TS5v1 Qbook

Troubleshoot Questions February, 2013

TSv5.503 eBGP

Troubleshooting Guidelines

This section is comprised of a set of troubleshooting scenarios.

You have a maximum of 2 hours to complete the section.

The final score of this section is combined with the Configuration sections to comprise your final Pass

or Fail status on the given lab exam.

A candidate is required to pass both sections to achieve Cisco CCIE certification.

You will be presented with preconfigured routers and Frame-Relay switches in the topology. DO NOT

change the following configuration on the devices.

Hostname

Enable password "cisco"

Console line configuration

For all of the authentication configuration in the lab, password is "cisco" unless changed to introduce a

break. Do NOT change AAA configuration unless explicitly stated in a question.

Points are awarded for finding AND fixing inserted faults in the presented fully configured topology.

An inserted fault is an introduced break for a scenario that was previously working. Depending on the

scenario, fixing the inserted faults could require multiple command lines on the same or multiple

devices.

The resolution of one incident may depend on the resolution of previous incident(s). The dependency

will not be visible if the tickets are resolved in sequence.

There are NO physical faults introduced in the presented topology.

Do NOT change any routing protocol boundaries. Refer to the provided diagram.

DO NOT REMOVE ANY FEATURE CONFIGURED IN ORDER TO RESOLVE AN INCIDENT, YOU MUST

RESOLVE MISCONFIGURATION RATHER THAN REMOVING IT ALL (examples: Access-lists, PBR, CoPP,

MQC, etc.)

Static and default routes are NOT permitted unless preconfigured. These restrictions include floating

static and those generated by routing protocols. Routes to Null0 that are generated of a dynamic

routing protocol solution are permitted.

Tunneling and policy-routing are NOT permitted unless preconfigured.

Dynamic Frame Relay mappings are NOT permitted.

Points will be deducted for every incident in which candidate uses a prohibited solution.

Candidates have control of all required devices in the topology.

If required to verify the reachability from a host machine during the lab exam, use the ping command

with source option on the router that is shown connected to the subjected host in the diagram.

Q1 IP SLA. [2 Points] 4 Faults:

The IP Service Level Agreement configured between R14 and R9 is not working as expected

Fix problem so that it matches the following outputs:

While you are resolving this issue, you are not allowed to create any new interfaces. Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

R9

R14

.9 E0/1

.10 E0/1.25 E0/0

.18 E0/1

EIGRP 222

BGP AS 65222

192.168.222.X/29

PE

IP SLA Querier

IP SLA responder

.17 E0/2

.26 E0/0

.27 E0/0

R17

vrf ACME

.2 E0/0

.1 E0/1

R16

R15

eB GP

Q2 BGP. [3 Points] 6 Faults:

R14 from AS 65222 is not able to reach the Web Server 192.168.133.100 on AS65333

Fix problem so that ping results in 100% success: R14# ping 192.168.133.100

While you are resolving this issue, you are not allowed to create any new interfaces. You are not allowed to change any Policy-MAP or Class-map. Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

R12

R11

R13R9

R5

R7

R20

R10

R8

SW1 SW2

R14

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.1 E1/0

.34 E0/1

.30 E0/0

.13 E1/0

.2 E0/1

.1 E0/0 .2 E0/0

.9 E0/1

E0/0

.10 E0/1

.2 E0/0

.10 E0/1

E0/2

.14 E0/0

.6 E0/1

R32

.9 E0/1

.10 E0/1.25 E0/0

.18 E0/1

EIGRP 222

BGP AS 65222

192.168.222.X/29

BGP AS 65001

PE

PE

PE

PE

PE

RR

RR

RR

RR

BGP AS 65333

EIGRP AS 333

Ping www.abc.com

IP SLA Querier

IP SLA responder

SW4Cluster ID100.1.1.2

Cluster ID100.1.1.3

Cluster ID100.1.1.4

Cluster ID100.1.1.5

MSDP Anycast RP 198.23.23.23

DM Z Server

www.abc .com

192 .168.133.100

DN S Internal S erv er

192 .168 .233.100

www.abc .com

IGMP Join

Internet AS 65535

R1

.17 E0/2

.26 E0/0

.27 E0/0

R6

R17

R21

ZBF

PE

vrf ACME

vrf ACMERD=111:111

OSPF 3 Area 1

.49 E0/0

.50 E0/0

.42 E0/2

.10 E0/1

.46 E0/1

.45 E0/0

.1 E1/3

.2 E0/0

.2 E0/0

.1 E0/1

.100 E0/0

E0/0

.1 E0/0

192.168.33.0/29

OSPF 3 Area 0

Extended Backbone

Global Telecom

Provider (ISP)

VLAN 11 VLAN 12

2001:CC1E:ABCD:624::13/64

IPv6

Tu

nn

el

OS

PF

Are

a 0

Multicast Boundary

10.1.1.0/2410.1.2.0/24

10.(Area#).0.0/30

201.12.34.0/30 202.12.34.0/30

R2

R4

R3

R16

R15

.1 S VI 11

Management workstations

PC1 PC2

.1 S VI 12

VLAN 101

VLAN 133

192.168 .133 .0/24

192 .168.233 .0/24

E0/0

R22

.1 SVI 133

.11 SVI 101

VLAN 100

Distribution

Access

eB GP

eB GP

eB GP

E0/0

Random Office

OSPF MD5 Auth

OSPF MD5 Auth

R42

Default

information

originate

Q3 PPP Multilink. [2 Points] 6 Faults:

Telnet from R27 should reach 100.25.25.25 located on R25

Fix the Network so R27 can telnet R25:

R27# telnet 100.25.25.25

While you are resolving this issue you are NOT allowed to remove NAT configuration from any interface. You are NOT allowed to add or MODIFY any ACL on R26.

Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

FR1

R23

R26

R28

.2 S0/0

.9 S0/1

S0/0

S0/1

S0/2

.10 S1/0

.25 E0/0

.11 S0/0

S1/0

S1/1

S0/1

S0/2

.1 E0/0

E0/0

.26 E0/0

OSPF 3 Area 0MD5 Auth

10.10.10.X/29

234

235

253

254

243

245

MultilinkRIP v2

192.168.20.0/30

PPP MD5

.1 S1/0 BGP AS 65002

QoS DLCI

Video Streamer

DHCP/NAT

R27

Local Service

Provider (ISP)

2001:CC1E:ABCD:10:10:10:0:X/125

Multicast Boundary


224.28.28.28

R24

DHCP

eBGP

OSPF MD5 Auth

R13

R25

Q4 IPv6 Phone. [2 Points] 6 Faults:

R19 is acting as an IPv6 phone.

Fix problem so that the IPv6 Phone can reach R28 on AS65002: Phone# ping 2001:CC1E:ABCD:28::28

While you are resolving this issue, you are not allowed to configure Auto-Tunnel feature. Refer to the Troubleshooting guidelines to determine if your solution is appropriate. Deepends from question, can be any router behind R23.

FR1

R18

R12

R11

R13R9

R5

R7

R10

R8

R23

R25

R26

R28

SW1 SW2

.2 S0/0

.9 S0/1

S0/0

S0/1

S0/2

.10 S1/0

.25 E0/0

.11 S0/0

S1/0

S1/1

S0/1

S0/2

.1 E0/0

E0/0

.26 E0/0

OSPF Area 0

10.10.10.X/29

234235

253243

MultilinkRIP v2

192.168.20.0/30

PPP MD5

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.1 E1/0

.34 E0/1

.30 E0/0

.13 E1/0

.2 E0/1.1 E0/0

.2 E0/0.1 E0/1

E0/0

.1 S1/0.2 E0/0

.10 E0/1

E0/2

.14 E0/0

.6 E0/1

BGP AS 65001

PE

PE

PE

PE

PE

RR

RR

RR

RR

BGP AS 65002

IPv6 Domain

QoS DLCI

IGMP Join232.2.2.2

Internet AS 65535

R1

R6

Smart phone

DHCP/NAT

PE

vrf ACME

vrf ACMERD=111:111

OSPF Area 1

.49 E0/0

.50 E0/0

.42 E0/2

.10 E0/1

.46 E0/1

.45 E0/0

.1 E1/3

.2 E0/0

.100 E0/0

OSPF Area 0

Extended Backbone

Global Telecom

Provider (ISP)

Local Service

Provider (ISP)

VLAN 11 VLAN 12

2001:CC1E:ABCD:X::0/64

2001:CC1E:ABCD:624::11/64

2001:CC1E:ABCD:624::13/64

IPv6

Tu

nn

el

OS

PF

Are

a 0

Multicast Boundary

10.1.1.0/2410.1.2.0/24

Mobile NetworkIPv6 OSPF Area 1

10.(Area#).0.0/30

201.12.34.0/30 202.12.34.0/30

R2

R4

R3

.1 SVI 11


.1 SVI 12

Autoconfig

R24

DHCP

Distribution

Access

eB GP

eB GP

OSPF MD5 Auth

OSPF MD5 Auth

OSPF MD5 Auth

Default

information

originate

Default

originate

X=2X=1

IPv4 – IPv6Frame relay 245

254

10.(Area#).0.0/30

R27

R32

User User

R19

User

Q5 DNS. [2 Points] 7 Faults:

1. Telnet from R20 to www.abc.com should resolve and reach the Web Server on the same AS. Packet count under ZBF map should increase with the ping traffic as shown in the ZBF output: HTTP access output should match:


2. Modify configuration and ping from R20 to www.abc.com should resolve and reach the Web Server on the same AS. Ping output should match:

R12 R20

.1 E0/0 .2 E0/0

.9 E0/1

E0/0

.10 E0/1

PE

BGP AS 65333

EIGRP AS 333

Ping www.abc.com

SW4

DM Z Server

www.abc .com

192 .168 .133.100

DN S Internal S erv er

192 .168 .233 .100

www.abc .com

R21

ZBF E0/0

.1 E0/0

192.168.33.0/29

VLAN 101

VLAN 133

192 .168 .133.0/24

192.168 .233 .0/24

E0/0

R22

.1 SVI 133

.11 SVI 101

VLAN 100

eB GP

E0/0

Random Office

R42

Q6 Frame-Relay QoS. [2 Points] 7 Faults:

Traffic that is marked with IP Precedence 5/ToS 160 coming from R26 must reach R23

Fix problem so that the extended ping result in 100% success and QoS Class-map output:

Class-map voice should increase packets count when ping R23.

Class-map MISSIONCRITICAL increase packets count randomly.

IP precedence should match per output.


R13

R23

R28

.2 S0/0

.9 S0/1

S0/0

S0/1

S0/2

.10 S1/0

.25 E0/0

.11 S0/0

S1/0

S1/1

S0/1

S0/2

.1 E0/0

E0/0

.26 E0/0


10.10.10.X/29

234

235

253

254

243

245

MultilinkRIP v2

192.168.20.0/30

PPP MD5

.1 S1/0 BGP AS 65002

QoS DLCI

Video Streamer

R27

Local Service

Provider (ISP)


224.28.28.28

R24

DHCP

OSPF MD5 Auth

R25

FR1

R26

DHCP/NAT

R12

R11

R5

SW1 SW2

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0.1

E0/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.5 E0/2.1 E1/0

.41 E1/2

.34 E0/1

.30 E0/0

.1 E1/1

.1 E1/2

.13 E1/0.9 E0/2

.2 E0/1

.2 E0/1

.2 E0/0

.2 E0/0

.10 E0/1

E0/2

.14 E0/0

.6 E0/1

R32

BGP AS 65001

PE

PE

PE

RR

RR

RR

RR

Cluster ID100.1.1.2

Cluster ID100.1.1.3

Cluster ID100.1.1.4

Cluster ID100.1.1.5


IGMP Join

R6

OSPF 3 Area 1

.38 E0/2

.37 E1/1

.10 E0/1

.9 E0/0

.13 E1/0

.14 E0/1

.46 E0/1

.45 E0/0

.1 E

2/0

.1 E1/3

.2 E0/0

.100 E0/0

OSPF 3 Area 0

Extended Backbone

Global Telecom

Provider (ISP)

VLAN 11 VLAN 12

OSPF area 2

OSPF area 3

OSPF area 4

OSP

F ar

ea 2

OSPF area 5

IPv

6 T

un

nel

OS

PF

Are

a 0

10.1.1.0/2410.1.2.0/24

10.(Area#).0.0/30

201.12.34.0/30 202.12.34.0/30

R2 .21 E0/3

.22 E0/3

10.2.1

.0/3

0

R4

R3

.25 E0/3

.26 E0/3

10.5.0.0/30

10.2

.2.0

/30

10.3.0

.0/3

0

10.4.0.0/30

.1 SVI 11


PC1 PC2

.1 SVI 12

Distribution

Access

eBGP

OSPF MD5 Auth

OSPF MD5 Auth

Default

information

originate

FR1

R23

R26

R28

.2 S0/0

.9 S0/1

S0/0

S0/1

S0/2

.10 S1/0

.25 E0/0

.11 S0/0

S1/0

S1/1

S0/1

S0/2

.1 E0/0

E0/0

.26 E0/0


10.10.10.X/29

234

235

253

254

243

245

MultilinkRIP v2

192.168.20.0/30

PPP MD5

.1 S1/0 BGP AS 65002

QoS DLCI

Video Streamer

DHCP/NAT

R27

Local Service

Provider (ISP)

2001:CC1E:ABCD:10:10:10:0:X/125


224.28.28.28

DHCP

OSPF MD5 Auth

R25

R24

R13

Q7 MSDP Multicast on Frame Relay. [2 Points] 8 Faults

R28 in AS65002 has to get the Multicast Stream 232.2.2.2 from PC2 connected to SW2.

Fix problem so the ping results in 100% success WITHOUT Packet loss:

R28# ping 232.2.2.2 re 50


Q8 IGP Routing (OSPF to BGP Redistribution). [3 Points] 6 Faults Traffic going from R32 must reach 4.2.2.2 going through R1 over the internet

Fix problem so that the extended ping result in 100% success:

Do not redistribute OSPF to BGP or vice versa anywhere. While you are resolving this issue, you are not allowed to redistribute bgp into ospf.. Refer to the Troubleshooting guidelines to determine if your solution is appropriate. Trace path should match output:

R12

R11

R13R9

R5

R7

R8

SW1 SW2

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.1 E1/0

.34 E0/1

.30 E0/0

.13 E1/0

.2 E0/1

.2 E0/0

.10 E0/1

E0/2

.14 E0/0

.6 E0/1

R32

BGP AS 65001

PE

PE

PE

PE

PE

RR

RR

RR

RR


IGMP Join

Internet AS 65535

R1

R6

PE

vrf ACME

vrf ACMERD=111:111

OSPF 3 Area 1

.49 E0/0

.50 E0/0

.42 E0/2

.10 E0/1

.46 E0/1

.45 E0/0

.1 E1/3

.2 E0/0

.100 E0/0

OSPF 3 Area 0

Extended Backbone

Global Telecom

Provider (ISP)

VLAN 11 VLAN 12

IPv6

Tu

nn

el

OS

PF

Are

a 0

10.1.1.0/2410.1.2.0/24

10.(Area#).0.0/30

201.12.34.0/30 202.12.34.0/30

R2

R4

R3

.1 S VI 11


PC1 PC2

.1 S VI 12

Distribution

Access

eB GP

OSPF MD5 Auth

OSPF MD5 Auth

Default

information

originate

R10

Q9 MPLS. [3 Points] 9 Faults Client connected to R34 in ACME’s Branch Office (AS65111) has to reach Server R31 in ACME HeadQuarters.

Fix problem so the following ping results in 100% success:


R34# ping 192.168.6.100

SW6

SW5

R33

R12

R11

R13R9

R5

R7

R10

R8

R30

R29

SW1 SW2

E0/1

E0/2

E0/0

E1/2

E1/2

E1/3

E1/3

Server

E0/0

User

.10 E0/0 .2 E0/1

.1 E0/2

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.1 E1/0

.34 E0/1

.30 E0/0

.13 E1/0

.2 E0/1

User

.2 E0/0

.10 E0/1

E0/2

.14 E0/0

.6 E0/1

R34

RIP v2 BGP AS 65111172.16.11.X/29

OSPF Area 0

192.168.[VLAN].X/24

BGP AS 65001

PE

PE

PE

PE

PE

RR

RR

RR

RR

IGMP Join232.2.2.2

Internet AS 65535

R1

E0/0

E0/1

R6

PE

vrf ACME

vrf ACMERD=111:111

OSPF Area 1

.49 E0/0

.50 E0/0

.42 E0/2

.10 E0/1

.46 E0/1

.45 E0/0

.1 E1/3

.2 E0/0

.9 E0/2

.100 E0/0

OSPF Area 0

Extended Backbone

Global Telecom

Provider (ISP)

VLAN 11 VLAN 12

IPv6

Tu

nn

el

OS

PF

Are

a 0

.100 E0/0R31

E0/2 E0/2

E0/2VLAN 5

VLAN 6

VLAN 56

.100 SVI

10.1.1.0/2410.1.2.0/24

Remote office

Headquarter

10.(Area#).0.0/30

.1 SVI 6

.6 SVI 56

.6 SVI 205

.6 SVI 235

.100 SVI 5

.5 SVI 56

.5 SVI 206

.5 SVI 236

201.12.34.0/30 202.12.34.0/30

R2

R4

R3

SW3

VLAN 34

DHCPVLAN 33

.1 SVI 11


.1 SVI 12

VLAN 209

VLAN 230

Distribution

Access

eB GP

eB GP

E0/0E0/1

.9 SVI 33.101 SVI 34

OSPF MD5 Auth

OSPF MD5 Auth

OSPF MD5 Auth

VLAN 236

VLAN 239

VLAN 205

Default

information

originate

vrf ACME

Default route

Default route

Default route

eB GP

eB GP

BGP AS 65111

.29

.30

.5

.6

10.(Area#).0.0/30

R32

User User

Administrator

Typewriter

Approach: 1. Check IP CEF is running on all MPLS devices 2. Check if MPLS LDP is enabled with Loop0 3. Check MPLS IP is configured in all interface 4. Check IGP neighborship + network advertisement-should be advertised accordingly 5. Check iBGP neighborship + RR relationship. 6. Check iBGP VPNv4 neighborship + RR relationship 7. Check on PE devices if VRF need to be configured and to be assigned to correct interface 8. Check in CE devices if proper network are redistributed from IGP to BGP.

Administrator

Typewriter

Q10 MST. [2 Points] 3 Faults User has to ping a Server in two hops.

Fix problem:

SW5# trace 10.20.6.100 While you are resolving this issue, you are not allowed to modify the configuration of SW6. Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

SW6

SW5

R30

R29

E0/1

E0/2

E1/2

E1/2

E1/3

E1/3

Server

User

OSPF Area 0

192.168.[VLAN].X/24

E0/1

.100 E0/0R31

E0/2 E0/2

E0/2VLAN 5

VLAN 6

VLAN 56

.100 SVI

Headquarter

.1 SVI 6

.6 SVI 56

.6 SVI 205

.6 SVI 235

.100 SVI 5

.5 SVI 56

.5 SVI 206

.5 SVI 236

OSPF MD5 Auth

VLAN 236

VLAN 239

VLAN 205

BGP AS 65111

.29

.30

.5

.6

Q11 Internet VRF ticket. Not reported. 2 Faults Fix problem to reach Internet from R34 and R31 (Server), output should match.

TS5v1 Qbook

Documents

Transcript of TS5v1 Qbook