om

Free Lab Friday

l.c
Troubleshooting
IPv4 Networks
ba
o
db
vi
da
David Bombal CCNA Labs Lab 11.2

Free Lab Friday – Part 10 Troubleshooting IPv4 Networks

Packet Tracer Files: Assessment Lab

Free Lab Friday – Troubleshooting IPv4 Networks.pka

Access Credentials:
User login: ccna
User Password: cisco
Privilege Exec: secret123

A support ticket has been raised by Wayne Enterprises this morning. The ticket indicates that
there has been a major outage and all devices on the enterprise LAN have lost communication
with their Internet resources. The onsite level 1 support team have attempted a replace of the
configuration files on the network devices, but this has not resulted in the restoration of
network services. The level 1 engineer has escalated the scenario to your company and you
are the assigned engineer on duty.

The ticket has informed you that the network switches cannot contact cisco.com to download
and upgrade their IOS files as part of an outstanding upgrade procedure. SW1 and SW2
should be able to contact cisco.com in order to rectify the problem. You will troubleshoot and
fix the issue to ensure that SW1 and SW2 can ping cisco.com using both names and IP
addressing for connectivity. The original interesting traffic statement to identify any network
starting with 10.1.x.x used ACL number 1.

As part of your troubleshooting you may have to gather information from multiple sources and
analyse the information prior to proceeding with any possible plan to solve the problem. Once
you have had time to digest all of the problems outlined in the ticket and gather the required
information, you should implement the plan to rectify the problem. Once you have observed
the network functioning normally again, document the solution and inform the customer.

The ticket also raises issues for users in VLAN 10 and VLAN 20 being unable reach the
Internet servers via HTTP and HTTPS. All users should be allowed to request DNS lookups
from the ISP DNS Server Only. PC users should only be allowed HTTPS access to
Google.com and Cisco.com, Facebook.com and Twitter.com should be denied. PC users
should only be allowed SSH access for remote connections to any outside services. All users
should be allowed access to their hosted GMAIL accounts.

Discover and edit the existing ACL to meet the following requirements. All ACL statements
should be standardised with the default sequence increment value according to the below
customer requirements in the following order.

1. Permit all users’ access to ONLY your ISP DNS server. Other public DNS
servers should be denied.
2. Permit all PC users to access Cisco and Google secure Website’s ONLY.
Facebook and Twitter access is NOT allowed
Rev 1.0.1 L1-1
David Bombal CCNA Labs Lab 11.2

3. Permit all PC users to Ping any devices for connectivity testing purposes.
4. Permit all PC users SSH access to external resources
5. Permit all users on the internal network to access the Gmail server for their
business mail accounts. Ensure both the send and receive protocols re
configured in the ACL.
6. All other traffic should be denied and logged to adhere to the company
acceptable use policy.
When testing the ACL, ensure that PC1 and PC2 can only access the secure sites but
can ping all sites for connectivity testing.

Further troubleshooting will be required to also ensure that all devices can use the
‘trace/tracert’ tool to assist the onsite level-1 support team with any troubleshooting tasks.
Ensure the ACL also allows this to occur. Remember the last entry in the ACL should be to
deny any other traffic and increments should be in the default value for sequencing.

In the final element of the ticket, you may have to troubleshoot PC1 connectivity issues, which
is connected to VLAN 10. You may have already included this step in your troubleshooting
approach in earlier steps. If not, you will need to set name resolution mapping on their PCs to
be able to connect to the server without specifying any IP addressing.

You will be able to Check Results for your score. The Packet Tracer assessment file will
grade you and point you to check certain conditions have been met to score this lab on.
As this is an assessment lab, a copy of the completed .pkt file has been provided for
configuration comparison.
Good luck!

For more Labs go to http://davidbombal.com

Rev 1.0.1 L1-2