0% found this document useful (0 votes)

603 views272 pages

300-135 TSHOOT Study Guide

This document provides an overview and study guide for the Cisco CCNP Troubleshoot exam (300-135). The exam tests skills in troubleshooting and maintaining Cisco IP networks. The study guide covers topics like network principles, layer 2 and 3 technologies, VPNs, security, and infrastructure services. It includes chapter summaries, lab exercises, and mind maps to help students prepare for the exam. The goal of the CCNP Troubleshoot certification is to validate skills in planning, performing maintenance on, and troubleshooting complex routed and switched networks.

Uploaded by

Luke Robertson

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

603 views272 pages

300-135 TSHOOT Study Guide

Uploaded by

Luke Robertson

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 272

CCNP Troubleshooting and Maintaining

Cisco IP Networks (TSHOOT v2.0)

Study Guide
Exam 300-135
Table of Contents

About this Workbook

Cisco Certifications
About the CCNP Troubleshoot Exam
How to become CCNP?
Chapter 1: Network Principles
Troubleshooting and Maintenance Toolkit
Network Documentation Tools
Basic Troubleshooting Tools
Redirect Debugging
Conditionally triggered debugging
Cisco IOS Troubleshooting Tools
Ping
Extended Ping
Traceroute
Extended Traceroute
Mind Map
Troubleshooting Methodologies
Mind Map
Chapter 2: Layer 2 Technologies
Troubleshooting Switch Administration
SDM Template
Mind Map
MAC Address Table
Mind Map
Error Disabled Recovery
Troubleshooting Layer 2 Protocols
Cisco Discovery Protocol (CDP)
Link Layer Discovery Protocol (LLDP)
Unidirectional Link Detection Protocol (UDLD)
Troubleshooting VLANs
Access Ports:
Trunk Ports:
VLAN Database Mode
Voice VLAN

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting Trunking
VTP Version 1
VTP Version 2
VTP Version 3
VTP Pruning
802.1Q Encapsulation
Manual Pruning
Troubleshooting Ether Channel
Compatibility of PAgP
Compatibility of LACP
Compatibility of Manual Setting
Lab 2-1 : Layer 2 Ether Channel
Lab 2-2 : Layer 3 Ether Channel
Troubleshooting Spanning Tree Protocol
Lab 2-3 : Troubleshooting Spanning Tree Protocol
Lab 2-5 :Multiple Spanning Tree (MST)
Chapter 3: Layer 3 Technologies
Troubleshooting IPv4 addressing and Sub netting
Lab 3-1 : Troubleshooting DHCP IPv4 relay Agent
Lab 3-2 : Troubleshooting DHCP IPv6 relay Agent
Lab 3-3 : Troubleshooting Static Route, Default Route and
Administrative Distance
Lab 3-4 : Troubleshooting Passive Interfaces
Lab 3-5 : Troubleshooting VRF lite
Lab 3-6 : Troubleshooting Filtering
Lab 3-7 : Troubleshooting Route Redistribution
Lab 3-8 : Troubleshooting Route Summarization
Lab 3-9 : Troubleshooting Policy Based Routing
Lab 3-10 : Troubleshooting Sub Optimal Routing
Lab 3-11 : Troubleshooting EIGRP Neighbour Relationship and
Authentication:
Lab 3-12 : Troubleshooting EIGRP Equal Cost Load Balancing, Unequal
Cost load balancing, FD, Successor and Feasible Successor:
Troubleshooting EIGRP Stuck in Active (SIA)
Stuck In Active (SIA)
EIGRP Stub Options
Lab 3-13 : Troubleshooting EIGRP Stub
Lab 3-14 : Troubleshooting EIGRP for IPv6
Lab 3-15 : Troubleshooting OSPF
Some Common Mistakes with OSPF
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Lab 3-16 : Troubleshooting OSPFv3
Troubleshooting BGP IPv4 Authentication
Lab 3-17 : Troubleshooting iBGP & eBGP parameters
Chapter 4: VPN Technologies
Parameters in troubleshooting GRE
Lab 4-1 : Troubleshooting GRE Tunnel:
Chapter 5: Infrastructure Security
Lab 5-1 : Troubleshoot AAA using Local Database and Device Access
Control
Troubleshoot Router Security Features
Lab 5-2 : Troubleshooting IPv4 Access Control Lists
Lab 5-3 : IPv6 Traffic Filter
Lab 5-4 : Troubleshoot Unicast Reverse Path Forwarding
Chapter 6: Infrastructure Services
Lab 6-1 : Troubleshoot SNMP v3 Logging and NTP
Lab 6-2 : Troubleshooting NTP v4
Troubleshooting Network Address Translation
Lab 6-3 : Static Network Address Translation:
Lab 6-4 : Dynamic Network Address Translation:
Lab 6-5 : Port Address Translation:
Troubleshooting IP SLA Architecture
IP SLAs Operation Types
Lab 6-6 : Troubleshooting Tracking Objects
References

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
About this Workbook

This workbook covers all the information you need to pass the Cisco CCNP
Routing and Switching, Route300-101 exam. The workbook is design to take
a practical approach of learning with real life examples and case studies.

Ø Covers complete Route 300-101 blueprint

Ø Summarized content
Ø Case Study based approach
Ø Ready to practice labs on IPS Virtual Racks
Ø Pass guarantee
Ø Mind maps

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Cisco Certifications
Cisco Systems, Inc. specializes in networking and communications products
and services. A leader in global technology, the company is best known for
its business routing and switching products that direct data, voice, and video
traffic across networks worldwide.

Cisco also offers one of the most comprehensive vendor-specific certification

programs in the world, the Cisco Career Certification program. The program
has six (6) levels, which begins at the Entry level and then advances to
Associate, Professional, and Expert levels. For some certifications, the
program closes at the Architect level.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
How does Cisco certifications help?

Cisco certifications are a de facto standard in networking industry, which

helps you boost your career in the following ways:

1. Gets your foot in the door by launching your IT career

2. Boosts your confidence level
3. Proves knowledge which helps improve employment opportunities

As for companies, Cisco certifications is a way to:

1. Screen job applicants

2. Validate the technical skills of the candidate
3. Ensure quality, competency, and relevancy
4. Improve organization credibility and customers loyalty
5. Meet the requirement in maintaining organization partnership level
with OEMs
6. Helps in Job retention and promotion

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Cisco Certification Tracks

Figure 2. Cisco Certifications Track

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
About the CCNP Troubleshoot Exam
Ø Exam Number: 300-135 CCNP Troubleshoot and Maintaining
Cisco IP Networks
Ø Associated Certifications: CCNP Routing and Switching
Ø Duration: 120 minutes (15-25 questions)
Ø Exam Registration: Pearson VUE
Ø Exam Informtion: http://www.cisco.com/c/en/us/training-
events/training-certifications/exams/current-list/tshoot2.html

CCNP Troubleshoot and Maintaining Cisco IP Networks(300-135) is a 120-

minute qualifying exam with 15 ‒ 25 questions for the Cisco CCNP
certifications. The CCNP Troubleshoot and Maintaining Cisco IP Networks
300-101 exam certifies the troubleshooting knowledge and skills of
successful candidates in maintaining IP Networks in implementing scalable
and highly secure Cisco routers that are connected to LANs, WANs, and
IPv6. This Exam Certifies that successful candidate has knowledge and skills
of
Planning and Performing regular maintenance of complex routed and
Switched network
Technology based Practice
Systematic ITIL-compliant Approach

The following topics are general guidelines for the content likely to be
included on the exam

Ø Network Principles 5%
Ø Layer 2 Technologies 40%
Ø Layer 3 Technologies 40%
Ø VPN Technologies 5%
Ø Infrastructure Security 5%
Ø Infrastructure Services 5%

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
About this Workbook

Ø Covers complete Route 300-101 blueprint

Ø Summarized content
Ø Case Study based approach
Ø Ready to practice labs on IPS Virtual Racks
Ø Pass guarantee
Ø Mind maps

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
How to become CCNP?
Step 1: Pre-requisites
Valid Cisco CCNA Routing and Switching certification or any
Cisco CCIE certification can act as a prerequisite.

Step 2: Prepare for the CCNP TSHOOT Exam

Exam preparation can be accomplished through self-study with textbooks,
practice exams, and on-site classroom programs. This workbook provides
you all the information and knowledge to help you pass the CCNP TSHOOT
Exam. Your study will be divided into two distinct parts:

Ø Understanding the technologies as per exam blueprint

Ø Implementing and practicing the technologies on Cisco hardware

IPSpecialist provides full support to the candidates in order for them to pass
the exam.

Step 3: Register for the exam

Certification exams are offered at locations throughout the world. To register
for an exam, contact the authorized test delivery partner of Cisco, contact
Pearson VUE, who will administer the exam in a secure, proctored
environment.

Prior to registration, decide which exam to take, note the exam name and
number. For complete exam details, refer to the “Current Exam List” from
the Cisco website.

Other important details to note are the following:

1. Your personal information prior to exam registration

1. Legal name (from government issued ID)
2. Cisco Certification ID (i.e. CSCO00000001) or Test ID number
3. Company name
4. Valid email address
5. Method of payment

Exam-Labs - 100% Real IT Certification Exam Dumps

CCNP Troubleshoot and Maintaining Cisco IP Networks(300-135) is a 120-

The following topics are general guidelines for the content likely to be
included on the exam

Ø Network Principles 5%
Ø Layer 2 Technologies 40%
Ø Layer 3 Technologies 40%
Ø VPN Technologies 5%
Ø Infrastructure Security 5%
Ø Infrastructure Services 5%

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Chapter 1: Network Principles

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting and Maintenance Toolkit
Troubleshooting and maintenance of a network perform together. Both of
them are linked with each other. The tools for troubleshooting and
maintenance are similar. In this chapter, we will begin with an introduction to
Troubleshooting and Network Maintenance and will move to the steps to a
managed troubleshooting process by using tools that will help in
understanding, identifying the problem, and fixing the issues.

Problem Identification: By monitoring network devices with tools on

a regular basis, you might be informed about issues before the Client is
impacted and report about the issue.

Collection of information: Collection of information when an issue

detected or informed by user or by management as well as during
scheduled maintenance. While troubleshooting an issue can be made
more efficient and easy by using special tools of maintenance and
troubleshooting. Here, the network engineer is gathering more
information that will help him understand the issue.

Examination of collected information: After collection of

information, the Network Engineer investigates the collected
information. By comparing the normal response of the network against
the collected response. Network maintenance tools can be used to
collect data on a current basis so that it is available and up to date when
needed.

Verification of hypothesis: Troubleshooting tools help a trouble-

shooter fix the issue; we can also roll back to previous configuration if
the issue is unresolved.

Network Documentation Tools

Without documentation, issues and errors found by the trouble-shooter mean
nothing. It is necessary to document and understand these issues properly.
Two of the popular documentation tools are:
Trouble Ticket Reporting System
Wiki

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Basic Troubleshooting Tools
GUI Tools
As Cisco has CLI tools, it also offers number of GUI tools as well. In the
case of the CCNP Routing and Switching troubleshoot; you will focus on the
CLI. Therefore, this section covers just a brief discussion of GUI tools. Cisco
Configuration Professional (CCP) is a GUI based tool for configure and
troubleshoot Integrated Services Routers (ISRs).

Figure 3. Cisco Configuration Professional GUI

CLI Tools
Cisco IOS offers Command Line Interface CLI, which provides help in
troubleshooting network issues. Some examples of the commands used in
CLI are:
Show
Debugging

Show
The command "show" is very popular and helpful for the network

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
administrator. It displays the information, configuration, routes, and much
more that is running on a network device.

Figure 4. “Show” command

Debugging
Debug command in a CLI mode shows real time information of the processes
of the network device. Issue the debug command in privilege Execution

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
mode.

Figure 5. “Debug” command

To enable, disable and show debugging process

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router#
Router# show debugging
Router#
Router# debug ntp packets

NTP packets debugging is on

Router#
Router# show debugging

NTP packets debugging is on

Router#
Router# no debug ntp packets

NTP packets debugging is off

Router#

Redirect Debugging
In order to redirect the output the results of debugging, logging command is
used in configuration mode. This redirection of debugging can be destined to
console lines, VTY lines, internal buffer, or any syslog server. Logging to the
console lines has huge overhead on the network device while VTY line
consumes lesser overheads than Console. For even lesser overhead, use
Syslog server and for least overheads internal buffer are used.

Router(config)# logging ?
A.B.C.D IP address of the logging host
buffered Set buffered logging parameters
console Set console logging parameters
host Set syslog server IP address and parameters
on Enable logging to all enabled destinations
trap Set syslog server logging level
userinfo Enable logging of user info on privileged mode enabling
Router(config)#
Router#
// Logging console enable logging on Console

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
// Logging buffered enable logging on internal buffers
// Logging IP address enable logging on syslog server
// Logging trap limits the output

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Chapter 1: Network Principles

Exam-Labs - 100% Real IT Certification Exam Dumps

Problem Identification: By monitoring network devices with tools on

a regular basis, you might be informed about issues before the Client is
impacted and report about the issue.

Collection of information: Collection of information when an issue

Examination of collected information: After collection of

Verification of hypothesis: Troubleshooting tools help a trouble-

shooter fix the issue; we can also roll back to previous configuration if
the issue is unresolved.

Network Documentation Tools

Exam-Labs - 100% Real IT Certification Exam Dumps

Figure 3. Cisco Configuration Professional GUI

CLI Tools
Cisco IOS offers Command Line Interface CLI, which provides help in
troubleshooting network issues. Some examples of the commands used in
CLI are:
Show
Debugging

Show
The command "show" is very popular and helpful for the network

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Multiple Condition Debugging

For single Condition:

For Multiple Condition:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router#
Router# show debugging
Router#
Router# debug ntp packets

NTP packets debugging is on

Router#
Router# show debugging

NTP packets debugging is on

Router#
Router# no debug ntp packets

NTP packets debugging is off

Router#

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
// Logging buffered enable logging on internal buffers
// Logging IP address enable logging on syslog server
// Logging trap limits the output

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Consider a path using Non Standard MTU (Maximum Transfer Unit)
between source and destination. If a ping is sent with, do not fragment bit to a
destination address with 1500 bytes of size. The echo reply message will
response "M" which indicates that the requirement of fragmentation drops the
packet because of don’t fragment bit.

Traceroute
Traceroute command is also a very useful and important command while
troubleshooting the network. Upon a successful completion of traceroute
command, it means that up to layer 3 is in function as the ping command
indicates. Difference from ping is, Traceroute command also results the track
of path covered to reach the destination along with the timestamp. When
traceroute command is executed, Sequence of UDP (User Datagram Protocol)
with incrementing TTL (Time to Live) value is send. First 3 datagram is sent
with TTL value of 1, so it expires when hit first router. Router reply back
with ICMP time exceeded message. Now, Another 3 UDP packets are sent
with TTL of 2. This process continues till reaches the destination.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
The types of conditionally-triggered debugging are:

Protocol Specific Debugging

Conditional Debugging

For one Interface:

For multiple Interface:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Figure 7. Extended traceroute

Mind Map

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Cisco IOS Troubleshooting Tools
When an issue is reported, initial steps that should be taken to check,
examine, and identify the level of problem are to use Cisco IOS tools for
troubleshooting. These tools help a lot to identify the faults. These tools are:
Ping
Telnet
Traceroute

Ping
Ping command is used for identification of Network Connectivity. If ping is
successful, it means that Physical, Data-Link and Network layer are in
function so you can focus on upper layers such as transport, session
presentation, and Application layers. Vice versa, an unsuccessful ping
indicates the need of troubleshoot of Layer 1, Layer 2 and Layer 3. Ping
command uses ICMP (Internet Control Message Protocol) echo message to
the destination address and the destination reply back. For every reply of
ICMP echo packet, an exclamation mark appears at output as shown in the
next figure.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Mind Map

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Chapter 2: Layer 2 Technologies

Troubleshooting Switch Administration

Troubleshooting the switch can be tricky because there may or may not be an
involvement of switch in network performance degradation. If slower speed
of network is reported, there may be heavy traffic on the network or switch
may be involved in it dropping the packets. If we consider the basic
troubleshooting of a switch there may be two errors:
Port Error
Duplex Error

Port Error
In order to troubleshoot, the switch starts with layer 1. Check the cabling and
connectivity first. By observing the statistics of port, number of packets sent
and received, as well as dropped, can be measured which helps to
troubleshoot the issue. Dropping of packet may be due to congestion in the
network or Bad Cabling. Auto MDIX (Medium Dependant Interface
Crossover) enables the switch to auto detect the cable type. Straight through
and Crossover both cables can be used for like and unlike devices if Auto-
MDIX feature is enabled on switch.

Duplex Error
If a switch connected to a device configured with half duplex, then switch is
configured with full duplex on an interface. The interface will face duplex
mismatch and packet are dropped due to collusion. Cisco Switch can be
configured as auto negotiation for both speed and Duplex settings to
negotiate with respect to the device it is connected with.

SDM Template
SDM is Switching Database Manager. It is used to manage the switching
information of Layer 2 up to Layer 3. For this, Ternary Content Addressable
Memory or TCAM is used. Basic purpose of TCAM is forwarding Lookups.
As far as SDM Templates are concerned, there are four templates:

Routing Template
Routing Template is used for allocation of resources to the routing

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Extended Traceroute
Extended traceroute command is also used to check the path packets from
source to the destination, for examination of routing while troubleshooting
routing loops or to determine where packets are dropped by Access Control
List ACL or by Firewalls.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Figure 7. Extended traceroute

Mind Map

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Troubleshooting Methodologies
When an issue is reported or alerted by the trouble ticket, the process of
troubleshooting starts until the diagnosis and resolution of the problem.
Troubleshooting may also include monitoring and detection of a problem
before it is reported and created an impact on the network.

If an issue or a problem is report or detected, the initial step that should be

taken to solve the problem is to gather related information and facts. This
information collection will help to define and understand the problem in a
better way. When a trouble-shooter deeply understands the problem, he can
suggest an action plan in an even better way. The steps of troubleshooting an
issue are as follows:

1. Diagnose a Root Cause of Issue

Analyse Symptoms
Diagnose Root Cause
2. Implement a valid solution
Design a Valid Solution
Implement the Solution
3. Verify and Monitor Resolution

Figure 8. Steps in troubleshooting an issue

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Mind Map

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Chapter 2: Layer 2 Technologies

Troubleshooting Switch Administration

Routing Template
Routing Template is used for allocation of resources to the routing

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting Layer 2 Protocols
Cisco Discovery Protocol (CDP)
Cisco Discovery Protocol is a layer 2 protocol for all cisco devices and for all
network management applications to discover the cisco devices at the
neighbour. This CDP protocol is enabled by default.

To enable:
Switch(config)# cdp run
Switch(config)# end

To disable:
Switch(config)#no cdp run
Switch(config)# end

Monitoring and Maintaining CDP

clear cdp counters

// Clear the CDP Counters
clear cdp table
// Clear CDP Tables
show cdp
// Show Global Informaiton
show cdp traffic
// Show CDP traffic

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
show cdp neighbors [ interface-id ] [ detail ]
// Information about neighbour, device type, holdtime etc
show cdp interface [ interface-id ]
// Show CDP info related to interface
show cdp entry entry-name [ protocol | version ]
// Information about specific Neighbour

Link Layer Discovery Protocol (LLDP)

As the Cisco devices are allowed to share information at layer 2 using CDP
protocol, IEEE developed a protocol 802.1AB for the support of Non Cisco
devices, which also run over layer 2.

Configuring LLDP

Switch>en
Switch#config t
Switch(config)#lldp run
//Enable LLDP Globally
Switch(config)#int eth 0/0
Switch(config-if)#lldp transmit
// Send LLDP Packets
Switch(config-if)#lldp receive
// Receive LLDP Packets
Switch(config-if)#ex

Characteristics of LLDP

Hold time
Time in seconds, device hold the LLDP packets before discarding ranging
from 0 to 65535 seconds with default value of 120 seconds
Command:
Switch(config)#lldp holdtime 150

Reinit
Time delay in second to initial LLDP on an interface ranging from 2 to 5
secs. 2 seconds is default

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Command:
Switch(config)#lldp reinit 5

Timer
Time in second to send LLDP updates. Range of the timer is from 5 seconds
to 65534 seconds, default value is 30 seconds.
Command:
Switch(config)#lldp timer 120

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Unidirectional Link Detection Protocol (UDLD)
UDLD is Unidirectional Link Detection (UDLD) protocol that is used for
monitoring physical configuration of the devices connected by fiber optics or
Ethernet cables. It is also used to detect unidirectional links existence.
Devices must support this protocol in order to identify and disable the
unidirectional links successfully. UDLD is disabled by default. ATM ports do
not support this feature. For UDLD detection, it is necessary that port at both
ends is capable of UDLD feature as well as the same mode is configured on
the both ends.
UDLD- Enable Mode (default)
UDLD- Aggressive Mode

Configure UDLD Enable mode:

Switch(config)#udld enable
// Enable UDLD enable mode globally
Switch(config)#int eth 0/0

Switch(config-if)#udld port
// Enable UDLD enable mode on interface

Configure UDLD aggressive mode:

Switch(config)#udld aggressive
// Enable UDLD Aggressive mode globally
Switch(config)#int eth 0/0

Switch(config-if)#udld port aggressive

// Enable UDLD Aggressive mode on interface

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting VLANs
For troubleshooting VLANs, keep in mind that all the ports of switch are
assigned to VLAN 1 by default. If there are VLANs created in a switched
network, make sure that interfaces are correctly assigned with their respective
VLANs. While creating or modifying a VLAN, make sure that VLAN ID
you are using is not reserved.

Access Ports:
By default Switch, ports are assigned to Dynamic Auto. These switch ports
can be changed to Access and Trunk ports as well.

Commands
Switch(config)#int fa 0/1
Switch(config-if)#switchport mode ?

access Set trunking mode to ACCESS unconditionally

dynamic Set trunking mode to dynamically negotiate access or trunk mode
trunk Set trunking mode to TRUNK unconditionally

Switch(config-if)#switchport mode access

Switch(config-if)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Verification:
Switch#show int fa 0/1 switchport

Trunk Ports:

Switch(config)#int fa 0/2
Switch(config-if)#switchport mode trunk
Switch(config-if)#ex

Verification:
Switch#show int fa 0/2 switchport

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
For troubleshooting the interfaces assigned to VLANs, issue the command
Show VLAN in privilege EXEC mode.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
For troubleshooting the interfaces assigned to a specific VLAN, issue the
command Show VLAN id {VLAN id} in privilege EXEC mode.

Command
Switch#show VLAN id 1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Default Settings of Switch port
Default configuration of a switch port is set to dynamic auto. It should be
set according to requirement.

Command
Switch#show int fa 0/3 switchport

Exam-Labs - 100% Real IT Certification Exam Dumps

Configure UDLD Enable mode:

Switch(config)#udld enable
// Enable UDLD enable mode globally
Switch(config)#int eth 0/0

Switch(config-if)#udld port
// Enable UDLD enable mode on interface

Configure UDLD aggressive mode:

Switch(config)#udld aggressive
// Enable UDLD Aggressive mode globally
Switch(config)#int eth 0/0

Switch(config-if)#udld port aggressive

// Enable UDLD Aggressive mode on interface

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
VLAN Database Mode
VLANs can be configured by either running configuration mode or by using
VLAN database mode. VLAN in running configuration mode stores its
VLAN configuration in running configuration and removed if not copied in
start-up configuration. In database configuration mode, VLAN parameters are
saved in VLAN.dat file rather than saved in running or start-up configuration.
As we know, user-configurable VLAN ID ranging from 1 to 4094. Database
Mode support VLAN ID ranging from 1 to 1001. Database Mode does not
support extended ID rang from 1006 to 4094. Make sure that VLAN database
mode is an older method for configuring VLANs and it is deprecated, but
kept for backward compatibility.
Configuration:
Normal VLAN Configuration
Switch#config t
Switch(config)#VLAN 10
Switch(config-VLAN)#ex

VLAN Database Configuration

Switch#VLAN database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.

Switch(VLAN)#VLAN ?
<1-1005> ISL VLAN index

Switch(VLAN)#VLAN 10
VLAN 10 modified:

Switch(VLAN)#ex
APPLY completed.
Exiting....

Verification:
Switch#show VLAN 10

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
For troubleshooting the interfaces assigned to VLANs, issue the command
Show VLAN in privilege EXEC mode.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
For troubleshooting the interfaces assigned to a specific VLAN, issue the
command Show VLAN id {VLAN id} in privilege EXEC mode.

Command
Switch#show VLAN id 1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Default Settings of Switch port
Default configuration of a switch port is set to dynamic auto. It should be
set according to requirement.

Command
Switch#show int fa 0/3 switchport

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
VTP pruning ranges only to VLANs 1 to 1005, and VLANs 1002 to 1005 are
reserved and cannot be modified. VTP pruning increases network bandwidth
availability by restricting or blocking the flooded traffic over the trunk links
that the traffic must use to reach the destination devices. Without VTP
pruning, a switch floods unknown unicast, broadcast, and multicast traffic
across all trunks within a VTP domain even though receiving switches might
discard them. VTP pruning is disabled by default.

VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that
are included in the pruning-eligible list. Only VLANs included in the
pruning-eligible list can be pruned. By default, VLANs 2 through 1001 is
pruning eligible switch trunk ports. If the VLANs are configured as pruning-
ineligible, the flooding continues. VTP pruning is supported in all VTP
versions.

802.1Q Encapsulation

Dot 1Q Trunking
DOt1Q is actually the IEEE standard 802.1Q that is used for trunking
encapsulation. In a switched network, Dot1Q encapsulation on a trunk port
allows the tagged frames of multiple VLANs to be transported.
Supporting Modes of Trunk
Dynamic Auto
Dynamic Desirable
Trunk
No negotiate

Dot 1Q Tunnelling
802.1Q is also used for tunneling by service providers to provide clients with
layer 2 VPN connectivity. Customers can continue to use their own VLAN
ID configurations while the Internet service provider maintains those tagging.

The Service Provider configures their customer-facing interface as 802.1Q

tunnel. As the frame arrives as the Service Provider’s port, it encapsulates it
with another VLAN tag (the VLAN assigned to the customer). It is also
called QinQ.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Manual Pruning
By default, VLANs ranging from 2-1001 are added in pruning list.

SW1(config)#interface Ethernet 0/0

SW1(config-if)#switchport trunk pruning VLAN remove 20,25,30,35
SW1(config-if)#end

To verify Manual Pruning, issue the command show int eth 0/0 switchport

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Troubleshooting Ether Channel
When we use Ether Channel Feature to create a virtual link consist of
Multiple Physical links, there are many things to keep them in mind to
prevent error in configuration. For example Port configuration mismatching
or Ether Channel parameters mismatching.

Port Configuration Error

All the ports participating in the Ether Channel link must be configured with
the same parameters. Same Speed, Same Duplex settings, Trunk mode,
allowed VLANs as well as Native VLANs.

Ether Channel Configuration Error

Ports Participating in Ether channel should be configured with same
protocols, same mode of those protocols.

Modes of Ether Channel

PAgP (Port Aggregation Protocol)
LACP (Link Aggregation Control Protocol)
On (Manual)

Compatibility of PAgP

Compatibility of LACP

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Compatibility of Manual Setting

Note: These features are not compatible with each other

Lab 2-1 : Layer 2 Ether Channel

Configuration:
SW1(config)#interface range Ethernet 0/0 - 1
SW1(config-if-range)#channel-group 1 mode on
SW1(config-if-range)#exit
SW1(config)#exit

SW2(config)#interface range gigabitEthernet 0/0 - 1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
SW2(config-if-range)#channel-group 1 mode on
SW2(config-if-range)#exit
SW2(config)#exit

Verification

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Manual Pruning
By default, VLANs ranging from 2-1001 are added in pruning list.

SW1(config)#interface Ethernet 0/0

SW1(config-if)#switchport trunk pruning VLAN remove 20,25,30,35
SW1(config-if)#end

To verify Manual Pruning, issue the command show int eth 0/0 switchport

Exam-Labs - 100% Real IT Certification Exam Dumps

Port Configuration Error

All the ports participating in the Ether Channel link must be configured with
the same parameters. Same Speed, Same Duplex settings, Trunk mode,
allowed VLANs as well as Native VLANs.

Ether Channel Configuration Error

Ports Participating in Ether channel should be configured with same
protocols, same mode of those protocols.

Modes of Ether Channel

PAgP (Port Aggregation Protocol)
LACP (Link Aggregation Control Protocol)
On (Manual)

Compatibility of PAgP

Compatibility of LACP

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Compatibility of Manual Setting

Note: These features are not compatible with each other

Lab 2-1 : Layer 2 Ether Channel

Configuration:
SW1(config)#interface range Ethernet 0/0 - 1
SW1(config-if-range)#channel-group 1 mode on
SW1(config-if-range)#exit
SW1(config)#exit

SW2(config)#interface range gigabitEthernet 0/0 - 1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Priority of Switch 1
Address 000C.CF01.567D Switch 1 MAC address
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Root FWD 19 128.2 P2p This Port is Root Port
Fa0/1 Altn BLK 19 128.1 P2p This Port is blocked Port

Switch1#

Switch 3
Switch3#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.63DD.5992
This bridge is the root Root Bridge
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0001.63DD.5992
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p All Ports are
Designated
Fa0/2 Desg FWD 19 128.2 P2p

Switch3#
Switch3#

Case Study:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
SW2(config-if-range)#channel-group 1 mode on
SW2(config-if-range)#exit
SW2(config)#exit

Verification

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 2-2 : Layer 3 Ether Channel

Configuration:

Router 1

Router(config)#int port-channel 1
*Mar 1 00:00:43.367: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,
changed state to down.0.1
Router(config-if)#ip add 10.0.0.1 255.255.255.0
Router(config-if)#no sh
Router(config-if)#ex

Router(config)#int range fa 0/0 - 1

Router(config-if)#channel-group 1
%Interface MTU set to channel-group MTU 1500.
Router(config-if)#no sh
FastEthernet0/0 added as member-1 to port-channel1
*Mar 1 00:01:42.399: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:01:43.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
*Mar 1 00:01:45.367: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,
changed state to up
%Interface MTU set to channel-group MTU 1500.
FastEthernet0/1 added as member-2 to port-channel1
*Mar 1 00:02:14.411: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:02:15.411: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to up
Router(config-if)#ex
Router(config)#ip cef

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router 2
Router(config)#int port-channel 1
*Mar 1 00:01:31.659: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,
changed state to down
Router(config-if)#ip add 10.0.0.2 255.255.255.0
Router(config-if)#no sh
Router(config-if)#ex

Router(config)#int range fa 0/0 - 1

Router(config-if)#channel-group 1
%Interface MTU set to channel-group MTU 1500.
Router(config-if)#no sh
FastEthernet0/0 added as member-1 to port-channel1
*Mar 1 00:02:14.847: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:02:15.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
*Mar 1 00:02:17.859: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1,
changed state to up
FastEthernet0/1 added as member-2 to port-channel1
*Mar 1 00:02:34.483: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:02:35.483: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to up
Router(config-if)#ex
Router(config)#ip cef
Verification:
Router# show ip int brief

Router# show int port-channel 1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Number of transitions to forwarding state: 1
Link type is point-to-point by default

Port 3 (FastEthernet0/3) of VLAN0010 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.3
Designated root has priority 128, address 00E0.B0D2.B601
Designated bridge has priority 32778, address 000A.F3C0.C586
Designated port id is 128.3, designated path cost 19
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

VLAN0020 is executing the ieee compatible Spanning Tree Protocol

Bridge Identifier has priority of 32768, sysid 20, 00D0.586D.ABBE
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32788
Root port is 1 (FastEthernet0/1), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 1 (FastEthernet0/1) of VLAN0020 is root forwarding

Port path cost 19, Port priority 128, Port Identifier 128.1
Designated root has priority 128, address 00E0.B0D2.B601
Designated bridge has priority 32788, address 000A.F3C0.C586
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

Port 3 (FastEthernet0/3) of VLAN0020 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.3
Designated root has priority 128, address 00E0.B0D2.B601
Designated bridge has priority 32788, address 000A.F3C0.C586
Designated port id is 128.3, designated path cost 19
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

VLAN0030 is executing the ieee compatible Spanning Tree Protocol

Bridge Identifier has priority of 32768, sysid 30, 00D0.586D.ABBE
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32798
Root port is 1 (FastEthernet0/1), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 1 (FastEthernet0/1) of VLAN0030 is root forwarding

Port path cost 19, Port priority 128, Port Identifier 128.1
Designated root has priority 128, address 00E0.B0D2.B601
Designated bridge has priority 32798, address 000A.F3C0.C586
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

Port 3 (FastEthernet0/3) of VLAN0030 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.3
Designated root has priority 128, address 00E0.B0D2.B601
Designated bridge has priority 32798, address 000A.F3C0.C586
Designated port id is 128.3, designated path cost 19
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Switch#

//After examination of the results, it is found that Priorities are not set, by taking default calculations;
Switch with Lowest MAC wins the Election for every VLAN. Hence Load is on Bridge Switch

Solution:

Switch A:
SwitchA(config)#spanning-tree VLAN 10 priority 0
SwitchA(config)#ex
// Making Switch A Bridge for VLAN 10.
Switch B:
SwitchB(config)#spanning-tree VLAN 20 priority 0
SwitchB(config)#ex
// Making Switch B Bridge for VLAN 20.
Switch C:
SwitchC(config)#spanning-tree VLAN 30 priority 0
SwitchC(config)#ex
// Making Switch C Bridge for VLAN 30.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting Spanning Tree Protocol

Troubleshooting Spanning Tree with Default configuration

Spanning Tree Protocol is enabled by default in cisco Layer 2 device to
prevent loops. Switch with lowest value of Priority wins the election process.
With default configurations on the device, all devices will have same priority
hence, the lowest MAC address will win the election. To verify the Root
Bridge, issue the command show spanning-tree.

Lab 2-3 : Troubleshooting Spanning Tree Protocol

Switch 1

Switch1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769 Priority of Root Bridge
Address 0001.63DD.5992 Indicates MAC address of Root Bridge
Cost 38 Cost to Root Bridge
Port 2(FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Port 3 (FastEthernet0/3) of VLAN0010 is alternate blocking
Port path cost 19, Port priority 128, Port Identifier 128.3
Designated root has priority 128, address 0050.0FB0.0902
Designated bridge has priority 10, address 000A.F3C0.C586
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

VLAN0020 is executing the ieee compatible Spanning Tree Protocol

Bridge Identifier has priority of 32768, sysid 20, 00D0.FFE1.A173
Configured hello time 2, max age 20, forward delay 15
Current root has priority 20
Root port is 3 (FastEthernet0/3), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 2 (FastEthernet0/2) of VLAN0020 is alternate blocking

Port path cost 19, Port priority 128, Port Identifier 128.2
Designated root has priority 128, address 0050.0FB0.0903
Designated bridge has priority 20, address 00D0.586D.ABBE
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

Port 3 (FastEthernet0/3) of VLAN0020 is root forwarding

Port path cost 19, Port priority 128, Port Identifier 128.3
Designated root has priority 128, address 0050.0FB0.0903
Designated bridge has priority 20, address 00D0.586D.ABBE
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

VLAN0030 is executing the ieee compatible Spanning Tree Protocol

Bridge Identifier has priority of 0, sysid 30, 00D0.FFE1.A173
Configured hello time 2, max age 20, forward delay 15
Current root has priority 30
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 2 (FastEthernet0/2) of VLAN0030 is designated forwarding

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Port path cost 19, Port priority 128, Port Identifier 128.2
Designated bridge has priority 30, address 00D0.FFE1.A173
Designated port id is 128.2, designated path cost 19
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

Port 3 (FastEthernet0/3) of VLAN0030 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.3
Designated bridge has priority 30, address 00D0.FFE1.A173
Designated port id is 128.3, designated path cost 19
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Switch#

Case Study:

An Issue is reported that two switches are not participating in Spanning tree
Election. No information are exchanging between them.

Troubleshooting
Switch1#Show spanning-tree

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Switch2#Show spanning-tree

Switch#show spanning-tree interface eth 0/0 detail

Port 1 (Ethernet0/0) of VLAN0001 is broken (Root Inconsistent)
Port path cost 100, Port priority 128, Port Identifier 128.1.
Designated root has priority 32769, address aabb.cc00.2100
Designated bridge has priority 32769, address aabb.cc00.2100
Designated port id is 128.1, designated path cost 0
Timers: message age 1, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is shared by default

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
//Issue the command on any switch

SwitchA#show spanning-tree detail

VLAN0001 is executing the ieee compatible Spanning Tree Protocol

Bridge Identifier has priority of 32768, sysid 1, 00D0.586D.ABBE
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32769
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 1 (FastEthernet0/1) of VLAN0001 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.1
Designated bridge has priority 32769, address 00D0.586D.ABBE
Designated port id is 128.1, designated path cost 19
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

Port 3 (FastEthernet0/3) of VLAN0001 is designated forwarding

Port path cost 19, Port priority 128, Port Identifier 128.3
Designated bridge has priority 32769, address 00D0.586D.ABBE
Designated port id is 128.3, designated path cost 19
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default

VLAN0010 is executing the ieee compatible Spanning Tree Protocol

Bridge Identifier has priority of 32768, sysid 10, 00D0.586D.ABBE
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32778
Root port is 1 (FastEthernet0/1), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 1 (FastEthernet0/1) of VLAN0010 is root forwarding

Port path cost 19, Port priority 128, Port Identifier 128.1
Designated root has priority 128, address 00E0.B0D2.B601
Designated bridge has priority 32778, address 000A.F3C0.C586
Timers: message age 16, forward delay 0, hold 0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Number of transitions to forwarding state: 1
Link type is point-to-point by default

Port 3 (FastEthernet0/3) of VLAN0010 is designated forwarding

VLAN0020 is executing the ieee compatible Spanning Tree Protocol

Port 1 (FastEthernet0/1) of VLAN0020 is root forwarding

Port 3 (FastEthernet0/3) of VLAN0020 is designated forwarding

VLAN0030 is executing the ieee compatible Spanning Tree Protocol

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 2-5 :Multiple Spanning Tree (MST)
Issue is reported that no communication is taking place between the switched
using MST. Trunk is configured along with encapsulation.

Configuration:
Switch 1:
S1(config)#VLAN 10
S1(config-VLAN)#ex
S1(config)#VLAN 20
S1(config-VLAN)#ex
S1(config)#VLAN 30
S1(config-VLAN)#ex
S1(config)#VLAN 40
S1(config-VLAN)#ex
S1(config)#
S1(config)#int range Ethernet 0/0,Ethernet 0/1
S1(config-if-range)#switchport trunk encapsulation dot1q
// First change the encapsulation from Auto to dot1Q
S1(config-if-range)#switchport mode trunk
//Change the Port from Access to Trunk
S1(config-if-range)#ex
S1(config)#
S1(config)#spanning-tree mst configuration
S1(config-mst)#instance 1030 VLAN 10,30
//Remember Instance Number, Assign Correct VLANs
// Remember Priority (33,798) will be the sum of Default Priority (32768) andn Instance
Number(1030)
S1(config-mst)#name IPS
//Requires the same Configuration on all switches

Exam-Labs - 100% Real IT Certification Exam Dumps

VLAN0020 is executing the ieee compatible Spanning Tree Protocol

Port 2 (FastEthernet0/2) of VLAN0020 is alternate blocking

Port 3 (FastEthernet0/3) of VLAN0020 is root forwarding

VLAN0030 is executing the ieee compatible Spanning Tree Protocol

Port 2 (FastEthernet0/2) of VLAN0030 is designated forwarding

Exam-Labs - 100% Real IT Certification Exam Dumps

Port 3 (FastEthernet0/3) of VLAN0030 is designated forwarding

Case Study:

An Issue is reported that two switches are not participating in Spanning tree
Election. No information are exchanging between them.

Troubleshooting
Switch1#Show spanning-tree

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Switch2#Show spanning-tree

Switch#show spanning-tree interface eth 0/0 detail

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Ethernet 0/1 is also Designated Port in forwarding state as it is the Root
bridge fro MST 1030.
S1#show spanning-tree mst configuration

MST configuration should be the same in all the switches participating in

Election.

S2#show spanning-tree mst configuration

MST configuration should be the same in all the switches participating in

Election.

Compare the Results of Both Switches

S1#show spanning-tree mst interface Ethernet 0/0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
From the output, we can see the status of the Interface Ethernet 0/0, which
is the trunk port between Switch 1 and Switch 2. This Interface is not
enabled with any Port guard Feature, any bpdu filter or any bpdu guard.
Instance 0 is in designated Port Role and Status is forwarding. Instance
1030 is in Root port role and in forwarding State. Similarly, compare the
Output of Switch 2. It should be the opposite and vice versa.

S2#show spanning-tree mst interface Ethernet 0/0

From the output, we can see the status of the Interface Ethernet 0/0 which is
the trunk port between Switch 1 and Switch 2. This Interface is not enabled
with any Port guard Feature, any bpdu filter or any bpdu guard. Instance 0
is in Root Port Role and Status is Forwarding. Instance 1030 is in
Designated port role and in forwarding State. Where as from previous
output of Switch 1 For instance 0 is Designated Port. That’s all we need
from MST.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
S1#show spanning-tree

The command Show spanning-tree also shows the Output of MST ports so
we can also just use Show Spanning-tree command.

S2#show spanning-tree

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
S2(config)#spanning-tree mst 1030 priority 0
//Priority for MST 1030 will be 1030+0 = 1030
S2(config)#spanning-tree mode mst
//Enable MST
Troubleshooting

S1#show spanning-tree mst

Output shows that MST0 is mapped with 1-9, 11-29,31-4094 VLANs.

Priority is 0 and Root shows that this is the Root Bridge. Timer is set to the
default values. As we use Ethernet 0/0 and Ethernet 0/1 Interface as Trunk,
Both are in Designated Forwarding state.
The Output also shows the details of MST1030 that VLAN 10 and VLAN
30 are mapped on it. Root Bridge is the MAC address AABB.CC00.2100
with Priority 1030. MAC Addres of this switch is AABB.CC00.1100 and
the Priority of this switch is 33798 for MST 1030. Interface Ethernet 0/0 is
the Root port in forwarding state whereas Ethernet 0/1 is in Alternate

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Blocking Port status.

S2#show spanning-tree mst

Output shows that MST0 is mapped with 1-9, 11-29,31-4094 VLANs.

Priority the 0 and Root MAC address shows that the Root Bridge is the
Switch having MAC AABB.CC00.1100. MAC address of this Switch is
AABB.CC00.2100 and the priority is 32768. Timers are set to the default
values. As we use Ethernet 0/0 is the Root port in forwarding state and
Ethernet 0/1 Interface Alternate port in blocking state.

The Output also shows the details of MST1030 that VLAN 10 and VLAN
30 are mapped on it. Root Bridge is the MAC address AABB.CC00.2100
with Priority 1030 which this switch. MAC Address of this switch is
AABB.CC00.2100 and the Priority of this switch is 1030 for MST 1030.
Interface Ethernet 0/0 is the Designated port in forwarding state similarly

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting IPv4 addressing and Sub netting

Troubleshooting
Start with IP addressing of Management PC
Issue ipconfig at command prompt of PC

Subnet mask is 255.0.0.0 which means /8. Router is configured with /30
which means 255.255.255.252. Correct the addressing from Control panel.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Now check by pinging the Switch VLAN 1 IP address if issue is resolved.

The result of traceroute shows that connectivity up to 11.0.0.1 is functional.

We should have to check Switch configuration now.

Switch(config)#do show run

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Building configuration...

enable secret 5 $1$mERr$Yz2Ptkf9j5ywuhxBa0kYy1

!
username IPS privilege 1 password 0 IPSpecialist
!
interface VLAN1
ip address 11.0.0.100 255.255.255.0
!
No Default gateway is configured
line con 0
!
line vty 0 4
login local
line vty 5 15
login
!
end

Now Configuring the Default gateway on switch

Switch(config)#ip default-gateway 11.0.0.1

Switch(config)#ex

Switch# show run

//Output Suppressed
!
interface VLAN1
ip address 11.0.0.100 255.255.255.0
!
ip default-gateway 11.0.0.1
!
//Default Gateway is configured

Verification:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Ping 10.0.0.100

Check Telnet also

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-1 : Troubleshooting DHCP IPv4 relay Agent

Troubleshooting:

Relay-Router #show run

Building configuration...

Current configuration : 745 bytes

!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip dhcp relay information trust-all
!
no ip cef
no ipv6 cef
!
interface Ethernet0/0
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
// DHCP helper address is not configured
interface Ethernet1/0
ip address 11.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
!
interface Serial3/0
no ip address
shutdown
!

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting IPv4 addressing and Sub netting

Troubleshooting
Start with IP addressing of Management PC
Issue ipconfig at command prompt of PC

Subnet mask is 255.0.0.0 which means /8. Router is configured with /30
which means 255.255.255.252. Correct the addressing from Control panel.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
ip address 11.0.0.2 255.255.255.0
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
!
interface Serial3/0
no ip address
shutdown
!
interface Ethernet4/0
no ip address
shutdown
!
interface Ethernet5/0
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

Solution:

Relay-Router #config t
Enter configuration commands, one per line. End with CNTL/Z.
Relay-Router (config)#int eth 0/0
Relay-Router (config-if)#ip helper-address 11.0.0.2
Relay-Router (config-if)#ex
Relay-Router (config)#

Relay-Router#show run
interface Ethernet0/0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Now check by pinging the Switch VLAN 1 IP address if issue is resolved.

The result of traceroute shows that connectivity up to 11.0.0.1 is functional.

We should have to check Switch configuration now.

Switch(config)#do show run

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Now check if Routing is performed

Relay-Router(config)#do show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.0.0 is directly connected, FastEthernet0/0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Ping 10.0.0.100

Check Telnet also

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-2 : Troubleshooting DHCP IPv6 relay Agent

Server Configuration:
R1(config)# hostname server
SERVER(config)# ipv6 unicast-routing

SERVER(config)# ipv6 dhcp pool IPspecialist

// Make Sure Pool name Spelling
SERVER(config-dhcpv6)# address prefix AABB::/64 lifetime infinite
infinite
SERVER(config-dhcpv6)# dns-server AAAA::100
SERVER(config-dhcpv6)# domain-name IPS
SERVER(config-dhcpv6)# ex

SERVER(config)# int eth 0/1

SERVER(config-if)# ipv6 enable
SERVER(config-if)# ipv6 address ABCD::1/64
SERVER(config-if)# no sh
//Must up the interface

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
interface Ethernet4/0
no ip address
shutdown
!
interface Ethernet5/0
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

DHCP Server Router

Server-Router #show run

Building configuration...

Current configuration : 771 bytes

!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip dhcp pool IPS
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1

no ip cef
no ipv6 cef
!
interface Ethernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet1/0

Exam-Labs - 100% Real IT Certification Exam Dumps

Solution:

Relay-Router#show run
interface Ethernet0/0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Ping the interfaces to verify Connectivity

Lab 3-3 : Troubleshooting Static Route, Default Route and

Administrative Distance

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
11.0.0.0/24 is subnetted, 1 subnets
C 11.0.0.0 is directly connected, FastEthernet1/0

Server-Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

11.0.0.0/24 is subnetted, 1 subnets

C 11.0.0.0 is directly connected, FastEthernet1/0
// 10.0.0.0 network is not introduced

Server-Router #
Server-Router #config t
Enter configuration commands, one per line. End with CNTL/Z.
Server-Router (config)#ip route 10.0.0.0 255.255.255.0 11.0.0.1
Server-Router (config)#ex
Server-Router #
%SYS-5-CONFIG_I: Configured from console by console

Server-Router #

Now check if issue is resolved

SERVER#show ip dhcp pool

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-2 : Troubleshooting DHCP IPv6 relay Agent

Server Configuration:
R1(config)# hostname server
SERVER(config)# ipv6 unicast-routing

SERVER(config)# ipv6 dhcp pool IPspecialist

SERVER(config)# int eth 0/1

SERVER(config-if)# ipv6 enable
SERVER(config-if)# ipv6 address ABCD::1/64
SERVER(config-if)# no sh
//Must up the interface

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
NewYork(config)#int eth 0/1
NewYork(config-if)#ip add 11.0.0.2 255.0.0.0
NewYork(config-if)#no sh
//Must up the interface
NewYork(config-if)#ex

NewYork(config)#int eth 0/0

NewYork(config-if)#ip add 192.168.0.1 255.255.255.0
NewYork(config-if)#no sh
//Must up the interface
NewYork(config-if)#ex

NewYork(config)#ip route 192.168.2.0 255.255.255.0 12.0.0.1

NewYork(config)#ip route 192.168.2.0 255.255.255.0 11.0.0.1 5
NewYork(config)#ip route 0.0.0.0 0.0.0.0 11.0.0.01 3

Troubleshooting:

London#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is 12.0.0.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 12.0.0.2

// Default Route
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/8 is directly connected, Ethernet0/0
L 10.0.0.1/32 is directly connected, Ethernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.0.0.0/8 is directly connected, Ethernet0/2

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
SERVER(config-if)# ipv6 dhcp server IPspecialist rapid-commit
// if this command is not configured, DHCP request will not be entertained by the interface.
SERVER(config-if)# end

SERVER(config)#ipv6 route AABB::/64 ABCD::2

Relay Agent Configuration:

R2(config)# hostname Relay
Relay(config)#ipv6 unicast-routing
//Enable IPv6 globally
Relay(config)#int eth 0/1
Relay(config-if)#ipv6 enable
//Enable IPv6 on an interface
Relay(config-if)#ipv6 address ABCD::2/64
//Assign an IPv6 address
Relay(config-if)#no sh
//Must up the interface

Relay(config)#int eth 0/0

Relay(config-if)#ipv6 enable
//Enable IPv6 on an interface
Relay(config-if)#ipv6 address AABB::1/64
//Assign an IPv6 address
Relay(config-if)#no sh
//Must up the interface
Relay(config-if)#ipv6 dhcp relay destination ABCD::1
// In case, missing of this command, DHCP request will not forward to remote server
Relay(config)#ipv6 route ABCD::/64 ABCD::1

Troubleshooting

SERVER#show ipv6 dhcp interface

Ethernet0/1 is in server mode

Using pool: IPspecialist
Preference value: 0
Hint from client: ignored
Rapid-Commit: enabled
// Ethernet 0/1 is using IPspecialst Pool and Rapid Commit is also enabled. Which interface is using
which pool can be troubleshooted by this command

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshoot the relay agent interface configuration

Relay#show ipv6 dhcp interface

Ethernet0/0 is in relay mode
//This make sure that the desired Interface is in Relay mode or not.
Relay destinations:
ABCD::1
//Relay Destination is correct

Troubleshoot the IP address assigned to Client

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Backup routes are learned with their Higher Administrative distance.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-4 : Troubleshooting Passive Interfaces

Case Study:
The Company added a New Router (R3) into its network. It is configured
with OSPF as the other routers are. Issue is reported that older routers do not
identify this new router, hence, no adjacency is formed.

Troubleshooting

Start troubleshooting with R2 because it is located at the centre, should have

ospf neighbours 10.0.0.0 and 11.0.0.0. Issue the command show ip ospf nei

R2#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.0.0.1 1 FULL/BDR 00:00:38 10.0.0.1 Ethernet0/0
//11.0.0.0 should also be the neighbour
R2#

Now issue the command show ip ospf interface.

R2#show ip ospf interface

Ethernet0/1 is up, line protocol is up
Internet Address 11.0.0.2/8, Area 0, Attached via Network Statement
Process ID 1, Router ID 11.0.0.2, Network Type BROADCAST, Cost: 10
Topology-MTID Cost Disabled Shutdown Topology Name
0 10 no no Base
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 11.0.0.2, Interface address 11.0.0.2
No backup designated router on this network

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Ethernet0/0 is up, line protocol is up
Internet Address 10.0.0.2/8, Area 0, Attached via Network Statement
Process ID 1, Router ID 11.0.0.2, Network Type BROADCAST, Cost: 10
Topology-MTID Cost Disabled Shutdown Topology Name
0 10 no no Base
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 11.0.0.2, Interface address 10.0.0.2
Backup Designated router (ID) 10.0.0.1, Interface address 10.0.0.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:05
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.0.0.1 (Backup Designated Router)
Suppress hello for 0 neighbor(s)

Now, Troubleshooting R3 because 11.0.0.0 is not accessible

R3#show run | section ospf

router ospf 1
passive-interface default
network 11.0.0.0 0.255.255.255 area 0
R3#

R3#show ip ospf interface

Ethernet0/0 is up, line protocol is up
Internet Address 11.0.0.1/8, Area 0, Attached via Network Statement
Process ID 1, Router ID 11.0.0.1, Network Type BROADCAST, Cost: 10
Topology-MTID Cost Disabled Shutdown Topology Name

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
// Backup Static Route with default distance of 5
London(config)#ip route 0.0.0.0 0.0.0.0 12.0.0.2
// Default Route with default distance of 1
London(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2 3
// Default Route with default distance of 3

Berlin(config)#int eth 0/0

Berlin(config-if)#ip add 10.0.0.2 255.0.0.0
Berlin(config-if)#no sh
//Must up the interface
Berlin(config-if)#ex

Berlin(config)#int eth 0/1

Berlin(config-if)#ip add 11.0.0.1 255.0.0.0
Berlin(config-if)#no sh
//Must up the interface
Berlin(config-if)#ex

Berlin(config)#int eth 0/2

Berlin(config-if)#ip add 192.168.1.1 255.255.255.0
Berlin(config-if)#no sh
//Must up the interface
Berlin(config-if)#ex

Berlin(config)#ip route 192.168.2.0 255.255.255.0 10.0.0.1

//preferred Route with default Distance value
Berlin(config)#ip route 192.168.2.0 255.255.255.0 11.0.0.2 5
// Always Make sure that backup route has Higher value than preffered Route
Berlin(config)#ip route 192.168.0.0 255.255.255.0 11.0.0.2
Berlin(config)#ip route 192.168.0.0 255.255.255.0 10.0.0.1 5
Berlin(config)#ip route 12.0.0.0 255.0.0.0 11.0.0.2
Berlin(config)#ip route 12.0.0.0 255.0.0.0 10.0.0.1 5

NewYork(config)#int eth 0/2

NewYork(config-if)#ip add 12.0.0.2 255.255.255.0
NewYork(config-if)#no sh
//Must up the interface
NewYork(config-if)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
NewYork(config)#int eth 0/1
NewYork(config-if)#ip add 11.0.0.2 255.0.0.0
NewYork(config-if)#no sh
//Must up the interface
NewYork(config-if)#ex

NewYork(config)#int eth 0/0

NewYork(config-if)#ip add 192.168.0.1 255.255.255.0
NewYork(config-if)#no sh
//Must up the interface
NewYork(config-if)#ex

NewYork(config)#ip route 192.168.2.0 255.255.255.0 12.0.0.1

NewYork(config)#ip route 192.168.2.0 255.255.255.0 11.0.0.1 5
NewYork(config)#ip route 0.0.0.0 0.0.0.0 11.0.0.01 3

Troubleshooting:

Gateway of last resort is 12.0.0.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 12.0.0.2

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
network 11.0.0.0 0.0.0.255 area 0
// Company B VRF network
router ospf 20 vrf CompanyA
// VRF name is wrong, should be CompanyB

network 10.0.0.0 0.0.0.255 area 0

network 11.0.0.0 0.0.0.255 area 0
// Company A VRF network
ip forward-protocol nd
!
!
end

Solution:

ISP(config)#no router ospf 10 vrf CompanyA

*May 8 10:21:26.452: %OSPF-5-ADJCHG: Process 10, Nbr 10.0.0.2 on Ethernet0/0 from FULL to
DOWN, Neighbor Down: Interface down or detached
*May 8 10:21:26.460: %OSPF-5-ADJCHG: Process 20, Nbr 10.0.0.2 on Ethernet0/0 from
LOADING to FULL, Loading Done

ISP(config)#no router ospf 20 vrf CompanyA

*May 8 10:21:43.295: %OSPF-5-ADJCHG: Process 20, Nbr 10.0.0.2 on Ethernet0/0 from FULL to
DOWN, Neighbor Down: Interface down or detached

ISP(config)#router ospf 10 vrf CompanyA

ISP(config-router)#net 10.0.0.0 0.0.0.255 area 0
ISP(config-router)#ex

*May 8 10:22:06.745: %OSPF-5-ADJCHG: Process 10, Nbr 10.0.0.2 on Ethernet0/0 from

LOADING to FULL, Loading Done
// Adjacency Formed
ISP(config)#router ospf 20 vrf CompanyB
ISP(config-router)#net 11.0.0.0 0.0.0.255 area 0

*May 8 10:22:36.481: %OSPF-5-ADJCHG: Process 20, Nbr 11.0.0.2 on Ethernet0/1 from

LOADING to FULL, Loading Done
// Adjacency Formed

Verification

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
ISP#show ip vrf interfaces CompanyA

Interface IP-Address VRF Protocol

Et0/0 10.0.0.1CompanyA up
// Interfaces are Up
ISP#show ip vrf interfaces CompanyB

Interface IP-Address VRF Protocol

Et0/1 11.0.0.1 CompanyB up
// Interfaces are Up
CompanyA#ping 10.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

CompanyB#ping 11.0.0.01
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-6 : Troubleshooting Filtering

London(config)#int eth 0/0

London(config-if)#ip add 10.0.0.1 255.0.0.0
London(config-if)#no sh

London(config)#int lo 0
London(config-if)#ip add 12.0.0.1 255.0.0.0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
London(config-if)#no sh
London(config-if)#ex

London(config)#router ospf 1
London(config-router)#net 10.0.0.0 0.255.255.255 area 0
London(config-router)#net 12.0.0.0 0.255.255.255 area 0
London(config-router)#ex

London#show ip route

Berlin(config)#int eth 0/0

Berlin(config-if)#ip add 10.0.0.2 255.0.0.0
Berlin (config-if)#no sh

Berlin(config)#int lo 0
Berlin(config-if)#
Berlin(config-if)#ip add 11.0.0.1 255.0.0.0
Berlin(config-if)#no sh

Berlin(config)#router ospf 1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
0 10 no no Base
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 11.0.0.1, Interface address 11.0.0.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
No Hellos (Passive interface)
// Configured as Passive Interface
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)

Solution:
Now, remove the interface from Passive
R3(config)#router ospf 1
R3(config-router)#no passive-interface eth 0/0
R3(config-router)#ex
R3(config)#
*May 8 09:44:48.225: %OSPF-5-ADJCHG: Process 1, Nbr 11.0.0.2 on Ethernet0/0 from
LOADING to FULL, Loading Done

Verification

R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

11.0.0.2 1 FULL/DR 00:00:36 11.0.0.2 Ethernet0/0
// Neighbour Adjacency Formed Successfully

R3#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-5 : Troubleshooting VRF lite

Case Study:

Troubleshooting:

ISP(config)#do show run

!
ip vrf CompanyA
!
ip vrf CompanyB
!
interface Ethernet0/0
ip vrf forwarding CompanyA
ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding CompanyB
ip address 11.0.0.1 255.255.255.0
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
router ospf 10 vrf CompanyA
network 10.0.0.0 0.0.0.255 area 0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R1(config-if)#ex
R1(config)#

R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#net 11.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#ex
// introduce the RIP network
Router # 02:

R2(config)#int eth 0/0

R2(config-if)#ip add 10.0.0.2 255.0.0.0
// Assign Correct IP address and Subnet Mask
R2(config-if)#no sh
//Must Turn up the interface
R2(config-if)#ex
R2(config)#
R2(config)#int

R2(config)#int eth 0/1

R2(config-if)#ip add 11.0.0.2 255.0.0.0
// Assign Correct IP address and Subnet Mask
R2(config-if)#no sh
//Must Turn up the interface
R2(config-if)#ex

R2#config t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#net 11.0.0.0
//Introduce the RIP network
R2(config-router)#redistribute ospf 1 metric
// redistributing OSPF Process 1 routes in RIP protocol. Make sure the Process Number of OSPF
R2(config-router)#ex
R2(config)#

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R2(config)#router ospf 1
R2(config-router)#net 10.0.0.0 0.0.0.255 area 0
//Introduce the OSPF network with Wild card bits and Area number
R2(config-router)#redistribute rip subnets
// redistributing RIP routes in OSPF protocol. Make sure in which OSPF process, distribute the RIP
routes
R2(config-router)#ex
R2(config)#

Router # 03:

R3(config)#int fa 0/0
R3(config-if)#ip add 10.0.0.1 255.255.255.0
// Assign Correct IP address and Subnet Mask
R3(config-if)#no sh
//Must Turn up the interface
R3(config-if)#ex
R3(config)#

R3(config)#int lo 0
R3(config-if)#ip add 192.168.1.1 255.255.255.0
// Assign Correct IP address and Subnet Mask
R3(config-if)#no sh
//Must Turn up the interface
R3(config-if)#ex
R3(config)#

R3(config)#int lo 1
R3(config-if)#ip add 192.168.0.1 255.255.255.0
// Assign Correct IP address and Subnet Mask
R3(config-if)#no sh
//Must Turn up the interface
R3(config-if)#ex
R3(config)#

R3(config)#router ospf 1
R3(config-router)#net 10.0.0.0 0.0.0.255 area 0
R3(config-router)#net 192.168.1.0 0.0.0.255 area 0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-6 : Troubleshooting Filtering

London(config)#int eth 0/0

London(config-if)#ip add 10.0.0.1 255.0.0.0
London(config-if)#no sh

London(config)#int lo 0
London(config-if)#ip add 12.0.0.1 255.0.0.0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
O E2 11.0.0.0/8 [110/20] via 10.0.0.2, 00:00:22, Ethernet0/0
By Ospf External Type 2 RIP route 11.0.0.0/8 is learned via Router 2 by
Router 3

We can also troubleshoot the Route by

R1#show ip route 192.168.0.0
R1#show ip route 192.168.1.0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-8 : Troubleshooting Route Summarization
Some of the routing protocols allow auto summarization of network. In some
routing protocols, we have to enter summarized networks manually. The list
of the protocols with this feature are as follows:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Network 12.0.0.0/8 is filtered at berlin router.

Lab 3-7 : Troubleshooting Route Redistribution

Case Study
In this case, Route Redistribution is considered. R2 is to redistribute the
OSPF routes into RIP only Router.
Router # 01:
R1(config)#int eth 0/1
R1(config-if)#ip add 11.0.0.1 255.0.0.0
// Assign Correct IP address and Subnet Mask
R1(config-if)#no sh
//Must Turn up the interface

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R1(config-if)#ex
R1(config)#

R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#net 11.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#ex
// introduce the RIP network
Router # 02:

R2(config)#int eth 0/0

R2(config-if)#ip add 10.0.0.2 255.0.0.0
// Assign Correct IP address and Subnet Mask
R2(config-if)#no sh
//Must Turn up the interface
R2(config-if)#ex
R2(config)#
R2(config)#int

R2(config)#int eth 0/1

R2(config-if)#ip add 11.0.0.2 255.0.0.0
// Assign Correct IP address and Subnet Mask
R2(config-if)#no sh
//Must Turn up the interface
R2(config-if)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

Router # 03:

R3(config)#int fa 0/0
R3(config-if)#ip add 10.0.0.1 255.255.255.0
// Assign Correct IP address and Subnet Mask
R3(config-if)#no sh
//Must Turn up the interface
R3(config-if)#ex
R3(config)#

R3(config)#int lo 0
R3(config-if)#ip add 192.168.1.1 255.255.255.0
// Assign Correct IP address and Subnet Mask
R3(config-if)#no sh
//Must Turn up the interface
R3(config-if)#ex
R3(config)#

R3(config)#int lo 1
R3(config-if)#ip add 192.168.0.1 255.255.255.0
// Assign Correct IP address and Subnet Mask
R3(config-if)#no sh
//Must Turn up the interface
R3(config-if)#ex
R3(config)#

R3(config)#router ospf 1
R3(config-router)#net 10.0.0.0 0.0.0.255 area 0
R3(config-router)#net 192.168.1.0 0.0.0.255 area 0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Manual Summarization

For Router 1:
Router 1 has three networks:
1. 192.168.2.0/30
2. 192.168.1.0/30
3. 192.168.0.0/30

255
Network 255 255 255
128 64 32 16 8 4 2 1
192.168.2.0/30 192 168 0 0 0 0 0 0 1 0 0
192.168.1.0/30 192 168 0 0 0 0 0 0 0 1 0
192.168.0.0/30 192 168 0 0 0 0 0 0 0 0 0

Now the subnet mask will be /22. Wild card mask of the summarised network
will be 0.0.3.255

For Router 2:
Router 1 has three networks:
1. 192.168.2.0/30
2. 192.168.3.0/30
3. 192.168.4.0/30

255
Network 255 255 255
128 64 32 16 8 4 2 1
192.168.2.0/30 192 168 0 0 0 0 0 0 1 0 0
192.168.3.0/30 192 168 0 0 0 0 0 0 1 1 0
192.168.4.0/30 192 168 0 0 0 0 0 1 0 0 0

Now the subnet mask will be /21. Wild card mask of the summarised network
will be 0.0.7.255

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router 1
Router1(config)#router ospf 1
Router1(config-router)#net 192.168.0.0 0.0.3.255 area 0
// Enter Manually Summarized network for Summarization
// Make sure about the Wild card bits. If wild card bits are not correct, only the networks lie in the
wild card will be learned only

Router 2
Router2(config)#router ospf 1
Router2(config-router)#net 192.168.0.0 0.0.7.255 area 0
// Enter Manually Summarized network for Summarization
// Make sure about the Wild card bits. If wild card bits are not correct, only the networks lie in the
wild card will be learned only
R1#show ip route

R2#show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Lab 3-9 : Troubleshooting Policy Based Routing

Topology Diagram:

Case Study:
Consider the case in which Router 3 is to be configured for Policy Based
Routing. All the traffic from 192.168.0.0/24 Network should be forwarded
to Router 1 via Router 2.

Configuration:
Router # 01:
R1(config)#int eth 0/0
R1(config-if)#ip add 11.0.0.1 255.0.0.0
// Assign Correct IP address and MAsk
R1(config-if)#no sh
// Must turn up the interface
R1(config-if)#ex

R1(config)#int eth 0/2

R1(config-if)#ip add 12.0.0.1 255.0.0.0
// Assign Correct IP address and MAsk
R1(config-if)#no sh
// Must turn up the interface
R1(config-if)#ex

R1(config)#router rip
R1(config-router)#version 2

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router(config-router)#auto-summary
// Auto summary is enabled by default in RIP
// Introduce All networks
Router(config-router)#ex
Router(config)#

Router 1:

Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#net 192.168.2.0
Router(config-router)#net 192.168.1.0
Router(config-router)#net 192.168.0.0
Router(config-router)#auto-summary
// Auto summary is enabled by default in RIP
// introduce all networks
Router(config-router)#ex

R1# show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R2# show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R4(config)#int eth 0/0
R4(config-if)#ip add 192.168.0.1 255.255.255.0
// Assign Correct IP address and MAsk
R4(config-if)#no sh
// Must turn up the interface
R4(config-if)#ex

R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#net 192.168.0.0
R4(config-router)#no auto-summary
// Introduce Every Directly connected Network

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Manual Summarization

For Router 1:
Router 1 has three networks:
1. 192.168.2.0/30
2. 192.168.1.0/30
3. 192.168.0.0/30

255
Network 255 255 255
128 64 32 16 8 4 2 1
192.168.2.0/30 192 168 0 0 0 0 0 0 1 0 0
192.168.1.0/30 192 168 0 0 0 0 0 0 0 1 0
192.168.0.0/30 192 168 0 0 0 0 0 0 0 0 0

Now the subnet mask will be /22. Wild card mask of the summarised network
will be 0.0.3.255

For Router 2:
Router 1 has three networks:
1. 192.168.2.0/30
2. 192.168.3.0/30
3. 192.168.4.0/30

255
Network 255 255 255
128 64 32 16 8 4 2 1
192.168.2.0/30 192 168 0 0 0 0 0 0 1 0 0
192.168.3.0/30 192 168 0 0 0 0 0 0 1 1 0
192.168.4.0/30 192 168 0 0 0 0 0 1 0 0 0

Now the subnet mask will be /21. Wild card mask of the summarised network
will be 0.0.7.255

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-10 : Troubleshooting Sub Optimal Routing

Case Study:
In this case, RIP and OSPF are configured and routes are redistributed among
them. Due to their default administrative values, routing loop may also be
created but in this case, router is using longer path due to default AD values.
As the RIP is redistributing the Loopback address 10.0.0.1/8 into OSPF, both
OSPF routers using type 5 LSA can share the redistributed route. Due to this
R2 is using R3 to R1 to reach 10.0.0.1/8 instead of using R1 directly.

Topology Diagram

Troubleshooting:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R2 is using R3 instead of using R1 for loopback address of R1 because
OPSF Administrative distance is 110 and RIP AD value is 120. Due to
redistribution, Suboptimal Routing is created.

Solution:

R1(config)#router rip
R1(config-router)#distance 100
R1(config-router)#ex
R1(config)#end
R1#clear ip route *

R2(config)#router rip
R2(config-router)#distance 100
R2(config-router)#ex
R2(config)#end
R2#clear ip route *

R3(config)#router rip
R3(config-router)#distance 100

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R3(config-router)#ex
R3(config)#end
R3#clear ip route *

R3# show ip route

R2# show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R3(config-if)#ip add 12.0.0.2 255.0.0.0
// Assign Correct IP address and MAsk
R3(config-if)#no sh
// Must turn up the interface
R3(config-if)#ex

R3(config)#int eth 0/0

R3(config-if)#ip add 192.168.0.2 255.255.255.0
// Assign Correct IP address and MAsk
R3(config-if)#no sh
// Must turn up the interface
R3(config-if)#ex

R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#net 10.0.0.0
R3(config-router)#net 192.168.0.0
R3(config-router)#net 12.0.0.0
R3(config-router)#no auto-summary
// Introduce Every Directly connected Network
R3(config)#ip access-list standard Policy1
// Remember the Access-list name, It is case sensitive
R3(config-std-nacl)#permit 192.168.0.0 0.0.0.255
// carefully permit or deny the network or host. It can affect the entire network if it is wrong
R3(config-std-nacl)#ex
R3(config)#route-map R3toR1 permit
R3(config-route-map)#match ip address Policy1
// Make sure the access-list assigned to route map is the right one
R3(config-route-map)#set ip next-hop 10.0.0.2
// Next hop IP address is the next node the filtered traffic forwarded to.
R3(config-route-map)#ex
R3(config)#int eth 0/0
R3(config-if)#ip policy route-map R3toR1
// Apply the Route map on the correct interface
R3(config-if)#end
R3#

Router # 04:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-11 : Troubleshooting EIGRP Neighbour Relationship and
Authentication:

Case Study: Configure and verify EIGRP Neighbour Relationship and

Authentication
R1

R1(config)#router eigrp 1
// In case of different Autonomous System Number, adjacency will not form
R1(config-router)#net 10.0.0.0 0.255.255.255
// Make sure the network statement
R1(config-router)#net 172.16.0.0 0.0.255.255
// Make sure the subnet mask
R1(config-router)#net 172.17.0.0 0.0.255.255
R1(config-router)#net 172.18.0.0 0.0.255.255
R1(config-router)#no auto-summary
R1(config-router)#ex
// Introducing EIGRP directly Connected Networks

R2
R2(config)#router eigrp 1
// In case of different Autonomous System Number, adjacency will not form
R2(config-router)#net 10.0.0.0 0.255.255.255
R2(config-router)#net 192.168.0.0 0.0.0.255
R2(config-router)#net 192.168.1.0 0.0.0.255
R2(config-router)#net 192.168.2.0 0.0.0.255
R2(config-router)#no auto-summary
R2(config-router)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
// Introducing EIGRP directly Connected Networks

Troubleshooting of EIGRP Neighbour

R2(config)#do show ip eigrp nei

Neighbour Adjacency Formed

R2(config)#do show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Route with D shows it is learned By EIGRP. 172.16.0.0/16, 172.17.0.0/16
and 172.18.0.0/16 are learned by EIGRP.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Authentication of EIGRP Message
R1
R1(config)#key chain KEY
// KEY refers to the name of Key chain, having one or more than one key.
R1(config-keychain)#key 1
// assigning Key number.
R1(config-keychain-key)#key-string IPS
// IPS is the Key. Make sure to use the same Key
R1(config-keychain-key)#end

R1(config)#int eth 0/0

R1(config-if)#ip authentication mode eigrp 1 md5
// Enable MD5 authentication. Same Authentication Algorithm must be used, for the correct
Autonomous system. Make sure the Authenticaiton is enabled on the correct interface
R1(config-if)#ip authentication key-chain eigrp 1 KEY
// Must assign the Key to use for authentication on an interface.
R1(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 192.168.1.18 (FastEthernet0/0) is up: new
adjacency
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 192.168.1.17 (FastEthernet0/0) is down: Auth
failure

R2(config)#key chain KEY

R2(config-keychain)#key 1
R2(config-keychain-key)#key-string IPS
R2(config-keychain-key)#end

R2(config)#int eth 0/0

R2(config-if)#ip authentication mode eigrp 1 MD5
R2(config-if)#ip authentication key-chain eigrp 1 KEY
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 192.168.1.17 (FastEthernet0/0) is up: new
adjacency

%SYS-5-CONFIG_I: Configured from console by console

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R3(config-router)#ex
R3(config)#end
R3#clear ip route *

R3# show ip route

R2# show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
R1# show ip protocol

Authentication Algorithm and KEY used for Authentication can be

troubleshoot

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-12 : Troubleshooting EIGRP Equal Cost Load Balancing,
Unequal Cost load balancing, FD, Successor and Feasible Successor:

Case Study:
Consider the case of Four Routers. Heavy traffic is exchanged between R1
and R4. By using EIGRP, load balancing is to be configured so that R1 can
used two paths to access R4 by using R2 and By using R3. Initially Equal
Cost load balancing is to be configured.

Configuration:
Routr 1:
Router(config)#hostname R1
R1(config)#int eth 0/0
R1(config-if)#ip add 10.0.0.1 255.0.0.0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
// Assign an IP address and Mask
R1(config-if)#no sh
// Always issue no shutdown command to up the interface
R1(config-if)#ex
R1(config)#int eth 0/1
R1(config-if)#ip add 11.0.0.1 255.0.0.0
// Assign an IP address and Mask
R1(config-if)#no sh
//Must turn up the interface
R1(config-if)#ex
R1(config)#router eigrp 1
// Configure same Autonomous System Number
R1(config-router)#net 10.0.0.0 0.255.255.255
R1(config-router)#net 11.0.0.0 0.255.255.255
// Advertise all directly connected Networks
R1(config-router)#no auto-summary
R1(config-router)#ex

Router 2:
Router(config)#hostname R2
R2(config)#int eth 0/0
R2(config-if)#ip add 10.0.0.2 255.0.0.0
// Assign an IP address and Mask
R2(config-if)#no sh
//Must turn up the interface
R2(config-if)#ex
R2(config)#int eth 0/1
R2(config-if)#ip add 12.0.0.2 255.0.0.0
// Assign an IP address and Mask
R2(config-if)#no sh
//Must turn up the interfac
R2(config-if)#ex
R2(config)#router eigrp 1
R2(config-router)#net 10.0.0.0 0.255.255.255
R2(config-router)#net 12.0.0.0 0.255.255.255
R2(config-router)#no auto-summary
R2(config-router)#ex
// Introduce Each an every directly connected network, Remember to configure Wild card bits.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router 3:
Router(config)#hostname R3
R3(config)#int eth 0/0
R3(config-if)#ip add 13.0.0.2 255.0.0.0
// Assign an IP address and Mask
R3(config-if)#no sh
//Must turn up the interface
R3(config-if)#ex
R3(config)#int eth 0/1
R3(config-if)#ip add 11.0.0.2 255.0.0.0
// Assign an IP address and Mask
R3(config-if)#no sh
//Must turn up the interface
R3(config-if)#ex
R3(config)#router eigrp 1
R3(config-router)#net 13.0.0.0 0.255.255.255
R3(config-router)#net 11.0.0.0 0.255.255.255
R3(config-router)#no auto-summary
R3(config-router)#ex
// Introduce Each an every directly connected network, Remember to configure Wild card bits.

Router 4:
Router(config)#hostname R4
R4(config)#int eth 0/0
R4(config-if)#ip add 13.0.0.1 255.0.0.0
// Assign an IP address and Mask
R4(config-if)#no sh
//Must turn up the interface
R4(config-if)#ex
R4(config)#int eth 0/1
R4(config-if)#ip add 12.0.0.1 255.0.0.0
// Assign an IP address and Mask
R4(config-if)#no sh
//Must turn up the interface
R4(config-if)#ex
R4(config)#router eigrp 1
R4(config-router)#net 13.0.0.0 0.255.255.255
R4(config-router)#net 12.0.0.0 0.255.255.255

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R4(config-router)#no auto-summary
R4(config-router)#ex
// Introduce Each an every directly connected network, Remember to configure Wild card bits.
R1(config)#ip cef
R1(config)#int range eth 0/0 , eth 0/1
R1(config-if)#ip load-sharing per-packet
// Enable Load Balancing

Verification:

Packets are shared across interfaces

R1# show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Output is underlined with the two successor paths used by EIGRP for load
balancing. Administrative distance of both paths is shown as 90. And the
metric value 435200.

R1# show ip route 192.168.0.1

Traffic Share count on both interfaces Ethernet 0/0 and Ethernet 0/1 is equal
“Traffic Share count 1”

For successor path and feasible distance troubleshooting, issue the

command show ip eigrp topology
R1#show ip eigrp topology

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
As the output is underlined, for every network, number of successor path
available, feasible distance (FD) and the connected via IP address and
interface details are observed here.

For observing the EIGRP traffic statistics, issue the command

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
This command shows the output of traffic statistics of EIGRP including
Number of Hello packets sent and received, update packet etc…
For Unequal Load Balancing:

R1#conf t

R1(config)#int eth 0/0

R1(config-if)#delay 500

R1(config)#router eigrp 1
R1(config-router)#variance ?
<1-128> Metric variance multiplier
R1(config-router)#variance 2
R1(config-router)#exit

R2(config)#int eth 0/0

R2(config-if)#delay 500

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting EIGRP Stuck in Active (SIA)

Stuck In Active (SIA)

For troubleshooting the EIGRP Stuck In Active (SIA) consider the following
diagram. Here, Eigrp is running in all of the Routers. One of Route 10.0.0.0/8
goes down from the first router (R1). As the Adjacency goes down, this route
will send the query packet to all routers in the Autonomous system
(Considering the Default condition) so share the update about that link
10.0.0.0/8. Other Routers may know about them but in this case, the Router
(R1) was the primary route and only the successor route to the network
10.0.0.0/8. Each and every router will reply the Query packet. Due to some
reasons, if any of the reply packet is did not reach its destination, router who
generates the Query will wait for the hold time. The default hold time for
NMBA network is 180 sec and Hello internal is 60 sec. For the other
networks Default hold time is 15 sec and hello interval is 5 sec. If the Reply
reaches to the destination within time Topology will be updated by removing
the network 10.0.0.0/8. If any of the Query reply is missing and the hold
timer expires, As the EIGRP is reliable protocol, it set it into Stuck in Active
state and resend the Query up to 16 times with the Retransmit Time Out
(RTO). Minimum RTO value is 200ms and Maximum of 5,000ms. If Reply
is not received even in Stuck in Active state R1 will discard the neighbour
ship of the Router, which does not reply the Query.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Command Show ip eigrp nei detail will show the number of transmit
packets, Number of Retires, Retransmit Time Out (RTO) and the Holdtime.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
To troubleshoot the state of the network, issue the command show ip eigrp
topology

In the output, U shows that the network is in the Update state. If any network
is in reply state, it will be represented by “r”.

EIGRP Stub Options

To prevent the Stuck In Active state, we can use the Stub router option in
EIGRP, which will also reduce the load on the router as well as Routing
Overheads. Lets observe the EIGRP stub Router option before starting the
troubleshooting.

R1(config)# Router eigrp 1

R1(config-router)#eigrp stub [ receive-only | Connected | Static
|Summary]

Receive-Only: EIGRP Stub router configured with receive-only option will

not share any of the routing updates to the neighbours. It will only receive the

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Routing updates from its neighbours. Receive-Only feature cannot be used
with any other option.

Connected: Connected Option is enabled by default. Connected Option

allows to send updates of connected routes to its neighbours.

Static: Static Option allows sharing the updates of Static Routes with its
neighbours. By default static routes are not shared. Use redistribute static
command to share static route updates.

Summary: Summary Option is also enabled by default as EIGRP shares the

routing updates of directly connected and Summary route with its neighbours.
Summary address may be Automatically summarized by Auto-summary
command in Router configuration mode or manually summarized.

Lab 3-13 : Troubleshooting EIGRP Stub

Topology:

Configuration
R1:
R1# show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router 1 knows about the networks 192.168.0.0/24 192.168.1.0/24 and
192.168.2.0/24 of Router 2 by EIGRP
R2:

R2(config)#router Eigrp 1
R2(config)#eigrp stub receive-only

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R2(config)#eigrp stub ?

As Router 2 configured as Stub Router, it stops forwarding the

Advertisement of its network and Neighbour Adjacency is down.

Verification:
R1#show ip route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Command Show ip eigrp nei detail will show the number of transmit
packets, Number of Retires, Retransmit Time Out (RTO) and the Holdtime.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
This command will show the running IP Protocols and their parameters as
well. As output is underlined with stub, receive-only. Whereas R1 is not
configured with Stub receive-only command, let check the output of R1:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R2#show run | section router eigrp

Show running configuration will also show that router is configured as stub
receive only.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router 1 knows about the networks 192.168.0.0/24 192.168.1.0/24 and
192.168.2.0/24 of Router 2 by EIGRP
R2:

R2(config)#router Eigrp 1
R2(config)#eigrp stub receive-only

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R2(config)#ipv6 unicast-routing
// enabling IPv6 routing globally
R2(config)#interface eth 0/0
R2(config-if)#ipv6 enable
// Enabling IPv6 on an interface
R2(config-if)#ipv6 address 2000::2/64
// Assigning IPv6 address
R2(config-if)#no sh
// Changing the state from down to up
R2(config-if)#ipv6 eigrp 1
// Enable IPv6 on an interface
R2(config-if)#ipv6 router eigrp 1
R2(config-if)#no shutdown
// Change the statet of EIGRP from down to up
R2(config-if)#router-id 2.2.2.2
// Assign a router ID
R2(config)#interface lo 0
R2(config-if)#ipv6 enable
//Enable Ipv6 on Loopback Interface
R2(config-if)#ipv6 address 1001::1/64
// Assign IP address on Loopback Interface
R2(config-if)#no sh
R2(config-if)#ipv6 eigrp 1

Verification:
R2#ping 1000::1 to check successful connectivity

R1#ping 1001::1 to check successful connectivity

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R1#show ipv6 route

In the Output, “D” represents that the network is learned by EIGRP

R2#show ipv6 route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R2#show run | section router eigrp

Show running configuration will also show that router is configured as stub
receive only.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
NewYork(config-router)#net 10.0.0.0 0.255.255.255 area 10
NewYork(config-router)# redistribute rip subnets
// Introduce Correct network, Every directly connected Network. Make sure you have to configure
Wild card bits. Mention correct Area
NewYork(config)#router rip
NewYork(config-rtr)#version 2
NewYork(config-rtr)#redistribute ospf 1
NewYork(config-rtr)#network 192.168.0.0

Berlin(config)#int eth 0/1

Berlin(config-if)# ip add 10.0.0.2 255.0.0.0
//Configure Correct IP Addressing and Mask
Berlin(config-if)# no sh
// Make sure to up every interface
Berlin(config)#int eth 0/0
Berlin(config-if)# ip add 11.0.0.2 255.0.0.0
//Configure Correct IP Addressing and Mask
Berlin(config-if)# no sh
// Make sure to up every interface
Berlin(config)#int lo 0
Berlin(config-if)# ip add 192.168.1.1 255.255.255.0
//Configure Correct IP Addressing and Mask

Berlin(config)#router ospf 1
Berlin(config-router)#net 11.0.0.0 0.255.255.255 area 0
// Introduce Correct network, Every directly connected Network. Make sure you have to configure
Wild card bits. Mention correct Area

00:04:28: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on GigabitEthernet0/1 from LOADING

to FULL, Loading Done

Berlin(config-router)#net 192.168.1.0 0.0.0.255 area 10

Berlin(config-router)#net 10.0.0.0 0.255.255.255 area 10
// Introduce Correct network, Every directly connected Network. Make sure you have to configure
Wild card bits. Mention correct Area

00:06:15: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on GigabitEthernet0/0 from LOADING

to FULL, Loading Done

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
London(config)#int eth 0/0
London(config-if)# ip add 11.0.0.1 255.0.0.0
//Configure Correct IP Addressing and Mask
London(config-if)# no sh
// Must turn up the interface
London(config)#int lo 0
London(config-if)# ip add 192.168.2.1 255.255.255.0
//Configure Correct IP Addressing and Mask
London(config)#router ospf 1
London(config-router)#net 11.0.0.0 0.255.255.255 area 0
London(config-router)#net 192.168.2.0 0.0.0.255 area 0
// Introduce Correct network, Every directly connected Network. Make sure you have to configure
Wild card bits. Mention correct Area
London(config-router)#ex
00:04:28: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.1 on GigabitEthernet0/0 from LOADING
to FULL, Loading Done

Verification of Neighbourship:
London# Show ip ospf nei

Berlin# Show ip ospf nei

Exam-Labs - 100% Real IT Certification Exam Dumps

Verification:
R2#ping 1000::1 to check successful connectivity

R1#ping 1001::1 to check successful connectivity

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
*Apr 27 09:08:06.880: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.1 on Ethernet0/1 from FULL
to DOWN, Neighbor Down: Dead timer expired

*Apr 27 09:08:44.859: %OSPF-4-NOVALIDKEY: No valid authentication send key is available on

interface Ethernet0/1

Verification:
London# Show ip ospf nei

Successfully Authenticated, Neighbour ship formed

Berlin# Show ip ospf nei

Successfully Authenticated, Neighbour ship formed

NewYork# Show ip ospf nei

Successfully Authenticated, Neighbour ship formed

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
London#show ip ospf interface ethernet 0/0

From the output, we can observe the Process ID running on the interface,
Router ID, Network Type (Point to Point/Multipoint/Broadcast/NMBA),
State of Router (DR,BDR,ABR or ASBR) Hello and Dead Timer in seconds
etc.

This Router (London) is a designated Router with Router ID of its loopback

address 192.1682.1. Broadcast Network with default hello and dead timers
of 10 and 40 sec respectively.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Lab 3-15 : Troubleshooting OSPF

Topology:

Case Study:
In this Lab, OSPF is configured with different areas to troubleshoot the
processes of OSPF routing Protocol. London Router link are connected in
OSPF area 0. Berlin Router is connected with Area 0 via Ehternet 0/0 as
well as Connected with Area 10 via Ethernet 0/1. New York is running
OSPF Area 10 as well as introducing its RIP route into OSPF, which help
us in troubleshooting LSA Type 7 as well.

Configuration:
NewYork(config)#int eth 0/1
NewYork(config-if)# ip add 10.0.0.1 255.0.0.0
//Configure Correct IP Addressing and Mask
NewYork(config-if)# no sh
// Make sure to up every interface
NewYork(config)# int lo 0
NewYork(config-if)# ip add 192.168.0.1 255.255.255.0
//Configure Correct IP Addressing and Mask

NewYork(config)#router ospf 1

Exam-Labs - 100% Real IT Certification Exam Dumps

Berlin(config)#int eth 0/1

00:04:28: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.2.1 on GigabitEthernet0/1 from LOADING

to FULL, Loading Done

Berlin(config-router)#net 192.168.1.0 0.0.0.255 area 10

Berlin(config-router)#net 10.0.0.0 0.255.255.255 area 10
// Introduce Correct network, Every directly connected Network. Make sure you have to configure
Wild card bits. Mention correct Area

00:06:15: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.1 on GigabitEthernet0/0 from LOADING

to FULL, Loading Done

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
O IA 10.0.0.0/8 [110/20] via 11.0.0.2, 00:23:26, Ethernet0/0
// OPSF Area 10 network is learned as OSPF Inter Area route
O E2 192.168.0.0/24 [110/20] via 11.0.0.2, 00:23:26, Ethernet0/0
// External Route is learned as OSPF External Area route
O IA 192.168.1.1 [110/11] via 11.0.0.2, 00:23:26, Ethernet0/0
// OPSF Area 10 network is learned as OSPF Inter Area route

To troubleshoot the Border router and the path External to OSPF

London#show ip ospf border-router

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
*Apr 27 09:08:06.880: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.1 on Ethernet0/1 from FULL
to DOWN, Neighbor Down: Dead timer expired

*Apr 27 09:08:44.859: %OSPF-4-NOVALIDKEY: No valid authentication send key is available on

interface Ethernet0/1

Verification:
London# Show ip ospf nei

Successfully Authenticated, Neighbour ship formed

Berlin# Show ip ospf nei

Successfully Authenticated, Neighbour ship formed

NewYork# Show ip ospf nei

Successfully Authenticated, Neighbour ship formed

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
authentication, authentication will fail and adjacency will not formed.

ACLs: An ACL that is denying packets of OSPF

Duplicate router IDs: Router IDs must be unique.

Mismatched network types: Adjacency between Different Network

types will not formed.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
The output shows that Ethernet 0/0 interface is connected with Area 0,
Network type is Broadcast and this router is BDR and adjacent with DR.
Loopback 0 is in area 10 with the network type Loopback treated as Stub

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
host. Ethernet 0/1 is also under area 10.

Berlin# show ip ospf int brief

Display the information of interfaces along with Area ID, IP address cost
and the state.

Number of LSA in the Area, Interfaces allowed in the area can be observed
by

London#show ip ospf database

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
// IPv6 address for an Interface
NewYork (config-if)#ipv6 ospf 1 area 0
// Enable IPv6 OSPF on Loopback interface
NewYork (config-if)#no sh
NewYork (config-if)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Verification:

London# ping 1001::1

Successful Connection formed, Ping Successful

London# show ipv6 ospf nei

London#show ipv6 route

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Routing Table updated. The Route with “O” represents the OSPF route.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting BGP IPv4 Authentication

Case Study:
Configure the Router R1 and R2 with IPv4 BGP Routing Protocol and
Verify the Neighbour Adjacency. BGP IPv4 Authentication should also be
enabled to authenticate the neighbour before forming adjacency.

Configuration:
R1
R1(config)#int fa 0/0
R1(config-if)#ip add 10.0.0.2 255.255.255.0
R1(config-if)#no sh
R1(config)#router bgp 65000
// Autonomous system must be defined and same as in the neighbour details of remote router
R1(config-router)#neighbor 10.0.0.1 remote-as 65001
// Remote Autonomous system Number is to be configured here. Donot configure the same
autonomous system for eBGP.
R1(config-router)#neighbor 10.0.0.1 password 0 ipspecialist
// Remember the password to configure on the remote Router. Make sure it is case sensitive
R1(config-router)#ex

R2
R2(config)#int fa 0/0
R2(config-if)#ip add 10.0.0.1 255.255.255.0
R2(config-if)#no sh
R2(config)#router bgp 65001
// Autonomous system must be defined and same as in the neighbour details of remote router
R2(config-router)#neighbor 10.0.0.2 remote-as 65000
// For eBGP, make sure the remote autonomous system number is configured
R2(config-router)#neighbor 10.0.0.2 password 0 ipspecialist
// Configure the correct password to be authenticated by the remote Router. Make sure it is case
sensitive

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 3-16 : Troubleshooting OSPFv3

Topology:

Case Study
Configure the two routers with OSPFv3 Routing Protocol to connect with
each other. Verify the Neighbour adjacencies and Routing Table.

Configuration:
London
Router(config)#hostname London
London(config)#ipv6 unicast-routing
// Globally enable IPv6 Routing
London(config)#int eth 0/0
London(config-if)#ipv6 enable
// Enable IPv6 on an interface.
London(config-if)#ipv6 add 2001::1/64
// IPv6 address for an Interface OSPF will use all the prefix if more than one prefix is configured on
interface
London(config-if)#ipv6 ospf 1 area 0
// Enable IPv6 OSPF on an interface. For OSPFv3, it must be configured on an interface
London(config-if)#no sh
London(config-if)#ipv6 router ospf 1
London(config-rtr)#router-id 1.1.1.1
//Unique Router ID must be configured
London(config-rtr)#ex
London(config)#int lo 0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
// IPv6 address for an Interface
NewYork (config-if)#ipv6 ospf 1 area 0
// Enable IPv6 OSPF on Loopback interface
NewYork (config-if)#no sh
NewYork (config-if)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
// In case of down interface, Or down line protocol, Adjacency will not formed
Border-65000(config-if)#ex
Border-65000(config)#
*May 18 06:30:06.770: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*May 18 06:30:07.774: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
changed state to up
Border-65000(config)#int eth 0/2
Border-65000(config-if)#ip add 172.16.0.1 255.255.0.0
Border-65000(config-if)#no sh
// In case of down interface, Or down line protocol, Adjacency will not formed
Border-65000(config-if)#ex
Border-65000(config)#
*May 18 06:30:26.953: %LINK-3-UPDOWN: Interface Ethernet0/2, changed state to up
*May 18 06:30:27.953: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/2,
changed state to up
Border-65000(config)#
Border-65000(config)#router bgp 65000
// Autonomous system must be defined and same as in the neighbour details of remote router
Border-65000(config-router)#neighbor 10.0.0.2 remote-as 65001
// Autonomous system must be of same for iBGP and different for eBGP.
Border-65000(config-router)#neighbor IPS peer-group
Border-65000(config-router)#neighbor IPS remote-as 65000
// Make sure Autonomous system number having peer-group named as IPS
Border-65000(config-router)#neighbor 172.16.0.2 peer-group IPS
// Verify the peer-group name, In case of difference in spelling neighbour will be allocated in a new
peer group.
Border-65000(config-router)#neighbor 172.17.0.2 peer-group IPS
Border-65000(config-router)#network 172.17.0.0 mask 255.255.0.0
Border-65000(config-router)#net 172.16.0.0 mask 255.255.0.0
Border-65000(config-router)#net 10.0.0.0 mask 255.255.255.252
// Make sure to advertise the correct IP addresses and Masks
Border-65000(config-router)#ex
Border-65000(config)#

Internal Router 1 of Autonomous System 65000:

Router(config)#hostname eBGP-1
eBGP-1(config)#int eth 0/0
eBGP-1(config-if)#ip add 172.17.0.2 255.255.0.0
eBGP-1(config-if)#no sh
eBGP-1(config-if)#ex
eBGP-1(config)#

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
*May 18 06:37:03.582: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 18 06:37:04.586: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
eBGP-1(config)#router bgp 65000
// Make sure Autonomous system number.
eBGP-1(config-router)#neighbor 172.17.0.1 remote-as 65000
// Make sure the advertisement of Neighbor with respect to its related Autonomous system number.
eBGP-1(config-router)#ex
eBGP-1(config)#
*May 18 06:37:41.303: %BGP-5-ADJCHANGE: neighbor 172.17.0.1 Up
eBGP-1(config)#

Internal Router 2 of Autonomous System 65000:

Router(config)#hostname eBGP-2
eBGP-2(config)#int eth 0/0
eBGP-2(config-if)#ip add 172.16.0.2 255.255.0.0
eBGP-2(config-if)#no sh
// In case of down interface, Or down line protocol, Adjacency will not formed
eBGP-2(config-if)#ex
eBGP-2(config)#
*May 18 06:38:59.043: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 18 06:39:00.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
eBGP-2(config)#
eBGP-2(config)#router bgp 65000
// Make sure Autonomous system number.
eBGP-2(config-router)#neighbor 172.16.0.1 remote-as 65000
eBGP-2(config-router)#ex
eBGP-2(config)#
*May 18 06:39:28.252: %BGP-5-ADJCHANGE: neighbor 172.16.0.1 Up
eBGP-2(config)#

Border Router of Autonomous System 65001:

Router(config)#hostname Border-65001
Border-65001(config)#int eth 0/0
Border-65001(config-if)#ip add 10.0.0.2 255.255.255.252
Border-65001(config-if)#no sh
// In case of down interface, Or down line protocol, Adjacency will not formed
Border-65001(config-if)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Border-65001(config)#
*May 18 06:41:01.899: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 18 06:41:02.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
Border-65001(config)#int eth 0/1
Border-65001(config-if)#ip add 192.168.0.1 255.255.255.0
Border-65001(config-if)#no sh
// In case of down interface, Or down line protocol, Adjacency will not formed
Border-65001(config-if)#ex
Border-65001(config)#
*May 18 06:41:24.960: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*May 18 06:41:25.964: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
changed state to up
Border-65001(config)#
Border-65001(config)#router bgp 65001
// Make sure Autonomous system number.
Border-65001(config-router)#neighbor 10.0.0.1 remote-as 65000
// Make sure the advertisement of Neighbor with respect to its related Autonomous system number.
Border-65001(config-router)#
*May 18 06:41:51.143: %BGP-5-ADJCHANGE: neighbor 10.0.0.1 Up
Border-65001(config-router)#neighbor 192.168.0.2 remote-as 65001
// Make sure the advertisement of Neighbor with respect to its related Autonomous system number.
Border-65001(config-router)#network 192.168.0.0 mask 255.255.255.0
Border-65001(config-router)#network 10.0.0.0 mask 255.255.255.252
// Make sure to advertise the correct IP addresses and Masks
Border-65001(config-router)#ex
Border-65001(config)#

Internal Router 1 of Autonomous System 65001:

Router(config)#hostname eBGP
eBGP(config)#int eth 0/0
eBGP(config-if)#ip add 192.168.0.2 255.255.255.0
eBGP(config-if)#no sh
eBGP(config-if)#ex
eBGP(config)#
*May 18 06:50:01.078: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 18 06:50:02.082: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
eBGP(config)#
eBGP(config)#
eBGP(config)#router bgp 65001

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshooting BGP IPv4 Authentication

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Lab 3-17 : Troubleshooting iBGP & eBGP parameters

Case Study:
Internal And External BGP are configure in this Lab with Autonomous
System Number 65000 and 65001. External BGP link connected these
routers. Internal Netowrk is operating on Internal BGPs.

Topology Diagram:

Configuration:
Border Router of Autonomous System 65000:
Router(config)#hostname Border-65000
Border-65000(config)#int eth 0/0
Border-65000(config-if)#ip add 10.0.0.1 255.255.255.252
Border-65000(config-if)#no sh
// In case of down interface, Or down line protocol, Adjacency will not formed
Border-65000(config-if)#ex
Border-65000(config)#
*May 18 06:29:36.524: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 18 06:29:37.529: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
Border-65000(config)#int eth 0/1
Border-65000(config-if)#ip add 172.17.0.1 255.255.0.0
Border-65000(config-if)#no sh

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
both routers running the network 172.17.0.0 in Autonomous System 65000.

Border-65000#show run | section router bgp

The Border Router shows that the IPS peer group is set be in passive
transport connection mode. Which means that IPS peer group members can
not initiate the session. Now, if the other end is configured with Active state
then it will be fine. In case if the other end is configured with Passive, no
one will initiate the session.

iBGP-1#show run | section router bgp

Neighbour 172.17.0.1 is also set with Passive mode of transport

connection. Always make sure that one end of a link must be set in Active
mode, another end may be in Active or Passive mode.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Chapter 4: VPN Technologies

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Parameters in troubleshooting GRE

In Troubleshooting GRE, we must consider the following parameters:

Tunnel Interface
Tunnel and its Protocol must be up

IP address of Tunnel Interface

Assign an IP address on Virtual Tunnel Interface

Tunnel source and destination IP addresses

Tunnel source and destination address must be correctly defined

Tunnel mode
Make sure the tunnel mode is GRE/IP by show int tunnel [tunnel no]
command

Access Control List

Any access list may block the traffic.

Maximum Transfer Unit

MTU size must be same

Recursive routing table

Due to mis configuration, Router tries to route tunnel destination using
Virtual interface instead of Physical interface

Routing Protocol
Tunnel Network is to be advertised in any Dynamic Routing protocol.

Lab 4-1 : Troubleshooting GRE Tunnel:

Topology:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Case Study:
Configure the Generic Routing Encapsulation tunnel between the two
Routers IPS_1 and IPS_2.

Configuration
Router 1:
Router(config)#hostname R1
R1(config)#int eth 0/1
R1(config-if)#ip add 172.16.0.1 255.255.0.0
R1(config-if)#no sh
*Jul 31 00:32:36.418: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*Jul 31 00:32:37.422: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed
state to up

R1(config)#int eth 0/0

R1(config-if)#ip add 10.0.0.1 255.0.0.0
R1(config-if)#no sh
*Jul 31 00:32:53.231: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Jul 31 00:32:54.235: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed
state to up

R1(config)#router rip
R1(config-router)#net 172.16.0.0
R1(config-router)#net 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R1(config)#int tunnel 0
*Jul 31 00:34:15.600: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed
state to down
R1(config-if)#ip add 100.0.0.1 255.0.0.0
R1(config-if)#tunnel source 10.0.0.1
R1(config-if)#tunnel destination 11.0.0.1
R1(config-if)#ex

R1(config)#ip route 192.168.0.0 255.255.255.0 tunnel 0

Cloud:
Router(config)#int fa 0/0
Router(config-if)#ip add 10.0.0.2 255.0.0.0
Router(config-if)#no sh
*Mar 1 00:06:44.131: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:06:45.131: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up

Router(config)#int fa 0/1
Router(config-if)#ip add 11.0.0.02 255.0.0.0
Router(config-if)#no sh
*Mar 1 00:07:04.011: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:07:05.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to upnet

Router(config)#router rip
Router(config-router)#net 10.0.0.0
Router(config-router)#net 11.0.0.0
Router(config-router)#no auto-summary
Router(config-router)#ex

Router 2:
Router(config)#hostname R2
R2(config)#int eth 0/0
R2(config-if)#ip add 11.0.0.1 255.0.0.0
R2(config-if)#no sh
*Jul 31 00:38:32.945: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*Jul 31 00:38:33.946: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed
state to up

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
The output shows IPv4 neighbours of BGP router. Neighbour ID along with
Autonomous System number and the states are also shown. If the state of
any of the router is IDLE as shown in the figure below, it means the link is
facing trouble. This may be of authentication, state difference or else.

Border-65000#show ip bgp summary

In this figure, the output shows that 172.17.0.2 neighbour state is idle. In
order to troubleshoot the fault, let us check the running configuration of

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Tunnel is up, Protocol of Line is up. Other parameter can also observed
here. Tunnel Address is 100.0.0.1/8, Tunnel Transport Protocol is GRE/IP..
VPC4> trace 192.168.0.10

Tunnel ) is being used for destination 192.168.0.10

R2# show int tunnel 0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
VPC5> ping 172.16.0.10

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Parameters in troubleshooting GRE

In Troubleshooting GRE, we must consider the following parameters:

Tunnel Interface
Tunnel and its Protocol must be up

IP address of Tunnel Interface

Assign an IP address on Virtual Tunnel Interface

Tunnel source and destination IP addresses

Tunnel source and destination address must be correctly defined

Tunnel mode
Make sure the tunnel mode is GRE/IP by show int tunnel [tunnel no]
command

Access Control List

Any access list may block the traffic.

Maximum Transfer Unit

MTU size must be same

Recursive routing table

Due to mis configuration, Router tries to route tunnel destination using
Virtual interface instead of Physical interface

Routing Protocol
Tunnel Network is to be advertised in any Dynamic Routing protocol.

Lab 4-1 : Troubleshooting GRE Tunnel:

Topology:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
IPS_Router(config)#aaa new-model
IPS_Router(config)#aaa authentication banner c AAA-database..!! Identify
Yourself c

IPS_Router(config)#aaa authentication login default local

// It will use Local database. We can also set it with RADIUS and TACACS+ and fall back Local
database support as well. In this course Local AAA support is included.
IPS_Router(config)#aaa authentication login default group radius local
// This command will prefer radius server and use Local database when Radius server is down

IPS_Router(config)#service password-encryption
// Enable all password encryption
IPS_Router(config)#ip domain name specialist.net
IPS_Router(config)#crypto key generate rsa modulus 1024
The name for the keys will be: IPS_Router.specialist.net
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)

*May 19 06:32:16.161: %SSH-5-ENABLED: SSH 1.99 has been enabled

// Shows SSH has been enabled successfully

IPS_Router(config)#line console 0
IPS_Router(config-line)#login authentication default
// enable aaa default setting on line console 0. Default setting includes Console vty and Aux line to be
authenticated.
IPS_Router(config-line)#end

IPS_Router(config)#line vty 0 4
IPS_Router(config-line)#login authentication default
// enable aaa local authentication on vty lines
IPS_Router(config-line)#transport input ssh
// By default telnet is enabled. This command overwrite the configuration and SSH will be allowed
on vty line only.
IPS_Router(config-line)#ex

IPS_Router(config)#line aux 0
IPS_Router(config-line)#login authentication default
// enable aaa local authentication on Aux line
IPS_Router(config-line)#end

Exam-Labs - 100% Real IT Certification Exam Dumps

R1(config)#ip route 192.168.0.0 255.255.255.0 tunnel 0

Router(config)#router rip
Router(config-router)#net 10.0.0.0
Router(config-router)#net 11.0.0.0
Router(config-router)#no auto-summary
Router(config-router)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Select the option Internet Protocol version 4 (TCP/IPv4) and click on Properties button
to see the details.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
VPC5> ping 172.16.0.10

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
IPS_Router(config)#aaa new-model
IPS_Router(config)#aaa authentication banner c AAA-database..!! Identify
Yourself c

IPS_Router(config)#aaa authentication login default local

*May 19 06:32:16.161: %SSH-5-ENABLED: SSH 1.99 has been enabled

// Shows SSH has been enabled successfully

IPS_Router(config)#line aux 0
IPS_Router(config-line)#login authentication default
// enable aaa local authentication on Aux line
IPS_Router(config-line)#end

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Select the option Internet Protocol version 4 (TCP/IPv4) and click on Properties button
to see the details.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Now verify the telnet connection as telnet connection is not
allowed

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
As shown, connection is refused because only SSH is allowed on VTY
lines.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshoot Router Security Features

Lab 5-2 : Troubleshooting IPv4 Access Control Lists

Case Study:
Time Based Extended Access Control List is configured in the network for
the weekend days. Let us s troubleshoot the process of time based extended
access control list application.
Topology Diagram:

Configuration:
IPS#clock set 10:20:00 22 apr 2017

Apr 22 10:20:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 10:21:48
UTC Fri Apr 21 2017 to 10:20:00 UTC Sat Apr 22 2017, configured from console by IPspecialist on
console.

IPS#show clock

10:20:07.083 UTC Sat Apr 22 2017

IPS(config)#time-range Halfday
IPS(config-time-range)#periodic ?
Friday Friday
Monday Monday
Saturday Saturday
Sunday Sunday
Thursday Thursday
Tuesday Tuesday
Wednesday Wednesday
Daily Every day of the week
weekdays Monday thru Friday

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
weekendSaturday and Sunday

IPS(config-time-range)#periodic weekend 10:00 to 10:30

// Function on weekend days only (Saturday and Sunday)
IPS(config-time-range)#ex
IPS(config)#ip access-list extended 100
// Make sure the number of access list is of standard or extended
IPS(config-ext-nacl)#deny icmp host 10.0.0.10 host 10.0.0.1 time-range
Halfday
// Make sure you have to permit or deny
// Make sure to filter network or host
//Make sure to service to the filter like icmp, Tcp, ftp etc
IPS(config-ext-nacl)#permit ip any any
// Always make sure to permit ip any any or deny ip any any statement are in the end. If these are
the first statement of Access list, It will allow all or deny all networks because it matches every
condition
IPS(config-ext-nacl)#ex
IPS(config)#interface Ethernet 0/0
IPS(config-if)#ip add 10.0.0.1 255.255.255.0
IPS(config-if)#no sh
// Turn the interface up
IPS(config-if)#ip access-group 100 in
// Assign the Access list in correct direction
// Configure the correct access list number
IPS(config-if)#ex
IPS(config)#

Troubleshooting
R1#show access-list

Shows the access list configured on a router. Access list 100 is available
which is denying the host IP address 10.0.0.10 to the host 10.0.0.1 with the
time-range Halfday.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Access list number 100 shows this is an extended access list.

Inbound access-list 100 is applied on Ethernet 0/0

Check the current time, 10:00 – 10:30 is the blocking time

IPS#show clock

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Now verify the telnet connection as telnet connection is not
allowed

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
As shown, connection is refused because only SSH is allowed on VTY
lines.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Troubleshoot Router Security Features

Lab 5-2 : Troubleshooting IPv4 Access Control Lists

Configuration:
IPS#clock set 10:20:00 22 apr 2017

Apr 22 10:20:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 10:21:48
UTC Fri Apr 21 2017 to 10:20:00 UTC Sat Apr 22 2017, configured from console by IPspecialist on
console.

IPS#show clock

10:20:07.083 UTC Sat Apr 22 2017

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
weekendSaturday and Sunday

IPS(config-time-range)#periodic weekend 10:00 to 10:30

Troubleshooting
R1#show access-list

Shows the access list configured on a router. Access list 100 is available
which is denying the host IP address 10.0.0.10 to the host 10.0.0.1 with the
time-range Halfday.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R1(config-if)#ex

Verification:
R1# show ipv6 access-list

This command shows the access list and the expressions of the access-list
configured on the router.

R1#show ipv6 interface ethernet 0/0

As the output is underlined, Inbound Access list Lo_only is enabled on

interface Ethernet 0/0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
From R2, show ipv6 route

The output shows that R2 has learned about the Loopback addresses
configured on the Router 1 via OSPFv3. Let’s try to ping the Loopback
interfaces for connectivity.

R2# Ping 1000::1

Successful ping shows the access to the network 1000::1 passes the traffic
filter. Now check the connectivity to the other loopback interface
R2# Ping 1001::1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Ping and trace route result shows the traffic filter blocked the traffic
destined to the network 1001::1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 5-4 : Troubleshoot Unicast Reverse Path Forwarding
Case Study:
In this lab, Unicast Reverse Path Forwarding is configured so that the
Routing update of 192.168.0.1 is connected via Ethernet 0/0. Now, the
Routing to the network 192.168.0.0 will be acceptable via Ehternet 0/0. Any
other information regarding this network will be dropped.
Topology Diagram:

R1 Configuration:
R1(config)#int eth 0/0
R1(config-if)#ip add 10.0.0.1 255.255.255.0
//Assign the correct IP address and Subnet Masking
R1(config-if)#no sh
//Remember to turn interface up
*May 19 09:49:42.485: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 19 09:49:43.485: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up

R1(config)#int lo 0
*May 19 09:49:50.623: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to up
R1(config-if)#ip add 192.168.0.1 255.255.255.0
//Assign the correct IP address and Subnet Masking

R1(config)#router rip
R1(config-router)#net 10.0.0.0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R1(config-router)#net 192.168.0.0
R1(config-router)#no aut0-summary

R2 Configuration:
R2(config)#int eth 0/0
R2(config-if)#ip add 10.0.0.2 255.255.255.0
//Assign the correct IP address and Subnet Masking
R2(config-if)#no sh
//Remember to turn interface up
*May 19 09:51:16.467: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 19 09:51:17.468: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up

R2(config)#int eth 0/1

R2(config-if)#ip add 11.0.0.1 255.255.255.0
//Assign the correct IP address and Subnet Masking
R2(config-if)#no sh
//Remember to turn interface up
*May 19 09:51:32.954: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*May 19 09:51:33.958: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
changed state to up

R2(config)#ip route 192.168.0.0 255.255.255.0 ethernet 0/0

R2(config)#router rip
R2(config-router)#net 10.0.0.0
R2(config-router)#net 11.0.0.0
R2(config-router)#no aut0-summary

R2(config)#int eth 0/0

R2(config-if)#ip verify unicast source reachable-via rx
// Enable uRPF strict mode

R2(config)#int eth 0/1

R2(config-if)#ip verify unicast source reachable-via rx
// Enable uRPF strict mode

R3 Configuration:
R3(config)#int eth 0/1
R3(config-if)#ip add 11.0.0.2 255.255.255.0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
//Assign the correct IP address and Subnet Masking
R3(config-if)#no sh
//Remember to turn interface up
*May 19 09:54:39.273: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*May 19 09:54:40.274: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
changed state to up

R3(config)#int lo 0
*May 19 09:54:48.073: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to up
R3(config-if)#ip add 192.168.0.1 255.255.255.0

R3(config)#router rip
R3(config-router)#net 11.0.0.0
R3(config-router)#net 192.168.0.0
R3(config-router)#no aut0-summary

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Verification:

Show ip route command shows that 192.168.0.0/24 network entry is

connected via Ethernet 0/0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
From R2, show ipv6 route

The output shows that R2 has learned about the Loopback addresses
configured on the Router 1 via OSPFv3. Let’s try to ping the Loopback
interfaces for connectivity.

R2# Ping 1000::1

Successful ping shows the access to the network 1000::1 passes the traffic
filter. Now check the connectivity to the other loopback interface
R2# Ping 1001::1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
On router 2, Interface Ethernet 0/0 is enabled with uRPF and 0 verification
is dropped.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Introduce a default route on R3 for connectivity

As shown in the output, 10.0.0.1 route is not dropped, successful ping from

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R1(config-router)#net 192.168.0.0
R1(config-router)#no aut0-summary

R2(config)#int eth 0/1

R2(config)#ip route 192.168.0.0 255.255.255.0 ethernet 0/0

R2(config)#router rip
R2(config-router)#net 10.0.0.0
R2(config-router)#net 11.0.0.0
R2(config-router)#no aut0-summary

R2(config)#int eth 0/0

R2(config-if)#ip verify unicast source reachable-via rx
// Enable uRPF strict mode

R2(config)#int eth 0/1

R2(config-if)#ip verify unicast source reachable-via rx
// Enable uRPF strict mode

R3 Configuration:
R3(config)#int eth 0/1
R3(config-if)#ip add 11.0.0.2 255.255.255.0

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Chapter 6: Infrastructure Services

Lab 6-1 : Troubleshoot SNMP v3 Logging and NTP

Case Study:
In the Simple Network Management Protocol (SNMP) v2c and v3, the major
difference is Authentication and Encryption. SNMP v3 is more secure than
the previous versions, V1 and V2c. Version 1 is the oldest version having
plain text community. It does not support 64 bit counters. V2c not only
support 64 bit counter also some feature are added. Version 3 Supports
ENcyption and Authentication features. In this lab, we are troubleshooting
SNMP v2c and v3.

Topology:

Configuration:
NTP-Client(config)#int eth 0/1
NTP-Client(config-if)#ip add 10.0.0.1 255.255.255.0
NTP-Client(config-if)#no sh

*Mar 1 00:00:55.355: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up

*Mar 1 00:00:56.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to up

NTP-Client(config)#int eth 0/0

NTP-Client(config-if)#ip add 1.0.0.1 255.255.255.0
NTP-Client(config-if)#no sh

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
*Mar 1 00:01:11.387: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:01:12.387: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed st

NTP-Client(config)#snmp-server group Mygroup v3 auth read Myview

NTP-Client(config)#snmp-server user MyUser Mygroup v3 auth md5
P@$$word:10
NTP-Client(config)#

*Mar 1 00:19:43.803: Configuring snmpv3 USM user, persisting snmpEngineBoots. Please Wait...

NTP-Client(config)#do show snmp engineID

Local SNMP engineID: 800000090300C2030DAD0000
Remote Engine ID IP-addr Port

NTP-Client(config)#snmp-server engineID remote 10.0.0.10

NTP-Client#
*Mar 1 00:21:10.575: %SYS-5-CONFIG_I: Configured from console by consoleconfig t
Enter configuration commands, one per line. End with CNTL/Z.

NTP-Client(config)#snmp-server engineID remote 10.0.0.10

800000090300C2030DAD0000
NTP-Client(config)#ntp authenticate
NTP-Client(config)#ntp authentication-key 1 md5 P@$$word:10
NTP-Client(config)#ntp trusted-key 1
NTP-Client(config)#ntp server 1.0.0.2
NTP-Client(config)#end
NTP-Client#show
*Mar 1 00:27:47.019: %SYS-5-CONFIG_I: Configured from console by console clock
*00:27:49.659 UTC Fri Mar 1 2002
NTP-Client (config)#ntp update-calendar

NTP-Client#show ntp status

Clock is synchronized, stratum 11, reference is 1.0.0.2
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
reference time is DCA7F5D4.FA7567B1 (03:56:04.978 UTC Mon Apr 24 2017)
clock offset is -0.0891 msec, root delay is 20.14 msec
root dispersion is 15875.14 msec, peer dispersion is 15875.02 msec

NTP-Client(config)#logging 10.0.0.10

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
NTP-Client(config)#logging trap debugging
NTP-Client(config)#service timestamps debug datetime msec
NTP-Client(config)#service timestamps log datetime msec

NTP-Server
NTP-Server#clock set 03:52:00 apr 24 2017

*Apr 24 03:52:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 00:22:26
UTC Fri Mar 1 2002 to 03:52:00 UTC Mon Apr 24 2017, configured from console by console.

NTP-Server#show clock
03:52:05.919 UTC Mon Apr 24 2017

NTP-Server(config)#int eth 0/1

NTP-Server(config-if)#ip add 1.0.0.2 255.255.255.0
NTP-Server(config-if)#no sh
NTP-Server(config)#ntp master 10
NTP-Server(config)#ntp authentication-key 1 md5 P@$$word:10

SNMP verification:

Click Manage Engine pinned to task bar of provided VMware image of

windows-7. Following windows will open. Click first time user to enter.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
On router 2, Interface Ethernet 0/0 is enabled with uRPF and 0 verification
is dropped.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
By clicking on next, a web page will be prompted for user credentials we
defined on R1 and R2 router.

Goto “Add Credentials”

Enter the credentials of SNMPv3 AuthNoPriv model. Select MD5 as hashing
algorithm as it has to match with R1’s configuration.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
source 11.0.0.2 because R2 has route entry in its routing table about
11.0.0.0 network. But the ping to the same destination from source
192.168.0.1 is dropped because uRPF is dropping the packet. R2 has
network entry of 192.168.0.1 from it Ethernet 0/0 interface in its routing
table hence blocking the traffic from Ethernet 0/1

R2 on its interface Ethernet 0/1 dropped 10 verification packets.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Chapter 6: Infrastructure Services

Lab 6-1 : Troubleshoot SNMP v3 Logging and NTP

Topology:

Configuration:
NTP-Client(config)#int eth 0/1
NTP-Client(config-if)#ip add 10.0.0.1 255.255.255.0
NTP-Client(config-if)#no sh

*Mar 1 00:00:55.355: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up

*Mar 1 00:00:56.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to up

NTP-Client(config)#int eth 0/0

NTP-Client(config-if)#ip add 1.0.0.1 255.255.255.0
NTP-Client(config-if)#no sh

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Select Interfaces and Click Next

Configure Schedule and Click Next

After clicking on finish, OPManager will responding to incoming SNMP
traffic.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
OPManager must identify router R1 after completing discovery process as
shown below:

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
By clicking on next, a web page will be prompted for user credentials we
defined on R1 and R2 router.

Goto “Add Credentials”

Enter the credentials of SNMPv3 AuthNoPriv model. Select MD5 as hashing
algorithm as it has to match with R1’s configuration.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
view important information. Importance of securing such important
information displayed by SNMP should be clear at this stage.

Syslog Verification:

Open source 3CDaemon server used in this lab contains Syslog server along
with FTP and other servers. Click on 3CD icon on start menu to start it and
view its operations. As OP Manager is also installed on same management
station. We may need to stop manage engine service before starting syslog
server.
To stop manage engine service, type services.msc in start menu and stop the
Manage Engine OPManager service.

Following figure shows few logs received by Syslog server.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
In order to use SCP for file transfer anywhere inside IOS of cisco devices,
we need to enable SCP server option on cisco devices. Following command
is used to make device an SCP server. SSH needs to be enabled first for SCP
to work as SCP based sessions use SSH encrypted flow of data.

R2(config)#ip scp server enable.

Any scp supported software can be used from workstation to access any
location within cisco IOS.

NTP Verification
NTP-Client>en
NTP-Client#config t
Enter configuration commands, one per line. End with CNTL/Z.
NTP-Client(config)#ntp update-calendar
NTP-Client(config)#end
May 12 06:16:56.468: %SYS-5-CONFIG_I: Configured from console by
console

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Select Interfaces and Click Next

Configure Schedule and Click Next

After clicking on finish, OPManager will responding to incoming SNMP
traffic.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 6-2 : Troubleshooting NTP v4

Configuration
Router(config)#Hostname NTPv4Server
NTPv4Server(config)#int eth 0/0
NTPv4Server(config-if)#no ip add
NTPv4Server(config-if)#ipv6 enable
//Enable IPv6 on an interface
NTPv4Server(config-if)#ipv6 add 2001::1/64
//Assign IP address on an Interface
NTPv4Server(config-if)#no sh
// Must turn up the interface
NTPv4Server(config-if)#ex
*May 22 11:50:09.973: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 22 11:50:10.978: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
//Interface and Interface Line Protocol, Both are up
NTPv4Server(config)#ntp master 1
// Set the Router as Authoritative NTP server
NTPv4Server(config)#ntp server 2001::1 version 4
Set NTP Version Number

Router(config)#hostname NTPv4Client
NTPv4Client(config)#int eth 0/0
NTPv4Client(config-if)#no ip add
NTPv4Client(config-if)#ipv6 enable
//Enable IPv6 on an interface
NTPv4Client(config-if)#ipv6 add 2001::2/64
//Assign IP address on an Interface
NTPv4Client(config-if)#no sh
// Must turn up the interface
NTPv4Client(config-if)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
*May 22 11:52:08.248: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
*May 22 11:52:09.248: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethe0, changed
state to up
//Interface and Interface Line Protocol, Both are up

NTPv4Client(config)#ntp server 2001::1 version 4

// Set Correct IP address of NTP server and Version Number
NTPv4Client(config)#ntp update-calendar
// Update the Calender
NTPv4Client(config)#end

Troubleshooting
NTPv4Server#show ntp status

Stratum value 1 and Reference Local shows that this is the NTP master.
Reference clock is its local Clock.

NTPv4Server#show ntp config

NTPv4Server#show ntp information

NTP configuration and NTP software detail of device

NTPv4Client#debug ntp all

NTPv4Client#show ntp packet

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Shows Number of NTP packets input and Output as well as NTP packets
discarded due to version mismatch and Error packets. Debug NTP all
command also shows debugging of NTP all packets shows the
communication between NTP server and Client
NTPv4Client#show ntp associations

NTP association command shows the NTP server address and its details

NTPv4Client#show ntp status

Exam-Labs - 100% Real IT Certification Exam Dumps

R2(config)#ip scp server enable.

Any scp supported software can be used from workstation to access any
location within cisco IOS.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
NTP-Client#show ntp status

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 6-2 : Troubleshooting NTP v4

Exam-Labs - 100% Real IT Certification Exam Dumps

NTPv4Client(config)#ntp server 2001::1 version 4

// Set Correct IP address of NTP server and Version Number
NTPv4Client(config)#ntp update-calendar
// Update the Calender
NTPv4Client(config)#end

Troubleshooting
NTPv4Server#show ntp status

Stratum value 1 and Reference Local shows that this is the NTP master.
Reference clock is its local Clock.

NTPv4Server#show ntp config

NTPv4Server#show ntp information

NTP configuration and NTP software detail of device

NTPv4Client#debug ntp all

NTPv4Client#show ntp packet

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Router#Show ip nat statistics

Show ip nat statistics command defines Total Number of Active

Translations, Number of Static, Dynamic and Port address Translation,
Peak translation rate, Inside and Outside Interfaces and other details

Router#debug ip nat

Debug ip nat shows run time debugging data of Nat translation. As shows
source address is 10.0.10 input interface is Ethernet 0/0 is translated.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Exam-Labs - 100% Real IT Certification Exam Dumps
www.exam-labs.com
Troubleshooting Network Address Translation

Lab 6-3 : Static Network Address Translation:

Topology Diagram:

Case Study:
In this Case, Static (One to One mapping) is performed in the shown network
topology. The Source IP address 10.0.0.10 is translated into 192.168.0.1 IP
address.
Configuration:
Router(config)#int eth 0/0
Router(config-if)#ip add 10.0.0.1 255.0.0.0
//Configure correct IP address and Mask
Router(config-if)#no sh
//Must Turn Up the interface
Router(config-if)#ex
*May 23 05:32:38.546: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
//Interface is Up successfully
*May 23 05:32:39.550: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
//Interface Line Protocol is Up successfully

Router(config)#int eth 0/1

Router(config-if)#ip add 11.0.0.1 255.0.0.0
//Configure correct IP address and Mask
Router(config-if)#no sh
//Must Turn Up the interface
Router(config-if)#ex
Router(config)#
*May 23 05:32:52.626: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
//Interface is Up successfully
*May 23 05:32:53.630: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
changed state to up

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
R1(config-if)#ex
*Mar 1 00:01:20.571: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:01:21.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to up
//Interface and Interface Line Protocol, Both are up
R1(config)#int eth 0/1
R1(config-if)#ip nat inside
IP nat inside to the interface connected to the Inside Local Address
R1(config)#int eth 0/0
R1(config-if)#ip nat outside
IP nat Outside to the interface connected translated address will send
R1(config)#access-list 10 permit 10.0.0.0 0.0.0.255
//Make sure Access-list number must be the same in NAT Command
R1(config)#ip nat pool IPS 192.168.1.100 192.168.1.110 netmask
255.255.255.0
R1(config)#ip nat inside source list 10 pool IPS
// Access list number and Pool Name must be the same
R1(config)#ip route 13.0.0.0 255.0.0.0 192.168.1.2
//Define a static route
Router 2
R2(config)#int eth 0/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
//Configure correct IP address and Mask
R2(config-if)#no sh
// Must Turn up the interface
R2(config-if)#ex
*Mar 1 00:06:27.403: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:06:28.403: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
//Interface and Interface Line Protocol, Both are up
R2(config)#int lo 0
*Mar 1 00:06:34.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed
state to up
R2(config-if)#ip add 13.0.0.01 255.255.255.0
//Configure correct IP address and Mask
R2(config-if)#no sh
R2(config-if)#ex

Troubleshooting
Ping from PC 1 to Lo interface 13.0.0.1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Ping from PC 2 to Lo interface 13.0.0.1

Ping from PC 3 to Lo interface 13.0.0.1

Router#debug IP nat

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Debugging IP nat shows source 10.0.0.10 is translated into 192.168.1.100 to
the destination 13.0.0.1. Return packet of Ping also retranslated, as source
13.0.0.1 to destination 192.168.1.100 –> 10.0.0.10. Similarly source
10.0.0.20 is translated into 192.168.1.101 for the destination 13.0.0.1.
Return packet of Ping also retranslated, as source 13.0.0.1 to destination
192.168.1.101 –> 10.0.0.20.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Source 10.0.0.30 is translated into 192.168.1.102 to destination 13.0.0.1.
Return packet of Ping also retranslated, as source 13.0.0.1 to destination
192.168.1.100 –> 10.0.0.10.

Assigned Address translations are expired, moving back to pool IPS for

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
reuse.

Router# show ip nat translations

Address translations are shown in the output.

Router# show ip nat statistics

Exam-Labs - 100% Real IT Certification Exam Dumps

Troubleshooting
Ping from PC 1 to Lo interface 13.0.0.1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Lab 6-5 : Port Address Translation:

Case Study:
In this Lab, we are troubleshooting the process of Port Address Translation in
which number of IP address of an internal network i.e. 10.0.0.0/8 will be
translated By PAT (Port Address Translation) into 1.0.0.0 network along with
Port numbers.

Router 1:
Router(config)#hostname R1
R1(config)#int eth 0/1
R1(config-if)#ip add 10.0.0.1 255.0.0.0
//Assign Correct IP address and Subnet Mask
R1(config-if)#no sh
// Must Turn up the interface
R1(config-if)#ex
*Mar 1 00:00:47.987: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:00:48.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
//Interface and Interface Line Protocol, Both are up
R1(config)#int eth 0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
//Assign Correct IP address and Subnet Mask
R1(config-if)#no sh

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
// Must Turn up the interface
R1(config-if)#ex
*Mar 1 00:01:20.571: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 00:01:21.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1,
changed state to up
//Interface and Interface Line Protocol, Both are up
R1(config)#int eth 0/1
R1(config-if)#ip nat inside
//IP nat inside to the interface connected to the Inside Local Address
//Always configure NAT in correct direction
R1(config)#int eth 0/0
R1(config-if)#ip nat outside
//IP nat Outside to the interface connected translated address will send
//Always configure NAT in correct direction
R1(config)#access-list 10 permit 10.0.0.0 0.0.0.255
//Make sure Access-list number must be the same in NAT Command
R1(config)#ip nat pool IPS 1.0.0.1 1.0.0.255 netmask 255.0.0.0
R1(config)#ip nat inside source list 10 pool IPS overload
// Access list number and Pool Name must be the same
R1(config)#ip route 13.0.0.0 255.0.0.0 192.168.1.2
//Define a static route
Router 2
R2(config)#int eth 0/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#no sh
// Must Turn up the interface
R2(config-if)#ex
*Mar 1 00:06:27.403: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:06:28.403: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
//Interface and Interface Line Protocol, Both are up
R2(config)#int lo 0
*Mar 1 00:06:34.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed
state to up
R2(config-if)#ip add 13.0.0.01 255.255.255.0
R2(config-if)#no sh
R2(config-if)#ex

Troubleshooting:
Ping from PC 1 to Lo interface 13.0.0.1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Number of translations as well as inside and outside translation interfaces
details. Number of Expired Translation details and other information

Router#debug ip nat

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Source 10.0.0.10 is translated into 1.0.0.1 [59687] and forwarded to the
destination 13.0.0.1. Reply from Source 13.0.0.1 to the destination 1.0.0.1
[59687] is translated back to 10.0.0.10. similarly other packets of ping
translated for source 10.0.0.10 into 1.0.0.1 [59687], 1.0.0.1 [59688], 1.0.0.1
[59689] and 1.0.0.1 [59690].

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Similarly Source 10.0.0.20 is translated into 1.0.0.1 [59691] and forwarded
to the destination 13.0.0.1. Reply from Source 13.0.0.1 to the destination
1.0.0.1 [59691] is translated back to 10.0.0.20. similarly other packets of
ping translated for source 10.0.0.20 into 1.0.0.1 [59691], 1.0.0.1 [59692],
1.0.0.1 [59693] and 1.0.0.1 [59694].
Same for source 10.0.0.30

Reserved Translation timeout, Address are assigned back in pool for reuse

Router#show ip nat translations

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Port address translation entries.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Ping from PC 2 to Lo interface 13.0.0.1

Ping from PC 3 to Lo interface 13.0.0.1

Router# show ip nat statistics

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
IP-SLA helps the network administrator to measure the network availability
and performance by sending the probe continuously. Probes are sent by IP
SLA Source, which is required for every case. By sending this reliable and
continuous probe, data is collected and then analyzed. By using IP SLA, we
can collect the data regarding Packet loss, Response time, Latency (One-
way), Jitter, as well as voice quality. IP-SLA responder is send reply to the
probes. It is not required in all cases.

To check the supported IP SLA operation type as well as number of running

IP SLA Operation, issue the command show ip sla applications.

R1# show ip sla application

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Number of translations as well as inside and outside translation interfaces
details. Number of Expired Translation details and other information

Router#debug ip nat

Exam-Labs - 100% Real IT Certification Exam Dumps

Reserved Translation timeout, Address are assigned back in pool for reuse

Router#show ip nat translations

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Port address translation entries.

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
*May 23 09:30:39.646: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
//Interface is Up
*May 23 09:30:40.650: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
changed state to up
//Interface Line Porotocol is Up
R2(config)#int eth 0/2
*May 23 09:30:44.804: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to up
//Loopback Interface Line Porotocol is Up
R2(config-if)#ip add 172.16.0.1 255.255.0.0
//Assign Correct IP address and Subnet Mask
R2(config-if)#no sh
//Must Turn up the interface
R2(config-if)#ex
R2(config)#ip route 192.168.0.1 255.255.255.255 10.0.0.1
R2(config)#ip route 192.168.0.1 255.255.255.255 11.0.0.1
Troubleshooting

R1(config)#ip sla 1
R1(config-ip-sla)#?

List of IP sla options

R1#show track 1

Exam-Labs - 100% Real IT Certification Exam Dumps

To check the supported IP SLA operation type as well as number of running

IP SLA Operation, issue the command show ip sla applications.

R1# show ip sla application

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
Traceroute command verifies the route use to reach the destination
172.16.0.10. It uses 10.0.0.2 as our tracking reachability is up

Now, to create the situation of Track in down state, we decrease the

threshold value to the round trip time so the condition will not satisfies the
tracking and goes down.
As shown the debugging message indicates the reachability from up to
down. Successful ping shows the destination is reachable. Let us check the
route use for ping the destination.

R1#Ping 172.16.0.10
R1#traceroute 172.16.0.10

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
The 11.0.0.2 route is use for reaching the destination 172.16.0.10.
R1#show track 1

Output showing the reachability is down. Change of state is 10 sec ago.

R1#debug track all 1

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com
*May 23 09:28:59.149: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,
changed state to up
//Loopback Interface Line Protocol is up
R1(config-if)#ip add 192.168.0.1 255.255.255.255
//Assign Correct IP address and Subnet Mask
R1(config-if)#no sh
//Must Turn up the interface
R1(config-if)#ex
R1(config)#ip sla 1
// Remember IP SLA number
R1(config-ip-sla)#icmp-echo 172.16.0.1 source-ip 192.168.0.1
R1(config-ip-sla-echo)#threshold 100
// Set the threshold level in msec. Donot set it too small value.
R1(config)#track 1 ip sla 1 reachability
Remember track value and Configure the same SLA number
R1(config-track)#delay down 60 up 5
// Set the time and up time
R1(config-track)#ex
R1(config)#ip route 172.16.0.0 255.255.0.0 10.0.0.2 track 1 1
//Remember to configure the route with track
// Ensure the track number
R1(config)#ip route 172.16.0.0 255.255.0.0 11.0.0.2 10
R1(config)#ip sla schedule 1 life forever start-time now

Router(config)#hostname R2
R2(config)#int eth 0/0
R2(config-if)#ip add 10.0.0.2 255.0.0.0
//Assign Correct IP address and Subnet Mask
R2(config-if)#no sh
//Must Turn up the interface
R2(config-if)#ex
*May 23 09:30:28.899: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
//Interface is Up
*May 23 09:30:29.904: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
//Interface Line Porotocol is Up
R2(config)#int eth 0/1
R2(config-if)#ip add 11.0.0.2 255.0.0.0
//Assign Correct IP address and Subnet Mask
R2(config-if)#no sh
//Must Turn up the interface
R2(config-if)#ex

Exam-Labs - 100% Real IT Certification Exam Dumps

www.exam-labs.com

AWS Cloud Security 7.4 Administrator Study Guide-Online
No ratings yet
AWS Cloud Security 7.4 Administrator Study Guide-Online
164 pages
Cisco Ccna 200-301 Study Guide, 2024
80% (10)
Cisco Ccna 200-301 Study Guide, 2024
451 pages
Wallpaper Magazine - 2024 - 10
100% (1)
Wallpaper Magazine - 2024 - 10
308 pages
ASCE
100% (1)
ASCE
1 page
32 Balance Tank Design For Deck Level Pools
100% (3)
32 Balance Tank Design For Deck Level Pools
2 pages
Ccna 200-301
75% (4)
Ccna 200-301
224 pages
CCNP ROUTEComplete Guide 1st Edition
100% (2)
CCNP ROUTEComplete Guide 1st Edition
531 pages
Screed-Method Statement
100% (5)
Screed-Method Statement
5 pages
CCNA - Simple and Effective Strategies For Mastering CCNA
No ratings yet
CCNA - Simple and Effective Strategies For Mastering CCNA
107 pages
Cisco ASA Syslogs Messages
100% (1)
Cisco ASA Syslogs Messages
730 pages
Sikandar Ccna Notes
100% (1)
Sikandar Ccna Notes
256 pages
Study Plan: Cisco CCNP Routing/Switching 300-101 ROUTE
No ratings yet
Study Plan: Cisco CCNP Routing/Switching 300-101 ROUTE
8 pages
875-1940-10 Veritas NetBackUp PDF
No ratings yet
875-1940-10 Veritas NetBackUp PDF
52 pages
Sikandar Ccna Notes PDF
No ratings yet
Sikandar Ccna Notes PDF
254 pages
CCNP Cisco Course Outline Exam Descripti
No ratings yet
CCNP Cisco Course Outline Exam Descripti
5 pages
Lab VPN
100% (1)
Lab VPN
9 pages
CISCO Asa Troubleshoot Anyconnect VPN Troubleshooting
100% (1)
CISCO Asa Troubleshoot Anyconnect VPN Troubleshooting
23 pages
2018 TeXpert - WW System Platform (AVEVA)
No ratings yet
2018 TeXpert - WW System Platform (AVEVA)
49 pages
Cisco - Premium.500-490.by .VCEplus.35q
No ratings yet
Cisco - Premium.500-490.by .VCEplus.35q
11 pages
Design of Reinforced Concrete Beam
No ratings yet
Design of Reinforced Concrete Beam
2 pages
Pass4sure 300-115 Dumps
100% (2)
Pass4sure 300-115 Dumps
24 pages
Scaffolding Definition
No ratings yet
Scaffolding Definition
12 pages
Ipex - PVC Technical Manual
No ratings yet
Ipex - PVC Technical Manual
98 pages
CCNP Routing and Switching ROUTE 300-101 Official Cert Guide
100% (3)
CCNP Routing and Switching ROUTE 300-101 Official Cert Guide
189 pages
Implementing Cisco IP Routing Learning Guide
No ratings yet
Implementing Cisco IP Routing Learning Guide
24 pages
Ccna Rs Workbook PDF
100% (1)
Ccna Rs Workbook PDF
151 pages
400 101 1203 Questions CCIE Routing and Switching Written Exam v5.1 PDF
No ratings yet
400 101 1203 Questions CCIE Routing and Switching Written Exam v5.1 PDF
280 pages
Ccna Rs Workbook
0% (1)
Ccna Rs Workbook
149 pages
Cisco Security PDF
No ratings yet
Cisco Security PDF
678 pages
Cisco SD-Access Workbook
No ratings yet
Cisco SD-Access Workbook
29 pages
Cisco+300-715 001
No ratings yet
Cisco+300-715 001
55 pages
Deployment Guide PDF
No ratings yet
Deployment Guide PDF
176 pages
CCNP Routing & Switching Certification: CCNP Exam Combination Tool
No ratings yet
CCNP Routing & Switching Certification: CCNP Exam Combination Tool
9 pages
Aruba MM MC and Clearplass
No ratings yet
Aruba MM MC and Clearplass
38 pages
Lab - Troubleshooting Inter-VLAN Routing (Instructor)
No ratings yet
Lab - Troubleshooting Inter-VLAN Routing (Instructor)
21 pages
Maintenance Issue of BTS - BSNL E2 - E3
No ratings yet
Maintenance Issue of BTS - BSNL E2 - E3
18 pages
Final v2 PDF
No ratings yet
Final v2 PDF
56 pages
SASAC10LG
No ratings yet
SASAC10LG
260 pages
Cisco Email Security Solutions 11 Lab v1.2: About This Demonstration
100% (1)
Cisco Email Security Solutions 11 Lab v1.2: About This Demonstration
98 pages
Ezxprt CCNA 200-301 CONTENT
No ratings yet
Ezxprt CCNA 200-301 CONTENT
14 pages
CCNP Security Exams and Training - Cisco
No ratings yet
CCNP Security Exams and Training - Cisco
8 pages
AOS-CX Switch Simulator - NetEdit 2.1 Part 1 Lab Guide
100% (1)
AOS-CX Switch Simulator - NetEdit 2.1 Part 1 Lab Guide
13 pages
Ccsa - 156-215.80 V18.75
No ratings yet
Ccsa - 156-215.80 V18.75
142 pages
Cisco Certforall 300-730 Practice Test 2023-May-10 by Chapman 97q Vce
No ratings yet
Cisco Certforall 300-730 Practice Test 2023-May-10 by Chapman 97q Vce
8 pages
Sand Asphalt Base Course 2260
No ratings yet
Sand Asphalt Base Course 2260
4 pages
26 Dewsbury Avenue Styvechale Grange Coventry CV3 6LF 269,950 Freehold
No ratings yet
26 Dewsbury Avenue Styvechale Grange Coventry CV3 6LF 269,950 Freehold
5 pages
CIS 188 CCNP TSHOOT (Troubleshooting) Course Introduction: Rick Graziani Cabrillo College Graziani@cabrillo - Edu Fall 2010
No ratings yet
CIS 188 CCNP TSHOOT (Troubleshooting) Course Introduction: Rick Graziani Cabrillo College Graziani@cabrillo - Edu Fall 2010
39 pages
Answer in The Space Provided Before Each Number. GOOD LUCK!: Timber Design
No ratings yet
Answer in The Space Provided Before Each Number. GOOD LUCK!: Timber Design
2 pages
CCNA4 Challenge Labs
No ratings yet
CCNA4 Challenge Labs
32 pages
HVAC - Schematic - ELEC Control
No ratings yet
HVAC - Schematic - ELEC Control
1 page
Lab 6: 802.1X: Wired Networks: EAP-FAST
No ratings yet
Lab 6: 802.1X: Wired Networks: EAP-FAST
13 pages
Mca - Took From
100% (2)
Mca - Took From
6 pages
Ccna Lab Updated
No ratings yet
Ccna Lab Updated
63 pages
Firepower 6.3 Backup and Restore FTD Device Configurations Example-1
No ratings yet
Firepower 6.3 Backup and Restore FTD Device Configurations Example-1
4 pages
11.6.2 Lab - Switch Security Configuration - ILM
No ratings yet
11.6.2 Lab - Switch Security Configuration - ILM
19 pages
Take Assessment CCNP BCMSN Final 3: (Version 5.0)
100% (2)
Take Assessment CCNP BCMSN Final 3: (Version 5.0)
14 pages
HSRP VRRP GLBP
100% (1)
HSRP VRRP GLBP
1 page
APPs Management Azure
No ratings yet
APPs Management Azure
533 pages
Using VyOS As A Firewall
100% (1)
Using VyOS As A Firewall
15 pages
Designing Data Centers With The Nexus 7000: Ben Basler Technical Marketing Engineer January 2009, v2.1
No ratings yet
Designing Data Centers With The Nexus 7000: Ben Basler Technical Marketing Engineer January 2009, v2.1
55 pages
ESA AsyncOS Upgrade and Troubleshoot Procedure - Cisco
No ratings yet
ESA AsyncOS Upgrade and Troubleshoot Procedure - Cisco
5 pages
CCNA Security - Configuring AAA
No ratings yet
CCNA Security - Configuring AAA
5 pages
Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v3.0
No ratings yet
Interconnecting Cisco Networking Devices: Accelerated (CCNAX) v3.0
6 pages
81 Troubleshooting FortiGate
No ratings yet
81 Troubleshooting FortiGate
10 pages
CCNP v6.0 Overview Presentation-02Jun10
No ratings yet
CCNP v6.0 Overview Presentation-02Jun10
24 pages
CCIE R&S v5 Mock Lab 1 - Troubleshooting
No ratings yet
CCIE R&S v5 Mock Lab 1 - Troubleshooting
6 pages
802.1X Wired Connexion PEAP-MSCHAPv2
No ratings yet
802.1X Wired Connexion PEAP-MSCHAPv2
33 pages
Panel Punch Points Report-06!08!2019
No ratings yet
Panel Punch Points Report-06!08!2019
165 pages
Cli Commands For ASA
No ratings yet
Cli Commands For ASA
26 pages
Steel Joist Intro
No ratings yet
Steel Joist Intro
11 pages
BASF Basotect Brochure
No ratings yet
BASF Basotect Brochure
20 pages
CCIE Security Book List - Cisco Systems
100% (1)
CCIE Security Book List - Cisco Systems
2 pages
Bbs Column Upto Plinth
No ratings yet
Bbs Column Upto Plinth
141 pages
Reference Solution For Checkpoint - Certkiller.156-215.80.v2020-06-04.by - Venla.131q.vce
No ratings yet
Reference Solution For Checkpoint - Certkiller.156-215.80.v2020-06-04.by - Venla.131q.vce
4 pages
PROTECTIVE COATINGS - IPNet, Waterseal, Mopopol - Krishna Conchem Products - Specialty Construction Polymers
No ratings yet
PROTECTIVE COATINGS - IPNet, Waterseal, Mopopol - Krishna Conchem Products - Specialty Construction Polymers
3 pages
Installation Guide For Cisco ACS
No ratings yet
Installation Guide For Cisco ACS
8 pages
CCNA Security Instructor Lab Manual v1 p2 PDF
No ratings yet
CCNA Security Instructor Lab Manual v1 p2 PDF
1 page
1708 CCIE Security
No ratings yet
1708 CCIE Security
0 pages
OEM Reporting Schema
No ratings yet
OEM Reporting Schema
56 pages
BKF Catalogue
No ratings yet
BKF Catalogue
8 pages
The BBVA Bancomer Stadium
No ratings yet
The BBVA Bancomer Stadium
2 pages
ApeosWare ManagementSuite2 Brochure PDF
No ratings yet
ApeosWare ManagementSuite2 Brochure PDF
8 pages
MIT - Sip Fundamentals
No ratings yet
MIT - Sip Fundamentals
13 pages
Machine Architecture 14 Cache Memory Principles Elements of Cache Design
100% (1)
Machine Architecture 14 Cache Memory Principles Elements of Cache Design
34 pages
Configure AAA Authentication On Cisco Routers
No ratings yet
Configure AAA Authentication On Cisco Routers
4 pages
Instalar Oracle EBS 12.2.4 OVM
No ratings yet
Instalar Oracle EBS 12.2.4 OVM
19 pages
CCNA 3 and 4 Companion Guide, 3rd Edition (CNAP)
100% (1)
CCNA 3 and 4 Companion Guide, 3rd Edition (CNAP)
9 pages
Assignment 2: Write A Program To Implement A Server Calculator Containing ADD, MUL, SUB, DIV
No ratings yet
Assignment 2: Write A Program To Implement A Server Calculator Containing ADD, MUL, SUB, DIV
6 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.