CCNPv8 ENARSI Skills Assessment – Troubleshooting Exam Answers

ENARSI Skills Assessment – Troubleshooting (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

CCNPv8 ENARSI Skills Assessment - Troubleshooting Exam Answers 2

Addressing Table

Device Interface IPv4 Address/Mask IPv6 Address/Prefix Length Link-Local Address
R1 G0/0/0 209.165.200.1/24 2001:db8:200::1/64 fe80::1:1
G0/0/1 10.165.249.1/24 2001:db8:249::1/64 fe80::1:2
Loopback 0 10.0.0.1/24 2001:db8:10::1/64 fe80::1:3
Loopback 1 10.165.248.1/24 2001:db8:248::1/64 fe80::1:4
R2 G0/0/0 209.165.200.2/24 2001:db8:200::2/64 fe80::2:1
G0/0/1 209.165.201.2/24 2001:db8:201::2/64 fe80::2:2
Loopback 0 172.16.0.1/24 2001:db8:172::1/64 fe80::2:3
Loopback 1 209.165.224.1/24 2001:db8:224::1/64 fe80::2:4
R3 G0/0/0 209.165.201.1/24 2001:db8:201::1/64 fe80::3:1
G0/0/1 192.168.241.1/24 2001:db8:241::1/64 fe80::3:2
Loopback 0 192.168.0.1/24 2001:db8:192::1/64 fe80::3:3
Loopback 1 192.168.240.1/24 2001:db8:240::1/64 fe80::3:4
D1 G1/0/11 10.165.249.2/25 2001:db8:249::2/64 fe80::d1:1
VLAN 250 10.165.250.1/24 2001:db8:24a::1/64 fe80::d1:2
VLAN 251 10.165.251.1/24 2001:db8:24b::1/64 fe80::d1:3
D2 G1/0/11 192.168.241.2/24 2001:db8:241::2/64 fe80::d2:1
VLAN 242 192.168.242.1/24 2001:db8:242::1/64 fe80::d2:2
VLAN 243 192.168.243.1/24 2001:db8:243::1/64 fe80::d2:3
A1 VLAN 250 10.165.250.2/24 2001:db8:24a::2/64 fe80::a1:1
PC1 NIC DHCP SLAAC EUI-64/CGA
PC2 NIC 10.165.251.5/24 2001:db8:24b::5/64 EUI-64/CGA
PC3 NIC DHCP SLAAC EUI-64/CGA
PC4 NIC DHCP SLAAC EUI-64/CGA

Objectives

Troubleshoot network issues related to the configuration and operation of routing protocols.

Background / Scenario

This is the same topology that you built in Part 1 of the ENARSI SA. In this topology, R1 and D1 are EIGRP neighbors and R3 and D2 are OSPF neighbors. R1, R2, and R3 are all speaking BGP for their respective ASNs. Switch A1 is supporting host access for a AAA server. You will be loading configurations with intentional errors onto the network. Your tasks are to FIND the error(s), document your findings and the command(s) or method(s) used to fix them, FIX the issue(s) presented here and then test the network to ensure both of the following conditions are met:

1) the complaint received in the ticket is resolved
2) full reachability is restored

Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release 16.9.4 (universalk9 image) and Cisco Catalyst 2960 with Cisco IOS Release 15.2(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers.

Note: Make sure that the devices have been erased and have no startup configurations. If you are unsure, contact your instructor.

Note: The default Switch Database Manager (SDM) template on a Catalyst 2960 does not support IPv6. You must change the default SDM template to the dual-ipv4-and-ipv6 default template using the sdm prefer dual-ipv4-and-ipv6 default global configuration command. Changing the template will require a reboot.

Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Required Resources

• 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 2 Switches (Cisco 3650 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
• 3 PCs (Choice of operating system with terminal emulation program installed)
• 1 PC (Choice of operating system with a server running configured RADIUS (Optional))
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet and serial cables as shown in the topology

Scenario

You had the network working to specifications and took a week off. While you were gone, a junior administrator and a security engineer were tasked to improve the network. The opposite occurred. Now you are tasked with fixing the network.

The instructions the junior administrator and security engineer were given were as follows:

  1. Reduce the number of TCP sessions between R1 and R3.
  2. Apply IPv4 and IPv6 filters to the outward-facing interfaces on R1 and R3 to ensure that inbound traffic sourced from their local networks is dropped.
  3. Reduce the size of the EIGRP routing table on R1.
  4. Reduce the number of route entries R1 is sending to R2.
  5. Incorporate AAA using the AAA server at 209.165.251.5 to secure remote access to all devices in the AS 10 and AS 192 networks.

They did not document things as they were supposed to, so all you have been told is things are not working as they should be. You need to fix all of this as soon as possible!

Use the commands listed below to load the configuration files for this skills assessment:

Instructor Note: Commands for uploading the configuration are provided at the end of this document.

Device Command
R1 copy flash:/enarsi/sa-tshoot-r1-config.txt run
R2 copy flash:/enarsi/sa-tshoot-r2-config.txt run
R3 copy flash:/enarsi/sa-tshoot-r3-config.txt run
D1 copy flash:/enarsi/sa-tshoot-d1-config.txt run
D2 copy flash:/enarsi/sa-tshoot-d2-config.txt run
A1 copy flash:/enarsi/sa-tshoot-a1-config.txt run

• Console Passwords on all devices are cisco12345. If a username is required, use admin.
• Remote access should be available using the username raduser and password upass123.
Instructor Note: If you are using a RADIUS server, update the RADIUS username and password as necessary.
• PC2 must be configured with static addresses as shown in the topology diagram/addressing table. PC1, PC3, and PC4 will dynamically acquire IPv4 and IPv6 addresses.
• When you have fixed the ticket, change the MOTD on EACH DEVICE using the following command:
banner motd # This is $(hostname) FIXED Skills Assessment #
• Save the configuration by issuing the wri command (on each device).
• Inform your instructor that you are finished.
• After the instructor approves your solution, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices.

Instructor Notes:

This skills assessment contains several intentional errors. The list below is mapped to the tasks given the junior administrator and security engineer:

1. Reduce the number of TCP sessions between R1 and R3.

The junior administrator did not complete the configuration – at both R1 and R3, the ebgp-multihop command was excluded. The commands to fix this error are:

Router R1

conf t
router bgp 10
 neighbor 192.168.0.1 ebgp-multihop 3
 neighbor 2001:db8:192::1 ebgp-multihop 3
 exit
end

Router R3

config t
router bgp 192
 neighbor 10.0.0.1 ebgp-multihop 3
 neighbor 2001:db8:10::1 ebgp-multihop 3
 exit
end

2. Apply IPv4 and IPv6 filters to the outward-facing interfaces on R1 and R3 to ensure that inbound traffic sourced from their local networks is dropped.

R3 has the default-information originate command, but it does not seem to be working. D2 does not see the default route. R2 is sending it, as R1 has it. The issue is that the MY-X-NETWORKS filter at the G0/0/0 ingress is denying 0.0.0.0. The filters configured on R1 are correct. The commands to fix this on R3 are as follows:

config t
ip access-list standard MY-4-NETWORKS
no 30
exit
ipv6 access-list MY-6-NETWORKS
no permit ipv6 any any
exit
end
clear ip bgp * soft

3. Reduce the size of the EIGRP routing table at R1.

The junior administrator used the wrong mask on the summary address at D1, so the networks from D1 are not all being advertised to R1. The commands to fix this on D1 are as follows:

conf t
router eigrp ENARSI-SA
 address-family ipv4 unicast autonomous-system 1
  af-interface g1/0/11
   no summary-address 10.165.250.0 255.255.255.0
   summary-address 10.165.250.0 255.255.254.0
   exit-af-interface
  exit-address-family
 address-family ipv6 unicast autonomous-system 1
  af-interface g1/0/11
   no summary-address 2001:db8:240::/48
   summary-address 2001:db8:240::/46
   exit-af-interface
  exit-address-family
 end

4. Reduce the number of route entries R1 is sending to R2.

R1 is missing static routes for the summaries it is advertising into BGP; R2 and R3 only have routes to the 10.0.0.0 network in ASN 10. The commands to fix this on R1 are as follows:

conf t
ip route 10.165.248.0 255.255.252.0 null0
ipv6 route 2001:db8:248::/46 null0
end

5. Incorporate AAA using the AAA server at 209.165.251.5 to secure remote access to all devices in the AS 10 and AS 192 networks.

The security engineer did this correctly.

Router Interface Summary Table

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
1900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
4221 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
4300 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

Uploading Configuration Files

Use the commands below to create the configuration files on the lab devices for each trouble ticket in this lab. The TCL script commands help create and copy the configurations. However, the configuration commands could also be copied and pasted directly into global config mode on each device. Simply remove the TCL script commands, enter the enable and configure t commands on the device, and copy and paste the configuration commands.

Important: The device requires a folder in flash named enarsi. Use the dir command to verify. If the folder is missing, then create it using the mkdir flash:/enarsi privileged exec command.

Reset scripts

These TCL scripts will completely clear and reload the device in preparation for the next ticket. Copy and paste the appropriate script to the appropriate device.

Router Reset Script

tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
puts "Reloading the router"
typeahead "\n"
reload
}
tclquit

D1/D2 (Cisco 3650) Reset Script – The default 3650 SDM template supports IPv6, so it is not set by this script.

tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
delete /force vlan.dat
puts "Reloading the switch"
typeahead "\n"
reload
}
tclquit

A1 (Cisco 2960 Script) – The default 2960 SDM template does not support IPv6, so this script includes that setting.

tclsh
puts [ open "flash:reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
delete /force vlan.dat
delete /force multiple-fs
ios_config "sdm prefer lanbase-routing"
typeahead "\n"
puts "Reloading the switch in 1 minute, type reload cancel to halt"
typeahead "\n"
reload
}
tclquit

R1 Configuration File Scripts

tclsh
puts [ open "flash:/enarsi/sa-tshoot-r1-config.txt" w+ ] {
hostname R1
no ip domain lookup
ipv6 unicast-routing
banner motd # This is R1, ENARSI SA Part 2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface g0/0/0
 ip address 209.165.200.1 255.255.255.0
 ipv6 address fe80::1:1 link-local
 ipv6 address 2001:db8:200::1/64
 no shutdown
 exit
interface g0/0/1
 ip address 10.165.249.1 255.255.255.0
 ipv6 address fe80::1:2 link-local
 ipv6 address 2001:db8:249::1/64
 no shutdown
 exit
interface s0/1/0
 ip address 209.165.202.1 255.255.255.0
 ipv6 address fe80::1:3 link-local
 ipv6 address 2001:db8:202::1/64
 no shutdown
 exit
interface s0/1/1
 ip address 209.165.203.1 255.255.255.0
 ipv6 address fe80::1:4 link-local
 ipv6 address 2001:db8:203::1/64
 no shutdown
 exit
interface loopback 0
 ip address 10.0.0.1 255.255.255.0
 ipv6 address fe80::1:5 link-local
 ipv6 address 2001:db8:10::1/64
 no shutdown
 exit
interface loopback 1
 ip address 10.165.248.1 255.255.255.0
 ipv6 address fe80::1:6 link-local
 ipv6 address 2001:db8:248::1/64
 no shutdown
 exit
ip route 192.168.0.1 255.255.255.255 s0/1/0 209.165.202.2
ip route 192.168.0.1 255.255.255.255 s0/1/1 209.165.203.2
ipv6 route 2001:db8:192::1/128 s0/1/0 2001:db8:202::2
ipv6 route 2001:db8:192::1/128 s0/1/1 2001:db8:203::2
ip access-list standard MY-4-NETWORKS
 permit 10.0.0.0 0.0.0.255
 permit 10.165.248.0 0.0.3.255
 exit
route-map FILTER-MY-4-NETS deny 10
 match ip address MY-4-NETWORKS
 exit
route-map FILTER-MY-4-NETS permit 20
ipv6 access-list MY-6-NETWORKS
 permit 2001:db8:248::/46 any
 permit 2001:db8:10::/64 any
 exit
route-map FILTER-MY-6-NETS deny 10
 match ipv6 address MY-6-NETWORKS
 exit
route-map FILTER-MY-6-NETS permit 20
router bgp 10
 no bgp default ipv4-unicast
 neighbor 209.165.200.2 remote-as 172
 neighbor 192.168.0.1 remote-as 192
 neighbor 192.168.0.1 update-source loopback 0
 neighbor 2001:db8:200::2 remote-as 172
 neighbor 2001:db8:192::1 remote-as 192
 neighbor 2001:db8:192::1 update-source loopback 0
 address-family ipv4 unicast
  neighbor 209.165.200.2 activate
  neighbor 192.168.0.1 activate
  neighbor 192.168.0.1 route-map FILTER-MY-4-NETS in
  neighbor 209.165.200.2 route-map FILTER-MY-4-NETS in
  network 10.0.0.0 mask 255.255.255.0
  network 10.165.248.0 mask 255.255.252.0
  exit
 address-family ipv6 unicast
  neighbor 2001:db8:200::2 activate
  neighbor 2001:db8:192::1 activate
  neighbor 2001:db8:200::2 route-map FILTER-MY-6-NETS in
  neighbor 2001:db8:192::1 route-map FILTER-MY-6-NETS in
  network 2001:db8:10::/64
  network 2001:db8:248::/46
  exit
 exit
router eigrp ENARSI-SA
 address-family ipv4 unicast autonomous-system 1
  eigrp router-id 0.4.10.1
  network 10.0.0.0
  network 10.165.248.0
  network 10.165.249.0
  topology base
   redistribute bgp 10 metric 1000000 10 255 1 1500
   exit
  exit-address-family
 address-family ipv6 unicast autonomous-system 1
  eigrp router-id 0.6.10.1
  topology base
   redistribute bgp 10 metric 1000000 10 255 1 1500
   exit
  af-interface g0/0/0
   shutdown
   exit-af-interface
  exit-address-family
 exit
aaa new-model
radius server MY-RADIUS
 address ipv4 10.165.251.5 auth-port 1812 acct-port 1813
 key $trongPass
 exit
aaa authentication login VTY-CONTROL group radius local
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 transport input telnet
 exec-timeout 5 0
 login authentication VTY-CONTROL
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit

R2 Configuration File Scripts

tclsh
puts [ open "flash:/enarsi/sa-tshoot-r2-config.txt" w+ ] {
hostname R2
no ip domain lookup
ipv6 unicast-routing
banner motd # This is R2, ENARSI SA Part 2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface g0/0/0
 ip address 209.165.200.2 255.255.255.0
 ipv6 address fe80::2:1 link-local
 ipv6 address 2001:db8:200::2/64
 no shutdown
 exit
interface g0/0/1
 ip address 209.165.201.2 255.255.255.0
 ipv6 address fe80::2:2 link-local
 ipv6 address 2001:db8:201::2/64
 no shutdown
 exit
interface loopback 0
 ip address 172.16.0.1 255.255.255.0
 ipv6 address fe80::2:3 link-local
 ipv6 address 2001:db8:172::1/64
 no shutdown
 exit
interface loopback 1
 ip address 209.165.224.1 255.255.255.0
 ipv6 address fe80::2:4 link-local
 ipv6 address 2001:db8:224::1/64
 no shutdown
 exit
ip route 0.0.0.0 0.0.0.0 null0
ipv6 route ::/0 null0
router bgp 172
 no bgp default ipv4-unicast
 bgp router-id 4.6.172.2
 neighbor 209.165.200.1 remote-as 10
 neighbor 209.165.201.1 remote-as 192
 neighbor 2001:db8:200::1 remote-as 10
 neighbor 2001:db8:201::1 remote-as 192
 address-family ipv4 unicast
  neighbor 209.165.200.1 activate
  neighbor 209.165.201.1 activate
  network 172.16.0.0 mask 255.255.255.0
  network 209.165.224.0
  network 0.0.0.0 mask 0.0.0.0
  exit
 address-family ipv6 unicast
  neighbor 2001:db8:200::1 activate
  neighbor 2001:db8:201::1 activate
  network 2001:db8:172::/64
  network 2001:db8:224::/64
  network ::/0
  exit
 exit
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 login local
 transport input telnet
 exec-timeout 5 0
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit

R3 Configuration File Scripts

tclsh
puts [ open "flash:/enarsi/sa-tshoot-r3-config.txt" w+ ] {
hostname R3
no ip domain lookup
ipv6 unicast-routing
banner motd # This is R3, ENARSI SA Part 2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface g0/0/0
 ip address 209.165.201.1 255.255.255.0
 ipv6 address fe80::3:1 link-local
 ipv6 address 2001:db8:201::1/64
 no shutdown
 exit
interface g0/0/1
 ip address 192.168.241.1 255.255.255.0
 ipv6 address fe80::3:2 link-local
 ipv6 address 2001:db8:241::1/64
 no shutdown
 exit
interface s0/1/0
 ip address 209.165.202.2 255.255.255.0
 ipv6 address fe80::3:3 link-local
 ipv6 address 2001:db8:202::2/64
 no shutdown
 exit
interface s0/1/1
 ip address 209.165.203.2 255.255.255.0
 ipv6 address fe80::3:4 link-local
 ipv6 address 2001:db8:203::2/64
 no shutdown
 exit
interface loopback 0
 ip address 192.168.0.1 255.255.255.0
 ipv6 address fe80::3:5 link-local
 ipv6 address 2001:db8:192::1/64
 no shutdown
 exit
interface loopback 1
 ip address 192.168.240.1 255.255.255.0
 ipv6 address fe80::3:6 link-local
 ipv6 address 2001:db8:240::1/64
 no shutdown
 exit
ip access-list standard MY-4-NETWORKS
 permit 192.168.0.0 0.0.0.255
 permit 192.168.240.0 0.0.3.255
 permit 0.0.0.0 0.0.0.0
 exit
route-map FILTER-MY-4-NETS deny 10
 match ip address MY-4-NETWORKS
 exit
route-map FILTER-MY-4-NETS permit 20
ipv6 access-list MY-6-NETWORKS
 permit any 2001:db8:240::/46
 permit any 2001:db8:192::/64
 permit any ::/0
 exit
route-map FILTER-MY-6-NETS deny 10
 match ipv6 address MY-6-NETWORKS
 exit
route-map FILTER-MY-6-NETS permit 20
ip route 10.0.0.1 255.255.255.255 s0/1/0 209.165.202.1
ip route 10.0.0.1 255.255.255.255 s0/1/1 209.165.203.1
ipv6 route 2001:db8:10::1/128 s0/1/0 2001:db8:202::1
ipv6 route 2001:db8:10::1/128 s0/1/1 2001:db8:203::1
ip route 192.168.240.0 255.255.248.0 null0
ipv6 route 2001:db8:240::/46 null0
router bgp 192
 neighbor 209.165.201.2 remote-as 172
 neighbor 10.0.0.1 remote-as 10
 neighbor 10.0.0.1 update-source loopback 0
 neighbor 2001:db8:201::2 remote-as 172
 neighbor 2001:db8:10::1 remote-as 10
 neighbor 2001:db8:10::1 update-source loopback 0
 address-family ipv4 unicast
  neighbor 209.165.201.2 activate
  neighbor 10.0.0.1 activate
  neighbor 209.165.201.2 route-map FILTER-MY-4-NETS in
  neighbor 10.0.0.1 route-map FILTER-MY-4-NETS in
  network 192.168.240.0 mask 255.255.248.0
  network 192.168.0.0
  exit
 address-family ipv6 unicast
  neighbor 2001:db8:201::2 activate
  neighbor 2001:db8:10::1 activate
  neighbor 2001:db8:201::2 route-map FILTER-MY-6-NETS in
  neighbor 2001:db8:10::1 route-map FILTER-MY-6-NETS in
  network 2001:db8:240::/46
  network 2001:db8:192::/64
  exit
 exit
router ospfv3 1
 router-id 0.0.192.3
 address-family ipv4 unicast
  passive-interface default
  no passive-interface g0/0/1
  default-information originate
  exit
 address-family ipv6 unicast
  passive-interface default
  no passive-interface g0/0/1
  default-information originate
  exit
 exit
interface g0/0/1
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
interface loopback 0
 ip ospf network point-to-point
 ipv6 ospf network point-to-point
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
interface loopback 1
 ip ospf network point-to-point
 ipv6 ospf network point-to-point
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
aaa new-model
radius server MY-RADIUS
 address ipv4 10.165.251.5 auth-port 1812 acct-port 1813
 key $trongPass
 exit
aaa authentication login VTY-CONTROL group radius local
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
transport input telnet
 exec-timeout 5 0
 login authentication VTY-CONTROL
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit

D1 Configuration File Scripts

tclsh
puts [ open "flash:/enarsi/sa-tshoot-d1-config.txt" w+ ] {
hostname D1
no ip domain lookup
ip routing
ipv6 unicast-routing
banner motd # This is D1, ENARSI SA Part 2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
vlan 250
 name Users
 exit
vlan 251
 name Servers
 exit
interface range g1/0/1-24
 switchport mode access
 shutdown
interface g1/0/11
 no switchport
 ip address 10.165.249.2 255.255.255.0
 ipv6 address fe80::d1:1 link-local
 ipv6 address 2001:db8:249::2/64
 no shutdown
 exit
interface g1/0/23
 switchport mode access
 spanning-tree portfast
 switchport access vlan 250
 no shutdown
 exit
interface vlan 250
 ip address 10.165.250.1 255.255.255.0
 ipv6 address fe80::d1:2 link-local
 ipv6 address 2001:db8:24A::1/64
 no shutdown
 exit
interface vlan 251
 ip address 10.165.251.1 255.255.255.0
 ipv6 address fe80::d1:3 link-local
 ipv6 address 2001:db8:24B::1/64
 no shutdown
 exit
interface range g1/0/5-6
 switchport mode trunk
 channel-group 1 mode active
 no shutdown
 exit
ip dhcp excluded-address 10.165.250.1 10.165.250.5
ip dhcp pool VLAN250DHCP
 network 10.165.250.0 255.255.255.0
 default-router 10.165.250.1
 exit
router eigrp ENARSI-SA
 address-family ipv4 unicast autonomous-system 1
  eigrp router-id 0.4.10.2
  network 10.165.249.0
  network 10.165.250.0
  network 10.165.251.0
  af-interface vlan 250
   passive-interface
   exit
  af-interface g1/0/11
   summary-address 10.165.250.0 255.255.255.0
  exit
  af-interface vlan 251
   passive-interface
   exit
  exit-address-family
 address-family ipv6 unicast autonomous-system 1
  eigrp router-id 0.6.10.2
  af-interface g1/0/11
   summary-address 2001:db8:240::/48
   exit
  af-interface vlan 250
   passive-interface
   exit
  af-interface vlan 251
   passive-interface
   exit
  exit-address-family
 exit
aaa new-model
radius server MY-RADIUS
 address ipv4 10.165.251.5 auth-port 1812 acct-port 1813
 key $trongPass
 exit
aaa authentication login VTY-CONTROL group radius local
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 transport input telnet
 exec-timeout 5 0
 login authentication VTY-CONTROL
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit

D2 Configuration File Scripts

tclsh
puts [ open "flash:/enarsi/sa-tshoot-d2-config.txt" w+ ] {
hostname D2
no ip domain lookup
ip routing
ipv6 unicast-routing
banner motd # This is D2, ENARSI SA Part 2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
vlan 242
 name Users
 exit
interface range g1/0/1-24
 switchport mode access
 shutdown
interface g1/0/11
 no switchport
 ip address 209.165.241.2 255.255.255.0
 ipv6 address fe80::d2:1 link-local
 ipv6 address 2001:db8:241::2/64
 no shutdown
 exit
interface g1/0/23
 switchport mode access
 spanning-tree portfast
 switchport access vlan 242
 no shutdown
 exit
interface g1/0/24
 switchport mode access
 spanning-tree portfast
 switchport access vlan 243
 no shutdown
 exit
interface vlan 242
 ip address 192.168.242.1 255.255.255.0
 ipv6 address fe80::d2:2 link-local
 ipv6 address 2001:db8:242::1/64
 no shutdown
 exit
interface vlan 243
 ip address 192.168.243.1 255.255.255.0
 ipv6 address fe80::d1:3 link-local
 ipv6 address 2001:db8:243::1/64
 no shutdown
 exit
ip dhcp excluded-address 192.168.242.1 192.168.242.5
ip dhcp pool VLAN242DHCP
 network 192.168.242.0 255.255.255.0
 default-router 192.168.242.1
 exit
ip dhcp excluded-address 192.168.243.1 192.168.243.5
ip dhcp pool VLAN243DHCP
 network 192.168.243.0 255.255.255.0
 default-router 192.168.243.1
 exit
router ospfv3 1
 router-id 0.0.192.2
 address-family ipv4 unicast
  passive-interface default
  no passive-interface g1/0/11
  exit
 address-family ipv6 unicast
  passive-interface default
  no passive-interface g1/0/11
  exit
 exit
interface g1/0/11
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
interface vlan 242
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
interface vlan 243
 ospfv3 1 ipv4 area 0
 ospfv3 1 ipv6 area 0
 exit
aaa new-model
radius server MY-RADIUS
 address ipv4 10.165.251.5 auth-port 1812 acct-port 1813
 key $trongPass
 exit
aaa authentication login VTY-CONTROL group radius local
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 transport input telnet
 exec-timeout 5 0
 login authentication VTY-CONTROL
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit

A1 Configuration File Scripts

tclsh
puts [ open "flash:/enarsi/sa-tshoot-a1-config.txt" w+ ] {
hostname A1
no ip domain lookup
banner motd # This is A1, ENARSI SA Part 2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
vlan 251
 name Servers
 exit
interface range f0/1-24
 switchport mode access
 shutdown
 exit
interface f0/23
 switchport mode access
 switchport access vlan 250
 spanning-tree portfast
 no shutdown
 exit
interface f0/24
 switchport mode access
 switchport access vlan 251
 spanning-tree portfast
 no shutdown
 exit
interface vlan 250
 ip address 10.165.250.2 255.255.255.0
 ipv6 address fe80::a1:1 link-local
 ipv6 address 2001:db8:24A::2/64
 no shutdown
 exit
ip default-gateway 10.165.250.1
interface f0/23
 shutdown
 exit
interface range f0/1-3
 switchport mode trunk
 channel-group 1 mode active
 no shutdown
 exit
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
aaa new-model
radius server MY-RADIUS
 address ipv4 10.165.251.5 auth-port 1812 acct-port 1813
 key $trongPass
 exit
aaa authentication login VTY-CONTROL group radius local
line con 0
 logging synchronous
 exec-timeout 0 0
 exit
line vty 0 4
 transport input telnet
 exec-timeout 5 0
 login authentication VTY-CONTROL
 exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit

 

 


Related Articles

guest
0 Comments
Inline Feedbacks
View all comments