642-832_StrategyRecipie_3_6_12.pdf
description
Transcript of 642-832_StrategyRecipie_3_6_12.pdf
642-832 CISCO CCNP-TSHOOT EXAMINATION PREP GUIDE [by viki]
GENERAL TIPS:
-All TT are valid, no need to memorizing the TT as well you need to understand
-Dumps, from exam collection, are not necessary for the exam… Networktut covers everything…
- The exam is very very easy, just stay calm and chill, you have so much time to do it, so don’t ever rush,
just take it easy. Some of the configuration is a bit tricky but you can easily find out the mistake.
-For HSRP TT – In the qus mentioned as HSRP
-For IPv6 TT – In the qus mentioned IPv6
- No need to logout of each router/switch/host after completing a ticket. Each configuration will be
defaulted to each ticket problem either when finishing a ticket or when aborting and selecting other
ticket
- Use additional command (NOT ONLY SHOW RUN) to understand the problem.
- The order of tickets is random, not necessarily in the order given here. The only way to identify each
ticket is following a strategy based on if you are receiving an IP address on the host, and if you can ping
routers and how many you can ping.
- Don’t ask “what topology should I use for XXX ticket”? All the topologies are representing the same
network and same connections. You should know that by now!! .
-L2 topology is a more “physical” representation of the exam network, and L3 topology is a more
“logical” representation of the network. Of course, it would be easier to look in the L3 topology if you
are looking for IP addresses, and in L2 if you are looking for a vlan mapping or something.
- Use the Cisco TS demo just to be familiar with the exam engine. You won’t find there the exam
topology, but a similar and basic one. The demo is only for you to know how the exam engine is going
to be like. Don’t expect to study anything from it.
-I wasted a lot of time trying to test some commands like “show interface status”, “show interface
desc”… they don’t work at all. The only command that is very useful was “show run”
-Please bear in mind whatever output you see in Networktut is just a small part of the whole config (in
real exam)…. the toughest part is going thru the running config and looking at the right place
familiarize with that
-The bug is still there for HSRP. you need to choose ASW1 instead of the correct answer DSW1…not
sure why Cisco has not rectified it. Mention TTs the same on your marking notepad.
The LIST OF Trouble Tickets:
Ticket 1 – OSPF Authentication
Ticket 2 – HSRP Track
Ticket 3 – BGP Neighbor
Ticket 4 – NAT ACL
Ticket 5 – R1 ACL
Ticket 6 – VLAN filter
Ticket 7 – Port Security
Ticket 8 – Switchport VLAN 10
Ticket 9 – Switchport trunk
Ticket 10 – EIGRP AS
Ticket 11 – EIGRP to OSPF
Ticket 12 – IPv6 OSPF
Ticket 13 – DHCP Range
Ticket 14 – EIGRP Passive Interface
[NOTE TICKETS WILL NOT BE IN THE SAME ORDER GIVEN HERE]
TOPOLOGY IDENTIFICATION:
“There is no really best way to choose which topology to use.
Most of the time use IPV4 topology as it contains most of the nodes with IP addresses and in the cause
of your troubleshooting
When you discovered that you need more details on the ASW1 & 2 switches that is when Layer 2
topology is used except for the ipv6 topology.
Any node on IPV4 topology that is in Layer 2 topology have same configuration irrespective of where
you click on the nodes.
List out all the trouble ticket on the white little board you will be giving and tick each ticket as you
answer them because this will let you know which tickets are remaining to look out for.”
Problem Device Problem Description Approach:
A – > ASW1 –> Access VLAN 10 (Layer 2 )host 1- 169.x.x.x
P – > ASW1 –> Port-Channel not allowing VLAN 10 (layer 2) host 1- 169.x.x.x
S – > ASW1 –> Port Security needs to be disabled (layer 2) host 1- 169.x.x.x
These three L2 topologies are the most easiest to identify so just click on all TTs and find 169.x.x.x in host
and note them down in your notepad.
H – > DSW1 –> HSRP Track 10 (layer 3) host 10.x.x.x. HSRP is mentioned in the Question Itself.
V – > DSW1 –> VLAN Filter (layer 2) host 1 -10.x.x.x
E – > R4 –> DHCP wrong exclude address host 1- 169.x.x.x
P – > R4 -> Passive Interface Under eigrp 10 host 1 – 10.x.x.x
R – > R4 –> Route Redistribution (layer 3) host 1- 10.x.x.x
6 – > R2 –> IPv6 OSPF (Ipv6 topology) ipv6 ip add. V6 is mentioned in the Question Itself.
B – > R1 –> BGP wrong Neighbor IP (layer 3) host 1 – 10.x.x.x
N – > R1 –> NAT ACL miss configured (layer 3) host 1- 10.x.x.x
A – > R1 –> ACL blocking traffic on int ( layer 3 )host 1- 10.x.x.x
O – > R1 –> OSPF Authentication issue ( layer 3 ) host 1 – 10.x.x.x
[13 TT]
NOTE MAKING STRATERGY:
4TTs – R1 – ACL, NAT, BGP, OSPF
3TTs – ASW1 – Switch to switch, port security, vlan
2TTs – DSW1 – HSRP, VLAN Access Map
1TT – R2 – OSPF V3
4TTs – R4 – DHCP, Route Redistribution, EIGRP Passive Interface, EIGRP AS
Note the 4-3-2-1-4 pattern. [14 TT]
-Then I started going through the TTs checking the IP address of C1 – only in 4 TTs does C1 have a
169.x.x.x address.
-I associated all the TTs in the exam with each device/technology as I listed on the write pad I was using
before I started solving and putting in the answers for the TTs.
-In this way, I was sure I didn’t mistake a TT with another solution.
AN EASIER VERSION OF BELAL’S:
Client 1 with 169.x.x.x.x = 4TT Client 1 Pings 10.1.1.1 & not the Server(209.65.200.241)- 3TT
1- ASW1 – Port Security 1- R1 – BGP
2- ASW1 – Access Vlan 2- R1 – ACL
3- ASW1 – Switch to Switch 3- R1 – NAT-ACL
4- R4 – DHCP Exclude
Client 1 Pings 10.1.1.2 & not 10.1.1.1- 1 TT Client 1 Cant Ping 10.1.1.1 – 3TT
1- R1 – OSPF Authentication 1- DSW1 – VLAN filter
2- R4 – Redistribution
3- R4 – Passive Interface
DISTINCT TT- 2 TT
1)- DSW1 – HSRP 2)- R2 – IPV6- OSPRv3 ! [13TT]
NOTES MAKING STRATERGY 2:
ASW1:
1) Access ports not in vlan10 –> Symptoms: Client1 IP add: 169.x.x.x not able to ping Client 2, DSW1,
FTP Server.
2) Port Chnl. not allowing vlan10 –> Symptoms: Client.1 IP add: 169.x.x.x not able to ping DSW1, FTP
Server but able to ping Cl.2.
3) Port Security–> Symp: Same as (1) i.e. Access ports not in vlan 10. 3TT
DSW1:
1) HSRP–> Issue will be mentioned in the ticket.
2) Vlan Filter–> Symp: Cl.1 ip add. 10.x.x.x, not able to ping DSW1, FTP Server. 2TT
R1:
1) OSPF Authn.–>Sym:Cl.1 ip add: 10.x.x.x & not able to ping s0/0/0/0.12(10.1.1.1) of R1.
2) NAT ACL–>Sym: All Routers & DSW1 can ping the Web Server (209.65.200.241) but Cl.1 (10.x.x.x)
cannot ping the Web Server.
3) R1 ACL–> Sym: Cl.1(10.x.x.x), the Routers, DSW1 cannot ping the Web Server.
4) Wrong IP BGP Neigh.–> Sym: Same as above. 4TT
R2:
OSPFv3 issue will be mentioned in the ticket about not able to ping loopback interface of R2. 1TT
R4:
1) EIGRP Passive Interface–>Sym: Cl.1(10.x.x.x), DSW1 not able to ping Fa0/0 & Fa0/1 of R4.
2) EIGRP Wrong AS No.–>Sym: Cl.1(10.x.x.x) not able to ping s0/0/0.34 (10.1.1.10) of R4 & s0/0/0.34
(10.1.1.9) of R3.
3) Redistribution wrong Route Map name–>Sym: Same as above.
4) DHCP Range misconfigured.–> Sym: Same as No. 2 of ASW1 but not sure whether Cl.1 will be able to
ping Cl.2 or not. 4TT
You can also write it in a short way to save time in exam as per your convenience. [14TT]
Troubleshooting TTs:
#Ipconfig on client
-If it is 169.x.x.x 4TT
1. ASW1 – access vlan 10 (#show-run and check ASW1 if 1/0/1 and 1/0/2 are in Vlan1, if they are stop!)
2. ASW1 – port security (#show-run ASW1 if 1/0/1 and 1/0/2 are in Vlan10, apply #sh int for both)
3. ASW1 – switch-to-switch (#show-run ASW1)
4. R4 – DHCP excluded (#show-run R4)
If client got IP address then 2 options:
-First, if client1 can ping 10.1.1.1 not to server 209.65.200.241 ALL IN R1 3TT
1. R1 – NAT (10.2.0.0) (#show-run R1)(#sh ip BGP summary)
2. R1 – BGP (56-65) (#show-run R1)(#sh ip BGP summary)
3. R1 – ACL (#show-run R1)(#sh ip BGP summary)
Client can’t ping 10.1.1.1 but it can ping to 10.1.1.2) then: 1TT
4. R1 – OSPF authentication (#show-run R1 + R2)
-Second, if client1 cannot ping 10.1.1.1 4 TT
1. DSW1 (ASW1) – vlan access map (vlan acl port)
This one cannot ping even gateway (Check vlan-filter command, which contain vlan access-map, this
contain access-list no., now check access-list no. It can drop the packet for PC connected to ASW1.)
2. R4 – OSPF redistribution (#show-run R4)(EIGRP->OSPF is created and EIGRP-TO-OSPF is used)
3. R4 – passive interface (#show-run R4)(#sh IP protocols )
4. It may different AS no. for EIGRP is used To verify –#Show IP protocols
Finally, there are distinct 2TT
-HSRP on DSW1. Check DSW1 Use track 10 instead of track 1 (#show run) and this is the only question
you will see tracking.
-IPv6 on R2. On serial interface use area 0, not area 12 (#show run) [14TT]
DETAILED HOW TO DO BASED APPROACH:
On client 1, do Ipconfig to get the IP address, 4TTs that the Ip address were 169.x.x.x (Using Layer 2)
I ping client 2 from 1 on the 4TTs, its only 1TT that there was no response so on ASW1 :
I did show vlan brief on the TT, int fa1/0/1 – 2 were in vlan 10 then i did sh int fa1/0/1 it was down,
I did show run i saw port-security mac 0000.0000.0001 on int fa1/01 which confirmed its port
security TT.
Then on the 3 remaining 169.x.x.x TTs, I did show vlan brief to know which vlan int fa1/0/1 and
fa1/0/2 were assigned. If int fa1/0/1 – 2 are in vlan 1, then it is Access Vlan TT.
Then on the third TT I did show run on fa1/0/1 – 2 they were in vlan 10, then show run reveals that
vlan 20,200 were allowed on int port channel 13 and 23 but it should be vlan 10,200 so I knew its
switch to switch TT
On the last TT I knew its DHCP TT .so I did show run on R4 and I saw ip dhcp exclude 10.2.1.1-
10.2.1.253. 4TT
Therefore 3TTS for ASW1-Port security, ASW1-Vlan and ASW1-Switch to switch and 1TT for R4-DHCP.
I searched the remaining TTs for IPv6 and HSRP questions which were stated clearly in the questions.
In HSRP TT it’s stated that DSW1 is configure to be active but it is not active do show run on DSW1
(using layer3) watch out for standby 10 track 1 decrement 60 which is wrong.
The Correct Answer is DSW1-HSRP- standby 10 track 10 decrement 60.
In OSPFv3 TT it is also stated clearly that DSW1 & R4 can’t ping R2's loopback interface then you
will know that the answer is R2-OSPv3- ipv6 ospf 6 area 0 on interface s0/0/0/0.23 2TT
THE REMAINING 7TT On client 1 do Ipconfig to get the IP address.
B) IP address was 10.2.1.3 on the 7TTs so on client 1,if u can ping 10.1.1.1 then there are
To get BGP, do show run on R1 watch out for neighbor 209.56.200.226 remote-as 65002 , Client 1 is
able to ping 209.65.200.226 but can’t ping the Web Server 209.65.200.241 then the answer will be
R1-BGP- change neighbor 209.56.200.226 remote-as 65002 to neighbor 209.65.200.226 remote-as
65002
To get NAT, do show run on R1, watch out for ip access-list standard nat_pool permit 10.1.0.0 its
suppose to be ip access-list standard nat_pool permit 10.1.0.0 and ip access-list standard nat_pool
permit 10.2.0.0 that is permit ip access-list standard nat_pool permit 10.2.0.0 is missing in the show
run so the answer will be R1-NAT- permit 10.2.0.0 in the nat_pool access-list
To get IP ACCESS LIST, do show run on R1, watch out for access-list 30 permit host 209.65.200.241 its
suppose to be access-list 30 permit host 209.65.200.241, access-list 30 permit host 209.65.200.224
0.0.0.3 that is access-list 30 permit host 209.65.200.224 0. 0.0.3 Is missing so the answer will be
R1- IP ACCESS LIST- Add permit 209.65.200.224 0.0.0.3
From client1 ping 10.1.1.1 no reply but there is reply if you ping 10.1.1.2 from client then you will
know that its OSPF then answer will be R1- OSPF- ip ospf authentication message-digest on int
s0/0/0/0.12
Therefore 4TTs for R1-BGP, NAT, IP ACCESS LIST and OSPF. 4TT
THE REMAINING 3TT
On client 1 do Ipconfig to get the ip address:
IP address was 10.2.1.3 on the 3TTs so on client 1 ping 10.1.1.1 there was no reply so I did show run
on DSW1 I saw vlan access-map test1 10. vlan filter test1 vlan-list 10 I knew its VLAN ACCESS MAP TT
but when I selected DSW1 I did not see the right technology that VLAN ACCESS MAP so I chose ASW1
so Answer is DSW1or ASW1- VLAN ACCESS MAP- Remove vlan filter test1 from DSW1 1TT
Remaining I knew the problem should be on R4
IP address was 10.2.1.3 on the 2TTs on client 1 ping 10.1.1.1 there was no reply so I did show run on
R4 if u see passive interface then the answer is R4-Passive interface- Remove Passive interface under
EIGRP 10 int fa0/1.
Last but not the least TT was on Route Redistribution where the route map was not configure very well
on router eigrp 10 but was configured very well on router ospf 1 just check if redistribute ospf 1 metric
100 10 255 1 1500 route-map EIGRP_to_OSPF is not the same with route map EIGRP->OSPF then you
will know its route redistribution problem answer will be
R4- Route redistribution-Change the name of the route-map under the router EIGRP or router OSPF
process from ‘EIGRP_to_OSPF’ to ‘EIGRP->OSPF’ 2TT
There was no TT on EIGRP AS.
IN SUMMARY:
3TTS-ASW1 (Port security, VLAN, Switch to Switch)
2TTS-DSW1 (HSRP, VLAN ACCESS MAP)
4TTS-R1 (BGP, NAT, ACL, OSPF)
1TTS-R2 (OSPFV3)
3TT-R4 (Passive Interface, Route Redistribution, DHCP Range) [13TT]
Fresh From a 1000/1000:
I had only one BUG IN exam For question access map. For this you need to choice Aswn1 to get correct
answer because if u make Dwsn1 U will see not there Option to get correct answer.
Well all those TT are the same all
The TT’s that I got are mentioned below:
1. ASW1 – Allowed Vlan
2. ASW1 – Port Security
3. ASW1 – Access Vlan
4. DSW1 – Access Map
5. DSW1 – HSRP Track
6. R4 – IP DHCP – first delete ip dhcp excluded-address 10.2.1.1 10.2.1.253 and then enter ip dhcp
excluded-address 10.2.1.1 – 10.2.1.2
7. R4- EIGRP AS
8. R4- EIGRP to OSPF
9. R2 – IPv6
10. R1 – NAT ACL
11. R1 – L3 Security – ACL
12. R1 – BGP – Wrong BGP Neighbor Address
13. R1 – OSPF Authentication
I didn’t get there any IP Helper there also I checked all TT and IP helper was not configured there.
Don’t lose your time use abort, abort and abort. Well now I want to describe how to find easier the TT
First with 4 TT which be ON R1.
You can Ping 10.1.1.1 which tickets are Nat, BGP, Access list, remember IN 3 TT U can ping 10.1.1.1
which is R1. Totally are 4 TT on R1 which IN one Ticket u cannot ping 10.1.1.1 but u can ping 10.1.1.2
which Ticket is Ospf authentication. 4TT
Also Find 2 TT HSRP and IPV6 which are so clearly as question. 2TT
Next step, FIND 4 TT which Client 1 Get IP address 169.x.x
Which are Access vlan 10 , port security issued on f0/1/0 , Trunking Interface.
These 3 TT you must Check ON ASW1. 3TT
One TT is ON R4 Layer 3 Topology which Client get IP 169.x.x.x
DHCP ON R4 router R4 – IP DHCP – first delete ip dhcp excluded-address 10.2.1.1 10.2.1.253 and then
enter ip dhcp excluded-address 10.2.1.1 – 10.2.1.2 1TT
Now, Find TT which Client get IP address 10.x.x.x but cannot ping the Gateway by Using abort
That Is Access Map but in this TT is one BUG and U need to choice ASW1 to get Correct answer because
doesn’t see any option Vlan ACL / Port ACL * IF u select AWS1 U will see this One Vlan Acl Port. 1TT
Now 2 TT Of R4 which Client get IP address 10.x.x.x
Route Redistribution and Passive Interfaces
When select One TT of them
In one you will see wrong redistribute I mean name of spelling of Route map
If you use abort and JUMP another TT U will see then Correctly Route map spelling name and u will see
another one new with Passive Interface under EIGRP. You must select R4 EIGRP-no passive interface
under eigrp process in Interface f0/1 and f0/0. 2TT
Better to Use 46Q there are all the answers the same when you select just there in that DUMP.
But 2 questions could be WRONG
For Interface Trunking allow vlan 10, Correct answer is 10.200 but according to that dump 10.20.200.
Another one Port security. For this one port security need to choice with shutdown and no shutdown
there on dump write something different right.
[13TT]
Finding out which ticket is having those particular issues:
If you can ping 10.1.1.1 but not beyond, then faulty device is definitely R1. It is simple. Any device
before that does not have faulty configuration. If you can reach R1 it means DSW1, R4, R3, R2 is allowing
you to reach R1. If any of them had wrong configuration then you would not be able to ping 10.1.1.1.
1. Can be faulty BGP neighbor. Wrong ip address of neighbor. Use show run. You know where to look.
Under router bgp 65001.–> sh ip bgp sum
2. Check NAT access list. Look for permit statement. If permit 10.2.0.0 0.0.255.255 is not present then it
is NAT Access list.
3. Check edge_security access list. If the permit statement is missing for — permit 209.65.200.224
0.0.0.3 then it is IPV4 layer 3 security.
So, you can see that if you can ping 10.1.1.1 but cannot ping 209.65.200.241 then 3 TT for R1.
Now if you can ping to 10.1.1.2 but cannot ping 10.1.1.1 then it is definitely R1. IP ospf authentication
message-digest on serial0/0/0/0.12 interface. Check configuration on R1. You will see that — ip ospf
authentication message-digest is missing. So it R1, OSPF, ip ospf authentication message digest.
In Summary, 3 TT — You can ping R1 but cannot ping 209.65.200.241
1 TT – You can ping 10.1.1.2 but cannot ping 10.1.1.1. 4TT
As soon as I opened a TT –> I used Ipconfig to see the ip address. If it is 169.XXX then 3 TT for ASW1.
ASW1 – 3 TT – if ip address is 169.xxxx
1. Switch port security: Symptoms for this ticket:
Client 1 is getting 169.x.x.x ip address, Client 1 is unable to ping Client 2 as well as DSW1.
‘sh interfaces fa1/0/1' will show following message in the first line
‘EnFastEthernet1/0/1 is down, line protocol is down (err-disabled)’
‘sh running-config’, you will see ‘switchport port-security Mac-address ’0000.0000.0001' configured
under fa1/0/1. If u did not have the port in err-disable mode but in the config there was a port security
mac 0.0.0.0. Command assigned so if u do show int fa 1/0/1 it will show it as UP so do not get confused
2. vlan1–> vlan10
3. Trunk allowed: int range portchannel13, portchannel23.
Switchport trunk allowed vlan none, switchport trunk allowed vlan 10,200 3TT
If HSRP mentioned then you know it is DSW1
If ipv6 or ospfV3 mentioned then you know it is R2. 2TT
Now if you cannot ping 10.1.1.1 or 10.1.1.2 then you come back near client. Like DSW1, R4.
DSW1 – 1 more TT — Vlan ACL – Look for VLAN Access Map 1TT
R4 – 3 TT: EIGRP Passive interface, DHCP on R4 which get IP add 169.x.x,
OSPF-to-EIGRP (OSPF->EIGRP), {R4 for passive Interface} 3TT
Also we may get have 2 TT new to identify them if client now get ip add 169.x.x
Now totally we have 3 TT ON R4, 4 TT on R1, Dws1 2 TT, R2 1 TT, and Asw1 3 TT.
* Note: The bug has been fixed recently so you can select DSW1 device, next page you have to scroll
down and you will find the VLAN Access List/PACL option.
[13TT]
SOME MCQS FACED:
4) Which two of the following options are categories of Network Maintenance tasks?
A – Firefighting
B – Interrupt-driven
C – Policy-based
D – Structured
E – Foundational
Answer: B D
5) The following commands are issued on a Cisco router:
Router (config)#access-list 199 permit tcp host 10.1.1.1 host 172.16.1.1
Router (config)# access-list 199 permit tcp host 172.16.1.1 host 10.1.1.1
Router# debug ip packet 199
What would be the output shown on the console?
A – All IP packets passing through the router
B – Only IP packets with the source address of 10.1.1.1
C – All IP packets from 10.1.1.1 to 172.16.1.1
D – All IP packets between 10.1.1.1 to 172.16.1.1
Answer: D
You have two NTP servers 10.1.1.1 & 10.1.1.2 and want to configure a router to use 10.1.1.2 as its NTP
server before falling back to 10.1.1.1. Which command will you use?
Answer: #ntp server 10.1.1.1,
# ntp server 10.1.1.2 prefer
The Bilal’s Strategy : mail [email protected]
>> If it is 169.x.x.x there are 4TT
1. ASW1 – port security (#show-run ASW1 if 1/0/1 and 1/0/2 are in Vlan10, apply sh int for both)
2. ASW1 – access vlan 10 (#show-run and check ASW1 if 1/0/1 and 1/0/2 are in Vlan1, if they are,stop!)
3. ASW1 – switch-to-switch (#show-run ASW1)
4. R4 – DHCP excluded (#show-run R4)
——————————————————————-
->> If client got IP address then 2 options:
-First, if client1 can ping 10.1.1.1 not to server 209.65.200.241 ALL IN R1 3TT
1. R1 – NAT (10.2.0.0) (#show-run R1)(#sh ip BGP summary)
2. R1 – BGP (56-65) (#show-run R1)(#sh ip BGP summary)
3. R1 – ACL (#show-run R1)(#sh ip BGP summary)
-Second, Client can’t ping 10.1.1.1 but it can ping to 10.1.1.2) then: 1TT
4- R1 – OSPF authentication (#show-run R1 + R2)
-Thirdly, if client1 cannot ping 10.1.1.1, then 4 TT
1. DSW1 (ASW1) – vlan access map (vlan acl port) *** this one cannot ping even gateway (Check vlan-
filter command, which contain vlan access-map, this contain access-list no., now check access-list no. It
can drop the packet for PC connected to ASW1.)
2. R4 – Route redistribution: (#show-run R4) (EIGRP->OSPF is created and EIGRP-TO-OSPF is used)
3. R4 – EIGRP Passive Interface: passive interface (#show-run R4)(#sh IP protocols )
4- R4-EIGRP AS: AS number of EIGRP is different is used To verify – (#show IP protocols).
——————————————————————-
->> Finally, there are 2 distinct TTs, 2TT
- HSRP on DSW1: Check DSW1 Use track 10 instead of track 1 (show run) and this is the only question
you will see tracking.
- OSPF IPv6 on R2: On serial interface use area 0, not area 12 (show run), you will recognize this TT by
reading ticket because it is the only TT which says about IPv6. [14TT]
Bottom UP Strategy (slightly modified version of ENA):
Ipconfig – on client 1
If ip address is 169.x.x.x follow Step 1,
If ip is 10.x.x.x jump to Step 2 .
######
#Step 1# IF client IP is 169.x.x.x or no IP at all, there could be 5 TTs.
######
TT1: check fa1/0/1 port of ASW1 has ‘Port Security MAC Address 0000.0000.0001
TT2: check if fa1/0/1 is member of VLAN 10 on ASW1 – switchport access vlan 10
TT3: check if VLAN 10 is allowed on Trunk/Ether Channel PO13 and 23 on ASW1– Switch to Switch
connectivity
TT4: if Fa1/0/1 hasn’t got Port Security, and it is member of VLAN 10, and VLAN 10 is allowed on PO13
and 23, then check DHCP Exclude Addresses on R4.
TT5: if all above is O.K, don’t forget to check ‘IP Helper Address 10.1.4.5 (R4’s fa0/0 address) under VLAN
10 configuration on DSW1 [VERIFICATION REQUIRED]
#######
# Step 2 # IF client IP is 10.x.x.x
#######
TT6: Ping default gateway 10.2.1.254 (DSW1), if it failed, check VLAN Filter statement of DSW1.
no vlan filter test1 vlan-list 10
Trouble tickets on R1 (3 tt’s where you can ping 10.1.1.1 & 1 tt where you cant ping 10.1.1.1)
If pinging default gateway is O.K, then ping R1 10.1.1.1, if pinging is O.K then there could be three TTs.
TT7: If R1 can ping webserver, then R1, R2, R3, R4 and DSW1 and DSW2 can also ping web server. It is
telling you about ACL NAT_Traffic issue on R1.
If R1 cannot ping web server, there could be 2 TTs:
TT8: Check BGP neighbour address under BGP 65001 config on R1, wrong neighbour IP is entered.
TT9: Check ACL Edge_Security list if it go ‘permit 209.65.200.224 0.0.0.3 any’ statement
There’s another TT on R1:
TT10: Client cannot ping 10.1.1.1 and can ping 10.1.1.2. Check ‘ospf authentication message-digest’
statement on R1 under s0/0/0/0 config.
Now, client can ping DSW1 but cannot ping any IP of R1.
Ping fa0/0 interface of R4. If this fails, there are two TTs.
TT11: On R4, under EIGRP config, check if ‘passive default’ statement is there.
TT12: On R4, under EIGRP config, check if AS No. is 10
There’s another TT on R4, where client can ping fa0/0 of R4, but cannot ping s0/0/0/0.
TT13: Check redistribution statement under EIGRP and OSPF config on R4.
#####################
#Now two most easiest TTs #
#####################
TT14: DSW1 is not becoming active HSRP. Under VLAN 10 config of DSW1 it should be ‘standby 10 track
10 decrement 60’
TT15: IPv6 – R2 and R3 are not becoming members. Check ‘ipv6 ospf 6 area 0’ under s0/0/0/0.23 on R2
[15TT]
TIP: Always use first the L2 topology and check all 13TT. After you got all 3 L2 TT, Do em First. There’s an
exemption actually, this is in L3 topology which pertains to DHCP sever and not assigning an IP address
to client.
ALL THE BEST.
UPDATE THIS DOCUMENT TO MAKE IT MORE ACCURATE.