Home > Troubleshooting Lab Challenge 2

Troubleshooting Lab Challenge 2

June 6th, 2015 in Lab Challenges Go to comments

Troubleshooting Lab Challenge 2:

Note: We created this lab challenge to help you get some practice with networking problems only. These labs are only for fun and do not appear in the TSHOOT exam.

Introduction

Recently our corporation has just acquired some companies. Our networking engineers are working to merge their networks into ours. An engineer has edited the network configuration and now our users are experiencing network issues. They have contacted you to resolve the issues and return the network to full functionality.

Below are the IPv4 Layer 3 Topology and IPv6 Topology (No switch is used in this challenge so we don’t have a Layer 2 Topology):

Topology.jpg

 

Topology_IPv6.jpg

To troubleshooting effectively you should understand how this network operates. We summarize it as follows:

+ OSPF process 1 is running between R1, R2, R3, R4 and R5
+ RIP version 2 is running between R2 and R6
+ EIGRP AS 10 is running between R3, R7 and R8
+ Redistribution is configured on R2 & R3 to exchange OSPF, RIP and EIGRP information
+ R5 is connected to an Internet Service Provider (ISP) via BGP 65002. R5 is also providing NAT translation between inside networks (10.0.0.0/24 & 192.168.1.0/24) and outside network (201.15.3.4/30 & 201.15.3.17)
+ R5 is connected to the OSPF backbone area via a OSPF virtual-link. It is a temporary solution for merging them
+ Two access-lists are applied on R5 to increase security for the inside networks
+ Users are allocated prefixes of 192.168.1.0/24 & 10.2.2.0/24. They are represented by Client 1 & Client 2
+ R1, R2 and R3 are connected via DMVPN (this is a new topic in the ROUTEv2 exam. If you don’t understand about DMVPN and NHRP, please ignore ticket 14 & 15.)
+ For security reason, the network between R4 & R5 (10.1.1.20/30) is hidden from all other routers via a filter-list on R4.
+ In the IPv6 Topology R1, R3, R4 and R5 are running OSPFv3 AS#10 while R3 and R8 are running RIPng. Redistribution is performed on R3 so that these two IPv6 routing protocols can see each other.
+ Traceroute commands are not supported in this challenge (that would make the challenge too easy)

There are 15 tickets waiting for you to resolve. Each ticket only contains one error. Below are the links to access them:

Ticket 1 Ticket 2 Ticket 3 Ticket 4 Ticket 5 Ticket 6 Ticket 7 Ticket 8
Ticket 9 Ticket 10 Ticket 11 Ticket 12 Ticket 13 Ticket 14 Ticket 15  

We hope you can solve all these problems. The difficulty of this challenge is same of the TSHOOT exam (for routers only). Please tell us if you like them or not so that we can continue making more in the future.

Comments (50) Comments
Comment pages
1 2 3 4 889
  1. anon
    June 6th, 2015

    ticket 3 ipv6

    ping ipv6 ?
    trace ipv6 ?

    unsupported command…

  2. networktut
    June 7th, 2015

    @anon: For IPv6 ping, just use ping , for example: ping 5005::5 (same as IPv4).

  3. anon
    June 7th, 2015

    typo on ticket 3

    Question on R8 e0/0 ipv6 address is 2019::38:3. On the simulation router its 2019::38:8

  4. anon
    June 7th, 2015

    Ticket 9

    Please check configuration on R8:
    show run config:
    !
    !
    Router eigrp 10
    network 8.8.8.8 0.0.0.0
    network 10.1.1.8 0.0.0.0 —> should be 10.1.1.0 0.0.0.25
    network 10.2.2.0 0.0.0.255

  5. networktut
    June 7th, 2015

    @anon: Thanks for your information. We have just fixed E0/0 IPv6 address on R8 questions.

    The wildcard mask 0.0.0.0 is correct. You don’t need to type the large 10.1.1.0/24 subnet but only need to type exactly the interface needs to run EIGRP on (10.1.1.8 in this case).

    Note: The ‘network ‘ command on EIGRP, OSPF, RIP means that the router will find all interfaces that belong to range and turn on EIGRP, OSPF, RIP on that interface. So the ‘network 10.1.1.8 0.0.0.0’ will turn EIGRP on E0/0 of R8 only. And the ‘network 0.0.0.0 255.255.255.255’ will turn EIGRP on all active interfaces of that router.

  6. anon
    June 7th, 2015

    spoiler…Solutions to Ticket problem. Interesting simulation…kudos to networktut

    Ticket 1
    R4
    IPv4 ip ospf routing
    under ospf process 1, issue the “no area virtual-link 5.5.5.5”, then “then

    area 1 virtual-link 1.1.1.1”

    Ticket 2
    R5
    IP NAT
    Under interface eth0/1, issue the ‘ip nat inside’ command

    ticket 3
    R3
    IPv6 route redistribute
    Under ipv6 ospf process, enter “redis rip RIP Star metric 3 include-

    connected subnets

    ticket 4
    R5
    IPv4 OSPF routing
    under OSPF process 1, add the “default-information originate always”

    command

    ticket 5
    R6
    IPv4 RIP Routing
    Under RIP process, change the version of RIP from 1 to 2

    ticket 6
    R5
    IPv4 Layer 3 Security
    Under “ip access-list standard Security_Internet” configuration add

    “permit 192.168.1.0 0.0.0.255′ and ‘permit 10.2.2.0 0.0.0.255′ commands

    Ticket 7
    R8
    IPv4 EIGRP Routing
    Change EIGRP Autonomous System from 1 to 10

    Ticket 8
    R1
    IPv6 OSPF Routing
    Under “ipv6 router ospf 10” enter the “no shutdown” command

    Ticket 9
    R3
    IPv4 EIGRP Routing
    Under key chain R3-R7-R8 configuration, add teh key 1 with key-string

    0123456

    Ticket 10
    R3
    IPv4 EIGRP Routing
    Under EIGRP process, enter “redistribute ospf 1 metric 1 1 1 1 1’

    command

    Ticket 11
    R8
    IPv4 EIGRP Routing
    Under EIGRP process, remove ‘passive-interface default’ command

    Ticket 12
    R3
    IPv6 Route Redistribution
    Under ipv6 RIP proces, enter “redistribute ospf 10 metric 3 include-

    connected” command

    Ticket 13
    R5
    BGP
    Under BGP Process, delete “neighbor 201.15.3.16 remote-as 65002′

    command and enter “neighbor 201.15.3.6 remote-as 65002′

    Ticket 14
    R1
    IPv4 OSPF Routing
    Under interface Tunnl 123, change the OSPF priority to a value greater than 1

    Ticket 15
    R2
    NHRP
    Under interface Tunnel 123, delete “ip nhrp map 10.10.123.1 10.10.100.1” and enter “ip nhrp map 10.10.123.1 10.10.10.1” command.

  7. anon
    June 7th, 2015

    time to go to sleep…goodnight y’all!!!

  8. Ghost
    June 7th, 2015

    Amazing practice for the CCNP! Thank you so much!

  9. Littleduck
    June 9th, 2015

    @networktut:

    Ticket 14: why is the issue laid on OSPF routing?

    On R1, “show ip nhrp” gives the output that DMVPN can not complete even though there is nothing wrong with the nhrp protocol configuration.

    The command “ip ospf priority 0” under tun123 subinterface command simply tells that R1 does’t want to be the DR in OSPF voting. Is it mandatory that R1, because of being a NHS in NHRP protocol, therefore is always being a DR?

  10. Littleduck
    June 9th, 2015

    @networktut:

    In short for my question above: is HUB router in OSPF over DMVPN mandatory being a DR? Can you explain why?

    Anyways, thank you for great trouble tickets.

  11. networktut
    June 9th, 2015

    @Littleduck: Yes, it is mandatory to set the HUB router to be a DR (in a broadcast network). One of the main reason is the HUB must communicate to all Spokes to establish DMVPN. This can only be done if it is a DR.
    Also we have to make sure the Spokes are not elected as DR or BDR by setting their OSPF priorities to 0. Otherwise we’ll get a hard-to-explain situation.

  12. Guest
    June 9th, 2015

    Ticket 14:
    yes, Hub of DMVPN should be DR. But still dmvpn configuration is right on R1, R2, R3, however you dont see spokes in “show dmvpn” and you can’t ping tunnel IP addresses. Please fix this, because it is confusing.

  13. networktut
    June 9th, 2015

    @Guest: Although there is nothing wrong with DMVPN configuration but they cannot establish Hub-Spokes relationship so we don’t see spokes and can’t ping tunnel IP addresses.

  14. Samer
    June 11th, 2015

    Q3) I can see R5 while displaying route of R8, but no ping. How come?

  15. awdoyoudo
    June 11th, 2015

    @networktut:
    Ipv4 router-id’ s are missing under ‘ ipv6 router ospf x ‘ in the lab? But very nice tickets, still working on it :)

  16. networktut
    June 12th, 2015

    @Samer: Could you please tell us in detail what IP address cannot ping what IP address? Maybe you want to ask why R5 cannot ping 8.8.8.8. This is because the “Security_Internet” access-list on R5 blocked 8.8.8.8.

    @awdoyoudo: In this new IOS version (v15.4), IPv6 still works when missing IPv4 router-id under ‘ipv6 router ospf’. We believe it will use the IPv4 router-id indicated by the “show ip protocols” command.

  17. networktut
    June 12th, 2015

    @Samer: Maybe we got what you asked. The reason IPv6 address on R8 (2019::38:8) cannot ping 5005:5 even R8’s IPv6 routing table contains route of 5005::5 is because R5 does not know how to reach 2019::38:8 (because R3 is missing ‘include-connected’ option under OSPFv3 process which cause R3 not advertise its directly connected prefixes).

  18. awdoyoudo
    June 15th, 2015

    @networktut
    for ticket 9:
    How come R8 and R7 see R3 as a EIGRP neighbor? While there is an authentication
    issue? R3 doesn’ t see R8 and R7.
    for ticket 12:
    The metric under ipv6 router rip is 15, but those routes should still be reachable because
    16 is unreachable, no?
    In all labs:
    Why is no auto-summary never used in EIGRP and RIP? You can have discontiguous networks without it.

  19. networktut
    June 15th, 2015

    @awdoyoudo:
    Ticket 9 is correct. You need to understand how EIGRP authentication works in this case:
    This is the key-chain config of R3:
    key chain R3-R7-R8
    key 10
    key-string 6543210

    And the key-chain config of R7,R8:
    key chain R3-R7-R8
    key 1
    key-string 0123456
    key 10
    key-string 6543210

    Please remember that EIGRP always uses the lowest key-id for authentication. In this case R3 will send its key-id 10. R7 & R8 receive this key and it matches their key 10 -> Authentication succeeds -> R7 & R8 consider R3 their EIGRP neighbors.
    In turn, R7 & R8 sends its lowest key-id for authencation, which is key-id 1 but R3 does not have this key -> Authentication fails and R3 does not consider R7, R8 its EIGRP neighbors.

    For ticket 12, when we redistribute into RIPng with metric (hop count) of 15, when R8 receives these routes it adds 1 hop count and makes them 16, which is unreachable.

    In all tickets you don’t see “no auto-summary” commands used because in this new IOS version (v15.4), “no auto-summary” is the default option (instead of “auto-summary” in the old IOS versions 12.4 and below).

  20. AKG
    June 15th, 2015

    on which version of Packet Tracer these tickets work?

  21. networktut
    June 15th, 2015

    @AKG: You don’t need Packet Tracer or any simulators. Just make sure you have Flash plugin on your browser then you can practice them (via the links above).

  22. awdoyoudo
    June 15th, 2015

    @networktut:
    Thank you for your clear feedback!

  23. Am
    June 16th, 2015

    Can somebody chek if the strategy of Anon is correct?

  24. gkk
    June 17th, 2015

    please someone tell me how to access the router to check the configuration.

  25. vj
    June 17th, 2015

    networktut rocks!!!!!!!!

  26. Anonymous
    June 18th, 2015

    @networktut
    For DMVPN, disabling ip split-horizon isn’ t necessary for tunnel interfaces like for subinterfaces?

  27. networktut
    June 19th, 2015

    @Anonymous: If we use distance vector protocols (RIP, EIGRP) we have to turn-off split-horizon at the hub side so that the Spokes can see each other (and communicate directly).

  28. Anonymous
    June 19th, 2015

    Thank you for your response

  29. Sendy
    June 23rd, 2015

    Hello All ( Anon)

    I try to solve ticket number 1 found issue with virtual Link, choose answer and result was incorrect – where is the issue?

    Thanks for your points

  30. networktut
    June 23rd, 2015

    @Sendy: Your 3rd statement (command) was not correct. You should check carefully which command should be used.

  31. Sendy
    June 23rd, 2015

    Hi thanks for your great and fast answer – I found correct answer -( issue with flash I try another internet browser)

  32. Anonymous
    June 26th, 2015

    HAI all dumps for CCNP available in

    2 0 0 12 0 c c n a .b l o g s p o t . c o m .I got pass my exam last

    week.thanks to the site

  33. CCIEtobe
    June 27th, 2015

    Where is the lab? Do you have it on GNS3?

  34. networktut
    June 28th, 2015

    @CCIEtobe: Please use the links above. No GNS3 is required.

  35. SGL
    June 30th, 2015

    YEAH!!! I passed the CCNP TSHOOT exam, i got 1000. Thank you LORD and thank you Networktut for making career possible.

    Thank you

  36. Issue
    July 1st, 2015

    Networktut only supports traceroute command on DSW1 (with source of 10.1.4.6 and 10.2.1.1)

    There is no DSW1 in this topology or the subnets mentioned????

  37. Issue
    July 1st, 2015

    T14 – client 2 should be able to but can not ping int e0/1 of R3 which leads to some confusion when troubleshooting because client 1 can ping int e0/1 on R2. This confuses things because both pings should fail at the same place i.e at R1. I believe this is would suggest something is wrong with the flash image relating to ticket 14, please advise? Thanks

  38. networktut
    July 1st, 2015

    @Issue: This is only a challenge lab and it does not use the real topology. Traceroute is not supported in this challenge.

    Normally Client 2 can ping to e0/1 of R3 because it has the default route (please notice that e0/1 of R3 is not running OSPF). But the fault on Ticket 14 prevents this default route learned by R3 & R8 -> Client 2 cannot ping to e0/1 of R3.

    Client1 can ping int e0/1 on R2 because R2 redistributes OSPF (10.10.123.0/24) into RIP. RIP summarized this prefix into 10.0.0.0/8 and by accident this prefix covers 10.10.10.2 of e0/1 of R2 -> Client 1 can ping e0/1 of R2.

  39. dexterbrasil
    July 5th, 2015

    there are gns3 lab for this sim ??

  40. rixi
    July 15th, 2015

    great stuff!tnx

  41. AKi
    July 16th, 2015

    How do I download this lab?

  42. networktut
    July 16th, 2015

    @AKi: You don’t have to download anything. Just click on the links above to open the tickets.

  43. Anonymous
    July 18th, 2015

    Hi ! I take exam 17.07.2015 but I did not receive score report from administrator.er all administrator get message from Vue delivery succesful and told me I pass.Can somebody tell me is this correct.

    Thanks.

  44. Sam03
    July 19th, 2015

    Ticket 13: I cant understand why R5 bgp is issue because I can ping from client 1& 2 to 201.15.3.5 and 6.
    Please advise me

  45. networktut
    July 19th, 2015

    @Sam03: You can ping from Client 1 & 2 to 201.15.3.5 and .6 because there is a default route of OSPF (propagated by the “default-information originate always” command on R5). But you cannot ping to 201.15.3.17 because of BGP problem.

  46. Mujeeb
    July 24th, 2015

    iam too confused which topology will come on exam above one will come or Layer 2 or Layer 3 topology will come please tell me

  47. Mujeeb
    July 24th, 2015

    The above Topology is not in dumps what should i do ?

  48. networktut
    July 25th, 2015

    @Mujeeb: We created this lab challenge to help you get some practice with networking problems only. These labs are only for fun and do not appear in the TSHOOT exam. For real TSHOOT exam topology please visit http://www.networktut.com/share-your-tshoot-v2-0-experience

  49. MUJEEB
    July 25th, 2015

    MANY MANY THANKSS NETWORKTUTE

  50. Anonymous
    August 3rd, 2015

    Anyone please tell me. I will have an exam on this friday.
    Do this lab has in the exam ?

Comment pages
1 2 3 4 889