CCNP TSHOOT Chapter 9 Lab 9-1, Network Mirror (Version 7)

Physical Topology

Logical Topology

Objectives

• Load the trouble ticket device configuration files for each trouble ticket.
• Diagnose and resolve problems related to switch virtual interfaces and multilayer switching.
• Diagnose and resolve problems related to First Hop Redundancy Protocols.
• Diagnose and resolve problems related to basic routing.
• Document troubleshooting progress, configuration changes, and problem resolution.

Background

Network documentation and security documentation are important when troubleshooting, especially when unexpected traffic patterns emerge. In this lab, you will troubleshoot problems related to network design and security policy. For each task or trouble ticket, the scenario and problem symptoms are described. While troubleshooting, you will discover the cause of the problem, correct it, and then document the process and results.

Physical and Logical Topology Diagrams

The baseline physical and logical topologies, including interface designations and IPv4/IPv6 addresses, are provided to assist the troubleshooting effort. Since this lab involves network design, it may help to create new network diagrams or modify the ones provided.

Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dual-ipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and Cisco IOS Software version, the commands available and output produced might vary from what is shown in this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.

Required Resources

• 3 routers (Cisco IOS Release 15.4 or comparable)
• 2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast Ethernet interfaces)
• SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH client and WireShark software
• PC-B (DHCP client): Windows 7 with SSH client and WireShark software
• PC-C (DHCP client): Windows 7 with SSH client and WireShark software

Task 1: Trouble Ticket Lab 9-1 TT-A

Step 1: Review trouble ticket Lab 9-1 TT-A.

Before the CAFE company was bought out by the KAFFEE corporation, CAFE was collocated with its ISP. At the time, ALS1 was the only switch and it connected via F0/18 directly to G0/0 on R2, their only router. After the acquisition, KAFFEE moved to a new site several kilometers from the ISP. KAFFEE company operations did not require much bandwidth then and they already owned two routers, R1 and R3, so the business decision was made to use E1 serial connections from these routers back to R2 at the ISP.

After doing business for a year, to remain competitive a bandwidth upgrade was required. Chris, the CIO for KAFFEE, arranged to lease a fiber connection that was already in place between the ISP and the KAFFEE site. Chris decided to save some money by making use of two fiber-to-copper media converters from storage to enable a connection between R2 G0/0 and a yet-to-be-determined networking device at the KAFFEE site. One media converter was installed at the ISP, connecting the fiber to a patch cable in turn connected to R2 G0/0.

At the KAFFEE site, the other end of the fiber was connected to the second media converter in the secured network operations room. Chris has a cubicle next to the network operations room with several cable outlets connecting back to a patch panel in the network operations room. Chris used a patch cable to connect the media converter to a port on the patch panel that in turn connects to cable outlet A at his cubicle. With this setup, Chris is ready to do some testing with the new high-bandwidth link. Chris plans to bring up the high-speed link to the ISP within a week.

KAFFEE network technician Joe works at a cubicle adjacent to Chris’ cubicle, and he has access through the cubicle furniture to the same cable outlets as Chris. Joe has overheard all the phone conversations Chris has had with the ISP engineer regarding the new high-bandwidth link. Unfortunately, Chris had to let Joe go to meet a budget shortfall. Today is Joe’s last day. Although Joe has no access to the network operations room, he has a role-based account on all the networking devices with several commands at his disposal. Without any IT staff knowing, Joe made the bad decision to introduce a few cable and configuration changes as a way of letting off steam:

Joe’s cubicle has an IP phone connected via conduit to ALS1. His desktop PC, PC-B, is connected to the IP phone. Joe found an unmanaged switch in the e-waste box near his cubicle. He disconnected the cable from the NIC on PC-B and connected it to the unmanaged switch. He connected a second cable from the unmanaged switch to PC-B. He took a third cable and connected cable outlet A to the unmanaged switch. At this point, the IP phone, PC-B, and R2 were all connected to ALS1 port F0/18. Joe made use of his limited access to the network devices to make several changes to the network configuration. Then Joe started downloading a cloud-based MP4 library onto the 10-terabyte USB drive connected to PC-B before going home on his final day of work.

You are the network engineer for KAFFEE, arriving at work the morning after Joe’s last day. Chris is out for the day and he has not told you anything about the new high-bandwidth link being provisioned. The ISP engineer assigned to the KAFFEE account was under the impression that the high-bandwidth link to R2 would be brought up in no sooner than 3 days. Some employees are complaining that Internet access is very slow. Syslog messages do not appear to indicate any problems, but they do show that the entire KAFFEE network was down for about 5 minutes at the end of work yesterday.

Your task is to determine what is causing the slow Internet access and restore baseline functionality.

Step 2: Load the device trouble ticket configuration files for TT-A.

Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash. Load the proper configuration files indicated in the Device Configuration File Table.

Device Configuration File Table

Step 3: Configure SRV1 and start the syslog and TFTP servers.

a. Ensure that SRV1 has the static IP address 10.1.100.1 and default gateway 10.1.100.254.

b. Start the syslog server on SRV1, which is the syslog server for the entire network. When the network is properly configured, all devices send syslog messages to SRV1.

c. Start the TFTP server on SRV1, which is the archive server for the entire network. When the network is properly configured, all devices send archives of their running configurations to this server whenever the running config is copied to the startup config. Ensure that the default TFTP directory on SRV1 is set to the directory where you want to store the archives.

Step 4: Release and renew the DHCP leases on PC-B and PC-C.

a. Ensure that PC-B and PC-C are configured as DHCP clients.

b. After loading all TT-A device configuration files, issue the ipconfig/release and ipconfig/renew commands on PC-B and PC-C. You might need to repeat this process after the TT problems have been resolved.

Note: Problems introduced into the network by the trouble ticket might cause DHCP issues. Do not assign PC-B or PC-C a static address.

Step 5: Outline the troubleshooting approach and validation steps.

Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.

Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem, gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
__________________________________________________________________

Step 6: Record the troubleshooting process and configuration changes.

Use this log to document your actions and results during the troubleshooting process. List the commands you used to gather information. As you progress, record your thoughts as to what you think the problem might be and which actions you take to correct the problem.

Step 7: Document trouble ticket debrief notes.

Use this space to make notes of the key learning points that you picked up during the discussion of this trouble ticket with your instructor. The notes can include problems encountered, solutions applied, and useful commands employed. It can also include alternate solutions, methods, and procedures and communication improvements.
_____________________________________________________________________

Task 2: Trouble Ticket Lab 9-1 TT-B

Step 1: Review trouble ticket Lab 9-1 TT-B.

A new security policy was recently approved and implemented company-wide. The new policy requires the strictest standards for IPv4 remote access. In the first phase of implementation, only SSH clients in VLAN 100 are allowed to remotely access network devices via IPv4. Upon arriving at the office this morning, you find the following tickets in the system:

• Employees in OFFICE VLAN 120 are experiencing network difficulties.
• The network technicians are unable to SSH to any device in the network from VLAN 100 via IPv4.

As the company’s lead network engineer and coauthor of the security policy, you immediately get started troubleshooting.

Step 2: Load the device trouble ticket configuration files for TT-B.

Load the proper configuration files indicated in the Device Configuration File Table.

Device Configuration File Table

Step 3: Configure SRV1 and start the syslog and TFTP servers, as described in Task 1.

Step 4: Release and renew the DHCP leases on PC-B and PC-C, as described in Task 1.

Step 5: Outline the troubleshooting approach and validation steps.

Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved. Troubleshooting approaches to select from include follow-the-path, perform-comparison, bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.

Note: In addition to a specific approach, you can use the generic troubleshooting process.
_________________________________________________________________

Step 6: Record the troubleshooting process and configuration changes.

Use this log to document your actions and results during the troubleshooting process. List the commands you used to gather information. As you progress, record your thoughts as to what you think the problem might be and which actions you take to correct the problem.

Step 7: Document trouble ticket debrief notes.

Use this space to make notes of the key learning points that you picked up during the discussion of this trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful commands employed, alternate solutions, methods and processes, and procedure and communication improvements.
_________________________________________________________________