){kind=link}
Lab Topology
Objectives
- Load the device configuration files for each trouble ticket.
- Diagnose and resolve problems related to features, protocols, or technology that could be encountered in a complex, integrated enterprise network.
- Document the troubleshooting progress, configuration changes, and problem resolution.
Background
This lab covers a range of problems and requires that you make use of the troubleshooting skills acquired throughout this course to resolve the routing and switching problems introduced. These trouble tickets may involve technologies from any ROUTE or SWITCH lab. But the focus is on connectivity issues related to DHCP, NAT, HSRP, OSPF, EIGRP, BGP, and ACLs. IPv6 is the BGP transport for both IPv4 and IPv6 routes.
For each task or trouble ticket, the trouble scenario and problem symptom are described. While troubleshooting, you will discover the cause of the problem, correct it, and then document the process and results.
Trouble Tickets and Troubleshooting Logs
This lab includes three tasks. Each task is associated with a trouble ticket (TT) and introduces one or more errors on one or more devices. If time is a consideration, each task or trouble ticket can be performed independently.
Troubleshooting Reference Information
A generic troubleshooting flow is provided for analysis. Suggested commands are provided for each trouble ticket. Refer to previous labs for specific troubleshooting flows, examples of additional commands and command output.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dual-ipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Required Resources
- 3 routers (Cisco IOS Release 15.4 or comparable)
- 2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast Ethernet interfaces)
- SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH client, SNMP monitor, and WireShark software
- PC-B (DHCP client): Windows 7 with SSH client and WireShark software
- PC-C (DHCP client): Windows 7 with SSH client and WireShark software
- Serial and Ethernet cables, as shown in the topology
Task 1: Trouble Ticket Lab 10-1 TT-A
Step 1: Review trouble ticket Lab 10-1 TT-A.
As a security measure, your company has decided to implement DHCP snooping, IP Source Guard, and Dynamic ARP Inspection (DAI) on access switches to
• Protect against rogue and malicious DHCP servers
• Protect against IP address spoofing
• Protect against ARP spoofing and ARP poisoning
For the pilot, the implementation plan specifies that the user VLAN 120 (OFFICE VLAN) on ASL1 be configured for these technologies and DHCP client PC-B be used as a test station. The test plan requires that the redundant switch topology failover allows VLAN 120 users to obtain an IP address from the DHCP server (DLS1) if one of the trunk links from ALS1 to DLS1 or DLS2 goes down. IPv6 Snooping is not included in the implementation plan because it is not currently supported on EtherChannel ports.
Your colleague has configured DHCP snooping, IP Source Guard, and DAI on ASL1, but now PC-B cannot access SRV1 or the Internet. He has asked for your help in diagnosing and solving the problem.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load the proper configuration files as indicated in the Device Configuration File table.
Device Configuration File Table
| Device Name | File to Load | Notes |
|---|---|---|
| ALS1 | Lab101-ALS1-TT-A-Cfg.txt | |
| DLS1 | Lab101-DLS1-TT-A-Cfg.txt | |
| DLS2 | Lab101-DLS2-TT-A-Cfg.txt | |
| R1 | Lab101-R1-TT-A-Cfg.txt | |
| R2 | Lab101-R2-TT-A-Cfg.txt | |
| R3 | Lab101-R3-TT-A-Cfg.txt | |
| SRV1 | N/A | Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64 Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1 |
| PC-B | N/A | DHCPv4 and DHCPv6 |
| PC-C | N/A | DHCPv4 and DHCPv6 |
Step 3: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c. Start the TFTP server on SRV1 to record device configuration changes.
Step 4: Release and renew the DHCP leases.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig /renew commands on PC-B.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem, gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you used to gather information. As you progress, record your thoughts as to what you think the problem might be and which actions you take to correct the problem.
| Device | Actions and Results |
|---|---|
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands employed, alternate solutions, methods, and processes, and procedure and communication improvements.
__________________________________________________________________
Task 2: Trouble Ticket Lab 10-1 TT-B
Step 1: Review trouble ticket Lab 10-1 TT-B.
Over the last year a number of incremental changes have been made to the network. In order to ensure that the network documentation is faithfully reflected in the network configurations, a thorough review was requested by the CIO. As a result of the review, a few changes were made to meticulously synchronize the device configurations with the topology diagram. Now many users on the network are experiencing problems when accessing the Internet. An office user who uses client PC-B reports that he cannot access the Internet at IPv4 address 2.2.2.2 and IPv6 address 2001:DB8:EFAC::2 (simulated by R2 Lo1). And a branch office user who uses client PC-C also reports not being able to browse the Internet.
Your task is to restore connectivity from client PC-B and client PC-C to the Internet and ensure that the users can connect to R2 Lo1 using IPv4 and IPv6 ping.
Step 2: Load the device trouble ticket configuration files for TT-B.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load the proper configuration files as indicated in the Device Configuration File table.
Device Configuration File Table
| Device Name | File to Load | Notes |
|---|---|---|
| ALS1 | Lab101-ALS1-TT-B-Cfg.txt | |
| DLS1 | Lab101-DLS1-TT-B-Cfg.txt | |
| DLS2 | Lab101-DLS2-TT-B-Cfg.txt | |
| R1 | Lab101-R1-TT-B-Cfg.txt | |
| R2 | Lab101-R2-TT-B-Cfg.txt | |
| R3 | Lab101-R3-TT-B-Cfg.txt | |
| SRV1 | N/A | Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64 Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1 |
| PC-B | N/A | DHCPv4 and DHCPv6 |
| PC-C | N/A | DHCPv4 and DHCPv6 |
Step 3: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c. Start the TFTP server on SRV1 to record device configuration changes.
Step 4: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. Ensure that PC-C is configured as a DHCP client in the R3 branch office LAN.
c. After loading all TT-B device configuration files, issue the ipconfig /release and ipconfig /renew commands on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem, gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_______________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands you used to gather information. As you progress, record your thoughts as to what you think the problem might be and which actions you take to correct the problem.
| Device | Actions and Results |
|---|---|
| Command | Key Information Displayed |
|---|---|
| show ip route, show ip route ip-addr
show ipv6 route, show ipv6 route ipv6-addr, show ospfv3 route |
Displays the entire v4 or v6 routing table or information for a particular destination address. |
| show ip ospf interface brief, show ipv6 ospf interface brief, show ospfv3 interface brief | Displays interfaces that are participating in the OSPF routing process. An interface does not need to be operational to be listed in the command output. |
| show ip ospf neighbor, show ipv6 ospf neighbor, show ospfv3 neighbor | Displays the OSPF neighbor table to verify that all expected neighbor relationships are operational. |
| show ip bgp, show bgp, show bgp ipv4 unicast, show bgp ipv6 unicast, show bgp all | Displays local and learned network entries in the BGP table with next hop, metric, local preference, weight, and AS path. |
| show ip bgp summary, show bgp summary, show bgp ipv4 unicast summary, show bgp ipv6 unicast summary, show bgp all summary | Displays a summary of the BGP neighbor table. Lists important BGP parameters, such as the AS number and router ID, statistics about the memory consumption of the various BGP data structures, and a brief overview of the configured neighbors and their state. |
| show ip bgp neighbors, show bgp neighbors, show bgp ipv4 unicast neighbors, show bgp ipv6 unicast neighbors, show bgp all neighbors | Displays parameters and extensive statistics about the peering session for all BGP neighbors. |
| show ip ospf database, show ipv6 ospf database, show ospfv3 ipv4 database, show ospfv3 ipv6 database, show ospfv3 database | Verifies the link types and link IDs for all areas in which this device participates. |
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble ticket with the instructor. The notes can include problems encountered, solutions applied, useful commands employed, alternate solutions, methods, and processes, and procedure and communication improvements.
___________________________________________________________________
Task 3: Trouble Ticket Lab 10-1 TT-C
Step 1: Review trouble ticket Lab 10-1 TT-C.
The user of PC-C on the branch office network called the help desk and reported that she is unable to access SRV1 or the Internet. Your task is to restore connectivity from client PC-C to SRV1 and the Internet and ensure that the user can connect to R2 Lo1 via IPv4. The branch office administrator did some preliminary testing and reported that he cannot ping or SSH to DLS1, R1, or R2 from R3.
After full IPv4 connectivity is established, the final task is to restore IPv6 connectivity from PC-C to SRV1 and the Internet and ensure the user can connect to the Internet via IPv6 ping and SSH.
Step 2: Load the device trouble ticket configuration files for TT-C.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load the proper configuration files as indicated in the Device Configuration File table.
Device Configuration File Table
| Device Name | File to Load | Notes |
|---|---|---|
| ALS1 | Lab101-ALS1-TT-C-Cfg.txt | |
| DLS1 | Lab101-DLS1-TT-C-Cfg.txt | |
| DLS2 | Lab101-DLS2-TT-C-Cfg.txt | |
| R1 | Lab101-R1-TT-C-Cfg.txt | |
| R2 | Lab101-R2-TT-C-Cfg.txt | |
| R3 | Lab101-R3-TT-C-Cfg.txt | |
| SRV1 | N/A | Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64 Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1 |
| PC-B | N/A | DHCPv4 and DHCPv6 |
| PC-C | N/A | DHCPv4 and DHCPv6 |
Step 3: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c. Start the TFTP server on SRV1 to record device configuration changes.
Step 4: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as an IPv4 DHCP client in the OFFICE VLAN.
b. Ensure that PC-C is configured as an IPv4 DHCP client in the R3 branch office LAN.
c. After loading all TT-C device configuration files, issue the ipconfig /release and ipconfig /renew commands on PC-B and PC-C.
Step 5: Outline the troubleshooting approach and validation steps.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem, gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
___________________________________________________________________
Step 6: Record the troubleshooting process and configuration changes.
Use this log to document your actions and results during the troubleshooting process. List the commands that you used to gather information. As you progress, record what you think the problem might be and the actions you take to correct the problem.
Note: In addition to the commands listed for TT-B, the table of commands following this log might help you troubleshoot this problem.
| Device | Actions and Results |
|---|---|
| Command | Key Information Displayed |
|---|---|
| show ip cef ip-addr detail | Displays the next hop and interface used for a particular destination address from the CEF table. |
| show standby brief | Verifies active and standby roles and IP addresses for all VLANs on an HSRP router. |
| show ip eigrp interfaces | Displays interfaces that are participating in the EIGRP routing process. An interface does not need to be operational to be listed in the output. |
| show ip eigrp neighbors | Displays the EIGRP neighbor table to verify that all expected neighbor relationships are operational. |
| show access-lists ACL#/name
show ipv6 acess-list |
Displays all ACLs configured on a device, including the ACL number and name, the type (standard or extended), the statements, and the number of matches accumulated for each statement. |
| show ntp status | Displays the clock synchronization status, stratum level, and reference clock IP address. Also shows the number of seconds since the last update was received from the reference clock. |
| show ip nat translations | Displays IPv4 static and dynamic NAT mappings, including port numbers when overloading is in effect. |
| show aaa sessions | Displays active AAA session data, including source IP address and username. |
Step 7: Document trouble ticket debrief notes.
Use this space to make notes of the key learning points that you picked up during the discussion of this trouble ticket with the instructor. The notes can include problems encountered, solutions applied, useful commands employed, alternate solutions, methods, and processes, and procedure and communication improvements.
_______________________________________________________________