TSHOOT 300-135 Ticket #16

TSHOOT Ticket #16 - IPv6 RIPng OSPFv3 Redistribution

Hi ! everyone on today we are going to learn our final TSHOOT about ipv6 RIPng ospf version 3 redistribution with the help of topology shown below.

Problem: Loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).

Configuration of R4:
ipv6 router ospf 6
 log-adjacency-changes
!
ipv6 router rip RIP_ZONE
 redistribute ospf 6 metric 2 include-connected
!

Answer:
Ans 1: R4
Ans 2: Ipv6 OSPF Routing

Ans 3: Under ipv6 ospf process add the ‘redistribute rip RIP_Zone include-connected’ command  

Therefore, we have been completed our lab session on EIGRP OSPFv3 redistribution troubleshooting which is done on packet tracer version 7.1.

TSHOOT 300-135 Ticket #14

TSHOOT Ticket #14 on EIGRP Passive Interface

Hi ! everyone on today we are going to learn about EIGRP passive interface which is done in packet tracer version 7.1 with the topology given below.

The neighborship between R4 and DSW1 wasn’t established. Client 1 can’t ping R4

Configuration on R4:

router eigrp 10
  passive-interface default
  redistribute ospf 1 route-map OSPF->EIGRP
  network 10.1.4.4 0.0.0.3
  network 10.1.4.8 0.0.0.3
  network 10.1.21.128 0.0.0.3
  default-metric 10000 100 255 1 10000
  no auto-summary

Answer 1: R4
Answer 2: IPv4 EIGRP Routing
Answer 3:  enter no passive interface for interfaces connected to DSW1 under EIGRP process (or in Interface f0/1 and f0/0, something like this)

Note: There is a loopback interface on this device which has an IP address of 10.1.21.129 so we have to include the “network 10.1.21.128 0.0.0.3” command.

* Just for your information, in fact Clients 1 & 2 in this ticket CANNOT receive IP addresses from DHCP Server because DSW1 cannot reach 10.1.21.129 (an loopback interface on R4) because of the “passive-interface default” command. But in the exam you will see that Clients 1 & 2 can still get their IP addresses! It is a bug in the exam.

TSHOOT 300-135 Ticket #12

TSHOOT Ticket #12 on IPv6 OSPF

Hi ! everyone on today we are going to learn about ipv6 ospf on troubleshooting with the help of given topology shown below.

DSW1 & R4 can’t ping R2’s loopback interface or s0/0/0.12 IPv6 address.
R2 is not an OSPFv3 neighbor on R3
Situation: ipv6 ospf was not enabled on R2’s serial interface connecting to R3. (use ipv6 Layer 3)

Configuration of R2
ipv6 router ospf 6
 router-id 2.2.2.2
!
interface s0/0/0.23
 ipv6 address 2026::1:1/122

Configuration of R3
 ipv6 router ospf 6
 router-id 3.3.3.3
!
interface s0/0/0.23
 ipv6 address 2026::1:2/122
 ipv6 ospf 6 area 0

Answer:

In interface configuration mode of s0/0/0.23 on R2:
ipv6 ospf 6 area 12

Ans 1: R2
Ans 2: IPv6 OSPF Routing
Ans 3: Under the interface Serial 0/0/0.23 configuration enter the ‘ipv6 ospf 6 area 0’ command. (notice that it is “area 0”, not “area 12”)

TSHOOT 300-135 Ticket #10

TSHOOT Ticket #10 on EIGRP AS

Hi ! everyone on today session we are going to just look over EIGRP AS in this troubleshooting which is given in the topology below.

Client 1 is not able to ping the Web server
DSW1 can ping fa0/1 of R4 but can’t ping s0/0/0.34

Check ip eigrp neighbors from DSW1 you will not see R4 as neighbor.(use ipv4 Layer 3)
‘Show ip route’ on DSW1 you will not see any 10.x.x.x network route.

On DSW1 & DWS2 the EIGRP AS number is 10 (router eigrp 10) but on R4 it is 1 (router eigrp 1)

Answer: change router AS on R4 from 1 to 10

Ans 1: R4
Ans 2: EIGRP
Ans 3: Change EIGRP AS number from 1 to 10

TSHOOT 300-135 Ticket #8

TSHOOT Ticket #8 on Switchport VLAN 10

Hi ! everyone on today we are going to move on the topic switchport vlan 10 in which we have been explained with the help of topology given below.

Client 1 & 2 can’t ping DSW1 or FTP Server but they are able to ping each other.
Configuration of ASW1
interface FastEthernet1/0/1
switchport mode access
!
interface FastEthernet1/0/2
switchport mode access
!

Interfaces Fa1/0/1 & Fa1/0/2 are in Vlan 1 (by default) but they should be in Vlan 10.

Answers:

Ans 1: ASW1
Ans 2: Vlan
Ans 3: give command: interface range fa1/0/1-/2 & switchport access vlan 10

TSHOOT 300-135 Ticket #6

TSHOOT Ticket #6 on VLAN Filter

Hi ! everyone on today we are going to talk about vlan filter in troubleshooting which is shown with the help of topology given below.

Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3

Configuration on DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Ans 1: DSW1
Ans 2: VLAN ACL/Port ACL
Ans 3: Under the global configuration mode enter no vlan filter test1 vlan-list 10 command

TSHOOT 300-135 Ticket #4

TSHOOT Ticket #4 on NAT

Hi ! everyone on today session we are to learn about TSHOOT on NAT inside with the help of topology given below.

Client 1 & 2 are not able to ping the web server 209.65.200.241, but all the routers & DSW1,2 can ping the server.

NAT problem on R1’s ACL. (use IPv4 Layer 3)

Configuration of R1
ip nat inside source list nat_pool interface s0/0/1 overload

ip access-list standard nat_pool
  permit 10.1.0.0
  permit 10.2.0.0
!
interface Serial0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat outside
!
interface Serial0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat outside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

Ans 1: R1
Ans 2: NAT

Ans 3: Under interface Serial0/0/0.12 delete the “ip nat outside” command and add the “ip nat inside” command 

TSHOOT 300-135 Ticket #2

TSHOOT Ticket #2

Hi ! everyone on today we are going to see TSHOOT which is explained in simple format shown below as our topology.

HSRP was configured on DSW1 & DSW2. DSW1 is configured to be active but it does not become active.

Configuration of DSW1:

track 1 ip route 10.2.21.128 255.255.255.224 metric threshold
threshold metric up 1 down 2
!
track 10 ip route 10.1.21.128 255.255.255.224 metric threshold
threshold metric up 63 down 64
!

interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60

Answer: (use IPv4 Layer 3 Topology)

On DSW1 interface vlan 10 mode, type these commands:
no standby 10 track 1 decrement 60
standby 10 track 10 decrement 60
(ip for track command not exact for real exam)

Note: 10.1.21.129 is the IP address of a loopback interface on R4. This IP belongs to subnet 10.1.21.128/27.

Ans 1: DSW1
Ans 2: HSRP
Ans 3: delete the command with track 1 and enter the command with track 10 (standby 10 track 10 decrement 60).

TSHOOT 300-135 Ticket #15

TSHOOT on IPv6 GRE Tunnel

Hi ! everyone on today we are going to learn about ipv6 GRE tunnel with explanation shown in topology with the given below screenshot.

Problem: Loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 (2026::102:1).

Configuration of R3:
!
interface Tunnel34
 no ip address
 ipv6 address 2026::34:1/122
 ipv6 enable
 ipv6 ospf 6 area 34
 tunnel source Serial0/0/0.34
 tunnel destination 10.1.1.10
 tunnel mode ipv6
!

Configuration of R4:
interface Tunnel34
 no ip address
 ipv6 address 2026::34:2/122
 ipv6 enable
 ipv6 ospf 6 area 34
 tunnel source Serial0/0/0
 tunnel destination 10.1.1.9
!

Answers:
1: R3
2: Ipv4 and Ipv6 Interoperability
3: Under the interface Tunnel34, remove ‘tunnel mode ipv6’ command

Therefore, we have studied in this lab session about ipv6 GRE tunnel configuration with the help of packet tracer version 7.1

TSHOOT 300-135 Ticket #13

TSHOOT on DHCP Helper-address

Hi ! everyone on today we are going study about DHCP helper- address through simple way by this given topology shown below.

What is meant by DHCP Helper-address ?

DHCP IP Helper addresses are IP addresses configured on a routed interface such as a VLAN Interface or a routers Ethernet interface that allows that specific device to act as a “middle man” which forwards BOOTP (Broadcast) DHCP request it receives on an interface to the DHCP server specified by the IP Helper address. Now we will see the DHCP Helper-address in this topology using packet tracer version 7.1.

Configuration on DSW1:

!
interface Vlan 10
 ip address 10.2.1.1 255.255.255.0
 ip helper-address 10.2.21.129
!

Note: In this ticket you will find port-security configured on ASW1 but it is not the problem as the port-security is good (check with the “show interface fa1/0/1” command on ASW1.

Ans 1: DSW1
Ans 2: IP DHCP Server (or DHCP)
Ans 3: on DSW1 delete “ip helper-address 10.2.21.129” and apply “ip helper-address 10.1.21.129” command.

Therefore, we have understood this troubleshooting with the help of given topology as we seen already and on our next lab session we will look over on ipv6 GRE tunnel.   

TSHOOT 300-135 Ticket #11

TSHOOT 300-135 Ticket 11 on OSPF to EIGRP

Hi ! everyone on today we are going to learn about troubleshooting on OSPF to EIGRP as explained in screenshot by given below topology.

On R4:
router eigrp 10
  redistribute ospf 1 route-map OSPF->EIGRP
  network 10.1.4.0 0.0.0.255
  network 10.1.10.0 0.0.0.255
  network 10.1.21.128 0.0.0.3
 default-metric 100000 100 100 1 1500
  no auto-summary
!
router ospf 1
  network 10.1.1.8 0.0.0.0 area 34
  redistribute eigrp 10 subnets
!

route-map OSPF_to_EIGRP
  match ip address 1

Ans 1: R4
Ans 2: IPv4 Route Redistribution
Ans 3: Under the EIGRP process, delete the redistribute ospf 1 route-map OSPF->EIGRP command and enter the redistribute ospf 1 route-map OSPF_to_EIGRP command.

Explanation for this ticket:

In this topology, we are doing mutual redistribution at multiple points (between OSPF and EIGRP on R4, DSW1 & DSW2), which is a very common cause of network problems, especially routing loops so you should use route-map to prevent redistributed routes from redistributing again into the original domain.

In this ticket, route-map is also used for this purpose. For example, the route-map “EIGRP_to_OSPF” is used to prevent any routes that have been redistributed into OSPF from redistributed again into EIGRP domain by tagging these routes with tag 90. These routes are prevented from redistributed again by route-map OSPF_to_EIGRP by denying any routes with tag 90 set.

Therefore in this ticket, typing a wrong route-map (which does not exist) may cause problem in this given configuration for troubleshooting and on our next session we will learn on dhcp helper address.

TSHOOT 300-135 Ticket #9

TSHOOT 300-135 Ticket 9 on Switchport trunk

Hi ! everyone on today we are going to see in this lab session about switchport trunk in this given below topology.

Q. Client 1 & 2 can ping each other but they are unable to ping DSW1 or FTP Server  (Use L2/3 Diagram)

Configuration of ASW1

interface PortChannel13
switchport mode trunk
switchport trunk allowed vlan 1-9 //Note: In fact you will see vlan 20,200 here but the concept is still the same
!
interface PortChannel23
switchport mode trunk
switchport trunk allowed vlan 1-9 //Note: In fact you will see vlan 20,200 here but the concept is still the same
!
interface FastEthernet1/0/1
switchport mode access
switchport access vlan 10
!
interface FastEthernet1/0/2
switchport mode access
switchport access vlan 10

Answer: on port channel 13, 23 disables all vlans and give switchport trunk allowed vlan 10,200

Ans 1: ASW1
Ans 2: Switch to switch connectivity
Ans 3: int range portchannel13,portchannel23

switchport trunk allowed vlan none 

switchport trunk allowed vlan 10,200 

Therefore, we have studied the switchport trunk configuration in this troubleshooting on ticket 9 and on our next lab session we will see OSPF to EIGRP. 

TSHOOT 300-135 Ticket #7

TSHOOT 300-135 Ticket 7 on Port security

Hi ! everyone on today we are going to learn about Port security in this lab session which is given below in this topology.

Client 1 is unable to ping Client 2 as well as DSW1. The command ‘sh interfaces fa1/0/1′ will show following message in the first line
‘FastEthernet1/0/1 is down, line protocol is down (err-disabled)’

On ASW1 port-security mac 0000.0000.0001, interface in err-disable state

Configuration of ASW1
interface fa1/0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security mac-address 0000.0000.0001

Answer: on ASW1 delete port-security & do on interfaces shutdown, no shutdown

Ans 1: ASW1
Ans 2: Port security
Ans 3: In Configuration mode, using the interface range Fa1/0/1 – 2, then no switchport port-security, followed by shutdown, no shutdown interface configuration commands.

Through this lab session we have learned about the port security as we explained above in simple term and on our next session we will see on topic switchport trunk.

TSHOOT 300-135 Ticket #5

TSHOOT 300-135 Ticket 5 on ACL

Hi ! everyone on today in this lab session we are going to study about ACL in troubleshooting which is in layer 3 as we have seen already in previous session and this is our configured topology for this lab given below.

Configuration on R1

interface Serial0/0/1
 description Link to ISP
 ip address 209.65.200.225 255.255.255.252
 ip nat outside
 ip access-group edge_security in
!

ip access-list extended edge_security
 deny ip 10.0.0.0 0.255.255.255 any
 deny ip 172.16.0.0 0.15.255.255 any
 deny ip 192.168.0.0 0.0.255.255 any
 deny 127.0.0.0 0.255.255.255 any
 permit ip host 209.65.200.241 any
!

Answer: add permit ip 209.65.200.224 0.0.0.3 any command to R1’s ACL

Ans 1: R1
Ans 2: IPv4 Layer 3 Security
Ans 3: Under the ip access-list extended edge-security configuration add the permit ip 209.65.200.224 0.0.0.3 any command

Note:
+ This is the only ticket the extended access-list edge_security exists. In other tickets, the access-list 30 is applied to the inbound direction of S0/0/1 of R1.
+ Although host 209.65.200.241 is permitted to go through the access-list (permit ip host 209.65.200.241 any) but clients cannot ping the web server because R1 cannot establish BGP session with neighbor 209.65.200.226.
Therefore,through his lab session we studied about access list that is ACL which is done with the help of packet tracer version 7.1.

TSHOOT 300-135 Ticket #3

TSHOOT Ticket #3

Hi ! everyone on today in this lab session we are going to learn about TSHOOT in ticket 3 is BGP Neighbor which explained in simple terms given below as topology.

Q: Client 1 is able to ping 209.65.200.226 but can’t ping the Web Server 209.65.200.241. This topology is shown by the given below screenshot is done with help of cisco packet tracer version 7.1.

Configuration of R1:

router bgp 65001

no synchronization

bgp log-neighbor-changes

network 209.65.200.224 mask 255.255.255.252

neighbor 209.56.200.226 remote-as 65002

no auto-summary

check bgp neighborship. **** show ip bgp sum****

The neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3)

Answer: need change on router mode on R1 neighbor 209.65.200.226

Ans 1: R1

Ans 2: BGP

Ans 3: delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change “neighbor 209.56.200.226 remote-as 65002″ to “neighbor 209.65.200.226 remote-as 65002″).

Therefore, for today we have studied in this lab session about how to do bgp neighbor through this tickets in troubleshooting.

TSHOOT 300-135 Ticket #1

TSHOOT 300-135 Ticket 1 OSPF Authentication 

Hi ! everyone on today we are going to see some TSHOOT that is troubleshooting from the ipv4 layer 3 topology given below.

Q.Client is unable to ping R1’s serial interface from the client.

Problem was disable authentication on R1, check where authentication is not given under router ospf of R1. (use ipv4 Layer 3)

Configuration of R1:

interface Serial0/0/0
 description Link to R2
 ip address 10.1.1.1 255.255.255.252
 ip nat inside
 encapsulation frame-relay
 ip ospf message-digest-key 1 md5 TSHOOT
 ip ospf network point-to-point
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 10.1.2.0 0.0.0.255 area 12
 network 10.1.10.0 0.0.0.255 area 12
 default-information originate always
!

Configuration of R2:
interface Serial0/0/0.12 point-to-point
 ip address 10.1.1.2 255.255.255.252
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 TSHOOT
!

Answer: on R1 need command “ip ospf authentication message-digest”

Ans 1: R1
Ans 2: IPv4 OSPF Routing
Ans 3: Enable OSPF authentication on the s0/0/0 interface using the “ip ospf authentication message-digest” command.

Note:

There are two ways of configuring OSPF authentication:

interface Serial0/0/0
  ip ospf message-digest-key 1 md5 TSH00T
!
router ospf 1
  area 12 authentication message-digest

OR

interface Serial0/0/0
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 TSH00T

So you have to check carefully in both interface mode and “router ospf 1”. If none of them has authentication then it is a fault.

Therefore, we learned in this lab session about TSHOOT in OSPF Authentication.