Lab - Troubleshoot IPv6 ACLs

Topology

Addressing Table
Device Interface IPv6 Address/Prefix Length Link-Local Address

R1 G0/0/1 2001:db8:acad:192::1/64 fe80::1:1

R1
S0/1/0 2001:db8:acad:2000::1/64 fe80::1:2

R1
S0/1/1 2001:db8:acad:2001::/1/64 fe80::1:3

R1
Loopback 0 2001:db8:acad:226::1/64 fe80::1:4
R3 G0/0/1.16 2001:db8:acad:16::1/64 fe80::3:1

R3
G0/0/1.27 2001:db8:acad:27::1/64 fe80::3:2

R3
Loopback 1 2001:db8:acad:227::1/64 fe80::3:3
D1 G1/0/11 2001:db8:acad:192::2/64 fe80::d1:1

D1
VLAN 11 2001:db8:acad:224::1/64 fe80::d1:2

D1
VLAN 12 2001:db8:acad:225::1/64 fe80::d1:3
D2 VLAN 27 2001:db8:acad:27::2/64 fe80::d2:1

D2
G1/0/11 2001:db8:1d1::2/64 fe80::d1:1

D2
Loopback 0 2001:db8:acad:1000::1/64 fe80::d1:2

D2
Loopback 1 2001:db8:acad:1001::1/64 fe80::d1:3
PC1 NIC SLAAC EUI-64/CGA
PC2 NIC SLAAC EUI-64/CGA
PC3 NIC DHCPv6 EUI-64/CGA
PC4 NIC DHCPv6 EUI-64/CGA

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 4 www.netacad.com
Lab - Troubleshoot IPv6 ACLs

Objectives
Troubleshoot network issues related to the configuration and operation of IPv6 ACLs.

Background / Scenario
In this topology, R1 and R3 are BGP neighbors. R1 speaks for BGP ASN 15, while R3 speaks for BGP ASN
41. They are peered via their respective Loopback 0 interface using BGP Multi-hop across the serial
interfaces that connect them. R1 and D1 have an OSPFv3 adjacency, with R1 providing a default route. R3 is
performing Router-On-A-Stick for VLANs 16 and 27. The host connected to D1 is using SLAAC to determine
their IPv6 Global Unicast Address (GUA), while the host connected to D2 is using DHCPv6 to determine their
IPv6 GUA. You will be loading configurations with intentional errors onto the network. Your tasks are to FIND
the error(s), document your findings and the command(s) or method(s) used to fix them, FIX the issue(s)
presented here, and then test the network to ensure both of the following conditions are met:
1) the complaint received in the ticket is resolved
2) full reachability is restored
Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4
(universalk9 image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release
16.9.4 (universalk9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the
model and Cisco IOS version, the commands available and the output produced might vary from what is
shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface
identifiers.
Note: Make sure that the devices have been erased and have no startup configurations. If you are unsure,
contact your instructor.

Required Resources
 2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
 2 Switches (Cisco 3560 with Cisco IOS XE Release 16.9.4 universal image or comparable)
 4 PCs (Choice of operating system with terminal emulation program installed)
 Console cables to configure the Cisco IOS devices via the console ports
 Ethernet and serial cables as shown in the topology

Part 1: Trouble Ticket 21.1.3.1

Scenario:
The night shift completed work in an attempt to secure the network. Network hosts, represented by PC1 and
PC2 in this topology, are now unable to generate an IPv6 GUA.
Use the commands listed below to load the configuration files for this trouble ticket:

Device Command

R1 copy flash:/enarsi/21.1.3.1-r1-config.txt run

R3 copy flash:/enarsi/21.1.3.1-r3-config.txt run
D1 copy flash:/enarsi/21.1.3.1-d1-config.txt run
D2 copy flash:/enarsi/21.1.3.1-d2-config.txt run

 PCs 1, 2, 3, and 4 should be configured for dynamic acquisition of an IPv6 address.

 Passwords on all devices are cisco12345. If a username is required, use admin.

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 4 www.netacad.com
Lab - Troubleshoot IPv6 ACLs

 After you have corrected the ticket, change the MOTD on EACH DEVICE using the following
command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
 Save the configuration by issuing the wri command (on each device).
 Inform your instructor that you are ready for the next ticket.
 After the instructor approves your solution for this ticket, issue the privileged EXEC command
reset.now. This script will clear your configurations and reload the devices.

Part 2: Trouble Ticket 21.1.3.2

Scenario:
The night shift completed work in an attempt to secure the network. This morning it was discovered that PC3
and PC4 are no longer able to reach D1 interfaces VLAN 11 and VLAN 12 using the ping command. This
must be fixed to allow for normal business operations.
Use the commands listed below to load the configuration files for this trouble ticket:

Device Command

R1 copy flash:/enarsi/21.1.3.2-r1-config.txt run

R3 copy flash:/enarsi/21.1.3.2-r3-config.txt run
D1 copy flash:/enarsi/21.1.3.2-d1-config.txt run
D2 copy flash:/enarsi/21.1.3.2-d2-config.txt run

 PCs 1, 2, 3, and 4 should be configured for dynamic acquisition of an IPv6 address.

 Passwords on all devices are cisco12345. If a username is required, use admin.
 Once you have fixed the ticket, change the MOTD on EACH DEVICE using the following command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
 Then save the configuration by issuing the wri command (on each device).
 Inform your instructor that you are ready for the next ticket.
 After the instructor approves your solution for this ticket, issue the privileged EXEC command
reset.now. This script will clear your configurations and reload the devices.

Part 3: Trouble Ticket 21.1.3.3

Scenario:
The night shift completed work in an attempt to secure the network. It was discovered this morning that PC3
and PC4 are no longer able to obtain DHCPv6 addresses. This must be fixed to allow for normal business
operations.
Use the commands listed below to load the configuration files for this trouble ticket:

Device Command

R1 copy flash:/enarsi/21.1.3.3-r1-config.txt run

R3 copy flash:/enarsi/21.1.3.3-r3-config.txt run
D1 copy flash:/enarsi/21.1.3.3-d1-config.txt run

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 4 www.netacad.com
Lab - Troubleshoot IPv6 ACLs

Device Command

D2 copy flash:/enarsi/21.1.3.3-d2-config.txt run

 PCs 1, 2, 3, and 4 should be configured for dynamic acquisition of an IPv6 address.

 Passwords on all devices are cisco12345. If a username is required, use admin.
 Once you have fixed the ticket, change the MOTD on EACH DEVICE using the following command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
 Then save the configuration by issuing the wri command (on each device).
 Inform your instructor that you are ready for the next ticket.
 After the instructor approves your solution for this ticket, issue the privileged EXEC command
reset.now. This script will clear your configurations and reload the devices.

Router Interface Summary Table

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2

Fast Ethernet 0/0 Fast Ethernet 0/1

1800 (F0/0) (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0 Gigabit Ethernet 0/1
1900 (G0/0) (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Fast Ethernet 0/0 Fast Ethernet 0/1
2801 (F0/0) (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
Fast Ethernet 0/0 Fast Ethernet 0/1
2811 (F0/0) (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0 Gigabit Ethernet 0/1
2900 (G0/0) (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0/0 Gigabit Ethernet 0/0/1
4221 (G0/0/0) (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
Gigabit Ethernet 0/0/0 Gigabit Ethernet 0/0/1
4300 (G0/0/0) (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An example
of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in
Cisco IOS commands to represent the interface.
End of document

 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 4 www.netacad.com