Ts Lab03 Free

CCIER&S
Troubleshooting2.0
www.MicronicsTraining.com
NarbikKocharians
CCIE#12410
R&S,Security,SP
DanShechter
CCIE#13685
R&S,Security,SP
Troubleshooting
LAB3
Questions&Answers
CCIER&STroubleshooting2.0
Lab3
2009 NarbikKocharians.Allrightsreserved
Page1 of50
Lab3
Page2 of50
TheSerialconnectionbetweenR1andR3
TheSerialconnectionbetweenR4 andR5
Lab3
Page3 of50
FramerelaySwitchconnections
S0 /0
S0/0
R1
S0/0
S0/1
R2
S0/1
S0 /0
S0/2
R3
S0/0
R4
S 0/0
R5
S 0/ 0
R6
S0/3
S1/0
S1/1
S1/2
Lab3
Page4 of50
FramerelayDLCIconnections:
Router
R1
R2
R3
R4
R5
R6
LocalDLCI
102
112
103
104
105
106
201
211
203
204
205
206
301
302
304
305
306
401
402
403
405
406
501
502
503
504
506
601
602
603
604
605
Connectingto:
R2
R2
R3
R4
R5
R6
R1
R1
R3
R4
R5
R6
R1
R2
R4
R5
R6
R1
R2
R3
R5
R6
R1
R2
R3
R4
R6
R1
R2
R3
R4
R5
Lab3
Page5 of50
F0/1920
SW2
F0/2122
F0/2122
SW1
F0/2324
SW3
SW4
F0/1920
Lab3
Page6 of50
LabSetup:
DownloadtheinitialconfigurationfilefromtheInitialconfigfolder
NoStaticroutes,Nodefaultroutes,NOPolicyBasedRoutingisallowed,unless
otherwisespecified.
UsethefollowingIPaddressingchartfortheBBrouters:
Router
Interface/IPaddress
BB1
BB2
BB3
F0/09.9.16.21/24
F0/014.7.225.22/24
F0/09.9.31.23/24
Ticket1
SW4cantreachR1sLoopback0IPaddress.YoushouldfixthisproblemWITHOUT
changingtheconfigurationonSW4,R1 orR2.
Beforewestartthetroubleshootingprocess,theproblemshouldbeverified.Therefore,letstryto
PingR1sLo0fromSW4.
ToverifyR1sLo0sIPaddress:
OnR1
R1#ShowrunintLo0
Buildingconfiguration...
Currentconfiguration:83bytes
!
interfaceLoopback0
ipaddress14.7.99.1255.255.255.255
ipospf1area0
end
OnSW4
SW4#Ping14.7.99.1
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto14.7.99.1,timeoutis2
seconds:
Lab3
Page7 of50
.....
Successrateis0percent(0/5)
Asdescribedintheticket,SW4canNOTpingR1sLo0.
LetscheckSW4sroutingtabletoseeifithasaroutetothatdestination:
OnSW4
SW4#Showiproute
Defaultgatewayis14.7.124.254
HostGatewayLastUseTotalUsesInterface
ICMPredirectcacheisempty
SW4#
ItisobviousthatthisswitchisconfiguredasahostandNOTarouter,WELL.....thisshouldNOT
matter,butletsseeifthedefaultgatewayaddressisreachablefromthelocalswitch:
OnSW4
SW4#Ping14.7.124.254
Sending5,100byteICMPEchosto14.7.124.254,timeoutis2seconds:
.....
HmmLetschecktheARPtablefor14.7.124.254:
OnSW4
SW4#ShowARP
ProtocolAddressAge(min)HardwareAddrTypeInterface
Internet14.7.124.14
000c.302d.9980ARPAVlan124
Internet14.7.124.2540IncompleteARPA
ItisobviousthatthisswitchcanNOTresolvetheMACaddressforitsdefaultgateway.Tofixthis
problem,wemustfindoutwhichrouterhasthe14.7.124.254IPaddress.Lookingatthedisgram
wecanseethatthereareONLYtworoutersonVLAN124,R1andR2.LetscheckR1sF0/0
interface:
OnR1
R1#ShowrunintF0/0|Binterface
interfaceFastEthernet0/0
Lab3
Page8 of50
ipaddress14.7.124.1255.255.255.0
ipospf1area0
duplexauto
speedauto
standby1ip14.7.124.254
standby1priority109
standby1preempt
standby1macaddress0000.1111.2222
end
TheaboveshowcommandrevealsthatSW4sgatewayaddressisanHSRPvirtualIPaddress
withavirtualMACaddressof0000.1111.2222.
LetsverifySW4sreachabilitytoR1sF0/0IPaddress:
OnSW4
SW4#Ping14.7.124.1
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=1/200/1000ms
TheresultoftheabovepingcommandverifiesthatSW4hasreachabilitytoR1,therefore,HSRP
configurationshouldbeverifiednext:
OnR1
R1#Showstandbybrief
Pindicatesconfiguredtopreempt.
|
InterfaceGrpPriPStateActive
Standby
Fa0/01109PActivelocal
unknown
VirtualIP
14.7.124.254
GOODNEWS,theoutputoftheaboveshowcommandrevealsapotentialproblem,R1thinksof
itselfastheactiverouterbutitcanNOTseethestandbyrouter.LetscheckR2sconfiguration,
maybeR2HSRPisincorrectlyconfigured?
OnR2
ipaddress14.7.124.2255.255.255.0
ipospf1area0
duplexauto
speedauto
Lab3
Page9 of50
standby1ip14.7.124.254
standby1macaddress0000.1111.2222
end
R2sconfigurationlookscorrectitssimilartoR1sconfiguration.LetscheckthestatusofR2s
HSRP:
OnR2
R2#Showstandbybrief
|
InterfaceGrpPriPStateActive
Standby
Fa0/01100 Activelocal
unknown
VirtualIP
14.7.124.254
R2sHSRPstatusisidenticaltothestatusofR1sHSRP.R2thinksofitselfastheactiverouter
butdoesNOTseeastandbyrouter.Thequestionis,canR2andR1communicate?Basedonthe
diagramtheyshouldberunningOSPFandtheyshouldbeinthesameVLAN.AretheyOSPF
neighbors?Dotheyhavereachabilitytoeachother?
SincetheyareconnectedviaSW1,letschecktheVLANassignmentonSW1:
OnSW1
SW1#Showvlanbrie|Excunsup
VLANNameStatusPorts
1defaultactiveFa0/3,Fa0/7,Fa0/8,Fa0/9
Fa0/10,Fa0/14,Fa0/15,
Fa0/16
Fa0/17,Fa0/18,Fa0/19,
Fa0/20
Gi0/1,Gi0/2
25VLAN0025active
99VLAN0099active
124VLAN0124activeFa0/1,Fa0/2
231VLAN0231
activeFa0/13
YES,theyareconfiguredinthecorrectVLAN,LetsseeiftheycanPingeachothersIPaddress:
OnR1
R1#Ping14.7.124.2
Lab3
Page10of50
!!!!!
Thepingissuccessfulaswell,HavetheyestablishedanOSPF
neighboradjacency?
OnR1
R1#Showipospfneighbor
NeighborIDPriStateDeadTimeAddress
Interface
14.7.99.21FULL/DR00:00:3514.7.124.2FastEthernet0/0
Theoutputoftheabovecommandsverifiesthattheyareneighborsandobviouslytheyhave
reachabilitybecausePingwassuccessful.WhatifsomethingisblockingHSRP onVLAN124?
AndmaybethatiswhySW4couldNOTresolvetheHSRPsIPaddressandR1andR2canNOT
exchangeHSRPmessages?
Well.SincenoaccesslistwasseenontheF0/0interfaceofR1andR2,canitbetheswitchto
whichtheyareconnected?
LetscheckSW1sconfigurationfortheMACaddressconfiguredforHSRP:
OnSW1
SW1#Showrun|Inc0000.1111.2222
macaddresstablestatic0000.1111.2222vlan124drop
YES.WecanseethatSW1isconfiguredtodropallpacketswithaMACaddressof
0000.1111.2222assourceORdestination.
LetsremovethisboguscommandfromSW1andseetheresults:
OnSW1
SW1(config)#NOmacaddresstablestatic0000.1111.2222VLAN124DROP
Oncethisisremoved,youshouldseethefollowingmessagesonR2regardingHSRP:
%HSRP5STATECHANGE:FastEthernet0/0Grp1stateActive >Speak
%HSRP5STATECHANGE:FastEthernet0/0Grp1stateSpeak >Standby
Note,R2transitionedfromActivetostandbywhichmeansthattheycanNOWsendandreceive
HSRPhellos.
OnR1
R1#Showstandbybrief
Lab3
Page11of50
|
InterfaceGrpPriPStateActiveStandbyVirtualIP
Fa0/01109PActivelocal14.7.124.214.7.124.254
OnR2
R2#Showstandbybrief
|
InterfaceGrpPriPStateActiveStandbyVirtualIP
Fa0/01100Standby14.7.124.1local14.7.124.254
TheoutputsoftheaboveshowcommandsverifythatR1andR2areexchangingHSRPmessages.
LetsseeifSW4canpingR1sLo0interface:
OnSW4
SW4#Ping14.7.124.254
!!!!!
SW4#ShowARP
ProtocolAddressAge(min)HardwareAddrTypeInterface
Internet14.7.124.183000f.2413.cbc0ARPAVlan124
Internet14.7.124.14
000c.302d.9980ARPAVlan124
Internet14.7.124.254
00000.1111.2222ARPAVlan124
Success.
Importantissues:
InHSRP,thehellopacketsaresentwithdestinationMACaddressoftheHSRPgroupMAC
address,inthiscase0000.1111.2222,andbecauseSW1wasfilteringthatMACaddress,R1and
R2couldNOTexchangehellos.
AsfarasARP,rememberthattheARPrepliesaresentwiththesourceMACaddressofthe
HSRPgroup,andsinceSW1wasfilteringthatMACaddress,ARPrepliesNEVERpassedfrom
R1/R2throughSW1allthewaytoSW4.
TheMacaddresstablestaticdropglobalconfigurationcommandenablesMACaddress
filteringandinstructstheswitchtoDRPtrafficwiththeconfiguredMACaddressassourceOR
destination.
Lab3
Page12of50
Ticket2
TheserialconnectionbetweenR1andR3isabouttobeconvertedfromHDLCtoFrame
relay.Inordertoprepareforthemove,R1andR3wereconfiguredasiftheyare
connectedviaaframerelayswitch,butthelinkbetweenthesetworouterswontstayup.
Fixthisproblemsuchthatthelinkcomesupwithoutanyproblem.
Letsverifytheproblem:
OnR1
R1#ShowintS0/1|Inclineprotocol
Serial0/1isup,lineprotocolisdown
OnR3
R3#ShowintS0/1|Inclineprotocol
Serial0/1isup,lineprotocolisdown(looped)
NotetheoutputoftheaboveshowcommandsverifythatbothinterfacesarephysicallyUP,but
thelineprotocolisDOWN.
SincethelinkprotocolofFramerelayisLMI,letsenableLMIdebuggingonR1,maybethis
willgiveusaclue:
OnR1
R1#DebugFramerelaylmiinterfaceS0/1
FrameRelayLMIdebuggingison
DisplayinglmidatafrominterfaceSerial0/1only
RTIE1,length1,type0
KAIE3,length2,yourseq3,myseq0
Serial0/1(in):UnexpectedStEnq
Serial0/1(out):StEnq,myseq3,yourseen0,DTEdown
datagramstart=0xB7FFE74,datagramsize=13
FRencap=0xFCF10309
007501010003020300
NotetheoutputoftheabovedebugcommandverifiesthatR1receivedLMIstatusrequests
(StEnq),butsincethisrouterisNOTconfiguredasaframerelayswitch,itdidnotsenda
messagebacktoR3,anditdidnotknowwhattodowiththeStEnq.
SinceR1andR3areconnectedtoeachotherdirectlythroughaserialinterfaceandNOTa
Framerelayswitch,theyneverreceiveareplyfortheirLMIstatusqueries.
Lab3
Page13of50
Thisproblemcanberesolvedintwodifferentways:
1. ConfigureoneoftheroutersasaFramerelayswitch
2. DisableLMIs
ConfiguringoneoftheroutersasaFramerelayswitchshouldNOTbeasolution,becausethe
ticketstatesthatinthefuturetherouterswillbeconnectedvia aFramerelayswitch.Therefore,
disablingLMIistheONLYsolution.
OnR1
R1(config)#IntS0/1
R1(configif)#NoKeepalive
Noteimmediatelyafterenteringthecommand,youshouldreceivethefollowingmessage:
%LINEPROTO5UPDOWN:LineprotocolonInterfaceSerial0/1,changedstatetoup
OnR3
R3(config)#IntS0/1
R3(configif)#NOKeepalive
Onthisrouteryoushouldreceivethefollowingconsolemessages:
%LINEPROTO5UPDOWN:LineprotocolonInterfaceSerial0/1,changedstatetoup
%OSPF5ADJCHG:Process1,Nbr14.7.99.1onSerial0/1fromLOADINGtoFULL,Loading
Done
%BGP5ADJCHANGE:neighbor14.7.13.1Up
%OSPF5ADJCHG:Process1,Nbr14.7.99.1onOSPF_VL0fromLOADINGtoFULL,Loading
Done
WOWitlookslikemanyproblemswereresolvedwiththissolution.Toverifyandtestthe
configuration:
OnR3
R3#Ping14.7.13.1
!!!!!
Lab3
Page14of50
Ticket3
R3isconfiguredtodenyingresstelnetsession.Aroutemapisconfiguredtoimplement
thispolicy.WhentestingthispolicyyourealizedthatTelnetisstillworking.Fix this
problem.Youshouldconfigurearoutemaptoaccomplishthistask.
Toverifytheproblem:
OnR1
R1#Telnet14.7.13.3
Trying14.7.13.3...Open
NoteTelnettrafficisgettingin.
Passwordrequired,butnoneset
[Connectionto14.7.13.3closedbyforeignhost]
LetsverifytheconfiguredroutemaponR3:
OnR3
R3#Showroutemap
routemapTST,permit,sequence10
Matchclauses:
ipaddress(accesslists):103
Setclauses:
interfaceNull0
Policyroutingmatches:0packets,0bytes
Theoutputoftheaboveshowcommandrevealsthefollowing:
TheroutemapiscalledTST
Itsmatchingonpacketsusingaccesslist103
TheroutemapisconfiguredtodroppacketsbysendingthematchedpacketstoNull
interface.
BUTthereareNOpacketsmatchedagainsttheroutemap
Letsverifytheaccesslist(103):
OnR3
R3#Showaccesslist103
ExtendedIPaccesslist103
Lab3
Page15of50
10permittcpanyhost14.7.13.3eqtelnet(10matches)
20permittcpanyhost14.7.34.3eqtelnet
30permittcpanyhost14.7.99.3eqtelnet
Notetheoutputoftheaboveshowcommandrevealsthatpacketsarematchedagainstthe
TelnetcomingfromR3,whichmeansthefollowing:
Theaccesslist(103)isconfiguredcorrectly
TheroutemapTSTisconfiguredcorrectly
So.whyisitthatR3doesNOTsendTelnetpacketstoNULLinterface?
LetshavealookatRFC1812requirementsforIProuters:
WhenarouterreceivesanIPpacket,itmustdecidewhetherthepacketisaddressedtothe
router (andshouldbedeliveredlocally)orthepacketisaddressedtoanothersystem(and
shouldbehandledbytheforwarder).
Translation:
Whenarouterreceivesapacketitmustdeterminethedestinationofthepacket,ifthepacket
isdestinedtooneoftheroutersinterfacesIPaddress,then,itmustdeliveritlocally,orelse,
itshouldroutethepacket/s.whichmeansthatTelnetpackettoR3willNOTberoutes,hence,
willNOTapplythepolicybasedroutingusingtheroutemapcalledTST.
Sincethe taskrequiresconfiguringaroutemaptopreventTelnettraffic,theIPlocalPolicy
commandwhichappliestheroutemaptolocallygeneratedtrafficmustbeconfigured.
Toaccomplishthistaskusingaroutemap:
ConfigureanAccesslisttomatchTelnettraffic
Configurearoutemaptoreferencetheaccesslistfrompreviousstepandsendthe
packet/stoNULLinterface
Applytheroutemaponlocallyoriginatedtraffic
OnR3
R3(config)#Accesslist133permittcpanyeqTelnetany
R3(config)#RoutemapTSTpermit10
R3(configroutemap)#Matchipaddress133
R3(configroutemap)#SetinterfaceNULL0
R3(config)#IPlocalpolicyroutemapTST
Toverifytheconfiguration:
Lab3
Page16of50
OnR1
R1#Telnet14.7.13.3
Trying14.7.13.3...
%Connectiontimedoutremotehostnotresponding
Ticket4
BB2isconfiguredtofilterallincomingEigrproutes.R5cantgetEigrproutesfrom
BB2.FixthisproblemwhileensuringthattheroutesreceivedfromBB2arereachableby
R5.
NoteR5isgettingthefollowingmessageswhichtellsusthatitsneighboradjacencytoBB2isflapping:
%DUAL5NBRCHANGE:IPEIGRP(0)256:Neighbor14.7.225.22(FastEthernet0/0)isdown:retrylimitexceeded
%DUAL5NBRCHANGE:IPEIGRP(0)256:Neighbor14.7.225.22(FastEthernet0/0)isup:newadjacency
NotetheroutingtableofR5willrevealNOroute/sfromBB2when itscheckedwhiletheadjacencyis
UP:
OnR5
R5#Showiprouteeigrp
14.0.0.0/8isvariablysubnetted,10subnets,2masks
DEX14.7.13.0/24[170/2560002816]via14.7.25.2,01:00:29,FastEthernet0/1
D14.7.99.2/32[90/156160]via14.7.25.2,05:24:01,FastEthernet0/1
TheticketstatesthatBB2isfilteringallincomingEigrproutes.ButifBB2doesNOTknowaboutthe
14.7.0.0majornetwork,howcanitsroutesbereachable?BB2willNOTknowhowtoreturnthetraffic.
OnewaytoallowcommunicationwithBB2sroutesistouseNAT.ButR5isconfiguredwithNAT,
LetscheckandseeR5sNATconfiguration:
OnR5
R5#Showrun|Incinterface|nat
Lab3
Page17of50
interfaceLoopback0
ipnatinside
ipnatoutside
interfaceSerial0/0
interfaceSerial0/0.56pointtopoint
ipnatinside
ipnatinside
interfaceSerial0/1
ipnatinsidesourcelist122interfaceFastEthernet0/0overload
Basedontheaboveoutput,itisobviousthatNATisusedtohidethe14.7.0.0majornetworkbehind
R5sF0/0interface,whichallowsBB2toreturntrafficwithoutknowingabout the networksthatare
presentbehindR5.
TocrosseliminateNATasaproblem,letsenabledebuggingNATonR5:
OnR5
R5#Debugipnat
IPNATdebuggingison
NAT:translationfailed(F),droppingpackets=14.7.225.5d=224.0.0.10
NAT:translationfailed(E),droppingpackets=14.7.225.5d=14.7.225.22
WELL..basedontheaboveoutput,itlookslikeR5istryingtoperformNATonEigrppacketsand
becauseofitsfailure,thepacketsaredropped.
ThefollowingverifiestheaccesslistusedtodefinethepacketsthataretobeNATed:
OnR5
R5#Showipaccesslist122
ExtendedIPaccesslist122
10permitipanyany(14201matches)
TheoutputoftheaboveshowcommandrevealsthatR5isconfiguredtotranslateallpacketsincluding
Eigrp.Whereas,itshouldbeconfiguredtoNATeverythingexceptEigrp.
ThefollowingconfiguresR5toNATeverythingbutEigrppackets:
OnR5
Lab3
Page18of50
R5(config)#NOaccesslist122
R5(config)#Accesslist122denyeigrpanyany
R5(config)#Accesslist122permitipanyany
Insteadofwaitingfortheneighboradjacencytocomeup,letscleartheneighbortableofR5:
OnR5
R5#Clearipeigrpneighbor
Youshouldreceivethefollowingmessages:
%DUAL5NBRCHANGE:IPEIGRP(0)256:Neighbor14.7.225.22(FastEthernet0/0)is
down:manuallycleared
down:manuallycleared
up:newadjacency
%DUAL5NBRCHANGE:IPEIGRP(0)256:Neighbor14.7.25.2(FastEthernet0/1)isup:
newadjacency
OnR5
R5#Showiprouteeigrp
22.0.0.0/32issubnetted,1subnets
D22.22.22.22[90/156160]via14.7.225.22,00:02:07,FastEthernet0/0
Totestreachability:
OnR5
R5#Ping22.22.22.22sourceloopback0
Packetsentwithasourceaddressof14.7.99.5
Lab3
Page19of50
!!!!!
OnR5
R5#Showipnattranslations
ProInsideglobalInsidelocal
OutsidelocalOutsideglobal
icmp14.7.225.5:114.7.99.5:122.22.22.22:122.22.22.22:1
Ticket5
RoutersR2andR6areNOTgettingroutesfromBB2.Theseroutesareimportant.Fix
thisproblem.
LetsseethenetworksadvertisedbyBB2:
OnBB2
BB2#Showrun|Sroutereigrp
routereigrp256
network14.0.0.0
network22.0.0.0
distributelist22in
noautosummary
BB2#Showipintbrief
InterfaceIPAddressOK?MethodStatusProtocol
FastEthernet0/014.7.225.22YESmanualupup
FastEthernet0/1unassignedYESunsetadministrativelydowndown
Loopback022.22.22.22YESmanualupup
LetsverifyifR5receivesroutesfromBB2:
OnR5
R5#Showiprouteeigrp
Lab3
Page20of50
TheroutingtableofR5verifiesthatitreceives22.22.22.22/32 prefix fromBB2.LetscheckR6s

routingtable:
OnR6
R6#Showiproute22.22.22.22
%Networknotintable
DoesR6receiveanyprefix/sfromR5?
R6#Showiprouteeigrp
D14.7.25.0/24[90/2172416]via14.7.56.5,00:00:21,Serial0/0.56
D14.7.99.5/32[90/2297856]via14.7.56.5,00:00:21,Serial0/0.56
D14.7.225.0/24[90/2172416]via14.7.56.5,00:00:21,Serial0/0.56
R6hasallR5sconnectedroutes,butNOTprefix22.22.22.22/32. LetscheckR5sEigrp
configuration:
OnR5
R5#Showrun|Seigrp
routereigrp256
network14.0.0.0
noautosummary
eigrpstubconnected
accesslist122denyeigrpanyany
NotetheeigrpstubconnectedconfigurationcausesR5toadvertiseONLYitsconnectedroutesand
thisisthereasonthatR6canONLYseeR5sdirectlyconnectedprefixes.Sincetheticketdidnot
prohibitusfromremovinganycommands,theeasiestsolutionistoremovetheconfiguration.
OnR5
R5(config)#Routereigrp256
R5(configrouter)#NOeigrpstub
Lab3
Page21of50
Noteoncetheconfigurationisremovedthelocalrouterwillreestablishitsneighboradjacencywith
itsdirectlyconnectedneighbors.
OnR6
R6#Showiprouteeigrp
D22.22.22.22[90/2300416]via14.7.56.5,00:02:02,Serial0/0.56
DEX14.7.13.0/24[170/2560514816]via14.7.56.5,00:02:02,Serial0/0.56
D14.7.25.0/24[90/2172416]via14.7.56.5,00:02:04,Serial0/0.56
DEX14.7.34.0/24[170/2560514816]via14.7.56.5,00:02:02,Serial0/0.56
D14.7.99.2/32[90/2300416]via14.7.56.5,00:02:02,Serial0/0.56
DEX14.7.99.3/32[170/2560514816]via14.7.56.5,00:02:02,Serial0/0.56
DEX14.7.99.1/32[170/2560514816]via14.7.56.5,00:02:02,Serial0/0.56
D14.7.99.5/32[90/2297856]via14.7.56.5,00:02:04,Serial0/0.56
D14.7.124.0/24[90/2174976]via14.7.56.5,00:02:02,Serial0/0.56
D14.7.225.0/24[90/2172416]via14.7.56.5,00:02:04,Serial0/0.56
R6#Ping22.22.22.22
!!!!!
ToverifytheconfigurationonR2:
OnR2
R2#Showiprouteeigrp
R2#Ping22.22.22.22
Lab3
Page22of50
!!!!!
Ticket6
Whentestingthisnetwork,yourealizedthatR1canNOTreachR6sLo0interface.Fix
thisproblemusingminimumnumberofcommands.
OnR1
R1#Ping14.7.99.6
.....
LetscheckR1sroutingtable:
Routingentryfor14.7.99.6/32
Knownvia"ospf1",distance110,metric193,typeinterarea
Lastupdatefrom14.7.13.3onSerial0/1,00:06:13ago
RoutingDescriptorBlocks:
*14.7.13.3,from14.7.99.4,00:06:13ago,viaSerial0/1
Routemetricis193,trafficsharecountis1
Explainingthehighlightedareas:
Itsarouteto14.7.99.6/32
ItsknownviaOSPF,itsaninterarearoute,andtheABRisR4
TherouteispointingintherightdirectionthroughR3(14.7.13.3).
Toverifytheroute:
R1#Traceroute14.7.99.6
Tracingtherouteto14.7.99.6
114.7.13.30msec0msec4msec
2***
Lab3
Page23of50
3**
NotetheroutefromR1toR6sLo0isthroughR3,anditlooksliketheproblemisatR3.Letslookat
R3sroutingtable:
OnR3
Routingentryfor14.7.99.6/32
Knownvia"ospf1",distance110,metric257,typeinterarea
Lastupdatefrom14.7.13.1onSerial0/1,00:21:21ago
RoutingDescriptorBlocks:
*14.7.13.1,from14.7.99.4,00:21:21ago,viaSerial0/1
Routemetricis257,trafficsharecountis1
R3#Showiproute|Inc14.7.99.6
OIA14.7.99.6/32[110/257]via14.7.13.1,00:23:05,Serial0/1
TheoutputoftheaboveshowcommandsrevealthatR3knowabouttheABRbutthemostimportant
informationhereisthatR3ispointingbacktoR1toroutetoR6sLo0IPaddress.
LetshavealookatR3sOSPFinterfaces:
OnR3
R3#Showipospfinterfacebrief
InterfacePIDAreaIPAddress/MaskCostStateNbrsF/C
VL01014.7.13.3/2464
P2P1/1
Se0/0.341114.7.34.3/2464P2P1/1
Se0/11114.7.13.3/2464P2P1/1
Lo01314.7.99.3/321LOOP0/0
FromtheoutputoftheaboveshowcommandwecanseethatR3hasavirtuallinkconfiguredand
Lo0ofthisrouterisconfiguredinarea3,andthatiswhythisrouterhasavirtuallinkconfigured.
BUTwhyisR3pointingbacktoR1foraroutewhoseABRisR4?
Weallknowthatbydefaultallinterarearoutesmusttraversethroughthebackbonearea(Area0),
therefore,itslogicalwhyR3mustgothrougharea0,butinCiscoIOS12.3(7)Tandbettertransit
capabilityisenabledbydefault.LetscheckR3sOSPFconfiguration:
OnR3
R3#Showrun|Srouterospf
Lab3
Page24of50
routerospf1
logadjacencychanges
nocapabilitytransit
area1virtuallink14.7.99.1
WOW.Thetransitcapabilityisdisabled,soR3mustgothrougharea0toconnecttointerarea
routes.Letsenablethisfeatureandverifythepath:
OnR3
R3(config)#Routerospf1
R3(configrouter)#capabilitytransit
Weshouldimmediatelyseethefollowingmessage:
%BGP5ADJCHANGE:neighbor14.7.99.6Up
Letsverifytheconfiguration:
OnR3
R3#Showiproute|Inc14.7.99.6
OIA14.7.99.6/32[110/129]via14.7.34.4,00:03:55,Serial0/0.34
R3#Traceroute14.7.99.6
214.7.46.656msec*52msec
NoteR3istakingthecorrectroutetowardR6sLo0IPaddress.ThefollowingverifiesR1spathto
R6sLo0IPaddress.
OnR1
R1#traceroute14.7.99.6
Lab3
Page25of50
314.7.56.628msec*28msec
Totesttheconnection:
OnR1
R1#Ping14.7.99.6
!!!!!
Ticket7
R5isNOTgettinganyBGProutesinitsroutingtable.ConfigureR5tofixthisproblem,
ensurethatR6seesvalidBGProutesR5shouldalsohavetheseroutesinitsrouting
table.
OnR5
R5#Showiproutebgp
R5#
NoteR5doesNOThaveanyBGProutesinitsroutingtable.
R5#Showipbgp
BGPtableversionis1,localrouterIDis14.7.99.5
Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,iinternal,
rRIBfailure,SStale
Origincodes:iIGP,eEGP,?incomplete
NetworkNextHopMetricLocPrfWeightPath
*i9.9.1.1/329.9.16.21010009116i
NotetherouteisinBGPtablebutdidNOTgetinjectedintotheroutingtable,butwhy?Letscheck
thisrouteindetail:
Lab3
Page26of50
OnR5
R5#Showipbgp9.9.1.1
BGProutingtableentryfor9.9.1.1/32,version0
Paths:(1available,nobestpath)
Notadvertisedtoanypeer
9116
9.9.16.21(inaccessible)from14.7.56.6(14.7.99.6)
OriginIGP,metric0,localpref100,valid,internal
WecanclearlyseetheproblemthenexthopIPaddresswhichis9.9.16.21isinaccessible.Thismeans
thatitsNOTinR5sroutingtable.Letsverifythat:
OnR5
%Networknotintable
SincetheticketstatesthatR5shouldbeconfiguredtofixtheproblem,thefollowingconfiguresR5to
setthenexthopIPaddresstobe14.7.56.6:
OnR5
R5(config)#routemapTSTpermit10
R5(configroutemap)#setipnexthop14.7.56.6
R5(config)#Routerbgp56
R5(configrouter)#Neighbor14.7.56.6routemapTSTin
R5#cleipbgp*in
LetshavealookatR5sBGPentryfor9.9.1.1
OnR5
R5#Showipbgp9.9.1.1
Paths:(1available,best#1,tableDefaultIPRoutingTable)
Flag:0x820
Notadvertisedtoanypeer
9116
14.7.56.6from14.7.56.6(14.7.99.6)
OriginIGP,metric0,localpref100,valid,internal,best
Lab3
Page27of50
R5#Showipbgp
Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,iinternal,
rRIBfailure,SStale
*>i9.9.1.1/3214.7.56.6010009116i
NOW......LetschecktheroutingtableofR5:
R5#Shoiproutebgp
B9.9.1.1[200/0]via14.7.56.6,00:04:31
Ticket8
Youweregiventhefollowingproblemtofix:
R3isconfiguredtoreceivemulticastflowfor239.3.3.3groupdestination.Whentesting
thisconnection,theyrealizedthatR6canNOTping239.3.3.3.
Toverifytheproblem:
OnR6
R6#Ping239.3.3.3
.
LetscheckthemroutetableofR6:
OnR6
R6#Showipmroute
IPMulticastRoutingTable
Flags:DDense,SSparse,BBidirGroup,sSSMGroup,CConnected,
LLocal,PPruned,RRPbitset,FRegisterflag,
TSPTbitset,JJoinSPT,MMSDPcreatedentry,
XProxyJoinTimerRunning,ACandidateforMSDPAdvertisement,
UURD,IReceivedSourceSpecificHostReport,
Lab3
Page28of50
ZMulticastTunnel,zMDTdatagroupsender,
YJoinedMDTdatagroup,ySendingtoMDTdatagroup
Outgoinginterfaceflags:HHardwareswitched,AAssertwinner
Timers:Uptime/Expires
Interfacestate:Interface,NextHoporVCD,State/Mode
(*,224.0.1.40),10:40:36/stopped,RP0.0.0.0,flags:DCL
Incominginterface:Null,RPFnbr0.0.0.0
Outgoinginterfacelist:
Serial0/0.46,Forward/Sparse,01:18:36/00:02:24
NotethereareNOentriesfor239.3.3.3group,whichmeansthatR6doesnotsendMulticast
traffictowardR3.
LetsverifythemulticastconfigurationofR6:
OnR6
R6#Showrun|Incmulti|pim|interface
ipmulticastrouting
multilinkbundlenameauthenticated
interfaceLoopback0
interfaceTunnel46
interfaceSerial0/0
ippimsparsemode
framerelayinterfacedlci604
framerelayinterfacedlci605
neighbor14.7.99.3ebgpmultihop255
WecansethatMulticastroutingisenabledandtheinterfacetowardR3isconfiguredtooperate
inPIMsparsemode.Therefore,thereshouldbeanRP,letsverifyR6sRPmapping:
OnR6
R6#Showippimrpmapping
PIMGrouptoRPMappings
R6#
SincewedidnotseeastaticRPconfigurationinR6,therefore,Itssafetoassumethatthere
shouldbeaBSRoraMappingagent.
LetschecktheneighboradjacencytoensurethatR6hasaneighboradjacencywithR4:
Lab3
Page29of50
OnR6
R6#Showippimneighbor
PIMNeighborTable
Mode:BBidirCapable,DRDesignatedRouter,NDefaultDRPriority,
SStateRefreshCapable
NeighborInterfaceUptime/ExpiresVerDR
Address
Prio/Mode
14.7.46.4Serial0/0.4601:30:16/00:01:28v21/S
SinceR6hasestablishedaneighboradjacencywithR4,weshouldmoveclosertoR3andexamine
R4sRPmapping:
OnR4
ThissystemisacandidateRP(v2)
R4#
OnR4
R4#Showrun|Incippim
ippimsparsemode
ippimsparsemode
ippimbsrcandidateLoopback00
ippimrpcandidateLoopback0
TheoutputoftheaboveshowcommandsrevealthatR4doesNOTknowaboutRP,ButR4isthe
BSRcandidate.LetschecktheBSRstatusofR4:
OnR4
R4#Showippimbsrrouter
PIMv2Bootstrapinformation
ThissystemisacandidateBSR
CandidateBSRinterfaceLoopback0
PIMv2isnotconfiguredBSRmessagesnotoriginated
CandidateRP:14.7.99.4(Loopback0)
PIMv2isnotconfiguredonLoopback0notadvertised
NotetheoutputoftheabovecommandtellsusthatLo0interfacewasusedasthesourceofBSR
candidateandRPcandidateBUTPIMisNOTconfiguredonthelo0interfaceofthisrouter,this
canbeverifiedbythefollowingshowcommand:
Lab3
Page30of50
OnR4
R4#ShowrunintLo0|Binterface
interfaceLoopback0
ipaddress14.7.99.4255.255.255.255
ipospf1area1
end
Toconfiguretheloopback0interface:
OnR4
R4(config)#intlo0
R4(configif)#ippimsparsemode
Weshouldseethefollowingmessage:
DRchangefromneighbor0.0.0.0to14.7.99.4oninterfaceLoopback0
OnR4
ThissystemisacandidateRP(v2)
ThissystemistheBootstrapRouter(v2)
Group(s)224.0.0.0/4
RP14.7.99.4(?),v2
Infosource:14.7.99.4(?),viabootstrap,priority0,holdtime150
Uptime:00:01:21,expires:00:02:06
TheoutputoftheaboveshowcommandrevealsthatR4istheelectedBSRandtheRPforall
Multicastgroups.
LetshavealookatR6sRPmappings:
OnR6
Group(s)224.0.0.0/4
RP14.7.99.4(?),v2
Lab3
Page31of50
Infosource:14.7.99.4(?),viabootstrap,priority0,holdtime150
Uptime:00:03:42,expires:00:02:18
Totesttheconfiguration:
OnR6
R6#Ping239.3.3.3
Replytorequest0from14.7.34.3,208ms
OnR4
R4#Showipmroute
IPMulticastRoutingTable
Flags:DDense,SSparse,BBidirGroup,sSSMGroup,CConnected,
LLocal,PPruned,RRPbitset,FRegisterflag,
TSPTbitset,JJoinSPT,MMSDPcreatedentry,
XProxyJoinTimerRunning,ACandidateforMSDPAdvertisement,
UURD,IReceivedSourceSpecificHostReport,
ZMulticastTunnel,zMDTdatagroupsender,
YJoinedMDTdatagroup,ySendingtoMDTdatagroup
Outgoinginterfaceflags:HHardwareswitched,AAssertwinner
Timers:Uptime/Expires
Interfacestate:Interface,NextHoporVCD,State/Mode
(*,239.3.3.3),00:06:47/00:02:36,RP14.7.99.4,flags:S
(14.7.46.6,239.3.3.3),00:01:24/00:02:02,flags:T
Incominginterface:Serial0/0.46,RPFnbr14.7.46.6
(*,224.0.1.40),01:52:58/stopped,RP0.0.0.0,flags:DCL
Lab3
Page32of50
Ticket9
R4andR6areconnectedviatheframerelay cloud R6canNOTreachR4sLo44IPv6
address.Fixthisproblem.
Toverifytheproblem,letsfindoutR4sLo44sIPv6address:
OnR4
R4#Showrunintlo44|Binterface
interfaceLoopback44
noipaddress
ipv6address2002:E07:2204:44::44/64
end
OnR6
R6#pingipv62002:E07:2204:44::44
Sending5,100byteICMPEchosto2002:E07:2204:44::44,timeoutis2seconds:
.....
AswecanseetheIPv6addressofLo44interfaceisNOTreachable.LetsseeifR4receivesthe
ICMPpackets,maybeitcanreceivethembutitsNOTsendingbackareply.
OnR4
R4#Debugipv6icmp
OnR6
R6#pingipv62002:E07:2204:44::44
.....
NotethedebugresultedtoNOoutput,becausetheICMPv6packetsneverarrivedatR4.
LetsdisplayR6sIPv6routingtabletodeterminethenexthopIPv6address:
OnR6
Lab3
Page33of50
R6#Showipv6route
IPv6RoutingTable4entries
Codes:CConnected,LLocal,SStatic,RRIP,BBGP
UPeruserStaticroute,MMIPv6
I1ISISL1,I2ISISL2,IAISISinterarea,ISISISsummary
OOSPFintra,OIOSPFinter,OE1OSPFext1,OE2OSPFext2
ON1OSPFNSSAext1,ON2OSPFNSSAext2
DEIGRP,EXEIGRPexternal
S::/0[1/0]
via::,Tunnel46
C2002:E07:2E06:46::/64[0/0]
via::,Tunnel46
L2002:E07:2E06:46::6/128[0/0]
via::,Tunnel46
LFF00::/8[0/0]
via::,Null0
Notethereisastaticdefaultroutepointingtothetunnel46interface.
LetschecktheconfigurationofTunnel46interface:
OnR6
R6#Showruninttunnel46|Binterface
interfaceTunnel46
noipaddress
noipredirects
ipv6address2002:E07:2E06:46::6/64
tunnelsourceSerial0/0.46
tunnelmodeipv6ip6to4
end
Notethemostimportantinformationhereisthefactthatthetunnelmodeis6to4,thisshould
havebeenobviousbecausetheIPv6addressstartswith2002,since2002::isallocatedto6to4
IPv6addresses.
LetsdecodetheIPv6addressofR6stunnel46interfaceinthiscase2002:E07:2E06:46::6:
Word
Meaning
0x2002
0xE07
0x2E06
0x46
0x6
6to4Prefix
6to4tunnelendpointIPv6address.Thistranslatestodecimal 14.7
6to4TunnelendpointIPv6address.Thistranslatestodecimal 46.6
SubnetID
HostID
Note2002isconcatenatedtothetranslatedIPv4addressofR6sS0/0.46interface,theIPv4address
ofS0/0.46interfaceistranslatedintoa6to4IPv6address,becauseitisconfiguredasthetunnel
source.
Lab3
Page34of50
ToseetheIPv4addressofthisinterface:
OnR6
R6#ShowipintbrS0/0.46
InterfaceIPAddressOK?MethodStatus
Protocol
Serial0/0.46
14.7.46.6
YESNVRAMupup
LetsgothroughthesameprocessforR4,firstletsverifytheconfigurationofTunnel46interface
onR4:
OnR4
R4#Showruninttunnel46|Binterface
interfaceTunnel46
noipaddress
noipredirects
ipv6address2002:E07:2204:46::4/64
tunnelsourceSerial0/0.46
tunnelmodeipv6ip6to4
end
Word
Meaning
0x2002
0xE07
0x2204
0x44
0x44
6to4Prefix
6to4tunnelendpointIPv6address.Thistranslatestodecimal 14.7
6to4TunnelendpointIPv6address.Thistranslatestodecimal 34.4
SubnetID
HostID
NotetrafficfromR6to2002:E07:2204::/80shouldbeencapsulatedinIPandsentto14.7.34.4,BUT
thisisR4sS0/0.34sIPaddressandR4sTunnel46interfaceisconfiguredwithS0/0.46asthe
sourceofthetunnel.Letschangethesourcetomatchthe6to4addressandtest
OnR4
R4(config)#inttunnel46
R4(configif)#TunnelsourceS0/0.34
Totestandverifytheconfiguration:
OnR6
R6#pingipv62002:E07:2204:44::44
Lab3
Page35of50
!!!!!
Notethepingissuccessful.
OnR4
ICMPv6:Receivedechorequestfrom2002:E07:2E06:46::6
ICMPv6:Sendingechoreplyto2002:E07:2E06:46::6
Asexpected,R4seestheICMPv6packets.
Ticket10
SW1andSW2canNOTpingeachotheroverthe14.7.111.0/24segment.Fixthis
problem.
OnSW1
SW1#Ping14.7.111.12
.....
Letschecktheconfigurationoftheinterfacesontheseswitches:
OnSW1
SW1#Showrunintf0/4|Binterface
noswitchport
Lab3
Page36of50
ipaddress14.7.111.11255.255.255.0
end
OnSW2
SW2#Showrunintf0/6|Binterface
noswitchport
ipaddress14.7.111.12255.255.255.0
end
Welltheconfigurationoftheswitcheslooksfine.ButtheseinterfacesonSW1andSW2areconnected
toR4andR6respectively,andR4andR6areconnectedviaaframerelayconnection.Letscheck
theconfigurationofR4sF0/0andR6sF0/1interface:
OnR4
noipaddress
duplexauto
speedauto
xconnect14.7.99.646encapsulationmpls
end
OnR6
noipaddress
duplexauto
speedauto
end
ItisobviousthatAnyTransportOverMPLSofAToMisusedtoprovidereachability.Letscheck
LDPneighbor adjacencybetweentherouters:
OnR6
R6#Showmplsldpneighbor
PeerLDPIdent:14.7.99.4:0LocalLDPIdent14.7.99.6:0
TCPconnection:14.7.99.4.64614.7.99.6.29184
State:OperMsgssent/rcvd:150/148Downstream
Lab3
Page37of50
Uptime:01:54:39
LDPdiscoverysources:
Serial0/0.46,SrcIPaddr:14.7.46.4
TargetedHello14.7.99.6>14.7.99.4,active,passive
AddressesboundtopeerLDPIdent:
14.7.99.414.7.46.414.7.34.4
TheoutputoftheabovecommanddisplaysthatLDPneighborofthisrouter(R6),inthiscaseR4is
theONLYneighbortothelocalrouter.ThismeansthatbothR4andR6areconfiguredcorrectlyas
farasLDPandMPLS.
Toseetheinterfacesthatarerunning MPLS:
OnR6
R6#ShowMPLSinterfaces
InterfaceIPTunnelOperational
Serial0/0.46Yes(ldp)NoYes
R6#
SinceLDPandMPLSisconfiguredcorrectlyletslookatAToMsconfigurationclosely:
OnR4
R4#Showmplsldpneighbor
PeerLDPIdent:14.7.99.6:0LocalLDPIdent14.7.99.4:0
TCPconnection:14.7.99.6.2918414.7.99.4.646
State:OperMsgssent/rcvd:164/166Downstream
Uptime:02:08:29
LDPdiscoverysources:
Serial0/0.46,SrcIPaddr:14.7.46.6
TargetedHello14.7.99.4>14.7.99.6,active,passive
AddressesboundtopeerLDPIdent:
9.9.16.614.7.99.614.7.46.614.7.56.6
R4#
AToMusestargetedLDPsessionbetweentherouterstoformanAToMVC,forthistoworkthetwo
routershadtogothroughadiscoveryprocessusingUDP646andoncetheydiscoveredeachother,a
TCPsessionwillbeestablishedusingport646ontheserversideanda highportontheclientside,
thisisdisplayedintheoutputoftheaboveshowcommand.Inthelowerpartoftheoutputthedetails
ofthetargetedLDPsessionisdisplayed,inthiscasethetworoutersaredirectlyconnectedand
therefore,theoutputdisplaysthedirectionoftheHellosgoingfrom14.7.99.4 14.7.99.6.
Sincetheinformationshowsnoerrors,letscheckthestatusoftheVConR4andthenonR6:
OnR4
Lab3
Page38of50
R4#ShowMPLSL2transportvc
Localintf
Localcircuit
Destaddress
VCID
Status

Fa0/0
Ethernet
14.7.99.6
46
DOWN
OnR6
Localintf
Localcircuit
Destaddress
VCID
Status

Fa0/1
Ethernet
14.7.99.4
64
DOWN
ThevcisdownonbothroutersVCsarenegotiatedoverthetargetedLDPsession.Letscheckthe
Xconnectcommandonceagain:
OnR4
R4#Showrun|Incxconnect
OnR6
R6#Showrun|Incxconnect
NotetheVCIDsDONOTmatch
InAToMtheVCIDsMUSTmatchorelsetheVCcanNOTbenegotiatedproperly,letschangeR4s
VCIDtomatchR6s.
OnR4
R4(config)#intF0/0
R4(configif)#NOxconnect14.7.99.646encapsulationMPLS
R4(configif)#xconnect14.7.99.664encapsulationMPLS
OnR4
Lab3
Page39of50
LocalintfLocalcircuitDestaddressVCIDStatus

Fa0/0Ethernet14.7.99.664UP
OnR6
LocalintfLocalcircuitDestaddressVCIDStatus

Fa0/1Ethernet14.7.99.464UP
Totesttheconfiguration:
OnSW1
SW1#Ping14.7.111.12
!!!!!
Ticket11
Youwerecalledtofixaconfigurationproblemthatimplementsthefollowingpolicy:
SW1shouldbeconfiguredtoimmediatelytransmitOSPFpacketstoR1andR2sF0/0
interface,thispolicyshouldbeimplementednomatterwhatothertrafficisaccumulated
onR1andR2sinterfacesbuffer.SW1shouldalsobeconfiguredtolimitOSPF
bandwidthto33.3Mbits/sec.
LetscheckSW1sinterfaceconfigurationfacingR1andR2:
OnSW1
SW1#ShowrunintF0/1|Binterface
switchportaccessvlan124
srrqueuebandwidthshape0004
priorityqueueout
Lab3
Page40of50
mlsqostrustdscp
end
priorityqueueout
mlsqostrustdscp
end
Letsstartcheckingoneitematatime,thefirstthingtocheckisifMPLS
qosisenabledontheswitch:
OnSW1
SW1#Showmlsqos
QoSisenabled
QoSippacketdscprewriteisenabled
MlsQosisenabled.Thenextstepistoseeifpriorityqueueingisenabledandifthepriorityqueueis
shapedto1/3oftheinterfacesbandwidth:
OnSW1
priorityqueueout
mlsqostrustdscp
end
NoteeventhoughPriorityQueueingisenabled,therearetwoerrorshereandtheyareasfollows:
1. Queuenumber,Q4isNOTthepriorityqueueQ1isthepriorityqueue.
2. Theshapingvalueisincorrectitshouldhavebeenshapedto1/3rd andNOT1/4th.
Letscorrecttheerrorsandverifytheconfiguration:
OnSW1
SW1(config)#intrangef0/12
SW1(configifrange)#srrqueuebandwidthshape3000
Lab3
Page41of50
Beforetheconfigurationisverified,wemustmapOSPFtoQ1.BydefaultthePrecedencevalueofthe
routingprotocolsaresetto6,whichisthesameasDSCPCS6withadecimalvalueof48.
LetsviewthemappingofDSCPvaluestothequeues:
OnSW1
SW1#ShowMLSqosmapsdscpoutputq
Dscpoutputqthresholdmap:
d1:d201234567
8
9
0:0201020102010201020102010201020102010201
1:0201020102010201020102010301030103010301
2:0301030103010301030103010301030103010301
3:0301030104010401040104010401040104010401
4:
0101010101010101010101010101010104010401
5:0401040104010401040104010401040104010401
6:0401040104010401
NoteDSCPvalueof 48 mapstoQueue4Threshold1,thisshouldbechangedtoQ1T1,asfollows:
OnSW1
SW1(config)#mlsqossrrqueueoutputdscpmapqueue148
SW1#ShowMLSqosmapsdscpoutputq
Dscpoutputqthresholdmap:
d1:d201234567
8
9
0:0201020102010201020102010201020102010201
1:0201020102010201020102010301030103010301
2:0301030103010301030103010301030103010301
3:0301030104010401040104010401040104010401
4:
0101010101010101010101010101010101010401
5:0401040104010401040104010401040104010401
6:0401040104010401
ThislooksMUCHbetter.Thelastthingtodoistocheckthetruststateoftheinterfacesrunning
OSPF.ThisMUSTbedonebecauseiftheswitchisNOTconfiguredtotrusttheDSCPvalues,then
theyaredropped.
OnSW1
SW1#ShowrunintF0/2|Incmls
mlsqostrustdscp
Lab3
Page42of50
SW1#ShowrunintF0/1|Incmls
mlsqostrustdscp
Success
Ticket12
R2isconfiguredtobeaccessedviaSSH,butthenetworkadministratorcanONLY
accessR2viaTelnet.Fixthisproblem.TheusernameandthepasswordisCCIE.
LetsverifytheconfigurationbyusingSSHtoR2fromR1:
OnR1
R1#sshlCCIE14.7.99.2
%Connectionrefusedbyremotehost
LetschecktoseeifSSHisenabledonR2:
OnR2
R2#Showipssh
SSHDisabledversion1.99
%PleasecreateRSAkeys(ofatleast768bitssize)toenableSSHv2.
Authenticationtimeout:120secsAuthenticationretries:3
Notetheoutputoftheabovecommandactuallytellsuswhatneedstobeconfigured.Letscreate
thekeys:
R2(config)#IPdomainnameCCIE
R2(config)#Cryptokeygeneratersageneralkeysmodulus1024
Youshouldseethefollowingmessages:
Thenameforthekeyswillbe:R2.CCIE
%Thekeymodulussizeis1024bits
%Generating1024bitRSAkeys,keyswillbenonexportable...[OK]
%SSH5ENABLED:SSH1.99hasbeenenabled
Lab3
Page43of50
SinceSSHisenabled,letsSSHfromR1toR2again:
OnR1
Password:
Password:
Password:
%Authenticationfailed.
Eventhoughthecorrectpasswordwasentered,connectionwasrefusedduetofailed
authentication,maybeSSHisfiltered?LetschecktheVTYlinesonR2:
OnR2
R2#Showrun|Svty
linevty04
login
transportinputtelnet
NoteSSHisNOTenabledasavalidmethodforaccessingtheVTYlines.Letsfixthis:
OnR2
R2(config)#lineVTY04
R2(configline)#Transportinputssh
OnR1
Password:
Password:
Password:
%Authenticationfailed.
Lab3
Page44of50
Onceagainthesameresult.LetschecktoseeifR2isconfiguredwithausernameandpassword
fortheuserCCIE:
OnR2
R2#Showrun|Incaaa|login|username|line|pass
noservicepasswordencryption
noaaanewmodel
linecon0
lineaux0
linevty04
login
TheaboveoutputrevealsthataaaisNOTenabled,usernameandpasspairisNOTconfigured,
andthelinevty04isNOTconfiguredwithloginlocal,letsstartconfiguring:
OnR2
R2(config)#usernameCCIEpasswordCCIE
R2(config)#linevty02
R2(configline)#loginlocal
OnR1
Password: EnterthepasswordCCIE
R2>
Perfect,itisworking.
Ticket13
R2isconfiguredtodetectunreachableTelnetclientsandoncedetecteditshould
disconnectthem.ButyourclientisstatingthatitisNOTworking,fixthisproblem.
Remember,TelnetdoesNOThaveabuiltinkeepaliveoperationandittotallyrelies
onTCPkeepalives:
Lab3
Page45of50
OnR2
R2#Showrun|Inctcp
servicetcpkeepalivesout
R2#
NoteR2willONLYactivateTCPkeepalivesforoutgoingTCPsessionsandNOT
forincoming.Letsconfiguresoitwillalsodoitforincomingsessions:
OnR2
R2(config)#servicetcpkeepalivesin
Ticket14
TheBGPnetworkwasconfiguredtouseMEDsuchthatR3prefersR6asagatewayto
reachtheprefixesinAS9116.ButforwhateverreasonR3isusingR1asthepreferred
gateway.YoushouldfixthisproblemsuchthatR3prefersR6asitsprimarygateway,
youshoulduseMEDtoaccomplishthistask.
OnR3
R3#Showipbgp
Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,i
internal,
rRIBfailure,SStale
*9.9.1.1/3214.7.99.6100569116i
*>14.7.13.1
019116i
NoteR3isgoingthrough14.7.13.1(R1)andNOTR6.Letslookatthisentrycloser:
OnR3
R3#Showipbgp9.9.1.1
Lab3
Page46of50
Advertisedtoupdategroups:
1
569116
14.7.99.6(metric129)from14.7.99.6(14.7.99.6)
OriginIGP,metric10,localpref100,valid,external
19116
14.7.13.1from14.7.13.1(14.7.99.1)
OriginIGP,localpref100,valid,external,best
NotetheoutputoftheaboveshowcommandrevealsthatthelocalroutertakesR1(14.7.13.1)
becauseithasalowermetricvalue(Novaluemeanszero)assign.Whenaroutercomparesthe
MEDattributecomingfromtworouters,itwillalwaystakethelower value,becausethelower
valuehasmorepreference.ButitsVERYimportanttoknowthepathselectionprocessandorder,
thefollowsidentifiesthesteps:
1. Preferthepathwiththehighest WEIGHT.
Note: WEIGHTisaCiscospecificparameter.Itislocaltotherouteronwhichitis
configured.
Bothpathhavethesameweight.
2. PreferthepathwiththehighestLOCAL_PREF.
Note: ApathwithoutLOCAL_PREFisconsideredtohavehadthevaluesetwiththebgp
defaultlocalpreferencecommand,ortohaveavalueof100bydefault.
Bothpathshavethesamelocalpreference.
3. PreferthepaththatwaslocallyoriginatedviaanetworkoraggregateBGPsubcommandor
throughredistributionfromanIGP.
Localpathsthataresourcedbythe Network or Redistributecommandsarepreferredover
localaggregatesthataresourcedbytheaggregateaddresscommand.
Noneofthepathsarelocallyoriginated.
4. Preferthepathwiththeshortest AS_PATH.
Note: Beawareoftheseitems:
ThisstepisskippedifyouhaveconfiguredthebgpBestpathaspathignore
command.
AnAS_SETcountsas1,nomatterhowmanyASesareintheset.
The AS_CONFED_SEQUENCEand AS_CONFED_SET arenotincludedinthe
AS_PATHlength.
Bothpathshavethesame aspath length.

5. Prefer thepathwiththelowestOrigintype.
Note:IGPislowerthanExteriorGatewayProtocol(EGP),andEGPislowerthan
Lab3
Page47of50
INCOMPLETE.
Bothpathshavethesameorigin.
6. PreferthepathwiththelowestMultiExitDiscriminator(MED).
Note: Beawareoftheseitems:
Thiscomparisononlyoccursifthefirst(theneighboring)ASisthesameinthetwo
paths.AnyconfederationsubASsareignored.
Inotherwords,MEDsarecomparedonlyifthefirstASintheAS_SEQUENCEisthe
sameformultiplepaths.AnyprecedingAS_CONFED_SEQUENCEisignored.
If bgpalwayscomparemedisenabled,MEDsarecomparedforallpaths.
YoumustdisablethisoptionovertheentireAS.Otherwise,routingloopscanoccur.
If bgpBestpath medconfedisenabled,MEDsarecomparedforallpathsthatconsist
onlyofAS_CONFED_SEQUENCE.
Thesepathsoriginatedwithinthelocalconfederation.
THEMEDofpathsthatarereceivedfromaneighborwithaMEDof4,294,967,295is
changedbeforeinsertionintotheBGPtable.TheMEDchangestoto4,294,967,294.
PathsreceivedwithnoMEDareassignedaMEDof0,unlessyouhaveenabledbgp
Bestpath medmissingasworst.
Ifyouhaveenabledbgp Bestpath medmissingasworst,thepathsareassigneda
MEDof4,294,967,294.
Thebgpdeterministicmedcommandcanalsoinfluencethisstep.
RefertoHowBGPRoutersUsetheMultiExitDiscriminatorforBestPathSelection
forademonstration.
BothpathshavedifferentMEDvalues.LetsstophereandcheckMEDconfigurations.
Therefore,inordertoinfluenceR3spreferencesuchthatittakesR6,wewillconfigurethe
following:
OnR3
R3(config)#routerbgp3
R3(configrouter)#bgpBestpathmedmissingasworst
ToaffectBGPwiththispolicy:
R3#Clearipbgp*IN
OnR3
R3#Showipbgp9.9.1.1
Advertisedtoupdategroups:
Lab3
Page48of50
1
569116
14.7.99.6(metric129)from14.7.99.6(14.7.99.6)
OriginIGP,metric10,localpref100,valid,external
19116
14.7.13.1from14.7.13.1(14.7.99.1)
OriginIGP,metric4294967295,localpref100,valid,external,best
Ticket15
Yourclientiscomplainingthat timezonecanNOTbeconfiguredonR2.Fixthis
problem.
LetsverifytheconfigurationbyconfiguringAntarctica(UTC+12)onR2:
OnR2
R2(config)#ClocktimezoneUTC+12
exittimezoneUTC+12
^
%Invalidinputdetectedat'^'marker.
WOWWhatcouldbewronghere?Thecommandsareenteredcorrectly,butwhatisEXIT?Letstryone
keywordatatime:
OnR2
R2(config)#Clock?
<cr>
R2(config)#exit
OK.....Itlookslikeanaliaswasconfigured,letscheckforaliasesonR2:
OnR2
R2#Showrun|Incalias
aliasconfigureclockexit
HAHAHAHAgoodone,Letsremovethebogusalias:
OnR2
R2(config)#NOaliasconfigureclockexit
Lab3
Page49of50
To verifytheconfiguration:
OnR2
R2(config)#ClocktimezoneUTC+12
Weshouldseethefollowingconsolemessages:
%SYS6CLOCKUPDATE:Systemclockhasbeenupdatedfrom01:59:43UTCSatMar22002to01:59:43
UTCSatMar22002,configuredfromconsolebyconsole.
Congratulations,youjustcompletedoneofthelabnumber3.
Lab3
Page50of50

Ts Lab03 Free

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Ts Lab03 Free

Hochgeladen von

Copyright:

Verfügbare Formate

CCIER&S

TheroutingtableofR5verifiesthatitreceives22.22.22.22/32 prefix fromBB2.LetscheckR6s

Bothpathshavethesame aspath length.

Das könnte Ihnen auch gefallen