Troubleshooting 6

Here we go with another simple but interesting troubleshooting scenario

Ensure that R1 can ping R2 and ensure any optimizations are retained.  Interfaces are in an up/up state and there are no ACL or security features restricting access. Some configuration and debug outputs are included below. Please provide a working configuration.


R1
__

R1(config)#do ping 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


interface Serial1/0
 ip address 10.0.0.1 255.255.255.0
 load-interval 30
 serial restart-delay 0
end

R2

__

R2#

*Mar  1 01:31:40.499: Serial1/0: COMPRESS: (expansion) status: 6, size in: 20, size out: 15

*Mar  1 01:31:50.499: Serial1/0: COMPRESS: (expansion) status: 6, size in: 20, size out: 15

*Mar  1 01:32:00.499: Serial1/0: COMPRESS: (expansion) status: 6, size in: 20, size out: 15

*Mar  1 01:32:10.499: Serial1/0: COMPRESS: (expansion) status: 6, size in: 20, size out: 15

Troubleshooting 5

NTP needs to be authenticated between R5 and R6. All clocks need to be synchronized. Good Luck and by the way time is ticking.

R5
__
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 192.168.56.5 255.255.255.0
 serial restart-delay 0
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 network 192.168.56.5 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
mgcp behavior g729-variants static-pt
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp authentication-key 1 md5 060506324F41 7
ntp authenticate
ntp master 3
!
end





R6
__
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
class-map match-all CMAP
 match access-group name NTPAllowed
!
!
policy-map PMAP
 class CMAP
   drop
!
interface Serial1/0
 ip address 192.168.56.6 255.255.255.0
 serial restart-delay 0
 no fair-queue
!
interface Serial1/2
 ip address 192.168.67.6 255.255.255.0
 serial restart-delay 0
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 network 192.168.56.6 0.0.0.0 area 0
 network 192.168.67.6 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip access-list extended NTPAllowed
 permit udp any any eq ntp
 deny   ip any any
!
control-plane
 service-policy input PMAP
!

line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp authentication-key 1 md5 060506324E41 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179839
ntp source Serial1/0
ntp server 192.168.56.5
!
end

R7
__

hostname R7
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
interface Serial1/0
 ip address 192.168.67.7 255.255.255.0
 ip access-group 100 in
 serial restart-delay 0
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 7.7.7.7
 log-adjacency-changes
 network 192.168.67.7 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 100 deny   udp any any eq ntp
access-list 100 permit ip any any
!
control-plane
!
mgcp behavior g729-variants static-pt
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp clock-period 17179811
ntp peer 192.168.67.6
!
end

Troubleshooting 4

The routing table on R3 should be able to reach 192.168.1.0/24 through 192.168.2.2 and not through 192.168.3.5.

Restrictions: You cannot modify administrative distance or do any type of filtering. The network192.168.1.0/24 must be advertised on R2 in both OSPF and BGP. You must ensure that R2 and R3 are not sending OSPF advertisements to R5. R5 can only use BGP as its routing protocol and must advertise its loopback.

Troubleshooting 3

You must use the authentication type configured within the standby command. Preemption should work on both devices and you must monitor the serial 1/0 link on the opposite router.



R1
__

key chain HSRP
key 1
key-string cisco
accept-lifetime 00:00:00 Jan 1 1993 infinite
send-lifetime 00:00:00 Jan 1 2010 infinite


interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
no keepalive
standby 1 ip 192.168.1.11
standby 1 priority 255
standby 1 preempt
standby 1 authentication md5 key-string HSRP
standby 1 name HSRP1
standby 2 ip 192.168.1.12
standby 2 priority 50
standby 2 authentication secur3
standby 2 name HSRP2


R2
__

key chain HSRP
key 1
key-string cisco
accept-lifetime 00:00:00 Jan 1 1993 infinite
send-lifetime 00:00:00 Jan 1 1993 infinite


interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
no keepalive
standby 1 ip 192.168.1.111
standby 1 priority 50
standby 1 authentication md5 key-string HSRP
standby 1 name HSRP1
standby 2 ip 192.168.1.12
standby 2 priority 255
standby 2 authentication s3cur3
standby 2 name HSPR2
standby 2 preempt

Troubleshooting 2

RB should have a default route to serial 1/0 (172.16.18.252) on RA. Domain name, DNS, netbios, netbios type, and lease is required. Lab it up if required.



RA
__
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.18.1 172.16.18.254
!
ip dhcp pool 0
   network 172.16.0.0 255.255.0.0
   domain-name packetsanalyzed.com
   dns-server 172.16.1.250 172.16.2.251
   netbios-name-server 172.16.1.18
   default-router 172.16.18.252 172.16.18.253
   netbios-node-type p-node
   lease 30
!
ip dhcp pool 1
   network 172.16.18.0 255.255.255.0
  default-router 10.0.0.1
!
ip dhcp pool 2
   network 172.16.22.0 255.255.255.0
   dns-server 172.16.22.250 172.16.22.251


interface Serial1/0
 ip address 172.16.18.253 255.255.255.0
 ip address 172.16.18.252 255.255.255.0 secondary
 encapsulation ppp
 peer default ip address dhcp-pool 0
 serial restart-delay 0
 no fair-queue


RB
__


interface FastEthernet0/1
 ip address 10.0.0.250 255.255.255.0
 duplex auto
 speed auto
!
interface Serial1/0
 ip address negotiated
 encapsulation ppp
 serial restart-delay 0
 no fair-queue


do sh ip route

Gateway of last resort is not set

     172.16.0.0/32 is subnetted, 2 subnets
C       172.16.18.253 is directly connected, Serial1/0
C       172.16.18.13 is directly connected, Serial1/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/1

Troubleshooting 1

Determine what the issue/issues in the configuration below. Lab it up!


R1
__
interface loopback 0
 ip address 1.1.1.1 255.255.255.255
interface serial 1/0
 encapsulation frame-relay
 ip address 192.168.1.1 255.255.255.0
 frame-relay map ip 192.168.1.2 102 broadcast
 frame-relay map ip 192.168.1.3 103 broadcast
 ip ospf network-type point-to-multipoint

router ospf 1
 network 192.168.1.1 0.0.0.0 area 0
 network 1.1.1.1 0.0.0.0 area 0


R2
__
interface loopback 0
 ip address 2.2.2.2  255.255.255.255
interface serial 1/0
 encapsulation frame-relay
 ip address 192.168.1.2 255.255.255.252
 frame-relay map ip 192.168.1.1 201 broadcast
 frame-relay map ip 192.168.1.3 201
 ip ospf network-type point-to-multipoint

router ospf 1
 network 192.168.1.2 0.0.0.0 area 0
 network 2.2.2.2 0.0.0.0 area 0

R3
__
interface loopback 0
 ip address 3.3.3.3 255.255.255.255
interface serial 1/0
 encapsulation frame-relay
 ip address 192.168.1.3 255.255.255.0
 frame-relay map ip 192.168.1.2 301 broadcast
 frame-relay map ip 192.168.1.1 301 broadcast

router ospf 1
 network 192.168.1.3 0.0.0.0 area 0
 network 3.3.3.3 0.0.0.0 area 0

Challenge 1

Create a complex network scenario that requires some level of troubleshooting.

Use GNS3 and post your .net file and create a trouble ticket.