CCNPv7.1 TSHOOT Lab3 1 Assembling Maintenance and Troubleshooting Tools Instructor

CCNPv7 TSHOOT
Lab 3-1, Assembling Maintenance and Troubleshooting Tools

Instructor Version
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Physical Topology
Physical topology for STUDENT version of lab
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 54
CCNPv7 TSHOOT Lab 3-1, Assembling Maintenance and Troubleshooting Tools
Physical topology for INSTRUCTOR version of lab
Objectives
 Assign responsibility for a device or set of devices to team members (optional).
 Load the baseline configuration for each device in the topology.
 Use available tools to document key device configuration parameters, such as the interfaces in use,
IP addressing, routing protocols, VLANs, logging mechanisms, and security measures.
 Document the physical topology to support future troubleshooting tasks.
 Document the logical topology to support future troubleshooting tasks.
Background
You have been employed as a network engineering consultant by a company that has made a recent
acquisition. The documentation for the acquired company’s network is incomplete and outdated, so you need
to inventory their network architecture both logically and physically, per company documentation standards.
This will help you learn about the design and implementation of their network and ensure that you have
access to up-to-date and accurate network documentation to reference during future troubleshooting
procedures. One directive to your predecessor was to transition access layer switches to multilayer switches,
so static routing is implemented on the access layer switches until new multilayer switches are procured.
In this lab, you survey the baseline TSHOOT network. No problems are introduced in this lab. The TSHOOT
network will evolve over time as changes and enhancements are made. You will analyze and document the
current topology and device configuration parameters to develop familiarity with the baseline configurations
and network connections. You will review and fill out the provided documentation as you analyze the network.
You will assess and assemble tools that can be used for future maintenance and troubleshooting tasks.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The switches have Fast Ethernet interfaces, so the routing metrics for all
Ethernet links in the labs are calculated based on 100 Mb/s, although the routers have Gigabit Ethernet
interfaces. The 3560 and 2960 switches are configured with the SDM templates dual-ipv4-and-ipv6 routing
and lanbase-routing, respectively. Depending on the router or switch model and Cisco IOS Software version,
the commands available and output produced might vary from what is shown in this lab.
Instructor Notes:
 The lab topology should be pre-built prior to the students starting the lab. Ensure that all switches and
routers (ALS1, DLS1, DLS2, R1, R2, and R3) have the course lab configuration files installed in flash
memory. These can be downloaded from NetSpace. The baseline configurations for all devices are
included at the end of this lab. The configuration file for ALS1 can be copied into a text file using the
naming convention BASE-ALS1-Cfg.txt; similarly for DLS1, DLS2, R1, R2, and R3.
 Each device should have a directory named “tshoot” in flash. This directory should contain the
baseline configuration file for that device as well as configuration files for the other labs in this course.
 Instructors can use a TFTP server, a USB drive, or a flash memory card as source, and use the copy
or archive tar command to copy all course configuration files into the flash:/tshoot directory for
each device in the topology – see the Instructor Notes in Task 2, Step 1 for detailed instructions. This
procedure is done once at the beginning of the course. Keep the files on the TFTP server, too!
 For this lab and subsequent labs, the student is responsible for loading the baseline or trouble ticket
configurations as required using the procedure described in Task 2.
 Set the correct time on R2, which serves as the primary NTP server for the lab network. These labs
use Pacific Time Zone (see R2 baseline configuration), but each site should use their own time zone.
Required Resources
 3 routers (Cisco IOS Release 15.4 or comparable)
Instructor note: The routers should have HWIC-2T WAN modules (supporting 8 Mb/s) rather than
HWIC-2A/S modules.
 2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
 SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark.
Instructor note: A RADIUS server is specified for SRV1, but it is not used with the baseline
configuration in this lab. The SSH client should support Diffie-Hellman Group 14 (2048-bit modulus)
and the SNMP monitor should be v3-capable.
 PC-B (DHCP client): Windows 7 with SSH client and WireShark software
 PC-C (DHCP client): Windows 7 with SSH client and WireShark software
 Serial and Ethernet cables, as shown in the topology
 Rollover cables to configure the routers and switches via the console
Instructor Notes:
 This lab is not a troubleshooting lab. It focuses on discovering the network, assembling
documentation, and identifying available troubleshooting and maintenance tools. A large part of the
documentation that students will need to reference as they progress is contained in this BASE lab.
 The main purpose of this lab is to have students analyze the network design and implementation,
familiarize themselves with the environment that they will be working in during the course, and
assemble the documentation that they will need to troubleshoot effectively in subsequent labs.
EMPHASIZE THIS POINT TO STUDENTS CLEARLY – SUBSEQUENT LABS WILL EXPECT
STUDENTS TO REFER BACK TO THE BASELINE WHENEVER THERE IS A QUESTION ABOUT
NETWORK PROTOCOLS OR VALUES FOR NETWORK PARAMETERS.
 Students can work in teams of two or more, or can work individually from a remote environment. If the
team consists of three people, each person can analyze and document one router and one switch.
Each student can also work with a single device and use Telnet or SSH to access the other devices
and map out the entire network, if time permits.
 The lab is divided into tasks. If time is a factor, Tasks 1 through 3 can be done in one session and
Tasks 4 through 6 in a subsequent session.
Task 1: Assign Responsibility for Each Device (optional)
Task 2: Load the Baseline Device Configuration Files
Task 3: Analyze and Document the Physical Lab Topology
Task 4: Analyze and Document the Logical Lab Topology
Task 5: Identify Troubleshooting and Maintenance Tools
Task 6: Identify Implemented Security Measures
Task 1: Assign Responsibility for Each Device (optional)

Step 1: Review the lab topology together with your team members.
Step 2: Assign responsibility for each device to a team member.

a. The team member who has primary responsibility for a device is in control of the console of that
device and changes to that device. No other team member should access the console, make
changes to the device, or execute disruptive actions, such as reloading or debugging, without
permission from the responsible team member.
b. All team members can access all devices via Telnet or SSH for non-disruptive diagnostic action
without permission of the responsible team member. Responsibilities can be reassigned during later
labs if necessary.
c. If working in teams, document responsibilities in the Device Responsibilities table.
Device Responsibilities Table
Device Description Responsible Team Member

R1 Core Router 1 Alf
R2 ISP Router Betty
R3 Core Router 2 Gam
ALS1 Access Layer Switch 1 Alf
DLS1 Distribution Layer Switch 1 Betty
DLS2 Distribution Layer Switch 2 Gam
SRV1 TFTP, syslog, SNMP Alf
PC-B User PC Betty
PC-C User PC Gam
Task 2: Load the Baseline Device Configuration Files

Use the following procedure on each device in the network to load the baseline configuration. The procedure
shown here is for a switch, but it is very similar to that of a router.
Note: The configuration files for this lab include ip host name ip-addr entries for all devices. This can be
helpful in accessing devices using Telnet with this lab. The ip host entries are only provided in this BASE lab,
as the device IP addresses will change in subsequent labs.
Instructor Notes:
The setup of the “tshoot” directory in flash, containing the appropriate device configuration files, was described in
the Instructor Notes of the Background section at the beginning of this lab.
The baseline configurations used with this lab do not include some features that might be present in an enterprise
network, such as NAT, ACLs, MST, LACP, GLBP, OSPF, and BGP. These features are implemented in the context
of particular troubleshooting scenarios presented as students progress through the course.
Step 1: Verify the existence and location of the lab configuration files.
The course lab configuration files for a particular device should be in flash under the tshoot directory. Use the
show flash command to verify the presence of this directory. You can also verify the contents of the directory
using the cd and dir commands. If the directory and files are not present, contact your instructor.
Note: When the show flash command is used on a switch, it lists the directories and files at the root directory
but not the files within the directories. The following example uses the cd and dir commands on switch ALS1.
ALS1# show flash
Directory of flash:/
9 -rwx 916 Feb 28 1993 16:04:03 -08:00 vlan.dat

3 drwx 512 Sep 22 2014 10:40:59 -07:00 tshoot
5 -rwx 11792247 Feb 28 1993 16:24:48 -08:00 c2960-lanbasek9-mz.150-2.SE6.bin
6 -rwx 7192 Sep 26 2014 10:53:31 -07:00 multiple-fs
7 -rwx 106 Feb 28 1993 18:13:09 -08:00 info
8 -rwx 1906 Sep 26 2014 10:53:31 -07:00 private-config.text
10 -rwx 7199 Sep 26 2014 10:53:31 -07:00 config.text
27998208 bytes total (16070656 bytes free)

ALS1# cd tshoot
ALS1# dir
Directory of flash:/tshoot/
9 -rwx 7979 Sep 22 2014 11:26:14 -07:00 BASE-ALS1-Cfg.txt

<output omitted>
Alternatively, you can see the contents of the directory by specifying its name using the dir command. For
example:
ALS1# cd
ALS1# pwd
flash:
ALS1# dir flash:/tshoot
Directory of flash:/tshoot/
9 -rwx 7979 Sep 22 2014 11:26:14 -07:00 BASE-ALS1-Cfg.txt

<output omitted>
Note: When the show flash command is used on a router, it lists the directories and the files within them. The
following example uses only the show flash command on router R1. The tshoot directory and its contents are
listed.
R1# show flash:
-#- --length-- -----date/time------ path
1 103727964 Sep 18 2014 05:20:10 -07:00 c2900-universalk9-mz.SPA.154-3.M.bin
2 2857 Feb 22 2014 01:01:52 -08:00 pre_autosec.cfg
3 0 Sep 22 2014 11:39:18 -07:00 tshoot
4 3887 Sep 22 2014 11:42:20 -07:00 tshoot/BASE-R1-Cfg.txt
<output omitted>
Instructor Notes:
 To create a directory in flash memory, use the mkdir command.
Example:
ALS1# mkdir tshoot
Created dir flash:tshoot
The following example shows how to copy a configuration file from a TFTP server at IP address
10.1.100.1 to the flash:/tshoot directory on ALS1:
ALS1# copy tftp://10.1.100.1/BASE-ALS1-Cfg.txt flash:/tshoot
Note: This assumes the configuration files are in the TFTP server default directory.
 To prevent having to transfer files one at a time, use a program such as 7-Zip to create a tar file, say
device.tar, for all the course lab configuration files for that device on the TFTP server; then copy and
extract the configuration files with one command as follows:
ALS1# archive tar /xtract tftp://10.1.100.1/ALS1.tar flash:/tshoot
 You can view the contents of a particular file in flash using the UNIX or Cisco IOS more command. For
example:
ALS1# more flash:/tshoot/BASE-ALS1-Cfg.txt
This command displays the contents of the file a page at a time.
Step 2: Erase startup-config from NVRAM, and then reset the SDM template.
ALS1# erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
ALS1#
Sep 26 22:00:26.222: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
ALS1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ALS1(config)# sdm prefer lanbase-routing
ALS1(config)#
Sep 26 22:00:45.155: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:sdm
prefer lanbase-routing
ALS1(config)# exit
ALS1#
Sep 26 22:00:48.393: %SYS-5-CONFIG_I: Configured from console by console
ALS1# show sdm prefer
The current template is "lanbase-routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 255 VLANs.
number of unicast mac addresses: 4K

number of IPv4 IGMP groups + multicast routes: 0.25K
number of IPv4 unicast routes: 4.25K
number of directly-connected IPv4 hosts: 4K
number of indirect IPv4 routes: 256
number of IPv6 multicast groups: 0.375k
number of IPv6 unicast routes: 1.25K
number of directly-connected IPv6 addresses: 0.75K
number of indirect IPv6 unicast routes: 448
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.125k
number of IPv4/MAC security aces: 0.375k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 0.375k
number of IPv6 security aces: 127
Note: For a 3560 switch, use the “dual-ipv4-and-ipv6 routing” template. If using another type of Cisco switch,
choose an SDM template that supports IPv4/IPv6 routing and IPv4/IPv6 ACEs. The SDM setting reverts to the
“default” template on a 2960 and the “desktop default” template on the 3560 after deleting startup-config, so it
is important to change the SDM template setting after deleting startup-config. Most time-stamped logging
messages, as seen in the output above, will be removed from the lab outputs going forward.
Step 3: Delete the VLAN database from flash (switches only).

ALS1# delete vlan.dat
Delete flash:/vlan.dat? [confirm]
Step 4: Reload the device, but do not save the system configuration if prompted.
ALS1# reload
System configuration has been modified. Save? [yes/no]: no

Proceed with reload? [confirm]
Step 5: When the device restarts, do not enter the initial configuration dialog.
Press RETURN to get started!
--- System Configuration Dialog ---
Enable secret warning

----------------------------------
In order to access the device manager, an enable secret is required
If you enter the initial configuration dialog, you will be prompted for the enable
secret
If you choose not to enter the intial configuration dialog, or if you exit setup
without setting the enable secret,
please set an enable secret using the following CLI in configuration mode-
enable secret 0 <cleartext password>
----------------------------------
Would you like to enter the initial configuration dialog? [yes/no]: no
Note: On some platform/IOS combinations, a message appears after choosing not to enter the initial
configuration dialog, asking whether or not to “terminate autoinstall”. If this message appears, enter yes to
terminate autoinstall.
Step 6: Copy the specified lab device configuration file from flash to running-config.
Switch> enable
Switch# copy flash:/tshoot/BASE-ALS1-Cfg.txt running-config
Destination filename [running-config]?
Note: Although it is possible to copy the file to startup-config and reload the device, the RSA keys for SSH
cannot be generated from the startup-config file. The device configuration files loaded from flash contain
commands that remove any existing keys and create new keys. It is also possible to cut-and-paste the
configuration command sequences comprising the device configuration files into global configuration mode.
Step 7: Copy the running config to the startup config.

Depending on the platform/IOS combination, AUTOSAVE may automatically save a copy of running-
config to NVRAM for startup. AUTOSAVE does not copy the console line and vty line configurations from
running-config to startup-config. To ensure that the startup configuration is complete, manually copy:
ALS1# copy running-config startup-config
Building configuration...
[OK]
Note: If the device is rebooted at this point, you can log in with the username cisco and the password cisco.
To access privileged EXEC mode, use the enable secret: cisco.
Instructor note: One can cut-and-paste the respective compiled list of commands at the end of this lab into
global configuration mode on each device. The commands load too quickly with this approach, overflowing
the buffer and preventing the configuration sequences from loading properly. Configure the terminal emulator
to pause at least 100 ms after each carriage return; some systems may actually require 200 ms.
Step 8: Repeat Steps 1 through 7 for the other devices in the network.
Step 9: Configure the PCs.

a. Configure SRV1 with the static IPv4 address 10.1.100.1/24 and default gateway 10.1.100.254 (on
DLS1). Configure SRV1 with the static IPv6 address 2001:DB8:CAFE:100::1 and default gateway
2001:DB8:CAFE:100::D1 (on DLS1).
b. Configure PC-B and PC-C as DHCP clients for both IPv4 and IPv6.
Note: Make sure the PCs learn addresses of the form 2001:DB8:CAFE:x:ABCD:u:v:w where x is the
VLAN for the respective PC. Use ipconfig/release6 followed by ipconfig/renew6 to
release and renew the stateful IPv6 data. If necessary, reset the NIC. The SVI commands for VLANs
110, 120, and 200,
ipv6 nd prefix 2001:DB8:CAFE:x::/64 no-autoconfig
ipv6 nd managed-config-flag
set the IPv6 RA M, O, and A flags so that the Windows 7 stateful DHCPv6 clients populate a singular
GUA and appropriate link-local default routes, as seen in the ipconfig and route print outputs.
Step 10: Test basic network connectivity between devices.

a. Ping from PC-B to SRV1 at 10.1.100.1 and 2001:DB8:CAFE:100::1. Were the pings successful?
__________________________________________________________________________
Yes
b. Ping from ALS1 to R2 Lo1 at 2.2.2.2 and 2001:DB8:EFAC::2. Were the pings successful?
____________________________________________________________________________
Yes
Note: If the pings are not successful, contact your instructor.
Task 3: Analyze and Document the Physical Lab Topology

Note: At this time, only examine and document the physical connections. Documenting the logical topology, such
as subnets, IP addresses, and routing protocols, is addressed in Task 4 of this lab.
Step 1: Review the physical topology diagram on page 1 of the lab.
Step 2: Use Cisco Discovery Protocol and show commands to verify the Layer 1 and Layer 2
connections of the lab topology.
a. Use the show cdp command to discover the interfaces associated with the physical connections.
Fill in the correct device and interface designators in the following Device Links Table and label them
on the physical topology diagram on the first page of the lab.
ALS1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID

DLS2.tshoot.net Fas 0/4 131 R S I WS-C3560- Fas 0/2
DLS1# show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID

R1.tshoot.net Fas 0/5 167 R B S I CISCO2911 Gig 0/1
ALS1.tshoot.net Fas 0/2 153 R S I WS-C2960- Fas 0/2
ALS1.tshoot.net Fas 0/1 153 R S I WS-C2960- Fas 0/1
b. Review the configurations of the devices for using Layer 1 and Layer 2 features, such as trunks and
EtherChannels. Fill in the information in the Device Links Table and add it to the diagram. If a link is
accounted for from one device to another, it is not necessary to repeat the entry from the other
device. The first entry for ALS1, interface F0/1 is filled in as an example.
Which other commands could you use to identify Layer 1 and Layer 2 characteristics?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Answers will vary but could include: show run, show etherchannel summary, show
interfaces trunk, show interfaces switchport.
ALS1# show interfaces trunk
Port Mode Encapsulation Status Native vlan

Po1 on 802.1q trunking 666
Po2 on 802.1q trunking 666
Port Vlans allowed on trunk

Po1 99,110,120,200
Po2 99,110,120,200
Port Vlans allowed and active in management domain

Po1 99,110,120,200
Po2 99,110,120,200
Port Vlans in spanning tree forwarding state and not pruned

Po1 99,110,120
Po2 200
ALS1# show etherchannel summary

Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling

w - waiting to be aggregated
d - default port
Number of channel-groups in use: 2

Number of aggregators: 2
Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Fa0/1(P) Fa0/2(P)
2 Po2(SU) - Fa0/3(P) Fa0/4(P)
Device Links Table
From Device Interface To Device Interface Layer 1 and 2 Features

and Protocols Used
ALS1 F0/1 DLS1 F0/1 EtherChannel Po1,

802.1Q
802.1Q
802.1Q
802.1Q
ALS1 F0/18 PC-B NIC 100Base-T
DLS1 F0/3 DLS2 F0/3 EtherChannel Po10,

802.1Q
DLS1 F0/4 DLS2 F0/4 EtherChannel Po10,
802.1Q
DLS1 F0/5 R1 G0/1 100 Mb/s, DLS1 F0/5 is
a routed L3 port (logical)
DLS1 F0/6 SRV1 NIC 100Base-T
DLS2 F0/5 R3 G0/1 100 Mb/s, DLS2 F0/5 is

a routed L3 port (logical)
DLS2 F0/18 PC-C NIC 100Base-T
R1 S0/0/0 R2 S0/0/0 WAN link, PPP

R2 S0/0/1 R3 S0/0/1 WAN link, PPP
c. Verify that all physical links shown in the diagram are operational. Which commands did you use?
_______________________________________________________________________________
_______________________________________________________________________________
Answers will vary but could include: show interfaces, show ip interface brief, show
interfaces description, show cdp neighbors, show interfaces status, show vlan.
Step 3: Map the VLANs used in the lab to the devices in the diagram.
Fill in the VLAN Definition table and label the physical topology diagram with the VLANs used for this topology.
Identify all host devices that are members of each VLAN. The first entry for VLAN 99 is filled in as an example.
VLAN Definition Table
VLAN # Name Description VLAN Members
99 MANAGEMENT Management VLAN ALS1, DLS1, DLS2

100 SERVERS Internal Servers DLS1, DLS2, SRV1
110 GUEST Guest VLAN ALS1, DLS1, DLS2, PC-C
120 OFFICE Office VLAN ALS1, DLS1, DLS2, PC-B
200 VOICE Voice VLAN ALS1, DLS1, DLS2
666 NATIVE IEEE 802.1Q Trunk VLAN ALS1, DLS1, DLS2
999 PARKING_LOT Unused Switch Ports ALS1, DLS1, DLS2
Step 4: Analyze spanning tree for the Layer 2 switched domain.

a. Analyze the spanning tree characteristics of the Layer 2 switched portion of the network. Which type
of spanning-tree mode is implemented?
_______________________________________________________________________________
Rapid Per VLAN Spanning Tree (Rapid PVST+)
b. Which switch is the root switch for each VLAN, and what are the configured spanning-tree priorities?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
DLS1 is the root bridge for VLANs 99, 110, and 120. For these VLANs, the DLS1 priority is 24576,
and the DLS2 priority is 28672. DLS2 is the root bridge for VLANs 100 and 200. For these VLANs,
The DLS1 priority is 28672, and the DLS2 priority is 24576.
c. What is the resulting spanning-tree topology for VLANs that have client devices connected?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
For VLANs 99, 110, and 120, ALS1-Po1=Root/FWD, ALS1-Po2=Altn/BLK, DLS1-Po1=Desg/FWD,
DLS1-Po10=Desg/FWD, DLS2-Po2=Desg/FWD, and DLS2-Po10=Root/FWD.
For VLAN 200, ALS1-Po1=Altn/BLK, ALS1-Po2=Root/FWD, DLS1-Po1=Desg/FWD, DLS1-
Po10=Root /FWD, DLS2-Po2=Desg/FWD, and DLS2-Po10=Desg/FWD. For VLAN 100, DLS1-
Po1=Desg/FWD, DLS1-Po10=Root /FWD, DLS2-Po2=Desg/FWD, and DLS2-Po10=Desg/FWD.
d. Which commands did you use to analyze the spanning-tree characteristics?
_______________________________________________________________________________
_______________________________________________________________________________
Answers will vary but could include show run and show spanning-tree vlan vlan-id.
Step 5: Diagram the spanning tree for VLAN 120.

a. Label the STP role and port status for each port channel used in the physical topology diagram below.
VLAN 120 spanning tree for STUDENT version of lab
VLAN 120 spanning tree for INSTRUCTOR version of lab
Output for VLAN 120 on all three switches is shown as an example:
ALS1# show spanning-tree vlan 120
VLAN0120
Spanning tree enabled protocol rstp
Root ID Priority 24696
Address 001b.2b74.8d80
Cost 12
Port 64 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32888 (priority 32768 sys-id-ext 120)

Address 0024.50d1.9900
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------
Fa0/18 Desg FWD 19 128.18 P2p Edge
Po1 Root FWD 12 128.64 P2p
Po2 Altn BLK 12 128.72 P2p
DLS1# show spanning-tree vlan 120
VLAN0120
This bridge is the root

Aging Time 300 sec

------------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 12 128.64 P2p
Po10 Desg FWD 12 128.136 P2p
DLS2# show spanning-tree vlan 120
VLAN0120
Cost 12
Port 136 (Port-channel10)

Address 001e.4915.0300
Aging Time 300 sec

------------------- ---- --- --------- -------- --------------------------------
Po2 Desg FWD 12 128.72 P2p
Po10 Root FWD 12 128.136 P2p
b. If working as a team, discuss your findings with your teammates to ensure that all team members
understand the physical and data link aspects of the network design.
Student Notes
Use this space to make any additional notes regarding the physical configuration and the commands used.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Task 4: Analyze and Document the Logical Lab Topology

Step 1: Review the logical lab diagram and the subnets.
Review the IP subnets in the Subnet table for the VLANs and WAN links that are used in the lab network.
Router interface designations from the physical topology diagram are provided in two copies of the logical
topology, one to be used for IPv4 data and one for IPv6 data.
Logical Topology for STUDENT version of lab (IPv4)
Logical Topology for STUDENT version of lab (IPv6)
Subnet Table
Description IPv4 Subnet IPv6 Prefix Devices
VLANs
Management VLAN 99 10.1.99.0/24 2001:DB8:CAFE:99::/64 ALS1,DLS1,DLS2
Servers VLAN 100 10.1.100.0/24 2001:DB8:CAFE:100::/64 SRV1
Guest VLAN 110 10.1.110.0/24 2001:DB8:CAFE:110::/64 PC-C
Office VLAN 120 10.1.120.0/24 2001:DB8:CAFE:120::/64 PC-B
Management VLAN 10.1.99.0/24 2001:DB8:CAFE:200::/64 ALS1, DLS1, DLS2
WAN Links
DLS1 – R1 10.1.2.0/30 2001:DB8:CAFE:20::/64 DLS1 and R1 GE link

DLS2 – R3 10.1.2.12/30 2001:DB8:CAFE:212::/64 DLS2 and R3 GE link
R1 – R2 10.1.1.0/30 2001:DB8:CAFE:10::/64 R1 and R2 serial link
R2 – R3 10.1.1.4/30 2001:DB8:CAFE:14::/64 R2 and R3 serial link
Logical Topology for INSTRUCTOR version of lab (IPv4)
Logical Topology for INSTRUCTOR version of lab (IPv6)
Step 2: Map the subnet scheme to the logical diagram.

In the previous step, the subnets were documented in the Subnet table. Now document the host portion of
the addresses. To document the host part, research the routing tables and interface IP addresses of all
the devices. Document the interface IPv4 and IPv6 addresses in the IP Address table and on the
associated logical topology diagram. Use only the number of the last octet for IPv4 addresses and the last
hextet for IPv6 addresses in the respective diagrams. The device names and interfaces are listed to help
identify the IP addresses. The entry for ALS1 VLAN 99 is shown as an example. If an interface is not in
use, indicate this in the Additional Information column. Account for all physical and virtual interfaces.
IP Address Table
Additional
Device Name Interface IPv4 Address/Prefix IPv6 Address/Prefix Information
ALS1 Vlan 99 10.1.99.251/24 2001:DB8:CAFE:99::A1/64 SVI
DLS1 Vlan 99 10.1.99.252/24 2001:DB8:CAFE:99::D1/64 SVI
DLS1 F0/5 10.1.2.1/30 2001:DB8:CAFE:20::D1/64 Routed Port to R1
DLS2 F0/5 10.1.2.13/30 2001:DB8:CAFE:212::D2/64 Routed Port to R3
R1 G0/0 N/A N/A Not used at this time
R1 G0/1 10.1.2.2/30 2001:DB8:CAFE:20::1/64
R1 S0/0/0 10.1.1.1/30 2001:DB8:CAFE:10::1/64
R1 S0/0/1 N/A N/A Not used at this time
R1 Loopback 0 10.1.201.1/32 2001:DB8:CAFE:201:12/64
R2 S0/0/0 10.1.1.2/30 2001:DB8:CAFE:10::2/64
R2 S0/0/1 10.1.1.6/30 2001:DB8:CAFE:14::2/64
R2 Loopback 0 10.1.202.1/32 2001:DB8:CAFE:202::2/64
R2 Loopback 1 2.2.2.2/8 2001:DB8:EFAC::2/48
R3 G0/1 10.1.2.14/30 2001:DB8:CAFE:212::3/64
R3 S0/0/0 N/A N/A Not used at this time
R3 S0/0/1 10.1.1.5/30 2001:DB8:CAFE:14::3/64
R3 Loopback 0 10.1.203.1/32 2001:DB8:CAFE:203::3/64
SRV1 NIC 10.1.100.1/24 2001:DB8:CAFE:100::1/64 Static address
PC-B NIC Varies Varies Address via DHCP
PC-C NIC Varies Varies Address via DHCP
Step 3: Analyze and document control plane logical configuration features.

Analyze the configurations of the devices for control plane features such as routing protocols, First Hop
Redundancy Protocols (FHRPs), dynamic host configuration protocol (DHCP), and network address
translation (NAT). Review, document, and discuss the following aspects of the logical network
configuration.
a. Is dynamic or static routing being used?
_______________________________________________________________________________
dynamic
_______________________________________________________________________________
b. If dynamic, which routing protocol?
_______________________________________________________________________________
Classic EIGRP for IPv4/IPv6 on DLS1/DLS2, Named EIGRP for IPv4/IPv6 on R1/R2/R3
c. Are FHRPs in use, such as the Hot Standby Router Protocol (HSRP), Virtual Router Redundancy
Protocol (VRRP), or Gateway Load Balancing Protocol (GLBP)? If yes, which one?
_______________________________________________________________________________
yes: HSRP version 1 for IPv4 on SVIs 99, 100, 110, 120, and 200 on DLS1 and DLS2
no: FHRP for IPv6
d. What is the active router for all relevant VLANs?
_______________________________________________________________________________
_______________________________________________________________________________
DLS1 is the active router for VLANs 99/110/120. DLS2 is the active router for VLANs 100/200.
e. From the PC-B command prompt, issue the tracert command to router R2 Lo0 at 10.1.202.1 for
IPv4 and 2001:DB8:CAFE:202:2 for IPv6. What path did the packets take in each case?
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
IPv4: PC-B to DSL1 SVI 120 IP 10.1.120.252 (active HSRP router for VLAN 120) to R1 G0/1 IP
10.1.2.2 to R2 Lo0 IP 10.1.202.1.
C:\> tracert 10.1.202.1
Tracing route to 10.1.202.1 over a maximum of 30 hops:
1 2 ms 2 ms 1 ms 10.1.10.252
2 <1 ms <1 ms <1 ms 10.1.2.2
3 13 ms 13 ms 85 ms 10.1.202.1
Trace complete.
IPv6: PC-B to ALS1 SVI 120 IP 2001:DB8:CAFE:120::A1 to DLS1 SVI 99 IP 2001:DB8:CAFE:99::D1

to R1 G0/1 IP 2001:DB8:CAFE:20::1 to R2 Lo0 IP 2001:DB8:CAFE:202::2.
C:\> tracert 2001:db8:cafe:202::2
Tracing route to 2001:db8:cafe:202::2 over a maximum of 30 hops:
1 41 ms 2 ms 5 ms 2001:db8:cafe:120::a1
2 1 ms 1 ms 1 ms 2001:db8:cafe:99::d1
3 1 ms <1 ms <1 ms 2001:db8:cafe:20::1
4 1 ms 14 ms 1 ms 2001:db8:cafe:202::2
Trace complete.
f. Are any access lists used to filter traffic on the network? If yes, describe their function.
_______________________________________________________________________________
_______________________________________________________________________________
Not at this time.
g. Is DHCP in use? If yes, which DHCP server is used and for which VLANs present in the logical
topology diagram?
_______________________________________________________________________________
_______________________________________________________________________________
Yes. DLS1 is the IPv4 and IPv6 DHCP server for VLANs 110, 120, and 200.
h. How does ALS1 send ICMP echo requests to SRV1 in VLAN 100, when ALS1 has no VLAN 100?
_______________________________________________________________________________
ALS1 has a default route pointing to SVI 99 on DLS1 since DLS1 is the active router for VLAN 99.
i. If working as a team, discuss your findings with your teammates to ensure that all team members
understand the high-level design of the network.
Notes
Use this space to make any additional notes regarding the logical configuration and the commands used.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Task 5: Identify Troubleshooting and Maintenance Tools

Step 1: Analyze device configurations for troubleshooting and maintenance features.
Analyze the configurations of the devices for services that support troubleshooting and maintenance, such as
syslog, Simple Network Management Protocol (SNMP), and other network management features.
Step 2: Document the troubleshooting and maintenance features.

a. Document the troubleshooting and maintenance applications or tools in use with the network devices
in the Troubleshooting and Maintenance Tools table. An entry for system logging is provided as an
example.
Troubleshooting and Maintenance Tools Table
Configured Feature Devices Target Server Target Tool or Application
System message logging All SRV1 Syslog server
Configuration archive All SRV1 TFTP server
SNMP traps All SRV1 SNMP Monitor
NTP All R2 NTP server
NetFlow R1, R2, R3 Local Local on the router
b. If working as a team, discuss your findings with your teammates to ensure that all team members
know which maintenance and troubleshooting tools are available in the network.
Notes
Use this space to make any additional notes regarding troubleshooting and maintenance applications or tools.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Task 6: Identify the Security Measures Implemented

Step 1: Analyze device configurations for security-related features.
Analyze the configurations of your assigned devices for configuration options that help support a more
secure network implementation, such as password security, login authentication, secure remote
management, switch trunk and access port security, and VLANs. Record your entries in the Security
Features table. An entry for password security is provided as an example.
Security Features Table
Security Feature Configured Implementation Method or Commands
Password security Enable secret, password encryption

Login authentication AAA local database authentication
Secure remote management SSH, IPv6 access list on ALS1 vty ports 0-4
Switch trunk port security Switchport mode trunk, nonegotiate, unused NATIVE VLAN
666, VLANs allowed on trunk
Switch access port security Switchport mode access, nonegotiate, PortFast, port security
on ALS1 (max three sticky MAC addresses)
Proxy ARP Disabled on SVIs no ip proxy-arp
Security Feature Configured Implementation Method or Commands
VLAN security Unused ports placed in PARKING_LOT VLAN 999; only VLANs
in {99,100,110,120,200} are allowed on the trunks
Notes
Use this space to make any additional notes regarding security measures.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
All SVIs have proxy ARP disabled per company security policy. Traditionally, an access layer switch, like
ALS1, is configured like a PC, with a default gateway and an IP address. But recall that a company directive
was to configure access layer switches with static routing while the company transitions to multilayer switches
at the access layer. The baseline configuration on ALS1 blocks IPv6 remote access to ALS1 using an IPv6
ACL on the vty lines. As a result, ALS1 is not accessible for remote configuration if IPv4 routing is disabled.
IPv4 routing on a 2960 requires the lanbase-routing SDM template; the dual-ipv4-and-ipv6 default SDM
template supports IPv6 routing, but not IPv4 routing. If remote access to ALS1 is lost, be sure to check the
SDM template setting on ALS1.
Note: Configuration command sequences for all devices are provided at the end of the lab. These are not
outputs resulting from entering the show running-config command. Only the non-default commands
used to configure the devices are included (along with no shutdown on appropriate interfaces).
Lab Debrief Notes

Use this space to make notes regarding the key concepts learned during the lab debrief discussions with your
instructor. This may include alternate solutions, methods, and processes; this may include procedure and
communication improvements; and this may include key commands and tools.
Note: This is your primary opportunity to document a baseline of the lab network before starting the
troubleshooting exercises. During the debrief session, ask your instructor for clarification of any aspects of the
network design and configurations that are unclear.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Instructor Notes: Presented here are points for the instructor to emphasize during lab debrief discussions.
Lab Design and Implementation: The focus of this lab is to allow students to familiarize themselves with the
lab environment. However, not all students have the skills to independently map and analyze the network.
Therefore, it is important that the instructor take sufficient time to walk them through the physical and logical
topologies of the lab.
Be sure to review each major section (task) of the lab with the students to ensure that they have the network
properly documented, both physically and logically.
The following details are important to point out:
 Process for loading device configuration files.
 The multiple commands that can be used to gather information; discuss how different teams used
different commands and how each of those commands revealed information about the network.
 Physical topology characteristics such as trunking protocols, WAN protocols, and EtherChannel.
 The spanning-tree topology and which switch is the root for each of the relevant VLANs.
 The use of routed ports and switch virtual interfaces (SVIs) and where they are used.
 The use of HSRP and which router performs the active role for each VLAN.
 Which routers or switches perform the role of DHCP server for which VLANs?
 Which maintenance and troubleshooting services have been implemented, such as NTP, TFTP, SNMP,
syslog, and archive?
 Point out the use of the source interface SVI VLAN 99 on switches for logging, NTP, Telnet, SSH, and
SNMP. The routers use source interface Lo0 for logging, NTP, Telnet, SSH, and SNMP.
 Use of the archive utility in the configurations, how it records versions of the running-config file, and how
the path statement works to name files as they are sent to the TFTP server.
 Which security measures have been implemented, such as passwords, login authentication, trunks, and
port security?
Test points: Point out the main tests used in trouble tickets. The major Application Layer test used is
browsing to a specific IP address. The major Network Layer tests are ping and traceroute to a specific IP
address. Make clear that browsing the Internet should be possible from all clients. Most trouble tickets involve
problems related to a lack of connectivity from one host or area of the network to another, resulting in the
introduction of problems in the devices at OSI Layers 1, 2, 3, 4, and 7.
Device Configurations
Important Instructor Note:
These are actual configuration command sequences (not running-config outputs). And no shutdown commands
are included for interfaces that should be up. Each device configuration compilation can be copied from this lab
and pasted into a text file and saved using the naming convention indicated in Task 2, Step 1 (for example, BASE-
ALS1-Cfg.txt).
Each text file can then be copied to the flash:/tshoot directory using and the copy or archive tar command
with a TFTP server, a USB stick, or a flash memory card as source. This preserves the no shutdown commands
for interfaces. The file in flash can then be loaded to running-config using the procedure described in Task 2.
Caution: Pasting the configurations into running-config and then copying them to flash does not preserve the no
shutdown commands for the interfaces: the interfaces must be enabled manually in this case.
Note: These configurations include ip host name ip-addr entries for all devices. This can be helpful in
accessing devices using Telnet or SSH. The ip host entries are only provided in this BASE lab because the
device IP addresses change in subsequent labs.
Switch ALS1
!BASE ALS1 Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALS1
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
system mtu routing 1500
vtp domain TSHOOT
vtp mode transparent
ip routing
!
!
no ip domain-lookup
ip domain-name tshoot.net
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host ALS1 10.1.99.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
ipv6 unicast-routing
!
errdisable recovery cause psecure-violation
errdisable recovery interval 120
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan 99
name MANAGEMENT
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
ip telnet source-interface Vlan99
ip ssh source-interface Vlan99
!
!
interface Port-channel1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,110,120,200
switchport mode trunk
switchport nonegotiate
no shutdown
!
no shutdown
!
interface FastEthernet0/1
channel-group 1 mode on
no shutdown
!

no shutdown
!
no shutdown
!
no shutdown
!
description PARKING_LOT
switchport access vlan 999
switchport mode access
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
description To PC-B
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security mac-address sticky
spanning-tree portfast
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface GigabitEthernet0/1
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:99::A1/64
no shutdown
!
interface Vlan110
ip address 10.1.110.251 255.255.255.0
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
no shutdown
!
interface Vlan120
ip address 10.1.120.251 255.255.255.0
no shutdown
!
interface Vlan200
ip address 10.1.200.251 255.255.255.0
no shutdown
!
crypto key gen rsa general-keys modulus 1024
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.99.254
logging source-interface Vlan99
logging host 10.1.100.1
ipv6 route ::/0 2001:DB8:CAFE:99::D1
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact support@tshoot.net
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps vlan-membership
snmp-server host 10.1.100.1 version 2c cisco
!
!
banner motd ^*** BASE ALS1 Config ***^
!
ipv6 access-list REMOTEv6
deny ipv6 any any
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
ipv6 access-class REMOTEv6 in
logging synchronous
length 0
transport input telnet ssh
!
ntp source Vlan99

ntp server 10.1.202.1
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
file prompt quiet
!
end
!
Switch DLS1
!BASE DLS1 Config
!
!
hostname DLS1
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
vtp domain TSHOOT
ip routing
no ip domain-lookup
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host ALS1 10.1.99.251
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
!
ip dhcp excluded-address 10.1.120.251 10.1.120.254
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
default-router 10.1.200.254
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
!
ip dhcp pool OFFICE

network 10.1.120.0 255.255.255.0
!
!
ipv6 dhcp pool DHCPv6OFFICE
address prefix 2001:DB8:CAFE:120:ABCD::/80
domain-name tshoot.net
!
ipv6 dhcp pool DHCPv6VOICE
!
ipv6 dhcp pool DHCPv6GUEST
!
!
errdisable recovery cause bpduguard
!
spanning-tree vlan 99,110,120 priority 24576
spanning-tree vlan 100,200 priority 28672
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
!
description Channel to ALS1
switchport trunk encapsulation dot1q
no shutdown
!

switchport trunk allowed vlan 99,100,110,120,200
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
description FE to R1
no switchport
ip address 10.1.2.1 255.255.255.252
speed 100
duplex full
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:20::D1/64
ipv6 eigrp 1
spanning-tree bpduguard enable
no shutdown
!
description FE to SRV1
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.252 255.255.255.0
standby 99 ip 10.1.99.254
standby 99 priority 110
standby 99 preempt
ipv6 eigrp 1
no shutdown
!
interface Vlan100
ip address 10.1.100.252 255.255.255.0
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 eigrp 1
no shutdown
!
interface Vlan110
ip address 10.1.110.252 255.255.255.0
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 eigrp 1
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.252 255.255.255.0
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 eigrp 1
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.252 255.255.255.0
standby 200 ip 10.1.200.254

standby 200 preempt
ipv6 eigrp 1
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
!
router eigrp 1
network 10.1.0.0 0.0.255.255
passive-interface default
no passive-interface FastEthernet0/5
no passive-interface Vlan99
!
!
no ip http server
!
!
ipv6 router eigrp 1
eigrp router-id 1.1.1.1
!
!
snmp-server enable traps eigrp
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps errdisable
!
!
banner motd ^*** BASE DLS1 Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
!
ntp source Vlan99
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Switch DLS2
!BASE DLS2 Config
!
service timestamps log datetime
!
hostname DLS2
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
vtp domain TSHOOT
ip routing
no ip domain-lookup
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
!
!
!
!
errdisable recovery cause bpduguard
!
spanning-tree vlan 99,110,120 priority 28672
spanning-tree vlan 100,200 priority 24576
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!

no shutdown
!
no shutdown
!
description FE to R3
no switchport
ip address 10.1.2.13 255.255.255.252
speed 100
duplex full
ipv6 eigrp 1
spanning-tree bpduguard enable
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
description FE to PC-C
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.253 255.255.255.0
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 eigrp 1
no shutdown
!
interface Vlan100
ip address 10.1.100.253 255.255.255.0
standby 100 ip 10.1.100.254

standby 100 preempt
ipv6 eigrp 1
no shutdown
!
interface Vlan110
ip address 10.1.110.253 255.255.255.0
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 eigrp 1
no shutdown
!
interface Vlan120
ip address 10.1.120.253 255.255.255.0
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 eigrp 1
no shutdown
!
interface Vlan200
ip address 10.1.200.253 255.255.255.0
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 eigrp 1
no shutdown
!
!
router eigrp 1
network 10.1.0.0 0.0.255.255
passive-interface default
no passive-interface FastEthernet0/5
!
!
no ip http server
!
!
ipv6 router eigrp 1
eigrp router-id 2.2.2.2
!
!
snmp-server enable traps hsrp
snmp-server enable traps errdisable
!
!
banner motd ^*** BASE DLS2 Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
!
ntp source Vlan99
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R1
!BASE R1 Config
!
!
hostname R1
!
enable secret cisco
!
aaa new-model
!
!
!
!
!
!
no ip domain lookup
ip domain name tshoot.net
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
ip cef
ipv6 cef
!
!
!
!
ip telnet source-interface Loopback0
ip ssh source-interface Loopback0
!
!
interface Loopback0
ip address 10.1.201.1 255.255.255.255
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:CAFE:201::1/64
!
no ip address
shutdown
duplex auto
speed auto
!
description FE to DLS1
ip address 10.1.2.2 255.255.255.252
ip flow ingress
duplex full
speed 100
no shutdown
!
interface Serial0/0/0
description WAN link to R2: 2 Mbps leased line
ip address 10.1.1.1 255.255.255.252
ip flow ingress
encapsulation ppp
clock rate 2000000
no shutdown
!
description WAN link to R3 (not used)
no ip address
shutdown
!
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1

!
af-interface GigabitEthernet0/0
passive-interface
exit-af-interface
!
af-interface Loopback0
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 0.0.0.0
exit-address-family
!
!
topology base
exit-af-topology
exit-address-family
!
!
ip http server
ip http secure-server
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
!
logging source-interface Loopback0
!
!
snmp-server trap-source Loopback0
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps cpu threshold
!
!
banner motd ^*** BASE R1 Config ***^
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
!
ntp source Loopback0
ntp update-calendar
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R2
!BASE R2 Config
!
!
hostname R2
!
enable secret cisco
!
aaa new-model
!
!
!
!
!
!
no ip domain lookup
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
ip cef
ipv6 cef
!
!
!
!
!
interface Loopback0
ip address 10.1.202.1 255.255.255.255
!
interface Loopback1
ip address 2.2.2.2 255.0.0.0
ipv6 address 2001:DB8:EFAC::2/48

!
no ip address
shutdown
duplex auto
speed auto
!
description optional connection for PC-C w/ static address
no ip address
shutdown
duplex auto
speed auto
!
ip address 10.1.1.2 255.255.255.252
ip flow ingress
encapsulation ppp
no shutdown
!
ip address 10.1.1.6 255.255.255.252
ip flow ingress
encapsulation ppp
clock rate 2000000
no shutdown
!
!
router eigrp HQ
!
!
passive-interface
exit-af-interface
!
passive-interface
exit-af-interface
!
passive-interface
exit-af-interface
!
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 0.0.0.0
exit-address-family
!
!
topology base
exit-af-topology
exit-address-family
!
!
ip http server
ip flow-top-talkers
top 3
sort-by bytes
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
!
ntp master 3
!
!
archive
log config
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R3
!BASE R3 Config
!
!
hostname R3
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
!
!
no ip domain lookup
ip host R1 10.1.2.2 10.1.1.1 10.1.201.1
ip host R2 10.1.1.2 10.1.1.6 10.1.202.1
ip host R3 10.1.1.5 10.1.2.14 10.1.203.1
ip host DLS1 10.1.99.252 10.1.2.1
ip host DLS2 10.1.99.253 10.1.2.13
ip cef
ipv6 cef
!
!
!
!
!
interface Loopback0
ip address 10.1.203.1 255.255.255.255
!
!
no ip address
shutdown
duplex auto
speed auto
!
description FE to DLS2
ip address 10.1.2.14 255.255.255.252
ip flow ingress
duplex full
speed 100
no shutdown
!
description WAN link to R1 - (Not used)
no ip address
encapsulation ppp
shutdown
clock rate 2000000
!
ip address 10.1.1.5 255.255.255.252
ip flow ingress
encapsulation ppp
no shutdown
!
!
router eigrp HQ
!
!
passive-interface
exit-af-interface
!
passive-interface
exit-af-interface
!
topology base
exit-af-topology
network 0.0.0.0
exit-address-family
!
!
topology base
exit-af-topology
exit-address-family
!
!
ip http server
ip flow-top-talkers
top 3
sort-by bytes
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
!
ntp source Loopback0
ntp update-calendar
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
TCL Script for testing ping connectivity to all IPv4 addresses in baseline:
tclsh
foreach i {
10.1.100.1
10.1.100.252
10.1.100.253
10.1.100.254
10.1.99.251
10.1.99.252
10.1.99.253
10.1.99.254
10.1.110.1
10.1.110.251
10.1.110.252
10.1.110.253
10.1.110.254
10.1.120.1
10.1.120.251
10.1.120.252
10.1.120.253
10.1.120.254
10.1.200.251
10.1.200.252
10.1.200.253
10.1.200.254
10.1.2.1
10.1.2.2
10.1.1.1
10.1.1.2
10.1.2.13
10.1.2.14
10.1.1.5
10.1.1.6
10.1.201.1
10.1.202.1
10.1.203.1
2.2.2.2
} { puts [exec "ping $i"] }

tclquit
To use this script, paste it into User EXEC mode on any Cisco networking device.

CCNPv7.1 TSHOOT Lab3 1 Assembling Maintenance and Troubleshooting Tools Instructor

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

CCNPv7.1 TSHOOT Lab3 1 Assembling Maintenance and Troubleshooting Tools Instructor

Diunggah oleh

Hak Cipta:

Format Tersedia

CCNPv7 TSHOOT

Lab 3-1, Assembling Maintenance and Troubleshooting Tools

Physical topology for INSTRUCTOR version of lab

Task 1: Assign Responsibility for Each Device (optional)

Step 2: Assign responsibility for each device to a team member.

Device Description Responsible Team Member

Task 2: Load the Baseline Device Configuration Files

9 -rwx 916 Feb 28 1993 16:04:03 -08:00 vlan.dat

27998208 bytes total (16070656 bytes free)

9 -rwx 7979 Sep 22 2014 11:26:14 -07:00 BASE-ALS1-Cfg.txt

9 -rwx 7979 Sep 22 2014 11:26:14 -07:00 BASE-ALS1-Cfg.txt

ALS1# copy tftp://10.1.100.1/BASE-ALS1-Cfg.txt flash:/tshoot

This command displays the contents of the file a page at a time.

number of unicast mac addresses: 4K

Step 3: Delete the VLAN database from flash (switches only).

System configuration has been modified. Save? [yes/no]: no

--- System Configuration Dialog ---

Enable secret warning

Step 7: Copy the running config to the startup config.

Step 9: Configure the PCs.

Step 10: Test basic network connectivity between devices.

Task 3: Analyze and Document the Physical Lab Topology

Step 1: Review the physical topology diagram on page 1 of the lab.

Device ID Local Intrfce Holdtme Capability Platform Port ID

DLS1# show cdp neighbors

Device ID Local Intrfce Holdtme Capability Platform Port ID

Port Mode Encapsulation Status Native vlan

Port Vlans allowed on trunk

Port Vlans allowed and active in management domain

Port Vlans in spanning tree forwarding state and not pruned

ALS1# show etherchannel summary

M - not in use, minimum links not met

u - unsuitable for bundling

Number of channel-groups in use: 2

Group Port-channel Protocol Ports

Device Links Table

From Device Interface To Device Interface Layer 1 and 2 Features

ALS1 F0/1 DLS1 F0/1 EtherChannel Po1,

DLS1 F0/3 DLS2 F0/3 EtherChannel Po10,

DLS2 F0/5 R3 G0/1 100 Mb/s, DLS2 F0/5 is

R1 S0/0/0 R2 S0/0/0 WAN link, PPP

VLAN # Name Description VLAN Members

99 MANAGEMENT Management VLAN ALS1, DLS1, DLS2

Step 4: Analyze spanning tree for the Layer 2 switched domain.

Step 5: Diagram the spanning tree for VLAN 120.

VLAN 120 spanning tree for INSTRUCTOR version of lab

Output for VLAN 120 on all three switches is shown as an example:

ALS1# show spanning-tree vlan 120

Bridge ID Priority 32888 (priority 32768 sys-id-ext 120)

Interface Role Sts Cost Prio.Nbr Type

DLS1# show spanning-tree vlan 120

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24696 (priority 24576 sys-id-ext 120)

Interface Role Sts Cost Prio.Nbr Type

DLS2# show spanning-tree vlan 120

Bridge ID Priority 28792 (priority 28672 sys-id-ext 120)

Interface Role Sts Cost Prio.Nbr Type

Task 4: Analyze and Document the Logical Lab Topology

Logical Topology for STUDENT version of lab (IPv4)

Logical Topology for STUDENT version of lab (IPv6)

Description IPv4 Subnet IPv6 Prefix Devices

DLS1 – R1 10.1.2.0/30 2001:DB8:CAFE:20::/64 DLS1 and R1 GE link

Logical Topology for INSTRUCTOR version of lab (IPv4)

Logical Topology for INSTRUCTOR version of lab (IPv6)