Troubleshooting Lab
Workbook
Authored By:
Khawar Butt
CCIE # 12353
(R/S, Security, SP, Voice)
Khawar Butt
CCIE # 12353
Module 1 Troubleshooting
RIP
R2
R1
L0 10.1.1.1/16
L0 10.2.2.2/16
F 0/0 (.2)
F 0/0(.1)
192.1.12.0/2
S 0/0 (.2)
192.1.23.0/2
S 0/0 (.3)
L0 4.4.4.4/16
R4
L0 3.3.3.3/16
F 0/0 (.3)
F 0/0(.4)
192.1.34.0/2
R3
Scenario: R3 does not support RIPv2. R1, R2 and R4 have been configured to
run RIPv2.
Issue: Routes are not getting propagated. Make sure that R3 only run RIPv1
and R4 runs RIPv2. Make sure routes are getting propagated and reachable
from all routers.
R2
R1
L0 10.1.1.1/16
L0 10.2.2.2/16
F 0/0 (.2)
F 0/0(.1)
192.1.12.0/2
S 0/0 (.2)
192.1.23.0/2
S 0/0 (.3)
L0 10.4.4.4/16
R4
L0 10.3.3.3/16
F 0/0 (.3)
F 0/0(.4)
192.1.34.0/2
R3
Khawar Butt
CCIE # 12353
(R/S, Security, SP, Voice)
Module 2 Troubleshooting
EIGRP
R2
R1
L0 10.1.1.1/16
L0 10.2.2.2/16
F 0/0 (.2)
F 0/0(.1)
192.1.12.0/2
S 0/0 (.2)
192.1.23.0/2
S 0/0 (.3)
L0 10.4.4.4/16
R4
L0 10.3.3.3/16
F 0/0 (.3)
F 0/0(.4)
192.1.34.0/2
R3
Scenario: R1, R2, R3 and R4 have been configured to run EIGRP in AS 12353.
All Neighbor relationships should have been authenticated using a key ID of 1
and a key-string of C1SCO.
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
R2
R1
L0 10.1.1.1/16
L0 10.2.2.2/16
F 0/0 (.2)
F 0/0(.1)
192.1.12.0/2
S 0/0 (.2)
192.1.23.0/2
S 0/0 (.3)
R4
L0 10.4.4.4/16
L0 10.3.3.3/16
F 0/0 (.3)
F 0/0(.4)
192.1.34.0/2
F 0/1(.4)
R3
192.1.45.0/24
F 0/0(.5)
L0 10.5.5.5/16
R5
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
Khawar Butt
CCIE # 12353
(R/S, Security, SP, Voice)
Module 3 Troubleshooting
OSPF
R2
R1
L0 2.2.2.2/8
L0 1.1.1.1/8
F 0/0 (.2)
F 0/0 (.1)
L0 192.1.100.0/24
F 0/0 (.4)
F 0/0 (.3)
L0 3.3.3.3/8
L0 4.4.4.4/8
R4
R3
Scenario: R1, R2, R3 and R4 have been configured to run OSPF. R1 and R2
should have been the Designated Routers for the Ethernet segment, with R1
having higher priority than R2. All loopbacks should have been advertised with
their proper masks. All Routers should be communicating to each other using
the highest level of authentication.
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
R2
R1
L0 10.1.1.1/16
L0 10.2.2.2/16
F 0/0 (.2)
F 0/0(.1)
192.1.12.0/2
S 0/0 (.2)
192.1.23.0/2
S 0/0 (.3)
R4
L0 10.4.4.4/16
L0 10.3.3.3/16
F 0/0 (.3)
F 0/0(.4)
192.1.34.0/2
F 0/1(.4)
R3
192.1.45.0/24
F 0/0(.5)
L0 10.5.5.5/16
R5
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
R2
R4
Frame-Relay
R3
Scenario: R1 (The HUB) has been configured with two sub-interfaces, one of
the two sub-interfaces is configured to connect R1 to R4, this sub-interface
should have been configured in a point-to-point manner using the following IP
addressing:
o R1 = 192.1.14.1 /24
o R4 = 192.1.14.4 /24
The second sub-interface on R1 should have been configured in a multipoint
manner, and this sub-interface should have been configured to connect R1 to
routers R2 and R3 using the following IP addressing:
o R1 = 192.1.123.1 /24
o R2 = 192.1.123.2 /24
o R3 = 192.1.123.3 /24
All routers be able to ping every IP address including their own within their IP
address space.
OSPF should have been configured on the routers to advertise the loopback
networks. These routes should be reachable from all devices.
Copyrights Networxx 20010-2015
Website: http://www.networxx.in; Email: khawarb@khawarb.com
Page 13 of 40
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
Restrictions:
L0 1.1.0.0
L3 1.1.3.0/24
R1
S 0/0(.1)
R2
192.1.12.0/24
L0 2.1.0.0
L3 2.1.3.0/24
S 0/0 (.2)
Area 10
F 0/0 (.2)
192.1.23.0/24
F 0/0 (.3)
S 0/0(.4)
L0 4.1.0.0
L3 4.1.3.0/24
R4
192.1.34.0/24
Area 100
Area 0
L0 3.1.0.0
L3 3.1.3.0/24
S 0/0 (.3)
R3
Scenario: Routing should have been configured based on the above diagram.
Also, the loopback networks from R1 and R4 should have been summarized
using the longest possible summary address into other areas.
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
L0 1.1.0.0
L1 1.1.1.0/24
R1
S 0/0(.1)
R2
192.1.12.0/24
L0 2.1.0.0
L1 2.1.1.0/24
S 0/0 (.2)
Area 10
F 0/0 (.2)
192.1.23.0/24
Area 100
L0 4.1.0.0
L1 4.1.1.0/24
R4
S 0/0(.4)
F 0/0 (.3)
192.1.34.0/24
Area 0
L0 3.1.0.0
L1 3.1.1.0/24
S 0/0 (.3)
R3
F 0/0(.4)
192.1.45.0/24
F 0/0(.5)
L0 5.1.0.0/24
R5
RIPv2
Scenario: Routing should have been configured based on the above diagram.
Area 10 routers should only have Intra-area routes. These routers have had
connectivity to all routes in the network. Area 100 routers should have had
Intra-area routes and Routes getting redistributed into OSPF from RIP. It
should also reachability to all other routes in the network. Loopback on R2 and
R3 should be injected into OSPF as external routes. All routers should have
connectivity to the RIP routes.
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
L0 1.1.0.0
L1 1.1.1.0/24
R1
S 0/0(.1)
R2
192.1.12.0/24
L0 2.1.0.0
L1 2.1.1.0/24
S 0/0 (.2)
Area 0
E 0/0 (.2)
192.1.23.0/24
E 0/0 (.3)
S 0/0(.4)
L0 4.1.0.0
L1 4.1.1.0/24
R4
192.1.34.0/24
Area 100
Area 10
L0 3.1.0.0
L1 3.1.1.0/24
S 0/0 (.3)
R3
Scenario: Routing should have been configured based on the above diagram.
The Virtual Link needed to be authenticated.
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
Khawar Butt
CCIE # 12353
(R/S, Security, SP, Voice)
Module 4 Troubleshooting
BGP
L0 1.1.1.1/8
R1
S 0/0(.1)
R2
192.1.12.0/24
L0 2.2.2.2/8
S 0/0 (.2)
L1 12.1.0.1/16
F 0/0 (.2)
R5
192.1.23.0/24
F 0/0 (.5)
192.1.45.0/24
S 0/0(.4)
F 0/0 (.4)
L0 4.4.4.4/8
F 0/0 (.3)
192.1.34.0/24
L0 3.3.3.3/8
S 0/0 (.3)
R4
R3
L1 13.1.0.1/16
BGP Layout
R3
AS 5
AS 1
AS 234
R1
R2
R4
R5
Scenario: Routing has been as per diagram. The Inter-AS Links between the
ASs is not advertised within the AS IGP and it should not. All the Loopbacks
on all the routers should be reachable to each other. No Neighbor relationship
should be established between R2 and R4. All I-BGP neighbor relationships
should have been authenticated by using a password of Cisco. The I-BGP
neighbors relationship should have been established based on Loopback 10
addresses (10.xx.xx.xx/24). This should have been advertised in the IGP.
Issue: Routes are not getting exchanged between the Routers. Make sure that
all routes are reachable based on the above requirements.
L0 1.1.1.1/8
R1
S 0/0(.1)
R2
192.1.12.0/24
L0 2.2.2.2/8
S 0/0 (.2)
L1 12.1.0.1/16
F 0/0 (.2)
192.1.23.0/24
S 0/0(.4)
L0 4.4.4.4/8
F 0/0 (.3)
192.1.34.0/24
L0 3.3.3.3/8
S 0/0 (.3)
R4
R3
L1 13.1.0.1/16
BGP Layout
R3
AS 1
AS 234
R1
R2
R4
Scenario: Routing has been as per diagram. Routes have been advertised as
follows:
R2
Loopback
Loopback
Loopback
Loopback
Loopback
Loopback
Loopback
Loopback
1
2
3
4
5
6
7
8
192.2.1.1/24
192.2.2.1/24
192.2.3.1/24
192.2.4.1/24
192.2.5.1/24
192.2.6.1/24
192.2.7.1/24
192.2.8.1/24
Loopback
Loopback
Loopback
Loopback
Loopback
Loopback
Loopback
1
2
3
4
5
6
7
150.3.16.1/20
150.3.36.1/22
150.3.40.1/22
150.3.50.1/23
150.3.65.1/24
150.13.0.1/16
150.14.64.1/18
R3
These routes should have been filtering using the following conditions:
R2 should have blocked all the 192.2.X.0 routes that have an odd
number in the third octet from propagating outside the local AS using
the distribute-list command with an ACL.
R4 should have blocked all the 192.2.X.0 routes that have an even
number in the third octet from coming in using the distribute-list
command with an ACL. The Distribute-list command. It should have
been done globally for the BGP process.
R1 should have blocked all the 150.X.X.0 routes that have a subnet
mask between 17 and 23 bits from coming in.
Issue: Routes are not getting filtered properly based on the above
requirements. Make sure the routes are filtered based on the above
requirements.
R1
R2
192.1.12.0/24
S 0/0(.1)
S 0/0 (.2)
L0 1.1.1.1/8
L0 2.2.2.2/8
F 0/0 (.2)
F 0/0 (.1)
192.1.23.0/24
192.1.14.0/24
F 0/0 (.3)
F 0/0 (.4)
L0 3.3.3.3/8
L0 4.4.4.4/8
S 0/0(.4)
192.1.34.0/24
S 0/0 (.3)
R4
R3
BGP Layout
R2
AS 1
AS 234
R3
R1
R4
Scenario: Routing has been as per diagram. Traffic flow between the 2 ASs
should have been configured as follows:
All egress (outgoing) traffic from AS 234 should have been configured to
go through R2 in the outbound direction using the Local Preference
attribute.
Issue: Routes are following the said pattern. Make sure the routes flow between
AS 1 and AS 234 based on the above requirements.
Khawar Butt
CCIE # 12353
(R/S, Security, SP, Voice)
Module 5 Troubleshooting
Other Technologies
R2
R1
L0 1.1.1.1/8
L1 10.1.1.1/24
F 0/0(.1)
F 0/1(.1)
192.1.12.0/24
192.1.112.0/24
F 0/0 (.2)
F 0/1 (.2)
L0 2.2.2.2/8
S 0/0 (.2)
192.1.23.0/24
S 0/0 (.3)
L0 3.3.3.3/8
L1 10.3.3.3/24
R3
R1
R2
Lo 0
F 0/0
Lo 0
F 0/0
2000:192:1:12::/64
S 0/0
2000:192:1:23::/64
S 0/0
2000:192:1:34::/64
Lo 0
F 0/0
Lo 0
F 0/0
R4
R3
Scenario: IPv6 routing has been configured on R1,R2, R3 and R4. IPv6
addresses should have been assigned to the Physcial links based on the
following:
R1
R2
R2
R3
R3
R4
F
F
S
F
S
F
0/0
0/0
0/0
0/0
0/0
0/0
2000:1:1:12::1
2000:1:1:12::2
2000:1:1:23::2
2000:1:1:34::3
2000:1:1:23::3
2000:1:1:34::4
/64
/64
/64
/64
/64
/64
Loopback0 interfaces on all routers should have configured using the autoassigned addresses as follows:
R1
R2
R3
R4
Loopback0
Loopback0
Loopback0
Loopback0
2001:1:1:1::/64
2001:2:2:2::/64
2001:3:3:3::/64
2001:4:4:4::/64
RIPng should have been configured on all the routers to route the Loopback
networks.
Issue: The above requirements are not being met. Make sure the above
requirements should be met.
R1
R2
Lo 0
F 0/0
Lo 0
F 0/0
2000:192:1:12::/64
S 0/0
2000:192:1:23::/64
S 0/0
2000:192:1:34::/64
Lo 0
F 0/0
Lo 0
F 0/0
R4
R3
Scenario: IPv6 routing has been configured on R1,R2, R3 and R4. IPv6
addresses should have been assigned to the Physcial links based on the
following:
R1
R2
R2
R3
R3
R4
F
F
S
F
S
F
0/0
0/0
0/0
0/0
0/0
0/0
2000:1:1:12::1
2000:1:1:12::2
2000:1:1:23::2
2000:1:1:34::3
2000:1:1:23::3
2000:1:1:34::4
/64
/64
/64
/64
/64
/64
Loopback0 interfaces on all routers should have configured using the autoassigned addresses as follows:
R1
R2
R3
R4
Loopback0
Loopback0
Loopback0
Loopback0
2001:1:1:1::/64
2001:2:2:2::/64
2001:3:3:3::/64
2001:4:4:4::/64
OSPFv3 should have been configured on all the routers to route the Loopback
networks.
Issue: The above requirements are not being met. Make sure the above
requirements should be met.
Khawar Butt
CCIE # 12353
(R/S, Security, SP, Voice)
Module 6 Troubleshooting
Switching Technologies
R5
F 0/0 (.5)
192.1.15.0/24 VLAN 10
F 0/0.1 (.1)
R1
F 0/0.2 (.1)
192.1.13.0/24 VLAN 20
F0/0.1 (.3)
R3
F0/0.2 (.3)
192.1.34.0/24 VLAN 30
F 0/0 (.4)
R4
VLAN 30 (.15)
SW1
VLAN 40 (.15)
192.1.2.0/24 VLAN 40
F 0/0 (.2)
R2
Scenario: All Switches should have been configured in a VTP Domain CISCO.
SW1 should have been configured as a Server and all other switches. The VTP
communication should have been authenticated with a password of CCNP.
All the trunk ports should have been configured with Dot1q as the
encapsulation method.
The logical diagram, VLANs and IP addressing should have been configured to
match the above diagram.
A Loopback 0 interface should have been configured on each Rotuer with an IP
Address of X.X.X.X/8 (where X is the Router # - R1=1, R2=2 .). Loopback 0
on SW1 as 15.15.15.15/8.
EIGRP in AS 100 should have been run on all the routers and SW1 to provide
reachability.
SWI should have been configured as the Root bridge for VLANs 10 and 20. SW2
should have been configured as the Root Switch for VLANs 30 and 40.
Issue: The above requirements are not being met. Make sure the above
requirements should be met.
R5
F 0/0 (.5)
192.1.15.0/24 VLAN 10
F 0/0.1 (.1)
R1
F 0/0.2 (.1)
192.1.13.0/24 VLAN 20
F0/0.1 (.3)
R3
F0/0.2 (.3)
192.1.34.0/24 VLAN 30
F 0/0 (.4)
R4
VLAN 30 (.15)
SW1
VLAN 40 (.15)
192.1.2.0/24 VLAN 40
F 0/0 (.2)
R2
There is Security policy on your network such only R1 F0/0 and R2 F0/0
should be able to connect to Ports F 0/1 and F0/2 on SW1.
Ports F 0/5 F 0/6 are in VLAN 40 on SW2. Some PCs are going to be
connected to them in the future. These ports should have been configured to
learn 2 MAC address dynamically. If a third device tried to connect to them, the
ports should have been error disabled automatically.
There are PCs that are connected or will be connected to SW1 ports F0/17
18. These ports should have been set with dot1x authentication. These ports
should be put into VLAN 40 if authentication was successful. The
authentication should have used a RADIUS server located at 192.1.2.100 using
cisco as the key.
If the PC did not support Dot1X authentication, it should have been put into
VLAN 60. If the user had failed the authentication, it should have been put into
VLAN 61.
Issue: The above requirements are not being met. Make sure the above
requirements should be met.
SW1
SW2
VLAN 80
VLAN 90
SW4
VLAN 80
VLAN 90
SW3
Scenario: SW1 and SW4 belong to the same company. SW2 and SW3 belong
to the Service Provider. The Service provider is providing Layer-2 connectivity
between the 2 sites for the company using Q-in-Q Tunneling. The Company
has 2 VLANs (80 and 90). VLAN 80 on either site should have been able to
connect to each other. VLAN 90 on either site should have been able to connect
to each other. SW1 and SW4 should have been able to see each other in the
Show CDP neighbor command as a neighbor.
Issue: The above requirements are not being met. Make sure the above
requirements should be met.
R1
192.1.15.0/24 VLAN 10
VLAN 10 Primary
F 0/0 (.1)
192.1.100.0/24
F 0/0 (.2)
R2
F0/0 (.3)
R3
VLAN 20 Community
F 0/0 (.4)
R4
F 0/0 (.5)
R5
VLAN 30 Isolated
Issue: The above requirements are not being met. Make sure the above
requirements should be met.
R1
F 0/0 (.1)
192.1.11.0/24 VLAN 11
F 0/0 (.3)
F 0/0 (.4)
R4
R3
F 0/1 (.3)
F 0/1 (.4)
192.1.22.0/24 VLAN 20
F0/0(.2)
R2
Scenario: HSRP has been configured between R3 and R4 on VLAN 11. They
are using .34 as the Virtual HSRP address. R3 should have been the preferred
Router. R1 should have been pointing to the virtual HSRP address as the
Default Gateway.
Issue: The above requirements are not being met. Make sure the above
requirements should be met.