FE80::1, Vlan100
via FE80::1, Vlan110
via FE80::1, Vlan200
2001:DB8:CAFE:202::/64 [90/2170144]
via FE80::1, Vlan99
via FE80::3, Vlan99
via FE80::1, Vlan120
via FE80::1, Vlan100
via FE80::3, Vlan100
via FE80::1, Vlan110
via FE80::3, Vlan110
via FE80::1, Vlan200
via FE80::3, Vlan200
via FE80::3, Vlan120
2001:DB8:CAFE:203::/64 [90/2848]
via FE80::3, Vlan99
via FE80::3, Vlan100
via FE80::3, Vlan110
via FE80::3, Vlan200
via FE80::3, Vlan120
2001:DB8:EFAC::/48 [90/2170144]
via FE80::1, Vlan99
via FE80::3, Vlan99
via FE80::1, Vlan120
via FE80::1, Vlan100
via FE80::3, Vlan100
via FE80::1, Vlan110
via FE80::3, Vlan110
via FE80::1, Vlan200
via FE80::3, Vlan200
via FE80::3, Vlan120
b. There are many ways to verify GLBP functionality. R1 has a complete GLBP solution for IPv4 and IPv6:
R1# show glbp brief
Interface
Grp Fwd
Gi0/1.99
99
Gi0/1.99
99
1
Gi0/1.99
99
2
Gi0/1.99
499 -
Pri
110
110
State
Active
Listen
Active
Active
Gi0/1.99
Gi0/1.99
Gi0/1.100
Gi0/1.100
Gi0/1.100
Gi0/1.100
499
499
100
100
100
500
1
2
1
2
-
100
100
Active
Listen
Standby
Active
Listen
Standby
Gi0/1.100
Gi0/1.100
Gi0/1.110
Gi0/1.110
Gi0/1.110
Gi0/1.110
500
500
110
110
110
510
1
2
1
2
-
110
110
Listen
Active
Active
Listen
Active
Active
Gi0/1.110
Gi0/1.110
Gi0/1.120
Gi0/1.120
Gi0/1.120
Gi0/1.120
510
510
120
120
120
520
1
2
1
2
-
110
110
Active
Listen
Active
Listen
Active
Active
Gi0/1.120
Gi0/1.120
Gi0/1.200
Gi0/1.200
520
520
200
200
1
2
1
100
-
Active
Listen
Standby
Active
Address
Active router
10.1.99.254
local
0007.b400.6301 10.1.99.3
0007.b400.6302 local
FE80::7:B4FF:FE01:F300
local
0007.b401.f301 local
0007.b401.f302 FE80::3
10.1.100.254
10.1.100.3
0007.b400.6401 local
0007.b400.6402 10.1.100.3
FE80::7:B4FF:FE01:F400
FE80::3
0007.b401.f401 FE80::3
0007.b401.f402 local
10.1.110.254
local
0007.b400.6e01 10.1.110.3
0007.b400.6e02 local
FE80::7:B4FF:FE01:FE00
local
0007.b401.fe01 local
0007.b401.fe02 FE80::3
10.1.120.254
local
0007.b400.7801 10.1.120.3
0007.b400.7802 local
FE80::7:B4FF:FE02:800
local
0007.b402.0801 local
0007.b402.0802 FE80::3
10.1.200.254
10.1.200.3
0007.b400.c801 local
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Standby router
10.1.99.3
FE80::3
local
local
10.1.110.3
FE80::3
10.1.120.3
FE80::3
local
-
Page 15 of 16
CCNPv7 TSHOOT
Lab 5-1, Second Base
Gi0/1.200
Gi0/1.200
200
600
2
-
Listen
100 Standby
Gi0/1.200
Gi0/1.200
600
600
1
2
-
Listen
Active
0007.b400.c802 10.1.200.3
FE80::7:B4FF:FE02:5800
FE80::3
0007.b402.5801 FE80::3
0007.b402.5802 local
local
-
This completes Task 2, creating Second BASE. This baseline will be reused in some other TSHOOT labs.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 16
CCNPv7 TSHOOT
Chapter 6 Lab 6-1, IP Days
Physical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
Logical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
Objectives
• Load the device configuration files for each trouble ticket.
• Diagnose and resolve problems related to IP addressing and NAT.
• Diagnose and resolve problems related to IP addressing and DHCP.
• Document the troubleshooting progress, configuration changes, and problem resolution.
Background
Network Address Translation (NAT) is routinely employed in small and large networks. NAT preserves the
public IPv4 address space and can provide a measure of security by using private addresses internally.
Network layer connectivity issues associated with NAT can include address pool definition, pool depletion,
address configuration, interface boundaries, and the type of NAT employed: static, dynamic, or Port Address
Translation (PAT).
DHCP is the most common method of assigning IP addressing information to end-user clients. Network layer
connectivity issues associated with DHCP include address pool definition, pool depletion, address and default
gateway configuration, and server accessibility. In this lab, you will troubleshoot various problems related to
NAT and DHCP.
For each task or trouble ticket, the trouble scenario and problem symptom are described. While
troubleshooting, you will discover the cause of the problem, correct it, and then document the process and
results.
NAT and DHCP Configuration
Your company has decided not to implement a hosted services data center because of cost considerations.
Because you will not be advertising a hosted services network, it was decided to discontinue the use of
Border Gateway Protocol (BGP) in favor of a simple default static configuration.
Phase 1 (TT-A and TT-B): Dynamic NAT will be used for internal IPv4 users accessing the Internet. Static
NAT will give teleworkers IPv4 access to some of the key internal servers. Your Internet service provider
(ISP) has assigned a block of public addresses using prefix 198.133.219.0/27. These addresses will be used
for dynamic NAT with the internal 10.1.0.0/16 network, as well as static NAT to specific servers. Server SRV1
will act as a test server that provides access to an internal web-based application for remote workers. Router
R1 will have a default route to the ISP (R2) and will redistribute that route into Enhanced Interior Gateway
Routing Protocol (EIGRP). The ISP will use an IPv4 static route to the NAT public address pool on R1 and an
IPv6 static route to the 2001:DB8:CAFE::/48 network.
Phase 2 (TT-C): A second DHCP server will be added in TT-C to support the branch office router R3 LAN.
Switch DLS2 will be configured to provide DHCP addresses to the R3 LAN clients. The following diagram
provides information on the NAT (Phase 1) and DHCP (Phase 2) implementation.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
Physical and Logical Topology Diagrams
The physical and logical topologies for the BASE Lab (First Baseline), with EIGRP, are provided to assist the
troubleshooting effort.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Note: Any changes made to the BASE Lab configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
•
PC-B and PC-C (DHCP clients): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
Task 1: Trouble Ticket Lab 6-1 TT-A
Step 1: Review trouble ticket Lab 6-1 TT-A.
Your colleague has configured NAT on the edge router (R1), and the external users (simulated by R2 Lo0)
can access the test server on the internal private network via IPv4. However, host PC-B on the internal
network cannot access the Internet via IPv4 (simulated by R2 Lo0). Your task is to diagnose the problem and
verify that NAT is properly configured. In addition to external users accessing SRV1, internal users must also
be able to access the Internet.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files indicated in the Device Configuration File Table. The files are based on the
First Baseline.
Note: You can gain access to the router GUI management interface through a web browser – when prompted
enter the username cisco and the enable password cisco.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab61-ALS1-TT-A-Cfg.txt
DLS1
Lab61-DLS1-TT-A-Cfg.txt
DLS2
Lab61-DLS2-TT-A-Cfg.txt
R1
Lab61-R1-TT-A-Cfg.txt
R2
Lab61-R2-TT-A-Cfg.txt
R3
Lab61-R3-TT-A-Cfg.txt
SRV1
N/A
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases.
a. Ensure that PC-B and PC-C are configured as a DHCP clients.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig
/renew commands on both PCs.
Note: This trouble ticket assumes that PC-C is in its standard location (connected to F0/18 on DLS2).
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, and useful commands
employed. It can also include alternate solutions, methods, and procedures and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
Task 2: Trouble Ticket Lab 6-1 TT-B
Step 1: Review trouble ticket Lab 6-1 TT-B.
The NAT configuration has been corrected, and dynamic NAT is now functioning between internal hosts and
the ISP. However, some users have called the help desk stating that Internet access is inconsistent.
Sometimes it works, and other times it does not. Your task is to diagnose the problem and correct it. At a
minimum, propose a possible solution to the problem so that internal users can consistently access the
Internet.
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files indicated in the Device Configuration File Table. The files are based on the
First Baseline.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab61-ALS1-TT-B-Cfg.txt
DLS1
Lab61-DLS1-TT-B-Cfg.txt
DLS2
Lab61-DLS2-TT-B-Cfg.txt
R1
Lab61-R1-TT-B-Cfg.txt
R2
Lab61-R2-TT-B-Cfg.txt
R3
Lab61-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases.
a. Ensure that PC-B and PC-C are configured as a DHCP clients.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig
/renew commands on both PCs.
Note: This trouble ticket assumes that PC-C is in its standard location (connected to F0/18 on DLS2).
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions, methods and procedure, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
Task 3: Trouble Ticket Lab 6-1 TT-C
Step 1: Review trouble ticket Lab 6-1 TT-C.
The company is expanding and opening a new branch office LAN that will be connected to router R3. It has
been decided that switch DLS2 will provide DHCP services to this remote office. The branch office is
represented by test host PC-C, which will be configured as a DHCP client. Your colleague says he has
configured DHCP on DLS2 with a corresponding subnet and DHCP pool. However, test client PC-C has not
been able to access server SRV1. The first address in the pool should be excluded because it is reserved for
the R3 default gateway G0/0.
Your task is to verify VLAN configuration and DHCP services and that PC-C can access internal server SRV1.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the First
Baseline.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab61-ALS1-TT-C-Cfg.txt
DLS1
Lab61-DLS1-TT-C-Cfg.txt
DLS2
Lab61-DLS2-TT-C-Cfg.txt
R1
Lab61-R1-TT-C-Cfg.txt
R2
Lab61-R2-TT-C-Cfg.txt
R3
Lab61-R3-TT-C-Cfg.txt
SRV1
N/A
Notes
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and
2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP lease on PC-C.
a. Ensure that PC-C is configured as a DHCP client.
b. Connect PC-C to R3.
c.
After loading all TT-C device configuration files, issue the ipconfig /release and ipconfig
/renew commands on PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 10
CCNPv7 TSHOOT
Lab 6-1, IP Days
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 10
CCNPv7 TSHOOT
Chapter 7 Lab 7-1, OSPF Opportunities
Physical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Logical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Objectives
•
Load the trouble ticket device configuration files for each trouble ticket.
•
Diagnose and resolve problems related to the OSPF routing protocol.
•
Diagnose and resolve problems related to route redistribution.
•
Document troubleshooting progress, configuration changes, and problem resolution.
Background
In this lab, you troubleshoot various problems related to the Open Shortest Path First (OSPF) routing protocol
and route redistribution between routing protocols. For each task or trouble ticket, the trouble scenario and
problem symptom are described. While troubleshooting, you will discover the cause of the problem, correct it,
and then document the process and results.
Migrating from EIGRP to OSPF
Your company has decided to migrate from using Enhanced Interior Gateway Protocol (EIGRP) to OSPF as
the routing protocol. This migration will be executed in two phases.
The engineering team planned and designed the migration, but the support team must support the new
network, so they are involved in migrating the branch during Phase 2.
Phase 1 – The headquarters central site campus is migrated to OSPF as well as one of the branch offices
(simulated by Lo0 on R3). EIGRP is still used on the WAN toward the R2 branch office. On router R1,
redistribution is configured between OSPF and EIGRP to ensure connectivity between headquarters and the
branch office connected to R2.
Phase 2 – The R2 branch office (simulated by Lo0 on R2) is converted from EIGRP to OSPF, and all branch
offices are migrated so that OSPF is used in the entire network. Each branch site will be in a separate totally
stub area.
Today is Saturday, and the engineering team has been busy implementing OSPF and removing EIGRP at the
headquarters site. Although you have not taken part in the actual implementation, some of the senior
engineers in the support team are on standby to assist during the verification and troubleshooting phase.
Together with the engineering team, you will have to make the decision on Sunday to either accept the
implementation or, if major issues are uncovered that would threaten the stability of the network, roll back to
the original configurations.
OSPF Network Design
Phases 1 and 2 of the OSPF design are depicted in the following figures. Backbone Area 0 contains the
FastEthernet interfaces on core Layer 3 switches DLS1 and DLS2 as well as the GigabitEthernet interfaces on
routers R1 and R3. Area 0 also includes VLAN 300 and the corresponding SVI, which have been added to these
two switches so that they can form an OSPF neighbor relationship and exchange routes. The headquarters
campus access VLANs 100, 110, 120, and 200 and management VLAN 99 are in OSPF Area 1. The R2 stub
network is in Area 2, and the R3 stub network is in Area 3.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Phase 1 OSPF Network Design
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Phase 2 OSPF Network Design
Test Plan
To test the branch connectivity using redistribution between EIGRP and OSPF and the eventual conversion to
only OSPF, branch routers R2 and R3 have been specifically prepared for both of these scenarios. Router R2
functions as the default gateway for the R2 LAN, while router R3 is the default gateway for the R3 LAN.
Router R2 runs EIGRP as usual. This allows testing the redistribution of EIGRP from the R2 branch office
LAN (simulated by R2 Lo0) to OSPF Area 0 and redistribution of OSPF into EIGRP using router R1 as an
Autonomous System Border Router (ASBR). Router R3 is configured to run OSPF as an Area Border Router
(ABR) between Area 0 and Area 3. The R3 branch office client is simulated by R3 Lo0.
After the completion of Phase 2, all routers except R2 should have OSPF routes. Area 2 is a totally stub area
and R2 should only have a default route to R1.
Note: Trouble ticket TT-A is related to the verification and acceptance of Phase 1 of the OSPF migration.
Trouble tickets TT-B, C and D are related to the verification and acceptance of Phase 2 of the OSPF
migration. Any interfaces that have been shut down on routers R2 and R3 should remain shut down for the
duration of this lab exercise.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Physical and Logical Topology Diagrams
The physical and logical topologies for the BASE Lab (First Baseline), with EIGRP, are provided to assist the
troubleshooting effort.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Note: Any changes made to the BASE Lab configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Task 1: Trouble Ticket Lab 7-1 TT-A
Step 1: Review trouble ticket Lab 7-1 TT-A.
After the completion of Phase 1 – implementation of OSPF in the headquarters portion of the network and the
redistribution between EIGRP and OSPF – the connectivity from the office LAN on the R2 branch router to server
SRV1 at headquarters is tested. A ping from the R2 LAN client (sourced by Lo0 on R2) to server SRV1 fails.
Your task is to diagnose this problem and, if possible, resolve it. Connectivity from the R2 LAN to server SRV1 is
mandatory to consider this phase of the migration successful.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the First
Baseline.
Note: You can gain access to the router GUI management interface through a web browser – when prompted
enter the username cisco and the enable password cisco.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab71-ALS1-TT-A-Cfg.txt
DLS1
Lab71-DLS1-TT-A-Cfg.txt
DLS2
Lab71-DLS2-TT-A-Cfg.txt
R1
Lab71-R1-TT-A-Cfg.txt
R2
Lab71-R2-TT-A-Cfg.txt
R3
Lab71-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP lease on PC-B.
Ensure that PC-B is configured as a DHCP client for both IPv4 and IPv6 in the OFFICE VLAN.
After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig /renew commands on
PC-B.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, and useful commands
employed. It can also include alternate solutions, methods, and procedures and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Task 2: Trouble Ticket Lab 7-1 TT-B
Step 1: Review trouble ticket Lab 7-1 TT-B.
Phase 2 has been completed and all routers have been converted to OSPF. The connectivity from a branch office
client on the R2 LAN (simulated by R2 Lo0) to server SRV1 at the central site is tested. A ping from the client on
the R2 LAN (using source interface Lo0) to server SRV1 fails. The connectivity problem is not limited to SRV1. An
attempt to connect to other headquarters servers also fails. Your task is to diagnose this problem and, if possible,
resolve it. Connectivity from the branch client to server SRV1 is mandatory for this phase of the migration to be
considered successful.
Note: Refer back to the implementation and test plan to review the requirements for Phase 2.
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the First
Baseline.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab71-ALS1-TT-B-Cfg.txt
DLS1
Lab71-DLS1-TT-B-Cfg.txt
DLS2
Lab71-DLS2-TT-B-Cfg.txt
Notes
R1
Lab71-R1-TT-B-Cfg.txt
R2
Lab71-R2-TT-B-Cfg.txt
R3
Lab71-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions, methods and procedure, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Task 3: Trouble Ticket Lab 7-1 TT-C
Step 1: Review trouble ticket Lab 5-2 TT-C.
After implementing OSPF, connectivity from the branch office on R3 (simulated by Lo0) to SRV1 is not working. A
ping from PC-B to server SRV1 succeeds, but pings from R3 Lo0 to SRV1 fail.
Your task is to diagnose this problem and, if possible, resolve it. Connectivity from R3 branch office clients to
server SRV1 is mandatory for this phase of the migration to be considered successful.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the First
Baseline.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab71-ALS1-TT-C-Cfg.txt
DLS1
Lab71-DLS1-TT-C-Cfg.txt
DLS2
Lab71-DLS2-TT-C-Cfg.txt
R1
Lab71-R1-TT-C-Cfg.txt
R2
Lab71-R2-TT-C-Cfg.txt
R3
Lab71-R3-TT-C-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and
2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
Task 4: Trouble Ticket Lab 7-1 TT-D
Step 1: Review trouble ticket Lab 7-1 TT-D.
A recent security audit suggested that it would be best practice to secure the OSPF implementation by using MD5
authentication between the routers. Because this could complicate the implementation, it was decided that it was
too late to include this now for all areas. However, to test the concept, it was decided to enable authentication in
Area 0 for two devices. If the test is successful, the authentication will be added to other areas during the second
phase of the implementation. If the test is not successful, a separate project will be initiated to implement the
authentication.
One of your colleagues has enabled MD5 authentication for Area 0 on VLAN 300, which is the link between the
core switches DLS1 and DLS2 in Area 0. Unfortunately, the neighbor relationship between DLS1 and DLS2 on
VLAN 300 is not established.
Your task is to diagnose this problem and, if possible, resolve it. After correcting the OSPF neighbor relationship,
verify that OSPF authentication between DLS1 and DLS2 is functioning correctly. You may disable the password
encryption service during authentication testing.
Step 2: Load the device trouble ticket configuration files for TT-D.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the First
Baseline.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab71-ALS1-TT-D-Cfg.txt
DLS1
Lab71-DLS1-TT-D-Cfg.txt
DLS2
Lab71-DLS2-TT-D-Cfg.txt
R1
Lab71-R1-TT-D-Cfg.txt
R2
Lab71-R2-TT-D-Cfg.txt
R3
Lab71-R3-TT-D-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and
2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 14
CCNPv7 TSHOOT
Lab 7-1, OSPF Opportunities
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 14
CCNPv7 TSHOOT
Chapter 8 Lab 8-1, EIGRP Blues
Physical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
Logical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
Objectives
•
Load the trouble ticket device configuration files for each trouble ticket.
•
Diagnose and resolve problems related to switch virtual interfaces and multilayer switching.
•
Diagnose and resolve problems related to EIGRP.
•
Document troubleshooting progress, configuration changes, and problem resolution.
Background
Because of the complexity of modern networks, routing issues are quite common and can also be difficult to
troubleshoot. One of the most widely used enterprise routing protocols is Enhanced Interior Gateway Routing
Protocol (EIGRP). It is a Cisco proprietary distance vector, classless routing protocol that was released in
1992 with Cisco IOS Release 9.21. EIGRP has features that are not commonly found in other distance vector
routing protocols, such as the following:
•
Reliable Transport Protocol (RTP)
•
Bounded updates
•
Diffusing Update Algorithm (DUAL)
•
Establishing adjacencies
•
Neighbor and topology tables
In this lab, you will troubleshoot EIGRP routing problems.
For each task or trouble ticket, the trouble scenario and problem symptom are described. While
troubleshooting, you will discover the cause of the problem, correct it, and then document the process and
results.
Physical and Logical Topology Diagrams
The physical and logical topologies, including interface designations and IPv6 addresses, are provided to
assist the troubleshooting effort.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
Task 1: Trouble Ticket Lab 8-1 TT-A
Step 1: Review trouble ticket Lab 8-1 TT-A.
Your company is interested in implementing an IP-based closed circuit television (CCTV) solution in a dual stack
environment. Currently, different solutions and vendors are being evaluated. One of the vendors has offered to
implement a pilot to show the capabilities of their solution. To keep the traffic associated with the CCTV solution
separate from the regular network traffic, it will be implemented using a new VLAN (VLAN 70 corresponding to
subnet 10.1.70.0/24 and 2001:DB8:CAFE:70::/64). There must be communication between the test server (PC-C)
and the office users on the LAN. In addition, branch workers on the R2 LAN (simulated by Lo1) must be able to
access the internal CCTV server.
The vendor will come in tomorrow to install the client and server software. The network team has been asked to
make sure that the new VLAN has been implemented and that there is full connectivity between the local test
client (PC-B) and the CCTV test server (PC-C) in the CCTV VLAN. You must also verify that there is full
connectivity between the remote test client (Lo1 on R2) and the CCTV test server. The test server requires static
addressing. One of your colleagues implemented the static addresses yesterday afternoon, but did not have time
to test the implementation.
You have the following tasks:
•
Configure the CCTV test server (PC-C).
•
Verify the CCTV VLAN device configurations for the pilot.
•
Ensure that the local and remote test clients can communicate with the CCTV test server before the
vendor arrives to implement the CCTV pilot.
•
Verify Gateway Load Balancing Protocol (GLBP) redundancy for CCTV VLAN 70.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the Second
Baseline. Give the EIGRP, GLBP, and authentication technologies time to resolve before troubleshooting.
Note: You can test branch office router access by opening a browser and entering the IP address of the R2 Lo0
interface. You will be prompted for a username and password. You can gain access to the router GUI
management interface by entering username cisco and the enable password cisco.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab81-ALS1-TT-A-Cfg.txt
DLS1
Lab81-DLS1-TT-A-Cfg.txt
DLS2
Lab81-DLS2-TT-A-Cfg.txt
R1
Lab81-R1-TT-A-Cfg.txt
R2
Lab81-R2-TT-A-Cfg.txt
R3
Lab81-R3-TT-A-Cfg.txt
SRV1
N/A
Notes
Static IP: 10.1.100.5 and 2001:DB8:CAFE:100::5
Default gateway: 10.1.100.254 and FE80::7:B4FF:FE01:F400
PC-B
N/A
DHCPv4 and DHCPv6 (test CCTV client in OFFICE VLAN 120)
PC-C
N/A
Static IPv4 and IPv6 (test CCTV server in CCTV VLAN 70)
Step 3: Configure the CCTV server IP address.
Configure the test server PC-C with static IPv4/6 addresses in the CCTV test VLAN: use 10.1.70.5/24 and
2001:DB8:CAFE:70::5/64 with gateways 10.1.70.254 and FE80::7:B4FF:FE01:D600 (GLBP virtual IPv6 address
for VLAN 70).
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
Note: After this TT is completed, restore PC-C to its status as a DHCP client in VLAN 110.
Step 4: Release and renew the DHCP lease on PC-B.
Ensure that PC-B is configured as a DHCP client for both IPv4 and IPv6 in the OFFICE VLAN.
After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig /renew commands on
PC-B.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, sh:oot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 14
CCNPv7 TSHOOT
Device
Lab 8-1, EIGRP Blues
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, and useful commands
employed. It can also include alternate solutions, methods, and procedures and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 2: Trouble Ticket Lab 8-1 TT-B
Step 1: Review trouble ticket Lab 8-1 TT-B.
You receive an emergency call and are told that a short circuit caused a small fire in the server room. Routers R1
and R3, which were mounted in the same rack, were damaged. Luckily, you had two comparable spare routers in
storage. When you arrive at the office, two of your colleagues have already installed the replacement routers,
cabled them, and tried to restore the routers by cutting and pasting the configurations from the console. However,
the routers are not operational when you come in.
You receive a call from the network administrator at the branch office (LAN simulated by R2 Lo1) asking about the
loss of the WAN. His users cannot access server SRV1 at the central site. He has started to troubleshoot. You tell
him what happened and ask him not to do anything until you have resolved the problem at the central site.
Your task is to check the configuration of routers R1 and R3 and restore the configurations as necessary to regain
connectivity between the branch office and the central site across the WAN.
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the Second
Baseline. Give the EIGRP, GLBP, and authentication technologies time to resolve before troubleshooting.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab81-ALS1-TT-B-Cfg.txt
DLS1
Lab81-DLS1-TT-B-Cfg.txt
DLS2
Lab81-DLS2-TT-B-Cfg.txt
R1
Lab81-R1-TT-B-Cfg.txt
Notes
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
R2
Lab81-R2-TT-B-Cfg.txt
R3
Lab81-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.5 and 2001:DB8:CAFE:100::5
Default gateway: 10.1.100.254 and FE80::7:B4FF:FE01:F400
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 14
CCNPv7 TSHOOT
Device
Lab 8-1, EIGRP Blues
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions, methods and procedure, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 3: Trouble Ticket Lab 8-1 TT-C
Step 1: Review trouble ticket Lab 8-1 TT-C.
A user on VLAN 120 (PC-B) called the help desk this morning because she does not have Internet access. When
she tried to open a website (simulated by Lo1 on R2 with address 209.165.200.225/30), she received an error
message from her browser saying that it cannot display the web page. She can reach the internal server SRV1
without any problems.
One of your colleagues was working with the ISP to make some changes to the routing model used to access the
ISP and the Internet. The ISP does not run EIGRP on its router. The colleague has called in sick today, but made
some notes in the log about the ISP not running EIGRP on its router and not wanting R2 to attempt to establish
an EIGRP neighbor relationship.
Your task is to diagnose and solve this problem and make sure that the user regains connectivity to the Internet.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the Second
Baseline. Give the EIGRP, GLBP, and authentication technologies time to resolve before troubleshooting.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab81-ALS1-TT-C-Cfg.txt
DLS1
Lab81-DLS1-TT-C-Cfg.txt
Notes
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
DLS2
Lab81-DLS2-TT-C-Cfg.txt
R1
Lab81-R1-TT-C-Cfg.txt
R2
Lab81-R2-TT-C-Cfg.txt
R3
Lab81-R3-TT-C-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.5 and 2001:DB8:CAFE:100::5
Default gateway: 10.1.100.254 and FE80::7:B4FF:FE01:F400
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 14
CCNPv7 TSHOOT
Device
Lab 8-1, EIGRP Blues
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 4: Trouble Ticket Lab 8-1 TT-D
Step 1: Review trouble ticket Lab 8-1 TT-D.
Chevy is your network assistant. Recently Chevy was working on two multilayer switches mounted in a temporary
location. Later the switches are to be moved to wiring closets. When Chevy was cabling the switches, the cables
forming the EtherChannel between them were too short, so rather than make new cables he used some worn
RJ45 couplers with available patch cables. The cables and RJ45 couplers were lying on a table between the
switch racks at the temporary location.
Yesterday you asked Chevy to make some minor configuration changes and upgrade the IOS images on the LAN
switches after business hours to address a new vulnerability. You reminded Chevy to reset the SDM templates to
the baseline before rebooting the devices. Chevy was in a hurry and so he decided to rely on his memory. From
his management station, he configured the “dual-ipv4-and-ipv6 vlan” template on the multilayer switches in the
room, as well as on the connected access layer switch at another location. He then rebooted the switches. As he
was rushing out the door he tripped and bumped a utility shelf holding miscellaneous tools, causing a tool box to
slide to the edge of the shelf. As he left he left, the tool box was teetering on the edge of the shelf. The pneumatic
door to the room with the multilayer switches closed very slowly, so Chevy was already on the elevator by the
time the door shut. When the door shut, it vibrated the utility shelf just enough to cause the tool box to fall. The
tool box fell on the couplers and cables on the table next to the utility shelf. The impact of the tool box on the
couplers dislodged two of the patch cables, resulting in a complete loss of connectivity between the multilayer
switches. The distribution-to-access-layer EtherChannel trunks between the multilayer switches and the remote
access layer switch were still active. The port channel interfaces on the access layer switch are both in RSTP
forwarding state for each VLAN because the port channel between the multilayer switches is down.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
This morning a contract worker called the help desk to report that a web application he is running off the internal
company web server on SRV1 keeps hanging – he was working at a PC attached to a port in the GUEST VLAN
(PC-C). A regular employee also called the help desk complaining about intermittent connectivity with the
company web server – she works on a PC attached to a port in the OFFICE VLAN (PC-B). You checked with the
ISP and discovered that they had an outage, and the WAN link from R2 to R1 had gone down temporarily. Your
expectation is that, if one of the WAN links go down, users in the GUEST and OFFICE VLANs should be able to
maintain full connectivity to the server. At this point you are still unaware of Chevy’s SDM selection and the down
EtherChannel.
The boss is very angry because the contract worker is paid at a very high rate for a full day of work per his
contract, which stipulates that he is paid for a full day of work whether his work takes a few minutes or the entire
day; and there is no obligation for him to stay onsite if the internal network access he requires is not available.
The contractor tried for half an hour to work after the network problems began, but the network issues made it
impossible to progress, so he left for the day.
The boss gives you strict instructions to create a redundant automated solution that will preserve user access to
the company web server under the exact same conditions that occurred today, no matter how remote the
possibility is for a recurrence.
You and a colleague will troubleshoot the scenario during the maintenance window this evening. You have
agreed to help her diagnose the problem and propose a plan that can account for an outage in one of the WAN
links to R2, so that guest users do not lose connectivity to the company web server!
Your plan is to simulate the R2-to-R1 WAN link going down. You do not have administrative control over ISP
router R2. You will test connectivity, determine the cause of the problem, and recommend which configuration
changes to the devices to correct the issue.
Step 2: Load the device trouble ticket configuration files for TT-D.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table. The files are based on the Second
Baseline. Give the EIGRP, GLBP, and authentication technologies time to resolve before troubleshooting.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab81-ALS1-TT-D-Cfg.txt
DLS1
Lab81-DLS1-TT-D-Cfg.txt
DLS2
Lab81-DLS2-TT-D-Cfg.txt
R1
Lab81-R1-TT-D-Cfg.txt
R2
Lab81-R2-TT-D-Cfg.txt
R3
Lab81-R3-TT-D-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.5 and 2001:DB8:CAFE:100::5
Default gateway: 10.1.100.254 and FE80::7:B4FF:FE01:F400
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Note: This ticket has a solution involving the development of an Embedded Event Manager (EEM) applet. This
would be a good time to review your course materials or ask for some hints from your instructor.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions and methods, and procedure and communication improvements.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 5: Trouble Ticket Lab 8-1 TT-E
Step 1: Review trouble ticket Lab 8-1 TT-E.
A tech support intern on VLAN 110 (PC-C) called the help desk this Monday morning to report problems
accessing certain areas of the network. It appears that the routers, R1, R2, and R3, are either down or
unreachable.
Your company is in the process of testing various security measures to protect the network. Over the weekend,
some IT staff tweaked the EIGRP authentication configurations. The staff was instructed to test the configuration
over the weekend and reverse the implementation in the event that there were connectivity problems.
Your task is to ensure that the R1, R2 and R3 routers are online and reachable.
Step 2: Load the device trouble ticket configuration files for TT-E.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab81-ALS1-TT-E-Cfg.txt
DLS1
Lab81-DLS1-TT-E-Cfg.txt
DLS2
Lab81-DLS2-TT-E-Cfg.txt
R1
Lab81-R1-TT-E-Cfg.txt
R2
Lab81-R2-TT-E-Cfg.txt
R3
Lab81-R3-TT-E-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.5 and 2001:DB8:CAFE:100::5
Default gateway: 10.1.100.254 and FE80::7:B4FF:FE01:F400
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 14
CCNPv7 TSHOOT
Lab 8-1, EIGRP Blues
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 14
CCNPv7 TSHOOT
Chapter 8 Lab 8-2, BGP Dance
Physical Topology (First Base)
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 11
CCNPv7 TSHOOT
Lab 8-2, BGP Dance
Logical Topology (First Base)
Note: Changes from First Base: Lo0 address changes on R1 and R2, R1-R2 serial link IPv4 addressing changes,
/126 on serial links for IPv6, /128 on some loopbacks for IPv6, DHCP shared between DLS1 and DLS2 (with
address spaces separated for IPv4), DLS1-DLS2 EIGRP peering only on new VLAN 300, and NAT on R1.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 11
CCNPv7 TSHOOT
Lab 8-2, BGP Dance
Objectives
•
Load the trouble ticket device configuration files for each trouble ticket.
•
Diagnose and resolve problems related to the BGP exterior routing protocol.
•
Document troubleshooting progress, configuration changes, and problem resolution.
Background
Border Gateway Protocol (BGP) is the most widely used exterior routing protocol on the Internet. It is the de
facto standard for route (prefix) exchange between the autonomous systems (AS) of Internet service
providers (ISPs). BGP can also be used between a customer network and one or more ISPs. In this lab, you
will troubleshoot various problems related to BGP. For each task or trouble ticket, the trouble scenario and
problem symptom are described. While troubleshooting, you will discover the cause of the problem, correct it,
and then document the process and results.
Implementing BGP
Your company has decided to implement several new Internet-based services. The current web services that
the company offers are hosted at an external data center. It has been decided to build an in-house data
center from which the new services will be hosted. The servers that are currently externally hosted will also be
moved to the new data center.
Your company currently has a single ISP for Internet access. You have obtained a registered AS number
(65501) and address block 172.30.1.0/27 for IPv4 and 2001:DB8:CAFE:130::/64 for IPv6, which will be used
for the new services. After consulting with the ISP, it has been decided to use BGP between the network edge
router R1 and the ISP (R2). Upon successful completion of the BGP implementation, your company is
considering adding another ISP for redundancy, but not as part of the current project.
Your support team has been working closely together with the engineering team to prepare the
implementation. You have received confirmation from the ISP that they have prepared their router for the
BGP implementation.
Router R1 will advertise the IPv4 and IPv6 address blocks to the ISP (R2). No other prefixes are allowed to
be advertised. This ensures that only the assigned network address block will be received by the ISP. ISPs
typically place filters on their edge routers to prevent customers from accidently announcing routes that do not
belong to them.
The ISP router will send a default route to router R1 via BGP. The default route will be redistributed into
EIGRP by router R1. No other routes will be redistributed.
It is Friday evening, and the engineering team has just configured router R1 for BGP. To facilitate testing, a
new hosted services VLAN and the corresponding IPv4 and IPv6 subnets will be created. All other IPv4
devices, which have addresses in the 10.1.0.0/16 range, are using Network Address Translation (NAT), and
their Internet access should not be affected by the BGP configuration.
You are on standby to assist in troubleshooting and testing the solution.
Implementation Plan
The implementation plan is in two phases. The plan describes mostly IPv4, but IPv6 configurations are
included in parallel, with .
Phase 1
During Phase 1, the link between edge router R1 and the existing ISP will be converted to BGP. The
remainder of the network will continue to use EIGRP. The following changes taking place in Phase 1 are
already reflected in the logical topology diagram above:
The 10.1.1.0/30 addressing on the R1-to-R2 serial WAN link will be changed to a public address
(209.165.200.224/30) provided by the ISP. NAT will overload the 10.1.0.0/16 internal private addresses to
public addresses in 198.133/219.0/27. Lo0 on R1 has IP address 192.168.1.1. Lo0 on R2 has IP address
192.168.2.1. The loopbacks on R1 and R2 will be used for external BGP peering via IPv6.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 11
CCNPv7 TSHOOT
Lab 8-2, BGP Dance
The ISP will advertise a default route to R1 via BGP. IPv6 will be used as the transport protocol for IPv4 and
IPv6 BGP routes. On router R1, redistribution of the default route will be configured between BGP and EIGRP
to ensure connectivity between headquarters and the ISP.
Phase 2
During Phase 2, the hosted services VLAN 130, named HSVC, and the corresponding subnet 172.30.1.0/27
and 2001:DB8:CAFE:130::/64 will be created on switch DLS1. A test server for the hosted services subnet will
be installed, simulated by SVI 130 on DLS1. A static route will be provided from R1 to VLAN 130 via DLS1
SVI 130. Some services will be migrated to the new address block before moving them to the newly built data
center.
BGP Network Design
The BGP design is outlined in the following figure. BGP AS 65501 is the company’s newly acquired AS
number. The ISP AS is 65502.
Test Plan
In Phase 1, edge router R1 must become a BGP peer with the ISP, and the internal office clients must be
able to access the Internet through the ISP. In Phase 2, the Internet clients must be able to access the hosted
services network.
Note: Trouble ticket A is related to the verification and acceptance of BGP Phase 1. Trouble tickets B and C
are related to the second phase of BGP conversion. Any interfaces that have been shut down on routers R2
and R3 should remain shut down for the duration of this lab exercise.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 11
CCNPv7 TSHOOT
Lab 8-2, BGP Dance
Physical and Logical Topology Diagrams
The physical and logical topologies for the tweaked first baseline are provided at the beginning of this lab to
assist the troubleshooting effort.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
Task 1: Network Baseline Upgrade Lab 8-2 TT-A
Step 1: Review trouble ticket Lab 8-2 TT-A.
After your colleague finished configuring BGP on edge router R1, you tested connectivity from PC-B in VLAN
120 to the ISP router to verify the configuration and peering between R1 and R2. This test failed. When you
asked your colleague, he said he did not actually test the configuration from a client PC on the internal
network. He suspected there was a problem with the ISP and contacted them to find out if there was an issue
at their end. They stated that everything was correctly configured on router R2.
Your task is to diagnose the problem and verify that BGP is properly configured to enable BGP peering
between router R1 and the ISP.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab82-ALS1-TT-A-Cfg.txt
DLS1
Lab82-DLS1-TT-A-Cfg.txt
DLS2
Lab82-DLS2-TT-A-Cfg.txt
R1
Lab82-R1-TT-A-Cfg.txt
R2
Lab82-R2-TT-A-Cfg.txt
R3
Lab82-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 11
CCNPv7 TSHOOT
Lab 8-2, BGP Dance
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Step 4: Release and renew the DHCP lease on PC-B.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig /renew
commands on PC-B.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 11
CCNPv7 TSHOOT
Device
Lab 8-2, BGP Dance
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 2: Trouble Ticket Lab 8-2 TT-B
Step 1: Review trouble ticket Lab 8-2 TT-B.
The next step after the peering has been established is to test the new hosted services subnet, which has
been created using VLAN 130. This subnet uses the 172.30.1.0/27 IPv4 and 2001:DB8:CAFE:130::/64 IPv6
address blocks assigned to your company by the ISP. The subnet has been configured, and a test server has
been installed (simulated by DLS1 SVI 130). Internet clients must be able to access the subnet from ISP
router R2 (simulated by Lo0) via IPv4 and IPv6. Other hosts in the EIGRP domain do not require access to
the hosted services subnet.
Your task is to verify VLAN configuration and routing functionality. Also, verify that both IPv4 and IPv6 traffic
from the Internet can be sent to the hosted network test server in VLAN 130 via R1 and that the return traffic
can be received via ISP router R2.
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab82-ALS1-TT-B-Cfg.txt
DLS1
Lab82-DLS1-TT-B-Cfg.txt
DLS2
Lab82-DLS2-TT-B-Cfg.txt
R1
Lab82-R1-TT-B-Cfg.txt
Notes
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 11
CCNPv7 TSHOOT
Lab 8-2, BGP Dance
Device Name
File to Load
Notes
R2
Lab82-R2-TT-B-Cfg.txt
R3
Lab82-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Configure DHCP redundancy for IPv4 and IPv6.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 11
CCNPv7 TSHOOT
Device
Lab 8-2, BGP Dance
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 3: Trouble Ticket Lab 8-2 TT-C
Step 1: Review trouble ticket Lab 8-2 TT-C.
Your ISP uses prefix lists to ensure that customers do not announce routes that have not been officially
assigned to them. This is critical for an ISP because if two customers were to accidently announce the same
route as their own, it would create problems for both customers and the ISP. After you corrected the static
route and BGP route injection issues on R1, one of your colleagues was working with the hosted services test
network and made some changes. Now he can no longer ping from the hosted network test server (DLS1
VLAN 130) to the ISP. The ISP is also not receiving the advertisement for the hosted services subnet. Your
task is to diagnose this problem and resolve it.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab82-ALS1-TT-C-Cfg.txt
Notes
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 11
CCNPv7 TSHOOT
Lab 8-2, BGP Dance
Device Name
File to Load
DLS1
Lab82-DLS1-TT-C-Cfg.txt
DLS2
Lab82-DLS2-TT-C-Cfg.txt
Notes
R1
Lab82-R1-TT-C-Cfg.txt
R2
Lab82-R2-TT-C-Cfg.txt
R3
Lab82-R3-TT-C-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 11
CCNPv7 TSHOOT
Device
Lab 8-2, BGP Dance
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 11
CCNPv7 TSHOOT
Chapter 9 Lab 9-1, Network Mirror
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 8
CCNPv7 TSHOOT
Lab 9-1, Network Mirror
Logical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 8
CCNPv7 TSHOOT
Lab 9-1, Network Mirror
Objectives
•
Load the trouble ticket device configuration files for each trouble ticket.
•
Diagnose and resolve problems related to switch virtual interfaces and multilayer switching.
•
Diagnose and resolve problems related to First Hop Redundancy Protocols.
•
Diagnose and resolve problems related to basic routing.
•
Document troubleshooting progress, configuration changes, and problem resolution.
Background
Network documentation and security documentation are important when troubleshooting, especially when
unexpected traffic patterns emerge. In this lab, you will troubleshoot problems related to network design and
security policy. For each task or trouble ticket, the scenario and problem symptoms are described. While
troubleshooting, you will discover the cause of the problem, correct it, and then document the process and
results.
Physical and Logical Topology Diagrams
The baseline physical and logical topologies, including interface designations and IPv4/IPv6 addresses, are
provided to assist the troubleshooting effort. Since this lab involves network design, it may help to create new
network diagrams or modify the ones provided.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 8
CCNPv7 TSHOOT
Lab 9-1, Network Mirror
Task 1: Trouble Ticket Lab 9-1 TT-A
Step 1: Review trouble ticket Lab 9-1 TT-A.
Before the CAFE company was bought out by the KAFFEE corporation, CAFE was collocated with its ISP. At the
time, ALS1 was the only switch and it connected via F0/18 directly to G0/0 on R2, their only router. After the
acquisition, KAFFEE moved to a new site several kilometers from the ISP. KAFFEE company operations did not
require much bandwidth then and they already owned two routers, R1 and R3, so the business decision was
made to use E1 serial connections from these routers back to R2 at the ISP.
After doing business for a year, to remain competitive a bandwidth upgrade was required. Chris, the CIO for
KAFFEE, arranged to lease a fiber connection that was already in place between the ISP and the KAFFEE site.
Chris decided to save some money by making use of two fiber-to-copper media converters from storage to enable
a connection between R2 G0/0 and a yet-to-be-determined networking device at the KAFFEE site. One media
converter was installed at the ISP, connecting the fiber to a patch cable in turn connected to R2 G0/0.
At the KAFFEE site, the other end of the fiber was connected to the second media converter in the secured
network operations room. Chris has a cubicle next to the network operations room with several cable outlets
connecting back to a patch panel in the network operations room. Chris used a patch cable to connect the media
converter to a port on the patch panel that in turn connects to cable outlet A at his cubicle. With this setup, Chris
is ready to do some testing with the new high-bandwidth link. Chris plans to bring up the high-speed link to the
ISP within a week.
KAFFEE network technician Joe works at a cubicle adjacent to Chris’ cubicle, and he has access through the
cubicle furniture to the same cable outlets as Chris. Joe has overheard all the phone conversations Chris has had
with the ISP engineer regarding the new high-bandwidth link. Unfortunately, Chris had to let Joe go to meet a
budget shortfall. Today is Joe’s last day. Although Joe has no access to the network operations room, he has a
role-based account on all the networking devices with several commands at his disposal. Without any IT staff
knowing, Joe made the bad decision to introduce a few cable and configuration changes as a way of letting off
steam:
Joe’s cubicle has an IP phone connected via conduit to ALS1. His desktop PC, PC-B, is connected to the IP
phone. Joe found an unmanaged switch in the e-waste box near his cubicle. He disconnected the cable from the
NIC on PC-B and connected it to the unmanaged switch. He connected a second cable from the unmanaged
switch to PC-B. He took a third cable and connected cable outlet A to the unmanaged switch. At this point, the IP
phone, PC-B, and R2 were all connected to ALS1 port F0/18. Joe made use of his limited access to the network
devices to make several changes to the network configuration. Then Joe started downloading a cloud-based MP4
library onto the 10-terabyte USB drive connected to PC-B before going home on his final day of work.
You are the network engineer for KAFFEE, arriving at work the morning after Joe’s last day. Chris is out for the
day and he has not told you anything about the new high-bandwidth link being provisioned. The ISP engineer
assigned to the KAFFEE account was under the impression that the high-bandwidth link to R2 would be brought
up in no sooner than 3 days. Some employees are complaining that Internet access is very slow. Syslog
messages do not appear to indicate any problems, but they do show that the entire KAFFEE network was down
for about 5 minutes at the end of work yesterday.
Your task is to determine what is causing the slow Internet access and restore baseline functionality.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab91-ALS1-TT-A-Cfg.txt
DLS1
Lab91-DLS1-TT-A-Cfg.txt
DLS2
Lab91-DLS2-TT-A-Cfg.txt
R1
Lab91-R1-TT-A-Cfg.txt
Notes
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 8
CCNPv7 TSHOOT
Lab 9-1, Network Mirror
Device Name
File to Load
Notes
R2
Lab91-R2-TT-A-Cfg.txt
R3
Lab91-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
PC-C
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers.
a. Ensure that SRV1 has the static IP address 10.1.100.1 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1, which is the syslog server for the entire network. When the network
is properly configured, all devices send syslog messages to SRV1.
c.
Start the TFTP server on SRV1, which is the archive server for the entire network. When the network
is properly configured, all devices send archives of their running configurations to this server
whenever the running config is copied to the startup config. Ensure that the default TFTP directory on
SRV1 is set to the directory where you want to store the archives.
Step 4: Release and renew the DHCP leases on PC-B and PC-C.
a. Ensure that PC-B and PC-C are configured as DHCP clients.
b. After loading all TT-A device configuration files, issue the ipconfig/release and
ipconfig/renew commands on PC-B and PC-C. You might need to repeat this process after the
TT problems have been resolved.
Note: Problems introduced into the network by the trouble ticket might cause DHCP issues. Do not
assign PC-B or PC-C a static address.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 8
CCNPv7 TSHOOT
Device
Lab 9-1, Network Mirror
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, and useful commands
employed. It can also include alternate solutions, methods, and procedures and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 8
CCNPv7 TSHOOT
Lab 9-1, Network Mirror
Task 2: Trouble Ticket Lab 9-1 TT-B
Step 1: Review trouble ticket Lab 9-1 TT-B.
A new security policy was recently approved and implemented company-wide. The new policy requires the
strictest standards for IPv4 remote access. In the first phase of implementation, only SSH clients in VLAN 100 are
allowed to remotely access network devices via IPv4. Upon arriving at the office this morning, you find the
following tickets in the system:
•
•
Employees in OFFICE VLAN 120 are experiencing network difficulties.
The network technicians are unable to SSH to any device in the network from VLAN 100 via IPv4.
As the company’s lead network engineer and coauthor of the security policy, you immediately get started
troubleshooting.
Step 2: Load the device trouble ticket configuration files for TT-B.
Load the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab91-ALS1-TT-B-Cfg.txt
DLS1
Lab91-DLS1-TT-B-Cfg.txt
DLS2
Lab91-DLS2-TT-B-Cfg.txt
R1
Lab91-R1-TT-B-Cfg.txt
R2
Lab91-R2-TT-B-Cfg.txt
Notes
R3
Lab91-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1 and 2001:DB8:CAFE:100::1
Default gateway: 10.1.100.254/24 and 2001:DB8:CAFE:100::D1/64
PC-B
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
PC-C
N/A
DHCP (release and renew for IPv4 and IPv6 after loading device
configurations)
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include follow-the-path, perform-comparison, bottom-up, top-down,
divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 8
CCNPv7 TSHOOT
Lab 9-1, Network Mirror
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble
ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands
employed, alternate solutions, methods and processes, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 8
CCNPv7 TSHOOT
Chapter 9 Lab 9-2, In Synch
Physical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
Logical Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
Objectives
•
Load the trouble ticket device configuration files for each trouble ticket.
•
Diagnose and resolve problems related to AAA, LLDP, port security, FHRP interface tracking, FHRP
IP SLA object tracking, MST, VTP, ACLs, route authentication, VRF, and BGP.
•
Document troubleshooting progress, configuration changes, and problem resolution.
Background
This lab covers a range of problems and requires that you make use of the troubleshooting skills acquired
throughout this course to resolve the routing and switching problems introduced. These trouble tickets may
involve technologies from any ROUTE or SWITCH lab. But the focus is on connectivity issues related to AAA,
LLDP, port security, FHRP interface tracking, FHRP IP SLA object tracking, MST, VTP, ACLs, route
authentication, VRF, and BGP.
For each task or trouble ticket, the trouble scenario and problem symptom are described. While
troubleshooting, you will discover the cause of the problem, correct it, and then document the process and
results.
Trouble Tickets and Troubleshooting Logs
This lab includes three tasks. Each task is associated with a trouble ticket (TT) and introduces one or more
errors on one or more devices. If time is a consideration, each task or trouble ticket can be performed
independently.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
Task 1: Trouble Ticket Lab 9-2 TT-A
Step 1: Review trouble ticket Lab 9-2 TT-A.
A LABCO company technology directive is to move toward using virtual routing and forwarding (VRF), in
parallel with shifts toward desktop, server, and data virtualization. In an effort to come up to speed with the
technologies, the network administrator, Sapna, built a lab environment. Sapna configured VRF on R2 to
simulate ISP routers in AS 65502 and AS 65503, to model a multihomed BGP environment, with two ISPs
accessed through edge routers R1 and R3. Sapna decided to avoid all NAT configurations and focus on VRF
and BGP. To gain BGP expertise, she implemented BGP according to the following specifications:
•
R1 and R3 are iBGP peers via their loopback interfaces.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
•
R1 and R3 are the only BGP speakers in AS 65501.
•
The R1, R2, and R3 serial interfaces are used for eBGP peering.
•
AS 65501 is a transit AS, with BGP synchronization configured as a sanity check.
•
BGP MD5 authentication with password cisco is configured for all BGP neighborships.
•
IPv4 is the BGP transport for both IPv4 and IPv6 routes.
•
AS 65502 Lo0 IPv4 and IPv6 routes are propagated via BGP from AS 65502 to AS65501.
•
AS 65503 Lo1 IPv4 and IPv6 routes are propagated via BGP from AS 65503 to AS65501.
•
R1 and R3 advertise 10.1.0.0/16 and their connected serial IPv6 networks via BGP.
•
BGP-VRF implementation tests:
1. Successful IPv4 source traceroute from Lo1 on R2 through AS 65501 to Lo1 on R2, using the
command traceroute vrf VPN_A 192.168.2.2 source lo1 on R2 (full circle).
2. Successful IPv6 traceroute from S0/0/0 on R2 through AS65501 to Lo1 on R2, using the
command traceroute vrf VPN_A ipv6 2001:db8:cafe:222::2 on R2.
Taking advantage of the short-term administrative sanction for testing VRF, Sapna decided to also implement
MST and VTP version 3 in the LAN. She implemented MST and VTPv3 according to the following sequential
specifications:
•
Ensure that VLANs 99,100,110,120,200,300,666,999 are configured on all switches. The new EPEER VLAN 300 is to be used as the sole VLAN for EIGRP peering between DLS1 and DLS2.
•
To simplify the MST and VTPv3 configuration, allow VLANs 99,100,110,120,200,300 on all
EtherChannel trunks.
•
Change the VTP domain name to TSHOOT on all switches.
•
Change the VTP version to 3 on all switches.
•
Change the spanning tree mode to MST on all switches.
•
Change the VTP mode for the MST database to transparent on all switches (vtp mode
transparent mst in global configuration mode).
•
Configure all switches with MST region name TSHOOT and configuration revision number 25
(administratively assigned – different from the VTP configuration revision number).
•
Configure MST instance 1 on all switches to map to VLANs 99, 110, and 120.
•
Change the VTP mode for both VLAN and MST databses to server on all switches.
•
Configure DLS1 as the primary server for the VLAN VTP feature.
•
Configure DLS2 as the primary server for the MST VTP feature.
•
Configure an MD5 VTP password of cisco on all switches using the hidden keyword so that the key
generated from the password cannot be discovered from the show vtp password command
output and cannot be discovered by viewing the vlan.dat file (as a text file); the hidden keyword
forces the password to be entered each time there is a change in primary server for the VLAN VTP
feature or for the MST VTP feature.
•
Configure DLS1 as the MST root for instance 1.
•
Configure MST instance 2 on DLS2 to map to VLANs 100, 200, and 300. MST instance 2 should
propagate to the other switches (check with show spanning-tree mst configuration and
show spanning-tree mst).
•
Configure DLS2 as the MST root for instance 2.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
Sapna asked you to help troubleshoot some missing routes required for BGP-VRF implementation tests; for
example, the VRF VPN_A IPv4 routing table should have a BGP-learned route for Lo1 on R2. Your task is to
verify that the VRF-BGP implementation strictly follows her specifications, and to verify that VTPv3 is working
properly with MST. Configuration changes should be made where necessary to realize the specifications.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load
the proper configuration files indicated in the Device Configuration File Table.
Note: Some of the devices have configuration files including alias commands, which are simply shortcuts for
commands that are used frequently and are tedious to enter. For example, on R1 you will see the command
alias exec srb show run | begin router bgp; this command allows you to enter srb in place of show
run | begin router bgp.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab92-ALS1-TT-A-Cfg.txt
DLS1
Lab92-DLS1-TT-A-Cfg.txt
DLS2
Lab92-DLS2-TT-A-Cfg.txt
R1
Lab92-R1-TT-A-Cfg.txt
R2
Lab92-R2-TT-A-Cfg.txt
R3
Lab92-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
Note: In this lab (Lab 9-2), R2 has its source interface for TFTP set as Loopback0 to enable archiving to
work with the IPv4 instance of the VRF configuration.
Step 4: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as an IPv4/IPv6 DHCP client in the OFFICE VLAN and PC-C is
configured as an IPv4/IPv6 DHCP client in the GUEST VLAN.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig /renew
commands on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
Note: For the remainder of this lab, MST and VTP are not included intentionally as trouble ticket issues.
However, the nature of how the configurations of the devices load may require revisiting the techniques used
to complete ticket TT-A. Often shutting down and bringing back up opposite ends of port-channel trunks is
sufficient, but sometimes it may be necessary to manually add all missing VLANs to each switch, change
VLAN and/or MST VTP modes to transparent, configure the MST region name and/or revision number,
configure an MST instance, change the VLAN and/or MST VTP modes back to specifications, and configure
the MST instance spanning-tree priority settings to specifications. After all this, it still may be necessary to
bounce opposite ends of the trunks for MST to reconverge.
Task 2: Trouble Ticket Lab 9-2 TT-B
Step 1: Review trouble ticket Lab 9-2 TT-B.
With BGP, VRF, MST, and VTPv3 now functional and LABCO network upgrades scheduled over a week
away, the network administrator, Sapna, decided to use the remaining time to secure the iBGP traffic,
implement HSRP interface tracking, and configure EIGRP summarization in the development lab. Here is the
implementation plan she followed:
•
Add ACLs on DLS1 and DLS2 to restrict traffic between the loopbacks of R1 and R3. (The ACLs
cannot be applied on R1 and R3 because packets sourced by a router are not filtered by an ACL on
the same router.) Add an ACE for all UDP traffic (used for network management). Since EIGRP
updates must also be supported, add an ACE for EIGRP messaging. Add an ACE to enable ICMP
testing.
•
Implement HSRP interface tracking on DLS1 so that if the uplink is down then DLS2 becomes
standby for all VLANs. Similarly, configure DLS1 to become standby for all VLANs if the uplink from
DLS2 is down.
•
Create loopbacks on DLS1 and implement IPv4 and IPv6 EIGRP summarization on the uplink from
DLS2 so that the DLS1 loopback routes are summarized before propagation. Make sure that the IPv4
and IPv6 summary addresses are as economical as possible.
Sapna called you in to help her troubleshoot several issues. The iBGP connection is down. And testing
indicates that the HSRP interface tracking is not working properly. Also, R3 is not receiving the summary
routes for the loopbacks on DLS1.
You are tasked with helping Sapna troubleshoot the issues described, as well as verifying that the IPv4 and
IPv6 EIGRP summary routes are as economical as possible.
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab92-ALS1-TT-B-Cfg.txt
DLS1
Lab92-DLS1-TT-B-Cfg.txt
DLS2
Lab92-DLS2-TT-B-Cfg.txt
Notes
R1
Lab92-R1-TT-B-Cfg.txt
R2
Lab92-R2-TT-B-Cfg.txt
R3
Lab92-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
Device Name
File to Load
Notes
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Configure DHCP redundancy for IPv4 and IPv6.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 11
CCNPv7 TSHOOT
Device
Lab 9-2, In Synch
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Task 3: Trouble Ticket Lab 9-2 TT-C
Step 1: Review trouble ticket Lab 9-2 TT-C.
Time was running short for the network administrator, Sapna, to wrap up any testing in the development lab
prior to the network upgrade. In the remaining time she decided to focus on SLA object tracking for HSRP,
LLDP, and port security. Sapna introduced SLA object tracking and LLDP into the topology. She made initial
attempts to scale the port security configuration. Here is the implementation plan she followed:
•
Remove HSRP interface tracking from DLS1 and DLS2.
•
Configure HSRP with SLA object tracking. On DLS1, create an SLA based on TCP connectivity to
port 22 for the IPv6 address of interface S0/0/0 on R1. If the TCP session between DLS1 and R1
S0/0/0 fails then DLS2 becomes the active router for VLANs 99, 110, and 120. The IPv4 networks for
the serial links are not advertised via EIGRP to the LAN but the IPv6 networks are – this explains why
IPv6 is used for the SLA. Also, there is a known issue with the ICMP echo SLA with IPv6 – this
explains why the TCP Connect option is used. When the line protocol for F0/5 on DLS1 is down, the
IPv6 route for R1 S0/0/0 is not in the routing table of DLS1 (Inter-VRF routing is not configured on R2,
so DLS1 has no way to learn the IPv6 route for R1 S0/0/0 if F0/5 on DLS1 is down), so R1 S0/0/0 is
not reachable from DLS1 when the line protocol for F0/5 on DLS1 is down. Hence, the SLA state is
down when either the DLS1-R1 uplink is down or the R1-R2 serial link is down. The point is that this
HSRP SLA object tracking solution improves upon the previous HSRP interface tracking solution.
•
On DLS2, create a parallel HSRP SLA object tracking solution based on TCP connectivity to port 22
for the IPv6 address of interface S0/0/1 on R3.
•
In consideration of the fact that the SLA objects are using TCP Connect with port 22, ensure that it is
still possible to SSH to R1 and to R2.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
•
Globally enable Link Layer Discovery Protocol (LLDP) on all network devices (lldp run). Ensure
that all network devices can “see” their neighbors via LLDP.
•
Port security is removed from the ALS1 ports associated with OFFICE VLAN 120, and port security is
added to the two ALS1 port-channel interfaces, allowing up to 10 sticky secure MAC addresses each.
Sapna has come to depend on your exceptional troubleshooting expertise. Help Sapna figure out why HSRP
failover is not working when some uplinks and serial links are down. Also, she is not sure if TCP Connect is
the cause, but she says SSH to one of the edge routers is failing. And the VRF router is not seeing any LLDP
neighbors! Lastly, Sapna needs help determining how she underestimated the MAC address count required
to prevent port security from placing interfaces in the err-disable state.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files indicated in the Device Configuration File Table.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab92-ALS1-TT-C-Cfg.txt
DLS1
Lab92-DLS1-TT-C-Cfg.txt
DLS2
Lab92-DLS2-TT-C-Cfg.txt
R1
Lab92-R1-TT-C-Cfg.txt
R2
Lab92-R2-TT-C-Cfg.txt
R3
Lab92-R3-TT-C-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.
Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 11
CCNPv7 TSHOOT
Lab 9-2, In Synch
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record what you think the problem might be and which actions
you will take to correct the problem.
Device
Actions and Results
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions and methods, and procedure and communication improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 11
CCNPv7 TSHOOT
Chapter 10 Lab 10-1, Complex?
Lab Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Objectives
•
Load the device configuration files for each trouble ticket.
•
Diagnose and resolve problems related to features, protocols, or technology that could be encountered in
a complex, integrated enterprise network.
•
Document the troubleshooting progress, configuration changes, and problem resolution.
Background
This lab covers a range of problems and requires that you make use of the troubleshooting skills acquired
throughout this course to resolve the routing and switching problems introduced. These trouble tickets may
involve technologies from any ROUTE or SWITCH lab. But the focus is on connectivity issues related to
DHCP, NAT, HSRP, OSPF, EIGRP, BGP, and ACLs. IPv6 is the BGP transport for both IPv4 and IPv6
routes.
For each task or trouble ticket, the trouble scenario and problem symptom are described. While
troubleshooting, you will discover the cause of the problem, correct it, and then document the process and
results.
Trouble Tickets and Troubleshooting Logs
This lab includes three tasks. Each task is associated with a trouble ticket (TT) and introduces one or more
errors on one or more devices. If time is a consideration, each task or trouble ticket can be performed
independently.
Troubleshooting Reference Information
A generic troubleshooting flow is provided for analysis. Suggested commands are provided for each trouble
ticket. Refer to previous labs for specific troubleshooting flows, examples of additional commands and
command output.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Task 1: Trouble Ticket Lab 10-1 TT-A
Step 1: Review trouble ticket Lab 10-1 TT-A.
As a security measure, your company has decided to implement DHCP snooping, IP Source Guard, and
Dynamic ARP Inspection (DAI) on access switches to
•
Protect against rogue and malicious DHCP servers
•
Protect against IP address spoofing
•
Protect against ARP spoofing and ARP poisoning
For the pilot, the implementation plan specifies that the user VLAN 120 (OFFICE VLAN) on ASL1 be
configured for these technologies and DHCP client PC-B be used as a test station. The test plan requires that
the redundant switch topology failover allows VLAN 120 users to obtain an IP address from the DHCP server
(DLS1) if one of the trunk links from ALS1 to DLS1 or DLS2 goes down. IPv6 Snooping is not included in the
implementation plan because it is not currently supported on EtherChannel ports.
Your colleague has configured DHCP snooping, IP Source Guard, and DAI on ASL1, but now PC-B cannot
access SRV1 or the Internet. He has asked for your help in diagnosing and solving the problem.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files as indicated in the Device Configuration File table.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab101-ALS1-TT-A-Cfg.txt
DLS1
Lab101-DLS1-TT-A-Cfg.txt
DLS2
Lab101-DLS2-TT-A-Cfg.txt
R1
Lab101-R1-TT-A-Cfg.txt
R2
Lab101-R2-TT-A-Cfg.txt
Notes
R3
Lab101-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c.
Start the TFTP server on SRV1 to record device configuration changes.
Step 4: Release and renew the DHCP leases.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig
/renew commands on PC-B.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions, methods, and processes, and procedure and communication
improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Task 2: Trouble Ticket Lab 10-1 TT-B
Step 1: Review trouble ticket Lab 10-1 TT-B.
Over the last year a number of incremental changes have been made to the network. In order to ensure that
the network documentation is faithfully reflected in the network configurations, a thorough review was
requested by the CIO. As a result of the review, a few changes were made to meticulously synchronize the
device configurations with the topology diagram. Now many users on the network are experiencing problems
when accessing the Internet. An office user who uses client PC-B reports that he cannot access the Internet
at IPv4 address 2.2.2.2 and IPv6 address 2001:DB8:EFAC::2 (simulated by R2 Lo1). And a branch office user
who uses client PC-C also reports not being able to browse the Internet.
Your task is to restore connectivity from client PC-B and client PC-C to the Internet and ensure that the users
can connect to R2 Lo1 using IPv4 and IPv6 ping.
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files as indicated in the Device Configuration File table.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab101-ALS1-TT-B-Cfg.txt
DLS1
Lab101-DLS1-TT-B-Cfg.txt
DLS2
Lab101-DLS2-TT-B-Cfg.txt
R1
Lab101-R1-TT-B-Cfg.txt
R2
Lab101-R2-TT-B-Cfg.txt
R3
Lab101-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c.
Start the TFTP server on SRV1 to record device configuration changes.
Step 4: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. Ensure that PC-C is configured as a DHCP client in the R3 branch office LAN.
c.
After loading all TT-B device configuration files, issue the ipconfig /release and ipconfig
/renew commands on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Command
Key Information Displayed
show ip route, show ip route ip-addr
show ipv6 route, show ipv6 route ipv6-addr,
show ospfv3 route
Displays the entire v4 or v6 routing table or information for a particular
destination address.
show ip ospf interface brief, show ipv6 ospf
interface brief, show ospfv3 interface brief
Displays interfaces that are participating in the OSPF routing process.
An interface does not need to be operational to be listed in the
command output.
show ip ospf neighbor, show ipv6 ospf
neighbor, show ospfv3 neighbor
Displays the OSPF neighbor table to verify that all expected neighbor
relationships are operational.
show ip bgp, show bgp, show bgp ipv4 unicast,
show bgp ipv6 unicast, show bgp all
Displays local and learned network entries in the BGP table with next
hop, metric, local preference, weight, and AS path.
show ip bgp summary, show bgp summary, show
bgp ipv4 unicast summary, show bgp ipv6
unicast summary, show bgp all summary
Displays a summary of the BGP neighbor table. Lists important BGP
parameters, such as the AS number and router ID, statistics about the
memory consumption of the various BGP data structures, and a brief
overview of the configured neighbors and their state.
show ip bgp neighbors, show bgp neighbors,
show bgp ipv4 unicast neighbors, show bgp
ipv6 unicast neighbors, show bgp all
neighbors
show ip ospf database, show ipv6 ospf
database, show ospfv3 ipv4 database, show
ospfv3 ipv6 database, show ospfv3 database
Displays parameters and extensive statistics about the peering session
for all BGP neighbors.
Verifies the link types and link IDs for all areas in which this device
participates.
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with the instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions, methods, and processes, and procedure and communication
improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Task 3: Trouble Ticket Lab 10-1 TT-C
Step 1: Review trouble ticket Lab 10-1 TT-C.
The user of PC-C on the branch office network called the help desk and reported that she is unable to access
SRV1 or the Internet. Your task is to restore connectivity from client PC-C to SRV1 and the Internet and
ensure that the user can connect to R2 Lo1 via IPv4. The branch office administrator did some preliminary
testing and reported that he cannot ping or SSH to DLS1, R1, or R2 from R3.
After full IPv4 connectivity is established, the final task is to restore IPv6 connectivity from PC-C to SRV1 and
the Internet and ensure the user can connect to the Internet via IPv6 ping and SSH.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files as indicated in the Device Configuration File table.
Device Configuration File Table
Device Name
File to Load
ALS1
DLS1
DLS2
R1
R2
R3
Lab101-ALS1-TT-C-Cfg.txt
Lab101-DLS1-TT-C-Cfg.txt
Lab101-DLS2-TT-C-Cfg.txt
Lab101-R1-TT-C-Cfg.txt
Lab101-R2-TT-C-Cfg.txt
Lab101-R3-TT-C-Cfg.txt
Notes
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c.
Start the TFTP server on SRV1 to record device configuration changes.
Step 4: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as an IPv4 DHCP client in the OFFICE VLAN.
b. Ensure that PC-C is configured as an IPv4 DHCP client in the R3 branch office LAN.
c.
After loading all TT-C device configuration files, issue the ipconfig /release and ipconfig
/renew commands on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands that
you used to gather information. As you progress, record what you think the problem might be and the actions
you take to correct the problem.
Note: In addition to the commands listed for TT-B, the table of commands following this log might help you
troubleshoot this problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 11
CCNPv7 TSHOOT
Lab 10-1, Complex?
Command
Key Information Displayed
show ip cef ip-addr detail
Displays the next hop and interface used for a particular destination address
from the CEF table.
show standby brief
Verifies active and standby roles and IP addresses for all VLANs on an HSRP
router.
show ip eigrp interfaces
Displays interfaces that are participating in the EIGRP routing process. An
interface does not need to be operational to be listed in the output.
show ip eigrp neighbors
Displays the EIGRP neighbor table to verify that all expected neighbor
relationships are operational.
show access-lists ACL#/name
show ipv6 acess-list
Displays all ACLs configured on a device, including the ACL number and
name, the type (standard or extended), the statements, and the number of
matches accumulated for each statement.
show ntp status
Displays the clock synchronization status, stratum level, and reference clock IP
address. Also shows the number of seconds since the last update was
received from the reference clock.
show ip nat translations
Displays IPv4 static and dynamic NAT mappings, including port numbers when
overloading is in effect.
show aaa sessions
Displays active AAA session data, including source IP address and username.
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with the instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions, methods, and processes, and procedure and communication
improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 11
CCNPv7 TSHOOT
Chapter 10 Lab 10-2, Sandbox
Lab Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
Overlay Topology
Objectives
•
Load the device configuration files for each trouble ticket.
•
Diagnose and resolve problems related to features, protocols, or technology that could be encountered in
a complex, integrated enterprise network.
•
Document the troubleshooting progress, configuration changes, and problem resolution.
•
Practice a representative sample of major technologies in routing and switching to prepare for the final
skills assessment.
Background
This lab covers a range of problems and requires that you make use of the troubleshooting skills acquired
throughout this course to resolve the routing and switching problems introduced. These trouble tickets may
involve technologies from any ROUTE or SWITCH lab. But the focus is on connectivity issues related to
RIPng, RIPv2, DHCPv4/6, HSRP, MST, VTPv3, OSPFv3, Named EIGRP, MP-BGP, VRF, prefix lists,
distribute lists, offset lists, route maps, the distance command, redistribution, EEM applets, tracking with
ICMPv4 echo SLAs, tracking with IPv6 TCP SLAs, and tracking lists of objects with Boolean expressions.
For each task or trouble ticket, the trouble scenario and problem symptom are described. While
troubleshooting, you will discover the cause of the problem, correct it, and then document the process and
results.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
Trouble Tickets and Troubleshooting Logs
This lab includes three tasks. Each task is associated with a trouble ticket (TT) and introduces one or more
errors on one or more devices. If time is a consideration, each task or trouble ticket can be performed
independently.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dualipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
•
3 routers (Cisco IOS Release 15.4 or comparable)
•
2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
•
SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
•
PC-B (DHCP client): Windows 7 with SSH client and WireShark software
•
PC-C (DHCP client): Windows 7 with SSH client and WireShark software
•
Serial and Ethernet cables, as shown in the topology
Task 1: Verify Routing Tables for Lab 10-2 TT-A
Step 1: Review trouble ticket Lab 10-2 TT-A.
The Sandbox company is a franchisee of Sand Beach corporation. The Sandbox company never got off the
ground due to an unexpected failure in the owner’s creative financing arrangement. The Sand Beach
franchisor initiated a corporate downsizing, which forced two other franchisees in the region to close their
Sand Beach locations. The two owners of these identically constructed Sand Beach locations exercised a
concession offered by the franchisor to consolidate and acquire the Sandbox franchisee.
The owners of the consolidated Sandbox company quickly drafted a transition agreement. The two CIOs were
convinced that the consolidation would result in one of them being let go, so they decided to work together to
ensure that both were integral to the success of the company. They managed to convince the owners to
include language in the agreement which specifies that Sandbox will initially replicate the familiar network
environments associated with the franchisees’ original locations. The owners signed off on the transition
agreement.
The CIOs drew up the network design for Sandbox, which ensured their job security for the foreseeable
future. The CIOs put their network engineers to work implementing the network design. The outcome is a
complex network, including an overlay of a RIPv2/RIPng implementation with a GRE tunnel on top of an
underlying topology based on OSPF, EIGRP, and multihomed MP-BGP.
The “Lab Topology” is the fully functional topology of one franchisee, involving a multihomed MP-BGP
implementation. The “Overlay Topology” is the fully functional topology of the other franchisee, involving an
integrated, relatively simple, in-house implementation of RIPv2 and RIPng in a singular routing domain. The
two CIOs integrated their respective topologies in a lengthy process, working together to provide a robust,
resilient network for Sandbox. The resulting implementation is designed so that removing the RIPv2, RIPng,
GRE tunnel, EEM applets, and the secondary serial subinterface configurations reduces the network to the
Lab Topology. The franchisee owners and CIOs have invested enough time and effort with the network
consolidation, and need to focus on business operations.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
Lab Note: VRF_A and VRF_B are two VRFs configured on R2. This enables R2 to represent two
independent ISPs, AS65502 and AS65503. These ISPs also connect to the Internet, which is represented
by the global routing table of R2. To reiterate, R2 has a VRF_A routing table, a VRF_B routing table, and
a global routing table, which represent independent networks. It is common with VRF implementations to
have overlapping IP address spaces, where each VRF is associated with a different company. The
VRF_A routing table is displayed by entering entering show ip route vrf VPN_A and show ipv6
route vrf VPN_A on R2. The VRF_B routing table is displayed by entering entering show ip route
vrf VPN_B and show ipv6 route vrf VPN_B on R2. The global routing table represents a
globally unique address space associated with the Internet. Technically, the global routing table in this lab
is the one displayed by entering show ip route and show ipv6 route on R2 while the G0/0
interface is shut down; but much of the lab is performed with the G0/0 interface up, allowing for the
injection of other non-VRF routes from the topology into the global routing table of R2 via RIPv2, RIPng,
and EIGRP.
The network documentation and testing are incomplete and the Sandbox launch is imminent. To help
Sandbox launch on schedule, you have been contracted. Your job is to ensure the consolidated network is
fully functional under any scenario involving two or less failed service provider links. The service provider
gigabit link on R2 connecting to the Sandbox access layer switch is only available on an interim basis, as a
favor from the previous owner – why it links into Sandbox at the access layer and why your company provides
dynamic addressing for the associated R2 interface is a story for another day. In any case, your first task is to
verify full IPv4 and IPv6 network functionality for Scenario 1 of Table 1 (all interfaces are up), and then
document the IPv4 and IPv6 network functionality for Scenarios 2 through 7.
Table 1: R2 Line Protocol States
Scenario 1
S0/0/0 up
S0/0/1 up
G0/0 up
Scenario 2
S0/0/0 down
S0/0/1 up
G0/0 up
Scenario 3
S0/0/0 up
S0/0/1 down
G0/0 up
Scenario 4
S0/0/0 down
S0/0/1 down
G0/0 up
Scenario 5
S0/0/0 up
S0/0/1 up
G0/0 down
Scenario 6
S0/0/0 down
S0/0/1 up
G0/0 down
Scenario 7
S0/0/0 up
S0/0/1 down
G0/0 down
The CIOs have provided you with a list of routing table outputs for you to validate against as you familiarize
yourself with the Sandbox topology and document your findings. Any errors introduced in the network
implementation are inadvertent. The CIOs give you explicit instructions that you are not to make changes to
the device configurations during this phase of preparing the Sandbox network for the grand opening.
Lab Notes:
•
Back-to-back Frame Relay configurations are used on the serial links in order to provide two parallel
point-to-point connections for each of the R2-R1 and R2-R3 serial links. No configuration or
troubleshooting of Frame Relay is required.
•
The VRF configuration on R2 is designed to simulate a multi-homed BGP environment. No
configuration or troubleshooting of VRF is required. However, to verify the routing tables of the
simulated service providers, the VRF versions of the associated traditional IOS commands are used.
•
There is no inter-VRF routing (route leaking) configured on R2, so the VRF_A, VRF_B, and global
routing tables on R2 are actually independent.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
•
IPv4 is the BGP transport for both IPv4 and IPv6 routes.
•
VLANs 99, 100, 110, 120, 200, 300 are allowed on all port channel interfaces on all switches.
•
VLAN 300 is the only VLAN used for OSPF peering between DLS1 and DLS2.
•
Subsequent references in this lab to “Scenario 1” should be understood to mean Scenario 1 of Table
1. Similarly for Scenarios 2-7.
•
Interfaces G0/1 on R1, G0/1 on R3, F0/5 on DLS1, Po1 on DLS1, Po10 on DLS1, F0/5 on DLS2, Po2
on DLS2, and Po10 on DLS2 should always be “up/up” during any testing and validation in Task 1.
•
For the purposes of this lab, R1 is assumed to not support RIPng throughout the entire lab.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files as indicated in the Device Configuration File table.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab102-ALS1-TT-A-Cfg.txt
DLS1
Lab102-DLS1-TT-A-Cfg.txt
DLS2
Lab102-DLS2-TT-A-Cfg.txt
R1
Lab102-R1-TT-A-Cfg.txt
R2
Lab102-R2-TT-A-Cfg.txt
R3
Lab102-R3-TT-A-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Ensure proper MST and VTPv3 operation.
Sometimes MST and VTPv3 do not operate as expected. Check all the items listed below, and make
changes as necessary to validate each item.
a. Check that each switch has VLANs 99, 100, 120, 200, 300, 666, and 999!
b. Check that the MST region name is TSHOOT.
c.
Check that the MST configuration revision number is 25.
d. Check that VLANs 99, 110, and 120 are mapped to MST instance 1.
e. Check that VLANs 100, 200, and 300 are mapped to MST instance 2.
f.
Check that DLS1 is the root for instance 1 and DLS2 is the root for instance 2.
g. Check that exactly one port channel interface on ALS1 is blocking for each MST instance. Note: If
you see error messages on ALS1, such as
Oct 29 16:36:02.640: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.14cf.1b46 in vlan 200 is flapping
between port Po2 and port Po1
or if MST is not converging properly, try shutting down Po1 and Po2 on ALS1, allowing MST to
converge between DLS1 and DLS2, and then bringing up Po1 and Po2 on ALS1.
Step 4: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IPv4/6 static addressing from the Device Configuration File Table.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c.
Start the TFTP server on SRV1 to record device configuration changes.
d. Start the SNMP monitor on SRV1 to record SNMPv2c trap reports.
Step 5: Release and renew the DHCP leases.
a. Ensure that PC-B are PC-C are configured as DHCPv4/6 clients.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig
/renew commands on PC-B and PC-C.
c.
Verify that PC-B has DHCPv4/6 data for OFFICE VLAN 120.
d. Verify that PC-C has DHCP4/6 addressing on subnets 10.1.80.0/25 and
2001:DB8:CAFE:800:ABCD::/80 and is allocated the tshoot.net DNS suffix.
e. Verify that the LAN interface of R2 has DHCP4/6 addressing on subnets 10.1.120.0/24 and
2001:DB8:CAFE:120::/64.
Step 6: Outline the troubleshooting approach and validation steps.
The following commands are useful for troubleshooting why a particular route is missing, keeping in mind
that there are no intentional errors introduced in this ticket:
show ip route
show ipv6 route
show ip route vrf VPN_A (on R2)
show ip route vrf VPN_B (on R2)
show ipv6 route vrf VPN_A (on R2)
show ipv6 route vrf VPN_B (on R2)
show ip protocol
show ipv6 protocol
show bgp summary
show bgp all
show bgp ipv4 unicast
show bgp ipv4 unicast summary
show bgp ipv6 unicast
show bgp ipv6 unicast summary
show bgp vpnv4 unicast vrf VPN_A (on R2)
show bgp vpnv4 unicast vrf VPN_B (on R2)
show bgp vpnv4 unicast vrf VPN_A summary (on R2)
show bgp vpnv4 unicast vrf VPN_B summary (on R2)
show bgp vpnv6 unicast vrf VPN_A (on R2)
show bgp vpnv6 unicast vrf VPN_B (on R2)
show bgp vpnv6 unicast vrf VPN_A summary (on R2)
show bgp vpnv6 unicast vrf VPN_B summary (on R2)
show ip interface brief
show ipv6 interface brief
show interfaces description
show track
show track brief
show ip sla statistics
show ip sla configuration
There are several alias exec commands included in the configuration files as shortcuts, such as alias exec
sre show run | begin router eigrp., which allows you to enter sre in place of show run | begin
router eigrp. You can create your own aliases, use the ones provided, or ignore these shortcuts.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, topdown, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 7: Record the troubleshooting process and configuration changes.
Validate each IPv4 and IPv6 route on each device according to the routing table outputs provided by the CIOs.
Use the commands in Step 6 to troubleshoot any inadvertent omissions or additions. For validation and later
reference, here are the IPv4 and IPv6 routing tables provided by the CIOs (Scenario 1):
R1# show ip route | begin Gateway
Gateway of last resort is 209.165.200.226 to network 0.0.0.0
B*
B
S
C
L
O
R
O
O
O
R
R
R
O
R
O
O
E1
E1
E1
IA
R
C
O
O E1
C
L
C
L
0.0.0.0/0 [20/0] via 209.165.200.226, 07:37:47
2.0.0.0/32 is subnetted, 1 subnets
2.2.2.2 [20/0] via 209.165.200.226, 14:26:21
10.0.0.0/8 is variably subnetted, 15 subnets, 6 masks
10.1.0.0/16 is directly connected, Null0
10.1.2.0/30 is directly connected, GigabitEthernet0/1
10.1.2.2/32 is directly connected, GigabitEthernet0/1
10.1.2.12/30 [110/3] via 10.1.2.1, 00:56:11, GigabitEthernet0/1
10.1.30.0/24 [109/1] via 10.1.2.1, 00:00:15, GigabitEthernet0/1
10.1.80.0/25 [110/103] via 10.1.2.1, 00:56:01, GigabitEthernet0/1
10.1.80.128/25 [110/103] via 10.1.2.1, 00:56:01, GigabitEthernet0/1
10.1.90.2/31 [110/103] via 10.1.2.1, 00:56:01, GigabitEthernet0/1
10.1.99.0/24 [109/1] via 10.1.2.1, 00:00:15, GigabitEthernet0/1
10.1.100.0/24 [109/1] via 10.1.2.1, 00:00:15, GigabitEthernet0/1
10.1.110.0/24 [109/1] via 10.1.2.1, 00:00:15, GigabitEthernet0/1
10.1.120.0/24 [110/2] via 10.1.2.1, 13:57:28, GigabitEthernet0/1
10.1.200.0/24 [109/1] via 10.1.2.1, 00:00:15, GigabitEthernet0/1
10.1.211.1/32 [110/2] via 10.1.2.1, 13:57:28, GigabitEthernet0/1
10.1.212.1/32 [110/3] via 10.1.2.1, 13:57:28, GigabitEthernet0/1
20.0.0.0/32 is subnetted, 1 subnets
20.20.20.20 [109/1] via 209.165.200.230, 00:00:08, Serial0/0/0.2
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.1 is directly connected, Loopback0
192.168.3.0/32 is subnetted, 1 subnets
192.168.3.1 [110/4] via 10.1.2.1, 00:56:01, GigabitEthernet0/1
209.165.200.0/24 is variably subnetted, 5 subnets, 2 masks
209.165.200.220/30 [110/103] via 10.1.2.1, 00:56:01, GigabitEthernet0/1
209.165.200.224/30 is directly connected, Serial0/0/0.1
209.165.200.225/32 is directly connected, Serial0/0/0.1
209.165.200.228/30 is directly connected, Serial0/0/0.2
209.165.200.229/32 is directly connected, Serial0/0/0.2
R1# show ipv6 route | begin 20/0
B
::/0 [20/0]
via 2001:DB8:FEED:10::2
S
2001:DB8:CAFE::/48 [1/0]
via Null0, directly connected
C
2001:DB8:CAFE:6::/126 [0/0]
via Serial0/0/0.2, directly connected
L
2001:DB8:CAFE:6::1/128 [0/0]
via Serial0/0/0.2, receive
C
2001:DB8:CAFE:20::/64 [0/0]
via GigabitEthernet0/1, directly connected
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 22
CCNPv7 TSHOOT
L
OE1
OI
OI
OI
OI
OI
LC
O
O
O
OE1
OE1
OE1
O
O
C
L
OE1
B
L
Lab 10-2, Sandbox
2001:DB8:CAFE:20::1/128 [0/0]
via GigabitEthernet0/1, receive
2001:DB8:CAFE:90::/126 [110/103]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:99::/64 [110/2]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:100::/64 [110/2]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:110::/64 [110/2]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:120::/64 [110/2]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:200::/64 [110/2]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:201::1/128 [0/0]
via Loopback0, receive
2001:DB8:CAFE:203::1/128 [110/3]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:212::/64 [110/3]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:300::/64 [110/2]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:800::/64 [110/103]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:801::/64 [110/103]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:2020::2/128 [110/103]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:2110::D1/128 [110/1]
via FE80::D1, GigabitEthernet0/1
2001:DB8:CAFE:2120::D2/128 [110/2]
via FE80::D1, GigabitEthernet0/1
2001:DB8:FEED:10::/126 [0/0]
via Serial0/0/0.1, directly connected
2001:DB8:FEED:10::1/128 [0/0]
via Serial0/0/0.1, receive
2001:DB8:FEED:14::/126 [110/103]
via FE80::D1, GigabitEthernet0/1
2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:10::2
FF00::/8 [0/0]
via Null0, receive
R2# show ip route | begin Gateway
Gateway of last resort is 10.1.120.254 to network 0.0.0.0
S*
R
R
R
D
D
C
L
R
R
R
C
L
R
C
C
L
R
R
R
R
0.0.0.0/0 [254/0] via 10.1.120.254
10.0.0.0/8 is variably subnetted, 13 subnets, 5 masks
10.1.2.0/30 [120/1] via 209.165.200.229, 00:00:25, Serial0/0/0.2
10.1.2.12/30 [120/1] via 10.1.90.3, 00:00:14, Serial0/0/1.2
10.1.30.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
10.1.80.0/25 [90/13607262] via 10.1.90.3, 15:23:20, Serial0/0/1.2
10.1.80.128/25 [90/13556702] via 10.1.90.3, 15:23:20, Serial0/0/1.2
10.1.90.2/31 is directly connected, Serial0/0/1.2
10.1.90.2/32 is directly connected, Serial0/0/1.2
10.1.99.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
10.1.100.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
10.1.110.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
10.1.120.0/24 is directly connected, GigabitEthernet0/0
10.1.120.8/32 is directly connected, GigabitEthernet0/0
10.1.200.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
20.0.0.0/32 is subnetted, 1 subnets
20.20.20.20 is directly connected, Loopback2
22.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
22.0.0.0/8 is directly connected, Loopback3
22.22.22.22/32 is directly connected, Loopback3
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.1 [120/1] via 209.165.200.229, 00:00:25, Serial0/0/0.2
192.168.3.0/32 is subnetted, 1 subnets
192.168.3.1 [120/1] via 10.1.90.3, 00:00:14, Serial0/0/1.2
209.165.200.0/24 is variably subnetted, 4 subnets, 2 masks
209.165.200.220/30 [120/1] via 10.1.90.3, 00:00:14, Serial0/0/1.2
209.165.200.224/30 [120/1] via 209.165.200.229, 00:00:25, Serial0/0/0.2
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 22
CCNPv7 TSHOOT
C
L
Lab 10-2, Sandbox
209.165.200.228/30 is directly connected, Serial0/0/0.2
209.165.200.230/32 is directly connected, Serial0/0/0.2
R2# show ipv6 route | begin ::/0
ND ::/0 [2/0]
via FE80::A1, GigabitEthernet0/0
C
2001:DB8:CAFE:6::/126 [0/0]
via Serial0/0/0.2, directly connected
L
2001:DB8:CAFE:6::2/128 [0/0]
via Serial0/0/0.2, receive
C
2001:DB8:CAFE:90::/126 [0/0]
via Serial0/0/1.2, directly connected
L
2001:DB8:CAFE:90::2/128 [0/0]
via Serial0/0/1.2, receive
R
2001:DB8:CAFE:99::/64 [120/2]
via FE80::D1, Tunnel0
R
2001:DB8:CAFE:100::/64 [120/2]
via FE80::D1, Tunnel0
R
2001:DB8:CAFE:110::/64 [120/2]
via FE80::D1, Tunnel0
NDp 2001:DB8:CAFE:120::/64 [2/0]
via GigabitEthernet0/0, directly connected
L
2001:DB8:CAFE:120::2/128 [0/0]
via GigabitEthernet0/0, receive
S
2001:DB8:CAFE:201::1/128 [1/0]
via Serial0/0/0.2, directly connected
R
2001:DB8:CAFE:203::1/128 [120/6]
via FE80::3, Serial0/0/1.2
R
2001:DB8:CAFE:212::/64 [120/6]
via FE80::3, Serial0/0/1.2
D
2001:DB8:CAFE:800::/64 [90/13607262]
via FE80::3, Serial0/0/1.2
D
2001:DB8:CAFE:801::/64 [90/13556702]
via FE80::3, Serial0/0/1.2
LC 2001:DB8:CAFE:2020::2/128 [0/0]
via Loopback2, receive
R
2001:DB8:CAFE:2110::D1/128 [120/2]
via FE80::D1, Tunnel0
C
2001:DB8:EFAC::/48 [0/0]
via Loopback3, directly connected
L
2001:DB8:EFAC::2/128 [0/0]
via Loopback3, receive
D
2001:DB8:FEED:14::/126 [90/23796062]
via FE80::3, Serial0/0/1.2
C
FC00::/7 [0/0]
via Tunnel0, directly connected
L
FC00::2/128 [0/0]
via Tunnel0, receive
L
FF00::/8 [0/0]
via Null0, receive
R2# show ip route vrf VPN_A | begin Gateway
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S*
C
B
C
L
B
B
B
C
L
0.0.0.0/0 is directly connected, Null0
2.0.0.0/32 is subnetted, 1 subnets
2.2.2.2 is directly connected, Loopback0
10.0.0.0/16 is subnetted, 1 subnets
10.1.0.0 [20/0] via 209.165.200.225, 14:36:47
22.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
22.0.0.0/8 is directly connected, Loopback4
22.22.22.22/32 is directly connected, Loopback4
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.1 [20/0] via 209.165.200.225, 00:22:13
192.168.3.0/32 is subnetted, 1 subnets
192.168.3.1 [20/0] via 209.165.200.225, 00:18:41
209.165.200.0/24 is variably subnetted, 3 subnets, 2 masks
209.165.200.220/30 [20/0] via 209.165.200.225, 04:31:59
209.165.200.224/30 is directly connected, Serial0/0/0.1
209.165.200.226/32 is directly connected, Serial0/0/0.1
R2# show ipv6 route vrf VPN_A | begin ::/0
S
::/0 [1/0]
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 22
CCNPv7 TSHOOT
B
B
B
C
L
C
L
B
LC
L
Lab 10-2, Sandbox
via Null0, directly connected
2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:10::1
2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:10::1
2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:10::1
2001:DB8:EFAC::/48 [0/0]
via Loopback4, directly connected
2001:DB8:EFAC::2/128 [0/0]
via Loopback4, receive
2001:DB8:FEED:10::/126 [0/0]
via Serial0/0/0.1, directly connected
2001:DB8:FEED:10::2/128 [0/0]
via Serial0/0/0.1, receive
2001:DB8:FEED:14::/126 [20/0]
via 2001:DB8:FEED:10::1
2001:DB8:FEED:222::2/128 [0/0]
via Loopback0, receive
FF00::/8 [0/0]
via Null0, receive
R2# show ip route vrf VPN_B | begin Gateway
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S*
C
B
C
L
B
B
C
L
B
0.0.0.0/0 is directly connected, Null0
2.0.0.0/32 is subnetted, 1 subnets
2.2.2.2 is directly connected, Loopback1
10.0.0.0/16 is subnetted, 1 subnets
10.1.0.0 [20/0] via 209.165.200.221, 14:20:14
22.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
22.0.0.0/8 is directly connected, Loopback5
22.22.22.22/32 is directly connected, Loopback5
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.1 [20/0] via 209.165.200.221, 00:23:17
192.168.3.0/32 is subnetted, 1 subnets
192.168.3.1 [20/0] via 209.165.200.221, 00:19:45
209.165.200.0/24 is variably subnetted, 3 subnets, 2 masks
209.165.200.220/30 is directly connected, Serial0/0/1.1
209.165.200.222/32 is directly connected, Serial0/0/1.1
209.165.200.224/30 [20/0] via 209.165.200.221, 04:33:00
R2# show ipv6 route vrf VPN_B | begin ::/0
S
::/0 [1/0]
via Null0, directly connected
B
2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:14::3
B
2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:14::3
B
2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:14::3
C
2001:DB8:EFAC::/48 [0/0]
via Loopback5, directly connected
L
2001:DB8:EFAC::2/128 [0/0]
via Loopback5, receive
B
2001:DB8:FEED:10::/126 [20/0]
via 2001:DB8:FEED:14::3
C
2001:DB8:FEED:14::/126 [0/0]
via Serial0/0/1.1, directly connected
L
2001:DB8:FEED:14::2/128 [0/0]
via Serial0/0/1.1, receive
LC 2001:DB8:FEED:222::2/128 [0/0]
via Loopback1, receive
L
FF00::/8 [0/0]
via Null0, receive
R3# show ip route | begin Gateway
Gateway of last resort is 209.165.200.222 to network 0.0.0.0
B*
B
0.0.0.0/0 [20/0] via 209.165.200.222, 14:27:07
2.0.0.0/32 is subnetted, 1 subnets
2.2.2.2 [20/0] via 209.165.200.222, 14:27:07
10.0.0.0/8 is variably subnetted, 18 subnets, 6 masks
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 10 of 22
CCNPv7 TSHOOT
S
O
C
L
O
C
L
C
L
C
L
O
O
O
O
O
O
O
IA
IA
IA
IA
IA
D
O
C
C
L
O E1
R
Lab 10-2, Sandbox
10.1.0.0/16 is directly connected, Null0
10.1.2.0/30 [110/3] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
10.1.2.12/30 is directly connected, GigabitEthernet0/1
10.1.2.14/32 is directly connected, GigabitEthernet0/1
10.1.30.0/24 [110/2] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
10.1.80.0/25 is directly connected, GigabitEthernet0/0
10.1.80.1/32 is directly connected, GigabitEthernet0/0
10.1.80.128/25 is directly connected, Loopback1
10.1.80.129/32 is directly connected, Loopback1
10.1.90.2/31 is directly connected, Serial0/0/1.2
10.1.90.3/32 is directly connected, Serial0/0/1.2
10.1.99.0/24 [110/2] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
10.1.100.0/24 [110/2] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
10.1.110.0/24 [110/2] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
10.1.120.0/24 [110/2] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
10.1.200.0/24 [110/2] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
10.1.211.1/32 [110/3] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
10.1.212.1/32 [110/2] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
20.0.0.0/32 is subnetted, 1 subnets
20.20.20.20 [90/13556702] via 10.1.90.2, 14:27:09, Serial0/0/1.2
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.1 [110/4] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
192.168.3.0/32 is subnetted, 1 subnets
192.168.3.1 is directly connected, Loopback0
209.165.200.0/24 is variably subnetted, 4 subnets, 2 masks
209.165.200.220/30 is directly connected, Serial0/0/1.1
209.165.200.221/32 is directly connected, Serial0/0/1.1
209.165.200.224/30
[110/103] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
209.165.200.228/30 [120/1] via 10.1.90.2, 00:00:21, Serial0/0/1.2
R3# show ipv6 route | begin 20/0
B
::/0 [20/0]
via 2001:DB8:FEED:14::2
S
2001:DB8:CAFE::/48 [1/0]
via Null0, directly connected
D
2001:DB8:CAFE:6::/126 [90/23796062]
via FE80::2, Serial0/0/1.2
O
2001:DB8:CAFE:20::/64 [110/3]
via FE80::D2, GigabitEthernet0/1
C
2001:DB8:CAFE:90::/126 [0/0]
via Serial0/0/1.2, directly connected
L
2001:DB8:CAFE:90::3/128 [0/0]
via Serial0/0/1.2, receive
OI 2001:DB8:CAFE:99::/64 [110/2]
via FE80::D2, GigabitEthernet0/1
OI 2001:DB8:CAFE:100::/64 [110/2]
via FE80::D2, GigabitEthernet0/1
OI 2001:DB8:CAFE:110::/64 [110/2]
via FE80::D2, GigabitEthernet0/1
OI 2001:DB8:CAFE:120::/64 [110/2]
via FE80::D2, GigabitEthernet0/1
OI 2001:DB8:CAFE:200::/64 [110/2]
via FE80::D2, GigabitEthernet0/1
O
2001:DB8:CAFE:201::1/128 [110/3]
via FE80::D2, GigabitEthernet0/1
LC 2001:DB8:CAFE:203::1/128 [0/0]
via Loopback0, receive
C
2001:DB8:CAFE:212::/64 [0/0]
via GigabitEthernet0/1, directly connected
L
2001:DB8:CAFE:212::3/128 [0/0]
via GigabitEthernet0/1, receive
O
2001:DB8:CAFE:300::/64 [110/2]
via FE80::D2, GigabitEthernet0/1
C
2001:DB8:CAFE:800::/64 [0/0]
via GigabitEthernet0/0, directly connected
L
2001:DB8:CAFE:800::1/128 [0/0]
via GigabitEthernet0/0, receive
C
2001:DB8:CAFE:801::/64 [0/0]
via Loopback1, directly connected
L
2001:DB8:CAFE:801::1/128 [0/0]
via Loopback1, receive
D
2001:DB8:CAFE:2020::2/128 [90/13556702]
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 11 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
via FE80::2, Serial0/0/1.2
2001:DB8:CAFE:2110::D1/128 [110/2]
via FE80::D2, GigabitEthernet0/1
O
2001:DB8:CAFE:2120::D2/128 [110/1]
via FE80::D2, GigabitEthernet0/1
OE1 2001:DB8:FEED:10::/126 [110/103]
via FE80::D2, GigabitEthernet0/1
C
2001:DB8:FEED:14::/126 [0/0]
via Serial0/0/1.1, directly connected
L
2001:DB8:FEED:14::3/128 [0/0]
via Serial0/0/1.1, receive
B
2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:14::2
R
FC00::/7 [120/2]
via FE80::2, Serial0/0/1.2
L
FF00::/8 [0/0]
via Null0, receive
O
DLS1# show ip route | begin Gateway
Gateway of last resort is 10.1.2.2 to network 0.0.0.0
O*E1
O E1
O
C
L
O
C
L
O
O
O
C
L
C
L
C
L
C
L
C
L
C
O
E1
E1
E1
E1
O E1
O
O
O E1
O E1
R
0.0.0.0/0 [110/101] via 10.1.2.2, 00:33:34, FastEthernet0/5
2.0.0.0/32 is subnetted, 1 subnets
2.2.2.2 [110/101] via 10.1.2.2, 00:33:34, FastEthernet0/5
10.0.0.0/8 is variably subnetted, 21 subnets, 6 masks
10.1.0.0/16 [110/101] via 10.1.2.2, 00:33:34, FastEthernet0/5
10.1.2.0/30 is directly connected, FastEthernet0/5
10.1.2.1/32 is directly connected, FastEthernet0/5
10.1.2.12/30 [110/2] via 10.1.30.253, 00:33:34, Vlan300
10.1.30.0/24 is directly connected, Vlan300
10.1.30.252/32 is directly connected, Vlan300
10.1.80.0/25 [110/102] via 10.1.30.253, 00:33:34, Vlan300
10.1.80.128/25 [110/102] via 10.1.30.253, 00:33:34, Vlan300
10.1.90.2/31 [110/102] via 10.1.30.253, 00:33:34, Vlan300
10.1.99.0/24 is directly connected, Vlan99
10.1.99.252/32 is directly connected, Vlan99
10.1.100.0/24 is directly connected, Vlan100
10.1.100.252/32 is directly connected, Vlan100
10.1.110.0/24 is directly connected, Vlan110
10.1.110.252/32 is directly connected, Vlan110
10.1.120.0/24 is directly connected, Vlan120
10.1.120.252/32 is directly connected, Vlan120
10.1.200.0/24 is directly connected, Vlan200
10.1.200.252/32 is directly connected, Vlan200
10.1.211.1/32 is directly connected, Loopback0
10.1.212.1/32 [110/2] via 10.1.30.253, 00:33:34, Vlan300
20.0.0.0/32 is subnetted, 1 subnets
20.20.20.20 [110/102] via 10.1.30.253, 00:33:34, Vlan300
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.1 [110/2] via 10.1.2.2, 00:33:34, FastEthernet0/5
192.168.3.0/32 is subnetted, 1 subnets
192.168.3.1 [110/3] via 10.1.30.253, 00:33:34, Vlan300
209.165.200.0/30 is subnetted, 3 subnets
209.165.200.220 [110/102] via 10.1.30.253, 00:33:34, Vlan300
209.165.200.224 [110/101] via 10.1.2.2, 00:33:34, FastEthernet0/5
209.165.200.228 [120/1] via 10.1.120.8, 00:00:21, Vlan120
[120/1] via 10.1.2.2, 00:00:01, FastEthernet0/5
DLS1# show ipv6 route | begin ::/0
OE1 ::/0 [110/101], tag 2
via FE80::1, FastEthernet0/5
OE1 2001:DB8:CAFE:6::/126 [110/102]
via FE80::D2, Vlan300
C
2001:DB8:CAFE:20::/64 [0/0]
via FastEthernet0/5, directly connected
L
2001:DB8:CAFE:20::D1/128 [0/0]
via FastEthernet0/5, receive
OE1 2001:DB8:CAFE:90::/126 [110/102]
via FE80::D2, Vlan300
C
2001:DB8:CAFE:99::/64 [0/0]
via Vlan99, directly connected
L
2001:DB8:CAFE:99::D1/128 [0/0]
via Vlan99, receive
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 12 of 22
CCNPv7 TSHOOT
C
L
C
L
C
L
C
L
O
O
O
C
L
OE1
OE1
OE1
LC
O
OE1
OE1
OE1
C
L
L
Lab 10-2, Sandbox
2001:DB8:CAFE:100::/64 [0/0]
via Vlan100, directly connected
2001:DB8:CAFE:100::D1/128 [0/0]
via Vlan100, receive
2001:DB8:CAFE:110::/64 [0/0]
via Vlan110, directly connected
2001:DB8:CAFE:110::D1/128 [0/0]
via Vlan110, receive
2001:DB8:CAFE:120::/64 [0/0]
via Vlan120, directly connected
2001:DB8:CAFE:120::D1/128 [0/0]
via Vlan120, receive
2001:DB8:CAFE:200::/64 [0/0]
via Vlan200, directly connected
2001:DB8:CAFE:200::D1/128 [0/0]
via Vlan200, receive
2001:DB8:CAFE:201::1/128 [110/1]
via FE80::1, FastEthernet0/5
2001:DB8:CAFE:203::1/128 [110/2]
via FE80::D2, Vlan300
2001:DB8:CAFE:212::/64 [110/2]
via FE80::D2, Vlan300
2001:DB8:CAFE:300::/64 [0/0]
via Vlan300, directly connected
2001:DB8:CAFE:300::D1/128 [0/0]
via Vlan300, receive
2001:DB8:CAFE:800::/64 [110/102]
via FE80::D2, Vlan300
2001:DB8:CAFE:801::/64 [110/102]
via FE80::D2, Vlan300
2001:DB8:CAFE:2020::2/128 [110/102]
via FE80::D2, Vlan300
2001:DB8:CAFE:2110::D1/128 [0/0]
via Loopback0, receive
2001:DB8:CAFE:2120::D2/128 [110/1]
via FE80::D2, Vlan300
2001:DB8:FEED:10::/126 [110/101]
via FE80::1, FastEthernet0/5
2001:DB8:FEED:14::/126 [110/102]
via FE80::D2, Vlan300
2001:DB8:FEED:222::2/128 [110/101]
via FE80::1, FastEthernet0/5
FC00::/7 [0/0]
via Tunnel0, directly connected
FC00::D1/128 [0/0]
via Tunnel0, receive
FF00::/8 [0/0]
via Null0, receive
ALS1# show ip route | begin Gateway
Gateway of last resort is 10.1.99.254 to network 0.0.0.0
S*
C
L
C
L
C
L
C
L
C
L
C
L
0.0.0.0/0 [1/0] via 10.1.99.254
10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
10.1.30.0/24 is directly connected, Vlan300
10.1.30.251/32 is directly connected, Vlan300
10.1.99.0/24 is directly connected, Vlan99
10.1.99.251/32 is directly connected, Vlan99
10.1.100.0/24 is directly connected, Vlan100
10.1.100.251/32 is directly connected, Vlan100
10.1.110.0/24 is directly connected, Vlan110
10.1.110.251/32 is directly connected, Vlan110
10.1.120.0/24 is directly connected, Vlan120
10.1.120.251/32 is directly connected, Vlan120
10.1.200.0/24 is directly connected, Vlan200
10.1.200.251/32 is directly connected, Vlan200
ALS1# show ipv6 route | begin ::/0
S
::/0 [1/0]
via 2001:DB8:CAFE:99::D1
C
2001:DB8:CAFE:99::/64 [0/0]
via Vlan99, directly connected
L
2001:DB8:CAFE:99::A1/128 [0/0]
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 13 of 22
CCNPv7 TSHOOT
C
L
C
L
C
L
C
L
C
L
L
Lab 10-2, Sandbox
via Vlan99, receive
2001:DB8:CAFE:100::/64 [0/0]
via Vlan100, directly connected
2001:DB8:CAFE:100::A1/128 [0/0]
via Vlan100, receive
2001:DB8:CAFE:110::/64 [0/0]
via Vlan110, directly connected
2001:DB8:CAFE:110::A1/128 [0/0]
via Vlan110, receive
2001:DB8:CAFE:120::/64 [0/0]
via Vlan120, directly connected
2001:DB8:CAFE:120::A1/128 [0/0]
via Vlan120, receive
2001:DB8:CAFE:200::/64 [0/0]
via Vlan200, directly connected
2001:DB8:CAFE:200::A1/128 [0/0]
via Vlan200, receive
2001:DB8:CAFE:300::/64 [0/0]
via Vlan300, directly connected
2001:DB8:CAFE:300::A1/128 [0/0]
via Vlan300, receive
FF00::/8 [0/0]
via Null0, receive
DLS2# show ip route | begin Gateway
Gateway of last resort is 10.1.2.14 to network 0.0.0.0
O*E1
O E1
O
O
C
L
C
L
O
O
O
C
L
C
L
C
L
C
L
C
L
O
C
E1
E1
E1
E1
O E1
O
O
O E1
O E1
R
0.0.0.0/0 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5
2.0.0.0/32 is subnetted, 1 subnets
2.2.2.2 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5
10.0.0.0/8 is variably subnetted, 21 subnets, 6 masks
10.1.0.0/16 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5
10.1.2.0/30 [110/2] via 10.1.30.252, 14:27:06, Vlan300
10.1.2.12/30 is directly connected, FastEthernet0/5
10.1.2.13/32 is directly connected, FastEthernet0/5
10.1.30.0/24 is directly connected, Vlan300
10.1.30.253/32 is directly connected, Vlan300
10.1.80.0/25 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5
10.1.80.128/25 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5
10.1.90.2/31 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5
10.1.99.0/24 is directly connected, Vlan99
10.1.99.253/32 is directly connected, Vlan99
10.1.100.0/24 is directly connected, Vlan100
10.1.100.253/32 is directly connected, Vlan100
10.1.110.0/24 is directly connected, Vlan110
10.1.110.253/32 is directly connected, Vlan110
10.1.120.0/24 is directly connected, Vlan120
10.1.120.253/32 is directly connected, Vlan120
10.1.200.0/24 is directly connected, Vlan200
10.1.200.253/32 is directly connected, Vlan200
10.1.211.1/32 [110/2] via 10.1.30.252, 16:53:36, Vlan300
10.1.212.1/32 is directly connected, Loopback0
20.0.0.0/32 is subnetted, 1 subnets
20.20.20.20 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5
192.168.1.0/32 is subnetted, 1 subnets
192.168.1.1 [110/3] via 10.1.30.252, 14:26:11, Vlan300
192.168.3.0/32 is subnetted, 1 subnets
192.168.3.1 [110/2] via 10.1.2.14, 01:25:05, FastEthernet0/5
209.165.200.0/30 is subnetted, 3 subnets
209.165.200.220 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5
209.165.200.224 [110/102] via 10.1.30.252, 14:26:11, Vlan300
209.165.200.228 [120/1] via 10.1.120.8, 00:00:03, Vlan120
DLS2# show ipv6 route | begin ::/0
OE1 ::/0 [110/101], tag 2
via FE80::1, FastEthernet0/5
OE1 2001:DB8:CAFE:6::/126 [110/101]
via FE80::1, FastEthernet0/5
O
2001:DB8:CAFE:20::/64 [110/2]
via FE80::D1, Vlan300
R
2001:DB8:CAFE:90::/126 [109/2]
via FE80::2, Vlan120
via FE80::1, FastEthernet0/5
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 14 of 22
CCNPv7 TSHOOT
C
L
C
L
C
L
C
L
C
L
O
R
C
L
C
L
OE1
OE1
R
R
LC
OE1
OE1
OE1
R
L
Lab 10-2, Sandbox
2001:DB8:CAFE:99::/64 [0/0]
via Vlan99, directly connected
2001:DB8:CAFE:99::D2/128 [0/0]
via Vlan99, receive
2001:DB8:CAFE:100::/64 [0/0]
via Vlan100, directly connected
2001:DB8:CAFE:100::D2/128 [0/0]
via Vlan100, receive
2001:DB8:CAFE:110::/64 [0/0]
via Vlan110, directly connected
2001:DB8:CAFE:110::D2/128 [0/0]
via Vlan110, receive
2001:DB8:CAFE:120::/64 [0/0]
via Vlan120, directly connected
2001:DB8:CAFE:120::D2/128 [0/0]
via Vlan120, receive
2001:DB8:CAFE:200::/64 [0/0]
via Vlan200, directly connected
2001:DB8:CAFE:200::D2/128 [0/0]
via Vlan200, receive
2001:DB8:CAFE:201::1/128 [110/2]
via FE80::D1, Vlan300
2001:DB8:CAFE:203::1/128 [109/2]
via FE80::1, FastEthernet0/5
2001:DB8:CAFE:212::/64 [0/0]
via FastEthernet0/5, directly connected
2001:DB8:CAFE:212::D2/128 [0/0]
via FastEthernet0/5, receive
2001:DB8:CAFE:300::/64 [0/0]
via Vlan300, directly connected
2001:DB8:CAFE:300::D2/128 [0/0]
via Vlan300, receive
2001:DB8:CAFE:800::/64 [110/101]
via FE80::1, FastEthernet0/5
2001:DB8:CAFE:801::/64 [110/101]
via FE80::1, FastEthernet0/5
2001:DB8:CAFE:2020::2/128 [109/2]
via FE80::2, Vlan120
2001:DB8:CAFE:2110::D1/128 [109/2]
via FE80::D1, Vlan110
via FE80::D1, Vlan99
via FE80::D1, Vlan100
via FE80::D1, Vlan120
2001:DB8:CAFE:2120::D2/128 [0/0]
via Loopback0, receive
2001:DB8:FEED:10::/126 [110/102]
via FE80::D1, Vlan300
2001:DB8:FEED:14::/126 [110/101]
via FE80::1, FastEthernet0/5
2001:DB8:FEED:222::2/128 [110/101]
via FE80::1, FastEthernet0/5
FC00::/7 [109/2]
via FE80::2, Vlan120
via FE80::D1, Vlan120
via FE80::D1, Vlan110
via FE80::D1, Vlan100
via FE80::D1, Vlan99
FF00::/8 [0/0]
via Null0, receive
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 15 of 22
CCNPv7 TSHOOT
Device
Lab 10-2, Sandbox
Actions and Results
Step 8: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions, methods, and processes, and procedure and communication
improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 16 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
Task 2: Trouble Ticket Lab 10-2 TT-B
Step 1: Review trouble ticket Lab 10-2 TT-B.
Your contract work paid off. The CIOs are happy with your documentation, which verifies connectivity under
all service provider failover scenarios. They asked you to give a presentation tomorrow to demonstrate the
network resiliency. In preparation for the presentation, you discover that some LAN failover scenarios are not
working properly. There are a lot of missing routes as well. It appears that someone made some
undocumented changes after your network testing. The pressure is on for you to fix the issue(s) today!
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files as indicated in the Device Configuration File table. Watch the configuration
sequences load to ensure that no commands are failing upon being entered. Remember to check that the
appropriate SDM templates are loading on the switches.
Device Configuration File Table
Device Name
File to Load
Notes
ALS1
Lab102-ALS1-TT-B-Cfg.txt
DLS1
Lab102-DLS1-TT-B-Cfg.txt
DLS2
Lab102-DLS2-TT-B-Cfg.txt
R1
Lab102-R1-TT-B-Cfg.txt
R2
Lab102-R2-TT-B-Cfg.txt
R3
Lab102-R3-TT-B-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Ensure proper MST and VTPv3 operation.
Sometimes MST and VTPv3 do not operate as expect. Check all the items listed below, and make
changes as necessary to validate each item.
a. Check that each switch has VLANs 99, 100, 120, 200, 300, 666, and 999.
b. Check that the MST region name is TSHOOT.
c.
Check that the MST configuration revision number is 25.
d. Check that VLANs 99, 110, and 120 are mapped to MST instance 1.
e. Check that VLANs 100, 200, and 300 are mapped to MST instance 2.
f.
Check that DLS1 is the root for instance 1 and DLS2 is the root for instance 2.
g. Check that exactly one port channel interface on ALS1 is blocking for each MST instance.
Step 4: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c.
Start the TFTP server on SRV1 to record device configuration changes.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 17 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
Step 5: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. Ensure that PC-C is configured as a DHCP client in the R3 branch office LAN.
c.
After loading all TT-B device configuration files, issue the ipconfig /release and ipconfig
/renew commands on PC-B and PC-C.
Step 6: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 7: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 18 of 22
CCNPv7 TSHOOT
Device
Lab 10-2, Sandbox
Actions and Results
Step 8: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with the instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions, methods, and processes, and procedure and communication
improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 19 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
Task 3: Trouble Ticket Lab 10-2 TT-C
Step 1: Review trouble ticket Lab 10-2 TT-C.
You resolved the issues in time to finish your presentation to the CIOs and it went smoothly. You have some
down time and decide to try implementing the EIGRP Stub Routing feature to simplify the EIGRP
configuration for the collocated office. The complexity of the network is making it difficult for you to get it
working. Your window of opportunity is closing today, but you want to show the CIOs that you have a proof-ofconcept for an EIGRP stub solution. It makes sense to include some selective route summarization in the
network, but now you need to troubleshoot your own work. Ensure that network connectivity is at least at the
same level as you validated for TT-A (Task 1) Scenario 1.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files as indicated in the Device Configuration File table. Watch the configuration
sequences load to ensure that no commands are failing upon being entered. Remember to check that the
appropriate SDM templates are loading on the switches.
Device Configuration File Table
Device Name
File to Load
ALS1
Lab102-ALS1-TT-C-Cfg.txt
DLS1
Lab102-DLS1-TT-C-Cfg.txt
DLS2
Lab102-DLS2-TT-C-Cfg.txt
R1
Lab102-R1-TT-C-Cfg.txt
R2
Lab102-R2-TT-C-Cfg.txt
Notes
R3
Lab102-R3-TT-C-Cfg.txt
SRV1
N/A
Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B
N/A
DHCPv4 and DHCPv6
PC-C
N/A
DHCPv4 and DHCPv6
Step 3: Ensure proper MST and VTPv3 operation.
Sometimes MST and VTPv3 do not operate as expect. Check all the items listed below, and make
changes as necessary to validate each item.
a. Check that each switch has VLANs 99, 100, 120, 200, 300, 666, and 999.
b. Check that the MST region name is TSHOOT.
c.
Check that the MST configuration revision number is 25.
d. Check that VLANs 99, 110, and 120 are mapped to MST instance 1.
e. Check that VLANs 100, 200, and 300 are mapped to MST instance 2.
f.
Check that DLS1 is the root for instance 1 and DLS2 is the root for instance 2.
g. Check that exactly one port channel interface on ALS1 is blocking for each MST instance.
Step 4: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c.
Start the TFTP server on SRV1 to record device configuration changes.
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 20 of 22
CCNPv7 TSHOOT
Lab 10-2, Sandbox
Step 5: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. Ensure that PC-C is configured as a DHCP client in the R3 branch office LAN.
c.
After loading all TT-B device configuration files, issue the ipconfig /release and ipconfig
/renew commands on PC-B and PC-C.
Step 6: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Step 7: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device
Actions and Results
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 21 of 22
CCNPv7 TSHOOT
Device
Lab 10-2, Sandbox
Actions and Results
Step 8: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with the instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions, methods, and processes, and procedure and communication
improvements.
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 22 of 22