Scribd
Upload
233 views

Instructor Packet Tracer Manual

Uploaded by

GL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
233 views

Instructor Packet Tracer Manual

Uploaded by

GL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

CCNA Routing and Switching:

6.0 Bridging
Instructor Packet Tracer Manual

This document is exclusive property of Cisco Systems, Inc. Permission is granted


to print and copy this document for non-commercial distribution and exclusive
use by instructors in the CCNA Routing and Switching: Introduction to Networks course
as part of an official Cisco Networking Academy Program.
Packet Tracer - Testing Connectivity with Traceroute (Instructor
Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Objectives
Part 1: Test End-to-End Connectivity with the tracert Command
Part 2: Compare tracert to the traceroute Command on a Router
Part 3: Use Extended Traceroute

Background
This activity is designed to help you troubleshoot network connectivity issues using commands to trace the
route from source to destination. You are required to examine the output of tracert (the Windows command)
and traceroute (the IOS command) as packets traverse the network and determine the cause of a network
issue. After the issue is corrected, use the tracert and traceroute commands to verify the completion.

Part 1: Test End-to-End Connectivity with the tracert Command


Step 1: Send a ping from one end of the network to the other end.
Click PC1 and open the Command Prompt. Ping PC3 at 10.1.0.2. What message is displayed as a result of
the ping?
_______________________________________________________________________________________
Destination host unreachable

Step 2: Trace the route from PC1 to determine where in the path connectivity fails.
a. From the Command Prompt of PC1, enter the tracert 10.1.0.2 command.
b. When you receive the Request timed out message, press Ctrl+C. What was the first IP address listed in
the tracert output and what device does this belong to?
____________________________________________________________________________________
10.0.0.254—the gateway address of the PC

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 4
Packet Tracer - Testing Connectivity with Traceroute

c. Observe the results of the tracert command. What is the last address reached with the tracert
command?
____________________________________________________________________________________
10.100.100.6

Step 3: Correct the network problem.


a. Compare the last address reached with the tracert command with the network addresses listed on the
topology. The furthest device from the host 10.0.0.2 with an address in the network range found is the
point of failure. What devices have addresses configured for the network where the failure occurred?
____________________________________________________________________________________
RouterB and RouterC
b. Click RouterC and then the CLI tab. What is the status of the interfaces?
____________________________________________________________________________________
They appear to be up and active.
c. Compare the IP addresses on the interfaces with the network addresses on the topology. Are any
addresses incorrectly configured?
____________________________________________________________________________________
The Serial 0/0/0 interface has an incorrect IP address based on the topology.
d. Make the necessary changes to restore connectivity; however, do not change the subnets. What is
solution?
____________________________________________________________________________________
Change the IP address on S0/0/0 to 10.100.100.9/30

Step 4: Verify that end-to-end connectivity is established.


a. From the PC1 Command Prompt, enter the tracert 10.1.0.2 command.
b. Observe the output from the tracert command. Was the command successful?
____________________________________________________________________________________
Yes

Part 2: Compare tracert to the traceroute Command on a Router


a. Click RouterA and then the CLI tab.
b. Enter the traceroute 10.1.0.2 command. Did the command complete successfully? Yes
c. Compare the output from the router traceroute command with the PC tracert command. What is
noticeably different about the list of addresses returned?
____________________________________________________________________________________
The router has one less IP address because it will be using RouterB as the next device along the path.

Part 3: Use Extended Traceroute


In addition to traceroute, Cisco IOS also includes extended traceroute. Extended traceroute allows the
administrator to adjust minor traceroute operation parameters by asking simple questions.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 4
Packet Tracer - Testing Connectivity with Traceroute

As part of the verification process, use extended traceroute on RouterA to increase the number of ICMP
packets traceroute sends to each hop.
Note: Windows tracert also allows the user to adjust a few aspects through the use of command line
options.
a. Click RouterA and then the CLI tab.
b. Enter traceroute and press ENTER. Notice that just the traceroute command should be entered.
c. Answer the questions asked by extended traceroute as follows. Extended traceroute should run right
after the last question is answered.
Protocol [ip]: ip
Target IP address: 10.1.0.2
Source address: 10.100.100.1
Numeric display [n]: n
Timeout in seconds [3]: 3
Probe count [3]: 5
Minimum Time to Live [1]: 1
Maximum Time to Live [30]: 30
Note: the value displayed in brackets is the default value and will be used by traceroute if no value is
entered. Simply press ENTER to use the default value.
How many questions were answered with non-default values? What was the new value?
____________________________________________________________________________________
Probe count. The default value is 3 but the new value provided was 5.
How many ICMP packets were sent by RouterA?
____________________________________________________________________________________
Five (5).
Note: Probe count specifies the number of ICMP packets sent to each hop by traceroute. A higher
number of probes allows for a more accurate average round trip time for the packets.
d. Still on RouterA, run extended traceroute again but this time change the timeout value to 7 seconds.
What happened? How does the different timeout value affect traceroute?
____________________________________________________________________________________
The timeout parameter informs traceroute how long it should wait for a reply before declaring the hop
unreachable. The default value is 3 seconds.
Can you think of a use for the timeout parameter?
____________________________________________________________________________________
If the path is too congested but still operational, it can be useful to change the timeout value to ensure
traceroute waits long enough before declaring the hop unreachable.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 4
Packet Tracer - Testing Connectivity with Traceroute

Suggested Scoring Rubric


Activity Section Question Location Possible Points Earned Points

Part 1: Test End-to-End Step 1 10


Connectivity with the tracert
Command Step 2b 10

Step 2c 10

Step 3a 10

Step 3c 10

Step 3d 5

Step 3e 5

Step 4b 10

Part 1 Total 80
a 2
Part 2: Compare to the
traceroute Command on a b 3
Router
c 5

Part 2 Total 10
a 2
b 3
c 2
Part 3: Extended Traceroute d 3
Part 3 Total 10
Packet Tracer Score 10
Total Score 100

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 4
Packet Tracer - Troubleshooting Connectivity Issues (Instructor
Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway

G0/0 172.16.1.1 255.255.255.0 N/A


R1 G0/1 172.16.2.1 255.255.255.0 N/A
S0/0/0 209.165.200.226 255.255.255.252 N/A
PC-01 NIC 172.16.1.3 255.255.255.0 172.16.1.1
PC-02 NIC 172.16.1.4 255.255.255.0 172.16.1.1
PC-A NIC 172.16.2.3 255.255.255.0 172.16.2.1
PC-B NIC 172.16.2.4 255.255.255.0 172.16.2.1
Web NIC 209.165.201.2 255.255.255.224 209.165.201.1
DNS1 NIC 209.165.201.3 255.255.255.224 209.165.201.1
DNS2 NIC 209.165.201.4 255.255.255.224 209.165.201.1

Objectives
The objective of this Packet Tracer activity is to troubleshoot and resolve connectivity issues, if possible.
Otherwise, the issues should be clearly documented so they can be escalated.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 4
Packet Tracer - Troubleshooting Connectivity Issues

Background / Scenario
Users are reporting that they cannot access the web server, www.cisco.pka after a recent upgrade that
included adding a second DNS server. You must determine the cause and attempt to resolve the issues for
the users. Clearly document the issues and any solution(s). You do not have access to the devices in the
cloud or the server www.cisco.pka. Escalate the problem if necessary.
Router R1 can only be accessed using SSH with the username Admin01 and password cisco12345.

Step 1: Determine the connectivity issue between PC-01 and web server.
a. On PC-01, open the command prompt. Enter the command ipconfig to verify what IP address and
default gateway has been assigned to PC-01. Correct as necessary.
b. After correcting the IP addressing issues on PC-01, issue the pings to the default gateway, web server,
and other PCs. Were the pings successful? Record the results.
Ping to default gateway (172.16.1.1) ___________ Yes To web server (209.165.201.2) _________ Yes
Ping to PC-02 ________________ Yes To PC-A _________________No To PC-B ___________ No
c. Use the web browser to access the web server on PC-01. Enter the URL www.cisco.pka and then use the
IP address 209.165.201.2. Record the results.
Can PC-01 access www.cisco.pka? ___________ Yes using the web server IP address? ________ Yes
d. Document the issues and provide the solution(s). Correct the issues if possible.
____________________________________________________________________________________
____________________________________________________________________________________
The IP address on PC-01 is incorrectly configured. To resolve the issue, the IP address is changed from
172.168.1.3 to 172.16.1.3. PC-01 cannot successfully ping the PCs on the 172.16.2.0/24 network.

Step 2: Determine the connectivity issue between PC-02 and web server.
a. On PC-02, open the command prompt. Enter the command ipconfig to verify the configuration for the IP
address and default gateway. Correct as necessary.
b. After correcting the IP addressing issues on PC-02, issue the pings to the default gateway, web server,
and other PCs. Were the pings successful? Record the results.
Ping to default gateway (172.16.1.1) _____________ Yes To web server (209.165.201.2) ________ Yes
Ping to PC-01 ________________ Yes To PC-A _________________No To PC-B ___________ No
c. Navigate to www.cisco.pka using the web browser on PC-02. Record the results.
Can PC-01 access www.cisco.pka? __________ Yes using the web server IP address __________ Yes
d. Document the issues and provide the solution(s). Correct the issues if possible.
____________________________________________________________________________________
____________________________________________________________________________________
PC-02 can access the web server using the IP address after correcting the default gateway. The default
gateway should be configured as 172.16.1.1 on PC-02. PC-02 cannot successfully ping the PCs on the
172.16.2.0/24 network.

Step 3: Determine the connectivity issue between PC-A and web server.
a. On PC-A, open the command prompt. Enter the command ipconfig to verify the configuration for the IP
address and default gateway. Correct as necessary.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 4
Packet Tracer - Troubleshooting Connectivity Issues

b. After correcting the IP addressing issues on PC-A, issue the pings to the default gateway, web server,
and other PCs. Were the pings successful? Record the results.
Ping to default gateway (172.16.2.1) _____________ No To web server (209.165.201.2) ________ No
Ping to PC-B _______________ Yes To PC-01 _________________ No To PC-02 ____________ No
c. Navigate to www.cisco.pka.net using the web browser on PC-A. Record the results.
Can PC-A access www.cisco.pka? ____________ No using the web server IP address _________ No
d. Document the issues and provide the solution(s). Correct the issues if possible.
____________________________________________________________________________________
____________________________________________________________________________________
PC-A can only access the local LAN. The interface G0/1 on router R1 is incorrectly configured. Correct
the IP address on the interface G0/1. Access the router R1 using SSH from PC-01 or PC-02 to change
the IP address from 172.16.3.1 to 172.16.2.1.

Step 4: Determine the connectivity issue between PC-B and web server.
a. On PC-B, open the command prompt. Enter the command ipconfig to verify the configuration for the IP
address and default gateway. Correct as necessary.
b. After correcting the IP addressing issues on PC-B, issue the pings to the default gateway, web server,
and other PCs. Were the pings successful? Record the results.
Ping to default gateway (172.16.2.1) ___________ Yes To web server (209.165.201.2) _________ Yes
Ping to PC-A ______________ Yes To PC-01 _______________ Yes To PC-02 ______________ Yes
c. Navigate to www.cisco.pka using the web browser. Record the results.
Can PC-B access www.cisco.pka? ____________ No using the web server IP address __________ Yes
d. Document the issues and provide the solution(s). Correct the issues if possible.
____________________________________________________________________________________
____________________________________________________________________________________
PC-B can access the web server using the IP address only. PC-B is also configured with the correct DNS-
2 server address. This indicates that DNS-2 server maybe incorrectly configured. To resolve this issue
temporarily, the DNS server address can be configured to use 209.165.200.3.The issue with DNS-2
server needs to be escalated because you do not administrative access to the device outside your
network.

Step 5: Verify connectivity.


Verify that all the PCs can access the web server www.cisco.pka.
Your completion percentage should be 100%. If not, click Check Results to see which required components
are not yet completed.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 4
Packet Tracer - Troubleshooting Connectivity Issues

Suggested Scoring Rubric

Activity Section Possible Points Earned Points

Step 1d 5
Step 2d 5
Step 3d 5
Step 4d 5
Packet Tracer 15
Total Score 35

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 4
Packet Tracer – Map a Network Using CDP (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Local Interface and


Device Interface IP Address Subnet Mask
Connected Neighbor

G0/0 192.168.1.1 255.255.255.0 G0/1 - S1


Edge1
S0/0/0 209.165.200.5 255.255.255.252 S0/0/0 - ISP
Branch-Edge S0/0/1 209.165.200.10 255.255.255.252 S0/0/1 - ISP
Branch-Edge G0/0 192.168.3.249 255.255.255.248 G0/0 – Branch-Firewall
Branch-Firewall G0/0 192.168.3.253 255.255.255.248 G0/0 – Branch-Edge
Branch-Firewall G0/1 192.168.4.129 255.255.255.128 G0/1 – sw-br-floor2
sw-br-floor1 G0/1 G0/1 - sw-br-floor3
sw-br-floor1 G0/2 G0/2 - sw-br-floor2
sw-br-floor2 G0/1 G0/1 – Branch-Firewall
sw-br-floor2 G0/2 G0/2 – sw-br-floor1
sw-br-floor2 F0/24 F0/24 – sw-br-floor3
sw-br-floor2 SVI 192.168.4.132 255.255.255.128
sw-br-floor3 F0/24 F0/24 – sw-br-floor2
sw-br-floor3 G0/1 G0/1 – sw-br-floor1
sw-br-floor3 SVI 192.168.4.133 255.255.255.128

Objectives
Map a network using CDP and SSH remote access.

Background / Scenario
A senior network administrator requires you to map the Remote Branch Office network and discover the name
of a recently installed switch that still needs an IP address to be configured. Your task is to create a map of
the branch office network. You must record all of the network device names, IP addresses and subnet masks,
and physical interfaces interconnecting the network devices, as well as the name of the switch that does not
have an IP address.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5
Packet Tracer – Map a Network Using CDP

To map the network, you will use SSH for remote access and the Cisco Discovery Protocol (CDP) to discover
information about neighboring network devices, like routers and switches. Because CDP is a Layer 2 protocol,
it can be used to discover information about devices that do not have IP addresses. You will record the
gathered information to complete the Addressing Table and provide a topology diagram of the Remote
Branch Office network.
You will need the IP address for the remote branch office, which is 209.165.200.10. The local and remote
administrative usernames and passwords are:
Local Network
Username: admin01
Password: S3cre7P@55
Branch Office Network
Username: branchadmin
Password: S3cre7P@55

Part 1: Use SSH to Remotely Access Network Devices


In Part 1, you will use the Admin-PC to remotely access the Edge1 gateway router. Next, from the Edge1
router you will SSH into the Remote Branch Office.
a. On the Admin-PC, open a command prompt.
b. SSH into the gateway router at 192.168.1.1 using the username admin01 and the password
S3cre7P@55.
PC> ssh –l admin01 192.168.1.1
Open
Password:

Edge1#
Note: Notice that you are placed directly into privileged EXEC mode. This is because the admin01 user
account is set to privilege level 15.
c. Use the show ip interface brief and show interfaces commands to document the Edge1 router’s
physical interfaces, IP addresses, and subnet masks in the Addressing Table.
Edge1# show ip interface brief
Edge1# show interfaces
d. Using the Edge1 router’s CLI, you will SSH into the Remote Branch Office at 209.165.200.10 with the
username branchadmin and the same password:
Edge1# ssh –l branchadmin 209.165.200.10
Open
Password:

Branch-Edge#
After connecting to the Remote Branch Office at 209.165.200.10 what piece of previously missing
information can now be added to the Addressing Table above?
____________________________________________________________________________________
The Branch-Edge router hostname

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 5
Packet Tracer – Map a Network Using CDP

Part 2: Use CDP to Discover Neighboring Devices


You are now remotely connected to the Branch-Edge router. Using CDP, begin looking for connected network
devices.
a. Issue the show ip interface brief and show interfaces commands to document the Branch-Edge
router’s network interfaces, IP addresses, and subnet masks. Add the missing information to the
Addressing Table to map the network:
Branch-Edge# show ip interface brief
Branch-Edge# show interfaces
b. Security best practice recommends only running CDP when needed, so CDP may need to be turned on.
Use a show cdp command to test its status.
Branch-Edge# show cdp
% CDP is not enabled
c. You need to turn on CDP, but it is a good idea to only broadcast CDP information to internal network
devices and not to external networks. To do this, disable CDP on the s0/0/1 interface and then turn on the
CDP protocol.
Branch-Edge# configure terminal
Branch-Edge(config)# interface s0/0/1
Branch-Edge(config-if)# no cdp enable
Branch-Edge(config-if)# exit
Branch-Edge(config)# cdp run
d. Issue a show cdp neighbors command to find any neighboring network devices.
Note: CDP will only show connected Cisco devices that are also running CDP.
Branch-Edge# show cdp neighbors
Is there a neighboring network device? What type of device is it? What is its name? On what interface is it
connected? Is the device’s IP address listed? Record the information in the Addressing Table.
____________________________________________________________________________________
It is a router. Its name is Branch-Firewall and it is connected on interface G0/0. The IP address of the
device is not listed.
e. To find the IP address of the neighboring device use the show cdp neighbors detail command and
record the ip address:
Branch-Edge# show cdp neighbors detail
Aside from the neighboring device’s IP address, what other piece of potentially sensitive information is
listed?
____________________________________________________________________________________
The neighboring device’s IOS software version.
f. Now that you know the IP address of the neighbor device, you need to connect to it with SSH in order to
discover other devices that may be its neighbors.
Note: To connect with SSH use the same Remote Branch Office username and password.
Branch-Edge# ssh –l branchadmin <the ip address of the neighbor device>
After successfully connecting with SSH, what does the command prompt show?
____________________________________________________________________________________

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 5
Packet Tracer – Map a Network Using CDP

Branch-Firewall#
g. You are remotely connected to the next neighbor. Use the show cdp neighbors command, and the
show cdp neighbors detail command, to discover other connected neighbor devices.
What types of network devices neighbor this device? Record any newly discovered devices in the
Addressing Table. Include their hostname, interfaces, and IP addresses.
____________________________________________________________________________________
A router (Branch-Edge) and a switch (sw-br-floor2). The sw-br-floor2 switch is a newly discovered device
located at 192.168.4.132 on the G0/1 interface.
h. Continue discovering new network devices using SSH and the show CDP commands. Eventually, you will
reach the end of the network and there will be no more devices to discover.
What is the name of the switch that does not have an IP address on the network?
____________________________________________________________________________________
sw-br-floor1
i. Draw a topology of the Remote Branch Office network using the information you have gathered using
CDP.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 5
Packet Tracer – Map a Network Using CDP

Suggested Scoring Rubric

Possible Earned
Activity Section
Points Points

Part 1 Question 2
Question d 2
Part 2 Questions 8
Question d 2
Question e 1
Question f 1
Question g 2
Question h 2
Packet Tracer 10
Addressing Scheme
60
Documentation
Topology Documentation 20
Total Point 100

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 5
Packet Tracer - Configure and Verify NTP (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask

N1 NIC 209.165.200.225 255.255.255.0


R1 G0/0 209.165.200.226 255.255.255.0
R2 G0/0 209.165.200.227 255.255.255.0

Objectives
In this activity, you will configure NTP on R1 and R2 to allow time synchronization.

Background / Scenario
Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers and
clients. While there are a number of applications that require synchronized time, this lab will focus on
correlating events that are listed in the system log and other time-specific events from multiple network
devices. NTP uses the User Datagram Protocol (UDP) as its transport protocol. All NTP communications use
Coordinated Universal Time (UTC).
An NTP server usually receives its time from an authoritative time source, such as an atomic clock attached
to a time server It then distributes this time across the network. NTP is extremely efficient; no more than one
packet per minute is necessary to synchronize two machines to within a millisecond of each other.

Step 1: NTP Server


a. Server N1 is already configured as the NTP Server for this topology. Verify its configuration under
Services > NTP.
b. From R1, ping N1 (209.165.200.225) to verify connectivity. The ping should be successful.
c. Repeat the ping to N1 from R2 to verify connectivity to N1.

Step 2: Configuring the NTP Clients


Cisco devices can be configured to refer to an NTP server to synchronize their clocks. This is important to
keep time consistent among all devices. Configure R1 and R2 as NTP clients so their clocks are

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
Packet Tracer - Configure and Verify NTP

synchronized. Both R1 and R2 will use N1 server as their NTP server. To configure R1 and R2 as an NTP
clients, issue the commands below:
a. Use the ntp server command to specify an NTP server, as shown below:
R1# conf t
R1(config)# ntp server 209.165.200.225

R2# conf t
R2(config)# ntp server 209.165.200.225
b. Check the clock on R1 and R2 again to verify that they are synchronized:
R1# show clock
*12:02:18:619 UTC Tue Dec 8 2015

R2# show clock


*12:02:20:422 UTC Tue Dec 8 2015
Note: When working on physical routers, allow a few minutes before R1 and R2 clocks are synchronized.
Are the clocks synchronized?
____________________________________________________________________________________
Yes. R1 and R2 have the same time as N1.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2
Packet Tracer - Configure VTP and DTP
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Objectives
In this activity, you will configure VTP and DTP.

Background / Scenario
Scalability and management are two crucial considerations in large networks. VTP and DTP are technologies
that improve management and scalability. VLAN Trunking Protocol (VTP) allows the switches to communicate
over VLANs automatically, improving management and scalability. Dynamic Trunking Protocol (DTP) allows
the switches to automatically negotiate and establish trunk links. DTP also improves scalability.
In this activity, you will configure a switched environment where trunks are negotiated and formed via DTP,
and VLAN information is propagated automatically through a VTP domain.

Step 1: Using Dynamic Trunk Protocol (DTP) to form trunk links


Access links transport single VLAN frames and trunk links carry frames belonging to multiple VLANs. While
trunk links can be manually configured, DTP can be used to allow the switches to negotiate and establish
trunk links automatically. DTP is very helpful in large networks.
a. Connect the F0/7 port on AS1 to F0/7 port on DS1.
b. Configure DTP desirable on the F0/7 port on DS1.
DS1(config)# interface f0/7
DS1(config-if)# switchport mode dynamic desirable
c. Connect the F0/9 port on AS2 to F0/9 port on DS1.
d. Configure DTP desirable on the F0/9 port on DS1.
Based on the fact that the ports above were made DTP desirable on DS1, is it correct to state that “DS1
ports F0/7 and F0/9 should have become trunk links”? Explain.
____________________________________________________________________________________
____________________________________________________________________________________
Yes. They should been trunk links because the trunking mode is set to Auto by default.
e. Issue show interfaces trunk command on the switches to verify that trunking has been enabled on the
switches.
DS1# show interfaces trunk

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
Packet Tracer - Configure VTP and DTP

f. From the show interfaces trunk output, which trunking mode is configured in the switch ports?
____________________________________________________________________________________
____________________________________________________________________________________
DS1 ports F0/7 and F0/9 are in DTP desirable mode, and AS1 port F0/7 and AS2 port F0/9 are
configured in DTP auto mode.

Step 2: Configuring VTP


VTP is used to communicate VLAN information among VTP domain participating switches.
a. To create a new VTP domain, configure switch DS1 as a VTP server by assigning CCNA-LAB as the
domain name with the password cisco12345.
Note: VTP domain names are case-sensitive. VTP domain passwords are optional but increase security.
b. Issue the show vtp status to verify that the domain was created.
DS1# show vtp status
c. Configure 5 VLANs on DS1. Use VLANs 10, 20, 30, 40, and 50.
d. Configure the access layer switches AS1 and AS2 to the domain as VTP clients.
e. Verify that AS1 and AS2 have learned the VLANs added to the domain from switch DS1.

Running Scripts

DS1 Configuration
interface f0/7
switchport mode dynamic desirable
interface f0/9
switchport mode dynamic desirable
vtp domain CCNA-LAB
vtp mode server
vtp password cisco12345
vlan 10
vlan 20
vlan 30
vlan 40
vlan 50

AS1 Configuration
vtp domain CCNA-LAB
vtp mode client
vtp password cisco12345

AS2 Configuration
vtp domain CCNA-LAB
vtp mode client
vtp password cisco12345

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2
Packet Tracer - Troubleshoot VTP and DTP
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Objectives
Troubleshoot the operation of VTP and DTP in a switched network.

Background / Scenario
In this activity, you will troubleshoot a switched environment where trunks are negotiated and formed via DTP,
and VLAN information is propagated automatically through a VTP domain. You have limited access to the
access switches AS1, AS2, and AS3, but are able to make configuration changes on DS1. You must
troubleshoot and correct the problem(s) to make sure that AS1, AS2 and AS3 have VLANs 100, 200, 300 and
400 in their VLAN database.
The VTP domain settings are:
VTP domain server: DS1
VTP domain: CCNA-PT
VTP password: 123PT

Part 1: Troubleshooting the Network


Step 1: DTP
VTP relies on trunk links to operate. If trunks are not formed between the access switches and distribution
switch DS1, VTP will not operate properly. DTP port modes dictate whether a switchport initiates trunk
negotiation.
a. Verify that the trunk links are formed between the DS1 and the access layer switches. Correct as
necessary.
b. If there are no trunk links between DS1 and the access layer switches, correct the problem. Document
the solution.
____________________________________________________________________________________
____________________________________________________________________________________
DS1(config)# interface range f0/1 - f0/3
DS1(config-if-range)# switchport mode dynamic desirable

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
Packet Tracer - Troubleshoot VTP and DTP

Step 2: VTP
Troubleshoot VTP. When you are certain that DTP is properly configured, move on to VTP. VTP is
responsible for carrying VLAN information throughout the VTP domain, from the VTP server to the VTP
clients.
a. Verify that the VTP domain names and passwords are configured correctly on all switches. Correct as
necessary.
Note: VTP domain names are case-sensitive. If used, a VTP password must be the same throughout the
domain.
b. Verify that all issues have been fixed. Confirm the presence of VLANs 100, 200, 300 and 400 on all
access switches.
c. Document your solution.
____________________________________________________________________________________
____________________________________________________________________________________
DS1(config)# vtp domain CCNA-PT
DS1(config)# vtp password 123PT
DS1(config)# vtp mode server

Scripts

DS1 Configuration
interface range f0/1 - f0/3
switchport mode dynamic desirable
vtp domain CCNA-PT
vtp password 123PT
vtp mode server

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2
Packet Tracer - Troubleshoot HSRP (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway

G0/1 192.168.1.1 255.255.255.0 N/A


R1
S0/0/0 209.165.200.226 255.255.255.252 N/A
G0/1 192.168.1.2 255.255.255.0 N/A
R2
S0/0/1 209.165.200.230 255.255.255.252 N/A
PC0 NIC 192.168.1.10 255.255.255.0 192.168.1.254
Laptop0 NIC 192.168.1.11 255.255.255.0 192.168.1.254
Laptop1 NIC 192.168.1.12 255.255.255.0 192.168.1.254
PC1 NIC 192.168.1.13 255.255.255.0 192.168.1.254
Web NIC 209.165.202.156 255.255.255.224 209.165.202.158

Objective
In this activity, you will troubleshoot and resolve the HSRP issues in the network. You will also verify that all
the HSRP configurations meet the network requirement.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 3
Packet Tracer – Troubleshoot HSRP

Background / Scenario
Currently the users can access www.cisco.pka. The network has been updated to use HSRP to ensure the
network availability to the users. You must verify that the users can still access the website if one of the
routers is down. R1 should always be the active router if it is functioning.
Network Requirement:
• HSRP virtual router is 192.168.1.254.
• HSRP standby group is 1.
• DNS server is 209.165.202.157.
• R1 should always be the active router when it is functioning properly.
• R2 uses the default HSRP priority.
• All users should be able to access www.cisco.pka as long as one of the routers is functioning.

Troubleshooting Process

Step 1: PCs and Laptops


a. Verify the PCs and laptops are configured correctly using the provided network requirement.
b. Based on the Network Requirement shown above, verify that the PCs and laptops can navigate to
www.cisco.pka successfully.

Step 2: Troubleshoot R1.


a. Disable the interface G0/1 on R2.
b. Use show commands to determine issues. Record and correct any issues found on R1.
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
R1 is configured with the incorrect standby group and is not configured to preempt. The priority needs to
be higher than 100, which is the priority on R2. If the PC0 and Laptop1 are still using R2 (192.168.1.2) as
the default gateway, they will lose connectivity to the Web when the interface G0/1 on R2 is disabled.
Without the correct default gateway (virtual router IP address) configured on PC0 and Laptop1, these end
devices cannot switch the default gateway to R1’s G0/1 interface (192.168.1.1).
R1# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gig0/1 11 50 Active local unknown 192.168.1.254

R1(config)# interface g0/1


R1(config-if)# no standby 11
R1(config-if)# standby 1 ip 192.168.1.254
R1(config-if)# standby 1 priority 101
R1(config-if)# standby 1 preempt
c. Re-enable the interface G0/1 on R2.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 3
Packet Tracer – Troubleshoot HSRP

Step 3: Troubleshoot R2.


a. Disable the interface G0/1 on R1.
b. Use show commands to determine any issues. Record and correct any issues found on R2.
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
The PCs and laptop use 192.168.1.254 (HSRP’s virtual router IP) as gateway. Because R1’s G0/1 has
been disabled and R2 is not yet a member of the HSRP standby group 1, laptops and PCs will lose
connectivity to the server.
R2# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gig0/1 111 100 Active local unknown 192.168.1.254

R2(config)# interface g0/1


R2(config-if)# no standby 111
R2(config-if)# standby 1 ip 192.168.1.254
c. After verifying that the PCs and laptops can navigate to www.cisco.pka successfully, re-enable the
interface G0/1 on R1.

Step 4: Verify connectivity.


a. Verify all PCs and laptops can navigate to www.cisco.pka.
b. Verify all the HSRP requirements have been met.

Running Scripts

PC0 and Laptop1


The default gateway should be configured at 192.168.1.254.

R1 Configuration
interface g0/1
no standby 11
standby 1 ip 192.168.1.254
standby 1 priority 101
standby 1 preempt

R2 Configuration
interface g0/1
no standby 111
standby 1 ip 192.168.1.254

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 3
Lab – Troubleshoot Multiarea OSPFv2 (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5
Lab – Troubleshoot Multiarea OSPFv2

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway

GigabitEthernet0/ N/A
ISP
0 209.165.200.17 255.255.255.240
GigabitEthernet0/ N/A
ASBR 0 209.165.200.18 255.255.255.240
Serial0/0/0 10.1.1.2 255.255.255.252 N/A
Serial0/0/1 10.2.2.2 255.255.255.252 N/A
ABR1 Serial0/0/0 10.1.1.1 255.255.255.252 N/A
GigabitEthernet0/ N/A
1 192.168.1.1 255.255.255.0
ABR2 Serial0/0/1 10.2.2.1 255.255.255.252 N/A
GigabitEthernet0/ N/A
1 172.16.1.33 255.255.255.224
GigabitEthernet0/ N/A
R1 1 192.168.1.2 255.255.255.0
GigabitEthernet0/ N/A
0 192.168.2.1 255.255.255.0
Loopback0 192.168.3.1 255.255.255.0 N/A
GigabitEthernet0/ N/A
R2 0 192.168.2.2 255.255.255.0
Loopback1 192.168.4.1 255.255.255.0 N/A
GigabitEthernet0/ N/A
R3 1 172.16.1.62 255.255.255.224
GigabitEthernet0/ N/A
0 172.16.1.65 255.255.255.224
GigabitEthernet0/ N/A
R4 0 172.16.1.94 255.255.255.224
GigabitEthernet0/ N/A
1 172.16.1.97 255.255.255.224

Objectives
Troubleshoot a multiarea OSPFv2 network.

Background / Scenario
A large organization has recently decided to change the network from single-area OSPFv2 to multiarea
OSPFv2. As a result, the network is no longer functioning correctly and communication through much of the
network has failed. As a network administrator you must troubleshoot the problem, fix the multiarea OSPFv2
implementation, and restore communication throughout the network. To do this, you are given the Addressing
Table above, showing all of the routers in the network including their interface IP addresses and subnet
masks. You are told that in Area 1 communication to the 192.168.4.0/24 network is down and that router R2 is

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 5
Lab – Troubleshoot Multiarea OSPFv2

unable to form an OSPF adjacency with router R1. In Area 2, communication to the 172.16.1.64/27 and
172.16.1.96/24 networks has been lost and router R4 is unable to form an adjacency. Area 0 is behaving as
expected.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

Part 1: Use Show Commands to Troubleshoot OSPFv2 Area 1


In Part 1, using the particular symptoms of network failure reported in the Background / Scenario, begin
troubleshooting configuration settings at the routers in Area 1.

Step 1: Check the router configurations in Area 1.


a. Because R2 is not forming an adjacency with R1, console into R2 and check its interface IP address
configuration and its multiarea OSPFv2 configuration. Use the show running-config command to view
the configuration.
Is R2’s OSPF router process configuration present and correct? Are the network statements, including
subnets, wildcard bits and area numbers correct?
____________________________________________________________________________________
R2’s OSPF routing configuration appears to be correct.
b. On R2, issue a show ip ospf interface command to check the hello timer interval configuration and to
verify that hello messages are being sent.
Is R2’s hello timer interval configuration set to the default setting? Is the dead time interval 4 x the hello
time interval? Are hellos being sent?
____________________________________________________________________________________
R2’s timer interval configuration is default at hello 10 and dead 40. Hellos are being sent.
c. If R2’s configurations and settings are correct then the problem of not forming and adjacency must lay
with R1. Console into R1 and check the network interface and OSPFv2 configurations in the running-
configuration.
Are the R1 network interfaces configured correctly? Is there a problem in the R1 OSPFv2 routing process
configuration that would cause an adjacency failure?
____________________________________________________________________________________
R1’s interfaces are configured correctly. R1’s OSPFv2 routing process has a passive-interface command
configured on interface G0/0.
d. Correct the configuration error on R1.
R1# configure terminal
R1(config)# router ospf 1
R1(config-router)# no passive-interface G0/0

e. If the problem has been corrected, R1 should receive a syslog message to the console showing an OSPF
adjacency change from loading to full.
Did a syslog message appear in the R1 console reporting an OSPF adjacency change?
____________________________________________________________________________________
Yes, the syslog message was: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on GigabitEthernet0/0 from
LOADING to FULL.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 5
Lab – Troubleshoot Multiarea OSPFv2

Step 2: Check the router configurations in Area 2.


a. Because it was reported that the network has lost contact with the Area 2 subnets 172.16.1.64/24 and
172.16.1.96/24, verify this at the Area 2 Border Router (ABR2) using the show ip route command.
Does the ABR2 routing table show the presence of the 172.16.1.64/24 and 172.16.1.96/24 networks?
____________________________________________________________________________________
No.
b. Check to see if ABR2 has established an OSPFv2 neighbor adjacency with R3.
Does ABR2 show two OSPF neighbors? Which neighbor ID signifies R3 and how do you know this?
____________________________________________________________________________________
Yes. ABR2 shows two neighbors with neighbor IDs 3.3.3.3 and 7.7.7.7. R3 is neighbor ID 3.3.3.3
because it shows it is connected on interface G0/1.
c. Because ABR2 has formed a neighbor relationship with R3, the problem may lay with the OSPFv2
configurations on either R3 or R4. Console into R3 and check the OSPFv2 configurations in the running-
configuration.
Are there any problems with the R3 OSPFv2 routing process configurations?
____________________________________________________________________________________
Yes, the network statement for the 172.16.1.64 network is incorrectly configured in Area 0 instead of Area
2.
d. To correct the problem, replace the OSPF routing process network statement that places the
172.16.1.64/24 subnet in Area 0 and change it to Area 2.
R3# configure terminal
R3(config)# router ospf 1
R3(config-router)# no network 172.16.1.64 0.0.0.31 area 0
R3(config-router)# network 172.16.1.64 0.0.0.31 area 2
Did a syslog message appear in the R3 console reporting an OSPF adjacency change? What does this
signify?
____________________________________________________________________________________
Yes, the syslog message was: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on GigabitEthernet0/0 from
LOADING to FULL. This signifies that an adjacency was formed with R4.
e. Verify that the R3 routing table has routes to all of the networks in all of the OSPF areas.
Are any routes missing? If so, which ones?
____________________________________________________________________________________
Yes, the routes to the 192.168.x.x networks are missing.
f. It appears that R3 is missing the OSPFv2 interarea 192.168.0.0/21 summary route. To solve this
problem, completely remove the OSPFv2 routing process from router R3 and then re-add it.
R3# configure terminal
R3(config)# no router ospf 1
R3(config)# router ospf 1
R3(config-router)# router-id 3.3.3.3
R3(config-router)# network 172.16.1.32 0.0.0.31 area 2
R3(config-router)# network 172.16.1.64 0.0.0.31 area 2

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 5
Lab – Troubleshoot Multiarea OSPFv2

g. Now verify that the R3 routing table has learned the OSPF interarea summary route to the 192.168.0.0/21
subnet.
Is the OSPF interarea route to the 192.168.0.0/21 subnet in the routing table?
____________________________________________________________________________________
Yes.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 5
Lab – Troubleshoot Multiarea OSPFv3 (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5
Lab – Troubleshoot Multiarea OSPFv3

Addressing Table

IPv6 Global Unicast IPv6 Link-local Default Gateway


Device Interface Address Address

ISP GigabitEthernet0/0 2001:DB8:C1:1::1/64 FE80::C1 N/A


ASBR GigabitEthernet0/0 2001:DB8:C1:1::2/64 FE80::7 N/A
2001:DB8:A8EA:F0A:: N/A
Serial0/0/0 1 FE80::7
2001:DB8:A8EA:F0B:: N/A
Serial0/0/1 1 FE80::7
2001:DB8:A8EA:F0A:: N/A
ABR1 Serial0/0/0 2 FE80::5
GigabitEthernet0/1 2001:DB8:A8EA:1A::1 FE80::5 N/A
2001:DB8:A8EA:F0B:: N/A
ABR2 Serial0/0/1 2 FE80::6
GigabitEthernet0/1 2001:DB8:A8EA:2A::1 FE80::6 N/A
R1 GigabitEthernet0/1 2001:DB8:A8EA:1A::2 FE80::1 N/A
GigabitEthernet0/0 2001:DB8:A8EA:1C::1 FE80::1 N/A
Loopback0 2001:DB8:A8EA:1B::1 FE80::1 N/A
R2 GigabitEthernet0/0 2001:DB8:A8EA:1C::2 FE80::2 N/A
Loopback1 2001:DB8:A8EA:1D::1 FE80::2 N/A
R3 GigabitEthernet0/1 2001:DB8:A8EA:2A::2 FE80::3 N/A
GigabitEthernet0/0 2001:DB8:A8EA:2B::1 FE80::3 N/A
R4 GigabitEthernet0/0 2001:DB8:A8EA:2B::2 FE80::4 N/A
GigabitEthernet0/1 2001:DB8:A8EA:2C::1 FE80::4 N/A

Objectives
Troubleshoot a multiarea OSPFv3 network.

Background / Scenario
A large organization has recently decided to implement a multiarea OSPFv3 network. As a result, the network
is no longer functioning correctly and communication through much of the network has failed. As a network
administrator you must troubleshoot the problem, fix the multiarea OSPFv3 implementation, and restore
communication throughout the network. To do this, you are given the Addressing Table above, showing all of
the routers in the network including their interface IPv6 addresses. You are told that in Area 1, R2 is unable to
form OSPF adjacencies. In Area 0 and Area 2, three routers ABR2, R3 and R4 have not been able to form
OSPF adjacencies. Lastly, ABR1 and R1 have not received default route information.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 5
Lab – Troubleshoot Multiarea OSPFv3

Part 1: Use Show Commands to Troubleshoot OSPFv3 Area 1


In Part 1, using the particular symptoms of network failure reported in the Background / Scenario begin
troubleshooting configuration settings at the routers in Area 1.

Step 1: Check the R2 configuration in Area 1.


a. Because R2 is not forming an adjacency with R1, console into R2 and check its interface IP address
configuration and its multiarea OSPFv2 configuration. Use the show running-config command to view
the configuration.
Is R2’s OSPFv3 routing process configuration present and correct? Has OSPFv3 been activated on the
g0/0 and Loopback 1 interfaces and have they been set to the correct Area?
____________________________________________________________________________________
R2’s OSPFv3 routing process is enabled and the interfaces are configured for area 1.
b. If R2’s OSPFv3 configurations are correct, it is possible that OSPFv3 has not been configured on the R1
G0/0 interface. Console into R1 and issue a show running-config command to check the G0/0 interface
for the ipv6 ospf 10 area 1 configuration.
Is R1’s OSPFv3 routing process configuration present and correct? Has OSPFv3 been activated on the
g0/0 interface and set to Area1?
____________________________________________________________________________________
Yes.
c. It is possible that the hello-interval and dead-interval timers have been altered from their default values of
10 seconds and 40 seconds respectively. A timer mismatch can cause the routers to not form
adjacencies. If the dead-interval timer is not four times the value of the hello-interval timer, that could also
cause the routers to not form adjacencies. Check the hello-interval and dead-interval timer values on R1
and R2.
R1# show ipv6 ospf interface g0/0
R2# show ipv6 ospf interface g0/0
Is there a mismatch or incorrect configuration on either the R1 or R2 hello-interval or dead-interval
timers?
____________________________________________________________________________________
Yes, R2’s interface G0/0 timers are mismatched and incorrect.
d. Correct the hello-interval and dead-interval timer configuration errors on R2.
R2# configure terminal
R2(config)# interface g0/0
R2(config-router)# ipv6 ospf hello-interval 10
R2(config-router)# ipv6 ospf dead-interval 40

If the problem has been corrected a syslog message should appear in the R2 console showing an OSPF
adjacency change from LOADING to FULL. State if the problem has been corrected, and if so, what is the
Nbr address?
____________________________________________________________________________________
Yes, there is a successful adjacency change to FULL with Nbr 1.1.1.1.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 5
Lab – Troubleshoot Multiarea OSPFv3

Step 2: Check the router configurations in Area 2 starting with ABR2.


a. Because it was reported that routers ABR2, R3 and R4 were all unable to form OSPFv3 adjacencies,
console into the ABR2 border router to see why it is unable to form an adjacency with ASBR router.
Is ABR2’s OSPFv3 routing process configuration present and correct? Has OSPFv3 been activated on
the s0/0/1 and g0/1 interfaces and have they been set to Area2?
____________________________________________________________________________________
ABR2’s OSPFv3 routing process has been enabled but a router-id has not been set. The interfaces have
been configured correctly.
b. OSPFv3 requires the presence of a 32bit dotted decimal router-id. Because ABR2 has no IPv4 addresses
assigned to any of its interfaces, a router-id needs to be manually configured. Configure ABR2 with a
6.6.6.6 router-id.
ABR2# configure terminal
ABR2(config)# ipv6 router ospf 10
ABR2(config-router)# router-id 6.6.6.6
If the problem has been corrected, syslog messages should appear in the console showing OSPF
adjacency changes from LOADING to FULL. State if this is the case, and what neighbor Nbr addresses
appear?
____________________________________________________________________________________
Yes, there are successful adjacency changes with Nbr 7.7.7.7 and Nbr 3.3.3.3.
c. On ABR2, a Syslog message showing an adjacency change from LOADING to FULL with Nbr 3.3.3.3
means that R3 is now participating in the OSPFv3 Area 2 process. Check that R4 has provided route
information for its connected networks to the OSPFv3 topology database.
ABR2# show ipv6 ospf database
Looking at the output of the show ipv6 ospf database command, what information would signal the
presence of R4?
____________________________________________________________________________________
The router-id 4.4.4.4 signifies the presence of R4 as well as the inclusion of the 2001:DB8:A8EA:2C::/64
network in the Area 2 section of the output.

Step 3: Check ASBR for OSPFv3 default route distribution.


a. Because ASBR is the edge router, it should have a static IPv6 default route configured. If so, it can
distribute that route using OSPFv3 and a default-information originate command.
Is there an IPv6 default route configured on ASBR? Does the OSPFv3 routing process configuration have
a default-information originate line present?
____________________________________________________________________________________
Yes ASBR has an ipv6 default route to ::/0, but the IPv6 OSPF 10 routing process does not contain a
default-information originate line.
b. On ASBR, add a default-information originate command to the OSPFv3 routing process.
ASBR# configure terminal
ASBR2(config)# ipv6 router ospf 10
ABR2(config-router)# default-information originate
c. Check the IPv6 routing tables of ABR1 and ABR2 to see if the default route was discovered through
OSPFv3.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 5
Lab – Troubleshoot Multiarea OSPFv3

Looking at the output of the show ipv6 route, did the router learn of the default route from OSPFv3? If
so, list the line or lines that signify this.
____________________________________________________________________________________
Yes. OE2 ::/0 [110/1] via FE80::7, Serial0/0/0.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 5
Packet Tracer - Configure and Verify eBGP
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Objectives
Configure and verify eBGP between two autonomous systems.

Background / Scenario
In this activity, you will configure and verify the operation of eBGP between autonomous systems 65001 and
65002. ACME Inc. is a company that has a partnership with Other Company and must exchange routes. Both
companies have their own autonomous systems and will use ISP as the transit AS to reach each other.
Note: Only companies with very large networks can afford their own autonomous system.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 3
Packet Tracer - Configure and Verify eBGP

Address Table

Device Interface IPv4 Address Subnet Mask Default Gateway

G0/0 192.168.0.1 255.255.255.0 N/A


ACME1
S0/0/0 1.1.1.2 255.255.255.252 N/A
G/0/0 172.16.10.1 255.255.255.0 N/A
OtherCo1
S0/0/0 1.1.1.10 255.255.255.252 N/A
S0/0/0 1.1.1.1 255.255.255.252
ISP1
S0/0/1 1.1.1.5 255.255.255.252
S0/0/0 1.1.1.9 255.255.255.252
ISP2
S0/0/1 1.1.1.6 255.255.255.252
PC0 NIC DHCP 192.168.0.1
Laptop0 NIC DHCP 192.168.0.1
Laptop1 NIC DHCP 192.168.0.1
Server NIC 172.16.10.2 255.255.255.0 172.16.10.1

Step 1: Configure eBGP in ACME Inc.


ACME Inc. hired an ISP to connect to a partner company called Other Company. The ISP has established
network reachability within its network and to Other Company. You must connect ACME to the ISP so that
ACME and Other Company can communicate. Because ISP is using BGP as the routing protocol, you must
configure ACME1, ACME’s border router, to establish a BGP neighbor connection with ISP1, the ISP border
router that faces ACME.
a. Verify that the ISP has provided IP reachability through its network by pinging 1.1.1.9, the IP address
assigned to ISP2’s Serial 0/0/0.
b. From any device inside ACME’s network, ping the Other Company’s server 172.16.10.2. The pings
should fail as no BGP routing is configured at this time.
c. Configure ACME1 to become an eBGP peer with ISP1. ACME’s AS number is 65001, while the ISP is
using AS number 65003. Use the 1.1.1.1 as the neighbor IP address and make sure to add ACME’s
internal network 192.168.0.0/24 to BGP.
ACME1(config)# router bgp 65001
ACME1(config-router)# neighbor 1.1.1.1 remote-as 65003
ACME1(config-router)# network 192.168.0.0 mask 255.255.255.0
From any device inside ACME’s network, ping the Other Company internal server again. Does it work?
No.

Step 2: Configure eBGP in Other Company Inc.


The network administrator at Other Company is not familiar with BGP and could not configure their side of the
link. You must also configure their end of the connection.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 3
Packet Tracer - Configure and Verify eBGP

Configure OtherCo1 to form an eBGP adjacency with ISP2, the ISP border router facing OtherCo1. Other
Company is under AS 65002 while ISP is under AS 65003. Use the 1.1.1.9 as the neighbor IP address of
ISP2 and make sure to add Other Company’s internal network 172.16.10.0/24 to BGP.
OtherCo1(config)# router bgp 65002
OtherCo1(config-router)# neighbor 1.1.1.9 remote-as 65003
OtherCo1(config-router)# network 172.16.10.0 mask 255.255.255.0

Step 3: eBGP Verification


a. Verify that ACME1 has properly formed an eBGP adjacency with ISP1. The show ip bgp summary
command is very useful here.
b. Use the show ip bgp summary command to verify all the routes ACME1 has learned via eBGP and their
status.
c. Look at the routing tables on ACME1 and OtherCo1. ACME1 should have routes learned about Other
Company’s route 172.16.10.0/24. Similarly, OtherCo1 should now know about ACME’s route
192.168.0.0/24.
d. Open a web browser in any ACME Inc. end devices and navigate to Other Company’s server by entering
its IP address 172.16.10.2
e. From any ACME Inc. device, ping the Other Company’s server at 172.16.10.2.

Scripts

ACME1 Configuration
router bgp 65001
neighbor 1.1.1.1 remote-as 65003
network 192.168.0.0 mask 255.255.255.0

OtherCo1 Configuration
router bgp 65002
neighbor 1.1.1.9 remote-as 65003
network 172.16.10.0 mask 255.255.255.0

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 3
Packet Tracer – Troubleshooting IPv6 ACLs (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IPv6 Address / Prefix Default Gateway

G0/0 2001:DB8:CAFE::1/64 N/A


R1 G0/1 2001:DB8:CAFE:1::1/64 N/A
G0/2 2001:DB8:CAFE:2::1/64 N/A
PC0 NIC 2001:DB8:CAFE::2/64 FE80::1
Server1 NIC 2001:DB8:CAFE:1::2/64 FE80::1
Server2 NIC 2001:DB8:CAFE:2::2/64 FE80::1
L0 NIC 2001:DB8:CAFE::3/64 FE80::1
L1 NIC 2001:DB8:CAFE:1::3/64 FE80::1
L2 NIC 2001:DB8:CAFE:2::3/64 FE80::1

Objectives
Part 1: Troubleshoot HTTP Access
Part 2: Troubleshoot FTP Access
Part 3: Troubleshoot SSH Access

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 4
Packet Tracer - Troubleshooting IPv6 ACLs

Scenario
The following three polices have been implemented on the network:
• Hosts from the 2001:DB8:CAFÉ::/64 network do not have HTTP access to the other networks.
• Hosts from the 2001:DB8:CAFÉ:1::/64 network are prevented from access to the FTP service on Server2.
• Hosts from the 2001:DB8:CAFE:1::/64 and 2001:DB8:CAFE:2::/64 networks are prevented from
accessing R1 via SSH.
No other restrictions should be in place. Unfortunately, the rules that have been implemented are not working
correctly. Your task is to find and fix the errors related to the access lists on R1.
Note: To access R1 and the FTP servers, use the username user01 and password user01pass.

Part 1: Troubleshoot HTTP Access


Hosts from the 2001:DB8:CAFE::/64 network are intentionally unable to access the HTTP service, but should
not be otherwise restricted.

Step 1: Determine the ACL problem.


As you perform the following tasks, compare the results to what you would expect from the ACL.
a. Using L0, L1, and L2, attempt to access HTTP services of Server1 and Server2.
b. Using L0, ping Server1 and Server2.
c. Using PC0, access the HTTPS services of Server1 and Server2.
d. View the running configuration on R1. Examine access list G0-ACCESS and its placement on the
interfaces. Is the access list placed on the correct interface and in the correct direction? Is there any
statement in the list that permits or denies traffic to other networks? Are the statements in the correct
order?
e. Run other tests as necessary.

Step 2: Implement a solution.


Make adjustments to access lists to fix the problem.
R1(config)# ipv6 access-list G0-ACCESS
R1(config-ipv6-acl)# permit ipv6 any any

Step 3: Verify the problem is resolved and document the solution.


If the problem is resolved, document the solution; otherwise return to Step 1.
No traffic is getting through because of the implicit deny any. Added a permit ipv6 any any to the G0-
ACCESS.

Part 2: Troubleshoot FTP Access


Hosts from the 2001:DB8:CAFE:1::/64 network are prevented from accessing the FTP service of Server2, but
no other restriction should be in place.

Step 1: Determine the ACL problem.


As you perform the following tasks, compare the results to the expectations of the ACL.
a. Using L0, L1, and L2, attempt to access FTP service of Server2.

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 4
Packet Tracer - Troubleshooting IPv6 ACLs

PC> ftp 2001:db8:cafe:2::2


b. View the running configuration on R1. Examine access list G1-ACCESS and its placement on the
interfaces. Is the access list placed on the correct port in the correct direction? Is there any statement in
the list that permits or denies traffic to other networks? Are the statements in the correct order?
c. Run other tests as necessary.

Step 2: Implement a solution.


Make adjustments to access lists to fix the problem.
R1(config)# interface GigabitEthernet0/1
R1(config-if)# no ipv6 traffic-filter G1-ACCESS out
R1(config-if)# ipv6 traffic-filter G1-ACCESS in

Step 3: Verify the problem is resolved and document the solution.


If the problem is resolved, document the solution; otherwise return to Step 1.
G1-ACCESS was applied outbound on G0/1. Removed as outbound and applied as inbound on G0/1.

Part 3: Troubleshoot SSH Access


Only the hosts from 2001:DB8:CAFE::/64 network are permitted remote access to R1 via SSH.

Step 1: Determine the ACL problem.


As you perform the following tasks, compare the results to what you would expect from the ACL.
a. From L0 or PC0, verify SSH access to R1.
b. Using L1 and L2, attempt to access R1 via SSH.
c. View the running configuration on R1. Examine access lists and their placements on the interfaces. Is the
access list placed on the correct interface and in the correct direction? Is there any statement in the list
that permits or denies traffic to other networks? Are the statements in the correct order?
d. Perform other tests, as necessary.

Step 2: Implement a solution.


Make adjustments to access lists to fix the problem.
R1(config)# no ipv6 access-list G2-ACCESS
R1(config)# ipv6 access-list G2-ACCESS
R1(config-ipv6-acl)# deny tcp 2001:DB8:CAFE:2::/64 any eq 22
R1(config-ipv6-acl)# permit ipv6 any any

Step 3: Verify that the problem is resolved and document the solution.
If the problem is resolved, document the solution: otherwise return to Step 1.
The access list G2-ACCESS allows all traffic because the order of the statements is wrong. Reorder the
statements so that the permit ipv6 any any is the second statement

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 4
Packet Tracer - Troubleshooting IPv6 ACLs

Suggested Scoring Rubric

Possible Earned
Question Location Points Points

Documentation Score 10
Packet Tracer Score 90
Total Score 100

Script

R1 Configuration
ipv6 access-list G0-ACCESS
permit ipv6 any any
no ipv6 access-list G2-ACCESS
ipv6 access-list G2-ACCESS
deny tcp 2001:DB8:CAFE:2::/64 any eq 22
permit ipv6 any any
interface GigabitEthernet0/1
no ipv6 traffic-filter G1-ACCESS out
ipv6 traffic-filter G1-ACCESS in

© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 4

You might also like