GNS3 Lab Files, System and Networking

Saturday, October 29, 2011

CCNP TSHOOT - Ticket 10

The problem state that DSW1 and DSW2 are configured as HSRP routes and DSW1 should be active router but instead, currently DSW2 is active.

Let's check DSW1's HSRP configuration.

DSW1#sh standby

Vlan10 - Group 10

State is Standby

4 state changes, last state change 00:02:07

Virtual IP address is 10.2.1.254

Active virtual MAC address is 0000.0c07.ac0a

Local virtual MAC address is 0000.0c07.ac0a (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 1.772 secs

Preemption enabled

Active router is 10.2.1.2, priority 100 (expires in 7.736 sec)

Standby router is local

Priority 90 (configured 150)

Track object 1 state Down decrement 60

IP redundancy name is "hsrp-Vl10-10" (default)

Yes, DSW1 is currently standby and not active router. Active router is 10.2.1.2 which is DSW2.

Let's check more detail of DSW1's HSRP configuration in VLAN 10.

DSW1#sh run int vlan 10

Building configuration...

Current configuration : 191 bytes

interface Vlan10

ip address 10.2.1.1 255.255.255.0

ip helper-address 10.1.4.5

standby 10 ip 10.2.1.254

standby 10 priority 150

standby 10 preempt

standby 10 track 1 decrement 60

end

---------------------------------------

Pay attention to "standby 10 track 1 decrement 60" which means it need to check more on "Track 1".

Let's check more from running-config.

DSW1#sh run | begin track

track 1 ip route 4.4.4.1 255.255.255.255 metric threshold

threshold metric up 1 down 2

track 10 ip route 4.4.4.4 255.255.255.255 metric threshold

threshold metric up 111 down 112

-----------------------

Two track objects are configured; track1 and track 10. Tracking objects are tracking to ip reachable to ip 4.4.4.4 which is the loopback IP of R4.

Metric threshold means if it's reachable, default "UP" value is 254 and "DOWN" value is 255

So, current DSW1 track object is 1 and it's tracking route to 4.4.4.1 which is unavailable. That's why, current DSW1's priority value will be (150 - 60 = 90) which is lower than the DSW2, which has default value 100.

It's mentioned in DSW1 's "sh standby" output.

Priority 90 (configured 150)

Track object 1 state Down decrement 60

IP redundancy name is "hsrp-Vl10-10" (default)

------------------------------------------------------

To fix it, change standby 10 track 1 decrement 60 DSW1's interface vlan 10 as follow.

DSW1(config)#int vlan 10

DSW1(config-if)#no standby 10 track 1 decrement 60

DSW1(config-if)#standby 10 track 10 decrement 60

------------------

Check again in DSW1 whether it's active or not

DSW1#sh standby

Vlan10 - Group 10

State is Active

5 state changes, last state change 00:00:47

Virtual IP address is 10.2.1.254

Active virtual MAC address is 0000.0c07.ac0a

Local virtual MAC address is 0000.0c07.ac0a (v1 default)

Hello time 3 sec, hold time 10 sec

Next hello sent in 0.116 secs

Preemption enabled

Active router is local

Standby router is 10.2.1.2, priority 100 (expires in 8.184 sec)

Priority 150 (configured 150)

Track object 10 state Up decrement 60

IP redundancy name is "hsrp-Vl10-10" (default)

CCNP TSHOOT - Ticket 9

The problem state that R4 and DSW1 can't ping to R2's loopback IPV6 address (FEC0::2:2) or (Serial1/0.12's 2026::12:2).

Let's check from DSW1 first. Both failed as shown below.

DSW1#ping ipv6 2026::12:2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2026::12:2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

DSW1#ping ipv6 FEC0::2:2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to FEC0::2:2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

------------------------------------------

Check R2's IPV6 address to be sure whether they are up or not.

R2#sh ipv6 int brief

FastEthernet0/0 [administratively down/down]

FastEthernet0/1 [administratively down/down]

Serial1/0 [up/up]

Serial1/0.12 [up/up]

FE80::CE00:4FF:FE4C:0

2026::12:2

Serial1/0.23 [up/up]

FE80::CE00:4FF:FE4C:0

2026::1:1

Serial1/1 [administratively down/down]

Serial1/2 [administratively down/down]

Serial1/3 [administratively down/down]

Loopback2 [up/up]

FE80::CE00:4FF:FE4C:0

FEC0::2:2

----------------------------------------

Check OSPF IPV6 neighbour using "sh ipv6 ospf neighbor". One neighbour found with R1 but not with R3.

R2#sh ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID Interface

1.1.1.1 1 FULL/ - 00:00:37 13 Serial1/0.12

Check the interface configuration connected to R3 which is s1/0.23. No OSPV3 configuration has configured.

R2#sh run int s1/0.23

Building configuration...

Current configuration : 145 bytes

interface Serial1/0.23 point-to-point

ip address 10.1.1.5 255.255.255.252

ipv6 address 2026::1:1/122

frame-relay interface-dlci 203

end

To be sure, double check again in the interface connected with R1.

R2#sh run int s1/0.12

Building configuration...

Current configuration : 245 bytes

interface Serial1/0.12 point-to-point

ip address 10.1.1.2 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 nass

ipv6 address 2026::12:2/122

ipv6 ospf 6 area 12

frame-relay interface-dlci 201

end

-------------------------------------------------

Missing configuration is "ipv6 ospf 6 area 0" which is the one needed to configured to be in OSPF V3 area 0.

Let's configure in R1 and ping again from DSW1. As soon as correct configuration completed, R2 is formed neighbour with R3 as shown below.

R2(config)#interface Serial1/0.23

R2(config-subif)#ipv6 ospf 6 area 0

R2(config-subif)#^Z

R2#

*Mar 1 00:16:48.055: %OSPFv3-5-ADJCHG: Process 6, Nbr 3.3.3.3 on Serial1/0.23 from LOADING to FULL, Loading Done

*Mar 1 00:16:49.435: %SYS-5-CONFIG_I: Configured from console by console

R2#

Ping to R2 from DSW1 again as follow.

DSW1#ping ipv6 FEC0::2:2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to FEC0::2:2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/109/156 ms

DSW1#ping ipv6 2026::12:2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2026::12:2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 52/83/108 ms

DSW1#

Friday, October 28, 2011

CCNP TSHOOT - Ticket 8

Check from Client1.

Client1#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.2.1.3 YES DHCP up up

FastEthernet0/1 unassigned YES NVRAM administratively down down

IP address 10.2.1.3 has assigned. Next step is start ping to 10.1.1.1

Client1#ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

U.U.U

Success rate is 0 percent (0/5)

Ping failed to reach 10.1.1.1

-----------------------

Try ping to 10.1.4.5 (R4).

Client1#ping 10.1.4.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.4.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/55/80 ms

Ping reach to 10.1.4.5 but failed in R4's exit point 10.1.1.10

Here are the possible cause.

- Route redistribution from OSPF to EIGRP

- Wrong EIGRP AS number

Let's check in R4 first. Check EIGRP neighbour first. Font two neighbours, DSW1 and DSW2. So, R4's EIGRP is working well.

R4#sh ip eigrp neighbors

IP-EIGRP neighbors for process 10

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

1 10.1.4.10 Fa0/1 14 00:10:20 72 432 0 22

0 10.1.4.6 Fa0/0 11 00:10:26 39 234 0 19

--------------------------

Check OSPF neighbour again and it's also working well with R3.

R4#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 0 FULL/ - 00:00:39 10.1.1.9 Serial1/0.34

---------------

Check routing table again.

Gateway of last resort is 10.1.1.9 to network 0.0.0.0

4.0.0.0/32 is subnetted, 1 subnets

C 4.4.4.4 is directly connected, Loopback4

10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks

D 10.2.4.12/30 [90/30720] via 10.1.4.10, 00:12:29, FastEthernet0/1

[90/30720] via 10.1.4.6, 00:12:29, FastEthernet0/0

C 10.1.1.8/30 is directly connected, Serial1/0.34

C 10.1.4.8/30 is directly connected, FastEthernet0/1

D 10.2.1.0/24 [90/30720] via 10.1.4.10, 00:12:29, FastEthernet0/1

[90/30720] via 10.1.4.6, 00:12:30, FastEthernet0/0

D 10.2.2.0/24 [90/30720] via 10.1.4.10, 00:12:30, FastEthernet0/1

[90/30720] via 10.1.4.6, 00:12:30, FastEthernet0/0

C 10.1.4.4/30 is directly connected, FastEthernet0/0

O*IA 0.0.0.0/0 [110/65] via 10.1.1.9, 00:11:25, Serial1/0.34

----------------

None of the following networks are appearing in R4 but all can be reach via serial1.0.34 as OSPF is configured with NSSA, only default route is appearing in routing table.

10.1.1.8/30, 10.1.1.4/30 and 10.1.1.0/30

It can conclude that there is problem in redistribution routes.

Check how the default route is appearing in routing table. 10.1.1.9 can be reach from 3.3.3.3 but no route-map is appearing in default route 0.0.0.0

R4#sh ip route 0.0.0.0

Routing entry for 0.0.0.0/0, supernet

Known via "ospf 1", distance 110, metric 65, candidate default path, type inter area

Redistributing via eigrp 10

Last update from 10.1.1.9 on Serial1/0.34, 00:14:56 ago

Routing Descriptor Blocks:

* 10.1.1.9, from 3.3.3.3, 00:14:56 ago, via Serial1/0.34

Route metric is 65, traffic share count is 1

-------------------------------

It's time to check running config of R4 for redistribution. Here is R4's EIGRP process. It is redistributed route from OSPF with route map named "EIGRP->OSPF.

router eigrp 10

redistribute ospf 1 route-map EIGRP->OSPF

network 10.1.4.4 0.0.0.3

network 10.1.4.8 0.0.0.3

no auto-summary

Let's check route map EIGRP->OSPF in details.

route-map EIGRP_OSPF permit 10

set metric 102400 1000 128 1 1500

set tag 10

---------------

Finally, it's because of wrong route map named "EIGRP_OSPF"

Changed to correct route map name and check routing table again.

R4(config)#router eigrp 10

R4(config-router)#no redistribute ospf 1 route-map EIGRP->OSPF

R4(config-router)#redistribute ospf 1 route-map EIGRP_OSPF

R4(config-router)#^Z

------------------------------------

R4#sh ip route 0.0.0.0

Routing entry for 0.0.0.0/0, supernet

Known via "ospf 1", distance 110, metric 65, candidate default path, type inter area

Redistributing via eigrp 10

Advertised by eigrp 10 route-map EIGRP_OSPF

Last update from 10.1.1.9 on Serial1/0.34, 00:20:56 ago

Routing Descriptor Blocks:

* 10.1.1.9, from 3.3.3.3, 00:20:56 ago, via Serial1/0.34

Route metric is 65, traffic share count is 1

-------------

Checking route to 0.0.0.0 (default route) is showing now that it's advertised by route-map EIGRP_OSPF.

So, the fault device is R4 in route redistribution and can fix by changing the route-map name.

Thursday, October 27, 2011

CCNP TSHOOT - Ticket 7

Client1#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES DHCP up up

FastEthernet0/1 unassigned YES NVRAM administratively down down

------------------

No IP address has assigned to Client1. Check trunk status in ASW1.

ASW1#sh int trunk

Port Mode Encapsulation Status Native vlan

Po4 on 802.1q trunking 1

Po5 on 802.1q trunking 1

Port Vlans allowed on trunk

Po4 1-1005

Po5 1-1005

Port Vlans allowed and active in management domain

Po4 1,10,20

Po5 1,10,20

Port Vlans in spanning tree forwarding state and not pruned

Po4 1,10,20

Po5 1,10,20

----------------------

Trunks are properly configured.

Check access vlan in ASW1 again for fa1/0 as follow.

interface FastEthernet1/0

switchport access vlan 10

interface FastEthernet1/1

switchport access vlan 10

---------------------

Port fa1/0 has assigned with correct VLAN 10. So, it's working well.

So, let's move to DSW1 switch. Check EIGRP neighours relationship first as follow.

DSW1#sh ip eigrp neighbors

IP-EIGRP neighbors for process 10

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

2 10.2.2.1 Vl20 12 00:04:41 65 390 0 14

1 10.2.1.2 Vl10 12 00:04:41 72 432 0 15

0 10.2.4.14 Fa1/13 12 00:05:12 741 4446 0 13

---------------

Check carefully, network connected to R2, 10.1.4.X are not appearning in neighbours list. So, let's move to R4 to check it's EIGRP

Here is the result.

R4#sh ip eigrp neighbors

IP-EIGRP neighbors for process 1

The whole lab's EIGRP AS is 10 and it's not 1. So, the problem is in R4's EIGRP process.

Change back to EIGRP process from 1 to 10 in R4 will solve the problem.

The main cause of why Client1 not getting IP is, there is broken connection between DSW1 and R4's EIGRP process.

So, the error device is R4, EIGRP process, and can be fixed by changing EIGRP AS from 1 to 10.
---------------
Trying to ping from Client 1 to Web server 209.65.200.241 will fail because of missing EIGRP routes in OSPF network. So, only from R4 can reach and none of the devices behind R4 can't reach to OSPF and outside network.

To fix it, redistribute EIGRP (AS 10) routes to OSPF network in R4 as follow;

router ospf 1
redistribute eigrp 10 subnets

CCNP TSHOOT - Ticket 6

As usual, check the ip address of Client1.

Client1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES DHCP up up
FastEthernet0/1 unassigned YES NVRAM administratively down down

No IP address are getting and here are the following possibilities.
- ASW1 (wrong access vlan)
- ASW1 ( wrong vlan trunk allowed )

Ok, let's start check from ASW1.
As the previous tickets already have "access vlan", now start check directly VLAN trunk.
---------------------------------

ASW1#sh int trunk

Port Mode Encapsulation Status Native vlan
Po4 on 802.1q trunking 1
Po5 on 802.1q trunking 1

Port Vlans allowed on trunk
Po4 1-9,1002-1005
Po5 1-9,1002-1005

Port Vlans allowed and active in management domain
Po4 1
Po5 1

Port Vlans in spanning tree forwarding state and not pruned
Po4 1
Po5 1
----------------------------------
Here you will notice that trunk allowed vlan is excluded VLAN 10. Only VLAN 1-9 and 1002-1005 are allowed.

Let's change trunk allowed vlan in ASW1 as follows.

ASW1(config)#int range port-channel 4 - 5
ASW1(config-if-range)#no switchport trunk allowed vlan 1-9,1002-1005
ASW1(config-if-range)#switchport trunk allowed vlan 1-10,1002-1005

After wait a while, check in Client1 again and ip address 10.2.1.3 will be in placed as follow.

Client1#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.2.1.3 YES DHCP up up

FastEthernet0/1 unassigned YES NVRAM administratively down down

So, the problem is in ASW1, in switch to switch connectivity and can be fixed by adding VLAN 10 in port channel.

CCNP TSHOOT - Ticket 5

Check in Client1 first whether it's getting IP address from DHCP server or not.

Client1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES DHCP up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
-------------
No IP address is getting in Client1. So, the problem will be in following devices.

- ASW1 (switch port access vlan )
- DSW1 (EIGRP ip routing)
- ASW1 (switchport trunk allowed vlan)
- R4 (Wrong EIGRP AS)
- DSW1 (ip helpder-address to DHCP server, R4)
--------------------------------------
Let's check in ASW1 first. To know which port is attach to ASW1, do as follow in ASW1

ASW1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES unset up up
-------------
Then, check detail config of FastEthernet1/0 using "sh run"

interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
switchport access vlan 10

---------

As seeing in above config of FastEthernet1/0, it is different with FastEthernet1/2 which is in vlan 10.

So, let's add access vlan 10 in FastEthernet1/0

ASW1(config)# int fa1/0
ASW1(config-if)#switchport access vlan 10

Wait for a few seconds and check in Client1 as follow whether it's getting IP address or not.

If still not getting IP address, shut down the interface and enable again as follow.

Client1#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES DHCP up up

FastEthernet0/1 unassigned YES NVRAM administratively down down

Client1#config t

Enter configuration commands, one per line. End with CNTL/Z.

Client1(config)#int fa0/0

Client1(config-if)#shut

Client1(config-if)#no shut

Client1(config-if)#^Z

Client1#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.2.1.3 YES DHCP up up

FastEthernet0/1 unassigned YES NVRAM administratively down down

So, the error is in ASW1, topology in error access vlan and can fix by adding "switchport access vlan 10"

CCNP TSHOOT - Ticket 4

Just a short note to remind, in exam, you can't use "sh run | include bgp" command. If you doubt which one you can use, check in CCNP Tshoot Demo from Cisco website.

Below are the processes to troubleshoot.

Client1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.2.1.3 YES DHCP up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Client1#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/80/128 ms
Client1#ping 209.65.200.225

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.65.200.225, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 80/89/108 ms
Client1#ping 209.65.200.226

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.65.200.226, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
------------------------------
Pinging stop in 209.65.200.226. Check BGP neighbour status first in R1.

R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 65001
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 1/0 prefixes, 2/1 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
209.65.200.226 4 65002 0 0 0 0 0 never Active

-----------------------------------------------
R1 has broken BGP neighbour status with another router. As you see that, it's in Active state and no messages and prefix has received.

Let's check R1's bgp configuration.

router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.65.200.226 remote-as 65002
no auto-summary

------------------

It seems like BGP configuration is correct and something wrong in IP access-list. Check access-list in R1.

ip nat inside source list 10 interface Serial1/1 overload

access-list 10 permit 10.2.2.0 0.0.0.255

access-list 10 permit 10.2.4.0 0.0.0.255

access-list 10 permit 10.1.4.0 0.0.0.255

access-list 10 permit 10.10.4.0 0.0.0.255

access-list 10 permit 10.1.1.0 0.0.0.255

access-list 10 permit 10.2.1.0 0.0.0.255

access-list 40 permit 209.65.200.241

access-list 40 deny 10.1.0.0 0.0.255.255

access-list 40 deny 10.2.0.0 0.0.255.255

ipv6 router ospf 6

log-adjacency-changes

-----------------

Here is the problem. IP access-list 40 is not allowing 209.65.200.224/30 network and applied to Serial 1/1 interface. So, let's fix and solve the problem.

As soon as after doing following changes in R1, all are solved.

R1(config)#ip access-list standard 40

R1(config-std-nacl)#per

R1(config-std-nacl)#permit 209.65.200.224 0.0.0.3

R1(config-std-nacl)#^Z

R1#

*Mar 1 00:21:19.411: %SYS-5-CONFIG_I: Configured from console by console

*Mar 1 00:21:25.291: %BGP-5-ADJCHANGE: neighbor 209.65.200.226 Up

R1#

------------------------------

The problem device is R1, and it's related with ip access-list and can fixed by adding new access-list in access-list 40.

Why I create this blog?

I have search GNS3 lab files in Internet not only for preparing my certification exams but also for interest in Cisco.

But, sometime, it's difficult to get the one you want. Some lab files are very good but using too much routers which can have problem when opening and running.

That's why I created simple GNS3 files even though I'm not guru in networking.

All comments are welcome by sharing knowledge in networking.

If there is any error in my lab files, this is my lack of knowledge.

Recently, I have changed my mind to post not only GNS3 lab files but also to add other system and networking experiences as well.