Beruflich Dokumente
Kultur Dokumente
Troubleshooting
Case Study:
Bank of POLONA
TSHOOT v7 Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 1
Chapter 9 Objectives
Bank of POLONA Trouble Ticket 1
• Troubleshooting Redistribution
• Troubleshooting VRRP with Interface Tracking
• FHRP Tracking Options
• Troubleshooting IP SLA
Bank of POLONA Trouble Ticket 2
• Troubleshooting EIGRP Summarization
• Troubleshooting RIPng
• Troubleshooting Access Control Lists
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 2
Chapter 9 Objectives
Bank of POLONA Trouble Ticket 3
• Troubleshooting GRE Tunnels
• OSPF Summarization Tips and Commands
• Troubleshooting AAA
Bank of POLONA Trouble Ticket 4
• Troubleshooting OSPF for IPv6
• Troubleshooting the Dysfunctional Totally Stubby Branch Areas
• OSPF Stub Areas
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 3
Troubleshooting
Case Study:
Bank of POLONA
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 4
Troubleshooting Case Study: Bank of POLONA
Scenario
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 5
Bank of POLONA
Trouble Ticket 1
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 6
Troubleshooting Redistribution
Note: prefixes are redistributed from one process into another only
as long as they are present in the IP routing/forwarding table.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 7
Troubleshooting Redistribution
Protocol-specific facts relate to redistribution:
EIGRP
• EIGRP does not automatically have a default metric for any redistributed routes.
• If the default metric or a manual metric is not specified, EIGRP assumes a metric of 0 and
does not advertise the redistributed routes.
• EIGRP will not autosummarize external routes unless a connected or internal EIGRP
route exists in the routing table from the same major network of the external routes.
• If an EIGRP stub router needs to redistribute routes, it has to be explicitly configured to
do so using the eigrp stub redistributed command.
OSPF
• Use the parameter subnets to distinguish classful and classless behavior.
• When any protocol is redistributed into OSPF, if the networks that are being redistributed
are subnets, you must define the subnets keyword under the OSPF configuration.
• If the subnets keyword is not added, OSPF will ignore all the subnetted routes when
generating the external linkstate advertisement (LSA).
• The situation could also arise when connected or static routes are being redistributed into
OSPF.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 8
Troubleshooting Redistribution
Protocol-specific facts relate to redistribution:
BGP
• When redistributing Interior Gateway Protocol (IGP), static, and connected routes into
Border Gateway Protocol (BGP), it is important to carefully filter the redistributed routes
so that invalid/private networks do not sneak into the BGP table and be announced to
external BGP neighbors.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 9
Troubleshooting VRRP with Interface Tracking
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 10
Troubleshooting VRRP with Interface Tracking
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 11
Troubleshooting VRRP with Interface Tracking
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 12
FHRP Tracking Options
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 13
FHRP Tracking Options
You can track either the interface line protocol state or the
interface IP routing state.
When you track the IP routing state, three conditions are
required for the object to be up:
1. IP routing must be enabled and active on the interface.
2. The interface line-protocol state must be up.
3. The interface IP address must be known.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 14
FHRP Tracking Verification
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 15
Troubleshooting IP SLA
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 16
IP SLA Verification Commands
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 17
IP SLA Troubleshoot Example
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 18
IP SLA Troubleshoot Example
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 19
IP SLA Troubleshoot Example
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 20
Bank of
POLONA Trouble
Ticket 2
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 21
Troubleshooting EIGRP Summarization
EIGRP’s summarization feature is available in the form of automated
summarization (limited to classful summaries) at network boundaries;
EIGRP summarization can also be performed manually in classless or
classful format.
Conventional (autonomous system number) EIGRP configuration
method:
• Classful auto-summary is enabled by default, to disable use the no auto-
summary
• A manual summary is advertised only if at least one of its proper subnets is
present in the IP routing table.
• The metric of the summary is taken from the subnet with the smallest metric value.
• The EIGRP summary-address is applied within interface configuration mode
When configuring EIGRP named configuration:
• the summary address is applied to the af-interface interface section within an
address family inside the EIGRP process.
To check whether auto-summarization is active and which networks are
included in the EIGRP process, use the show ip protocols | section
eigrp command.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 22
Troubleshooting EIGRP Summarization Example
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 23
Troubleshooting RIPng
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 24
Troubleshooting RIPng
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 25
Troubleshooting RIPng
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 26
RIPng Verification Commands
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 27
Troubleshooting Access Control Lists
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 28
Troubleshooting Access Control Lists
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 29
Access Control Lists Verification
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 30
Access Control Lists Verification
To determine where the ACLs are applied and in which direction they are
applied, usethe following commands:
show running-config | include line|access-class: Displays access
lines (vty, console) and the access-lists configured to control traffic to the
line.
show running-config | include interface|access-group: Displays all
the lines form the show running-config command’s output, if they
include the word interface or the word access-group .
show ip interface interface-type interface-number : Displays interface
and IPv4 access lists applied to it. (A maximum of one ACL can be applied
in each direction.)
show running-config | include interface|traffic-filter
show ipv6 interface interface-type interface-number : Displays interface
and IPv6 access-list(s) applied to it. (A maximum of one ACL can be
applied in each direction.)
show running-config | include [ ACL-number | ACL-name |]: Displays
other applications of the access list, such as in NAT configuration lines.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 31
Bank of POLONA
Trouble Ticket 3
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 32
Troubleshooting GRE Tunnels
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 34
GRE Tunnels Verification
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 35
OSPF Summarization Tips and Commands
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 36
OSPF Summarization Tips and Commands
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 37
Troubleshooting AAA
Next, you can configure your preferred AAA methods using the
aaa authentication , aaa authorization , and aaa accounting
commands with appropriate parameters.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 38
Troubleshooting AAA
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 39
Bank of POLONA
Trouble Ticket 4
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 40
Troubleshooting OSPF for IPv6
OSPFv3 operates in a similar way as OSPFv2. There are a few differences,
though, as follows:
Protocol processing per link, not per subnet
• Multiple IP subnets can be configured on a single link between two routers. OSPFv3
neighbors can establish adjacency even if they do not share a common IPv6 subnet.
OSPFv3’s router ID is a number with a dotted-decimal format
• An IPv6 address cannot be used as a router ID. If IPv6 is the only protocol enabled on a
router, the router ID must be manually specified; otherwise, the OSPFv3 process will
not start.
Support for multiple instances per link
• Multiple instances of OSPFv3 can be used on a single link. Instances are distinguished
based on the instance ID (recorded in OSPFv3 packet header).
Use of link-local address
• An OSPFv3 router uses its link-local address as the source of its Hello packets. The
next-hop addresses for the OSPFv3 routes in the IPv6 routing table are also link-local.
Different multicast addresses
• The multicast address FF00::5 is used to address all OSPFv3 routers, and the multicast
address FF00::6 is used to address all OSPFv3 designated routers.
IPsec is used for authentication
• There is no OSPF-specific authentication; IPsec is used to authenticate OSPF packets.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 41
OSPF for IPv6 Configuration anf Verification
To create an OSPFv3 process, use the global configuration mode
command ipv6 router
ospf process-id .
• If you do not specify the router ID manually, the highest IP address (loopback is
preferred) of the router is used as the router ID, and if the router has no IPv4
address, the OSPFv3 process will not start. You can manually configure the router
ID by using the command router-id router-id from within router configuration
mode.
To activate OSPFv3 on a specific interface, use the command ipv6
ospf process-id area area from within interface configuration mode.
Use the show ipv6 ospf process-id command to display the global
OSPFv3 settings such as router ID, timers, areas configured on the
router, and so on.
To display the OSPFv3 neighbors of a router, use the command show
ipv6 ospf neighbor.
• The output is similar to the neighbor table displayed for OSPFv2; it displays
neighbor ID, priority, state, dead time, interface ID, and the interface that is used to
establish adjacency.
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 42
OSPF for IPv6 Configuration anf Verification
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 43
OSPF Stub Areas
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 44
OSPF Stub Areas (Cont.)
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 45
Chapter 9 Summary
Troubleshooting Redistribution
Troubleshooting VRRP with Interface Tracking
FHRP Tracking Options
Troubleshooting IP SLA
Troubleshooting EIGRP Summarization
Troubleshooting RIPng
Troubleshooting Access Control Lists
Troubleshooting GRE Tunnels
OSPF Summarization Tips and Commands
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 46
Chapter 9 Summary
Troubleshooting AAA
Troubleshooting OSPF for IPv6
Troubleshooting the Dysfunctional Totally Stubby Branch
Areas
OSPF Stub Areas
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 47
Chapter 9 Labs
Lab 9-1 Network-Mirror
Lab 9-2 In Synch
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 48
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 49
Acknowledgment
• Some of the texts and images are from Troubleshooting and Maintaining Cisco
IP Networks (TSHOOT) Foundation Learning Guide by Amir Ranjbar
(158720455X)
• Copyright © 2015 – 2016 Cisco Systems, Inc.
• Special Thanks to Bruno Silva
Chapter 9
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 50