1

Troubleshoot Workbook
July, 2013


MPLSv3





































2


MPLSv3 tickets
Q1. 5 faults:

On R22 is not able to use Telnet to connect to R23
Loopback 0. Fix problem so that the following Telnet
connection can be established:
R22#telnet 10.1.1.23 /source-interface loopback 0
While you are resolving this issue, you are not allowed to
remove any existing configuration, but you can change or
add it.






Output should match:
show frame-relay end-to-end keepalive interface s0/0 | i
DLCI


Q2 4 faults:

On R14, host 10.1.1.14 is not able to use Telnet to connect to host 10.1.1.8 and to host 10.1.1.7. Fix problem so
that the following Telnet connection can be establish:
R14#telnet 10.1.1.8 /source-interface loopback 0
R14#telnet 10.1.1.7 /source-interface loopback 0

While you are resolving this issue, you are not allowed to change any existing configuration on SW1.
While you are resolving this issue, you are not allowed to create any new Layer 3 interfaces. Refer to the
Troubleshooting guidelines to determine if your solution is appropriate. Make sure that you disconnect the telnet
session after verification.
R7 R8
R9 R10
R11
R12
OSPF Area 0
Net: 10.10.10.x/30
OSPF MD5 Auth
10.1.1.7
E0/3=.25
E0/1=.21 E0/2=.17
E0/1=.18
E0/0=.14
E0/2=.13 E0/1=.9
E0/0=.10
E0/1=.22
E0/3=.26
E0/3=.29
E0/2=.37
E0/0=.38
E0/2=.41
E0/0=.42
10.1.1.14
10.1.1.12
E0/0=.30
10.1.1.11
10.1.1.8
R14
SW1 SW2
R13
E0/3=.33
E0/0=.34

R23
R22
OSPF Area 2
Net: 172.16.12.x/30
OSPF
MD5 Auth
S1/0=.1
S0/0=.2
FR2
switch
DLCI
LMI CISCO
22
23
S0/1
S0/0
3


Q3 9 faults:

Host 200.20.20.20 attached to R20 is not able to ping host 192.168.20.1, which attached to R26 in RIP domain. Fix
the problem so that the following ping results in 100 percent success:
R20#ping 192.168.20.1 source lo3
While you are resolving this issue, you are not allowed to shutdown any existing interface.
While you are resolving these faults, you are not allowed to add any new static or Layer 3 interfaces.

R23
R22
R20
R21
R24
R25
R26
R27
OSPF Area 2
OSPF Area 0
OSPF Area 1 NSSA
Net: 172.16.11.x/30
Net: 172.16.13.x/29
Net: 172.16.12.x/30
OSPF
MD5 Auth
OSPF MD5 Auth
OSPF MD5 Auth
VPN Site A2
171.2.2.2
E0/1=.5
E0/0=.1
E0/0=.2
S1/0=.1
S0/0=.2
FR2
switch
DLCI
LMI ANSI
22
23
345
354
351
315
S1/0=.1
S1/0=.2
S0/0=.3
DLCI
LMI CISCO
DLCI
LMI CISCO
E0/0=.9
E0/0=.10
E0/0=.11
10.1.1.27
E0/1=.2
192.168.20.1
FR1
switch
RIP
S0/0
S0/2
S0/1
S0/1
S0/0






















4


Q4 5 faults:

All four provider edge PE routers must see Loopback 1 addresses of other three PE with two available paths in
their own IPv4 BGP table and must see each of these prefixes in their IPv4 routing table as BGP prefix of which the
next-hop is the remote PE loopbacks 0.
Make sure to accomplish this task for all four PE.
Use the following output as an example of what R3 must see.


R1 R2
R3
R4 R6
R5
Net: 192.168.10.x/30
OSPF MD5 Auth
iBGP MD5 Auth
S1/0=.1
PE
PE
PE
PE
E0/1=.34
E0/0=.6
E0/0=.5
E0/1=.9
E0/0=.10
E0/1=.30 E0/0=.14
E0/1=.26
E0/1=.25
E0/0=.21
E0/1=.22
E0/0=.18
E0/3=.33
E0/2=.29
E0/2=.13
E0/3=.17
E0/2=.5
iBGP iBGP
iBGP iBGP
RR RR
BGP AS3
OSPF Area 0





















5

Q5 9 faults:

R8 in VPN Site-A1 cannot ping host 171.2.2.2, which is attached to R20 in VPN Site-A2. Fix the problem so that the
following ping resolves in 100 percent success:
R8#ping 171.2.2.2


R20#ping 171.1.1.1

Outputs should match:
R1# sh mpls ldp neighbor | i Peer LDP Ident

R2# sh mpls ldp neighbor | i Peer LDP Ident

While you are resolving this issue, you are not allowed to use permit any any or permit all in existing ACLs or
prefix lists.
This incident contains couple separate faults. While you are resolving these faults, you are not allowed to add any
new static or Layer 3 interfaces.

R1 R2
R3
R4 R6
R5
R8
R20
Net: 192.168.10.x/30
Net: 172.32.10.x/30
Area 101
Area 101
OSPF MD5 Auth
OSPF MD5 Auth
10.10.10.4/30
iBGP MD5 Auth
S1/0=.1
PE
PE
PE
PE
CE
CE
VPN Site A2
171.2.2.2
VPN Site A1
171.1.1.1
E0/1=.34
E0/0=.6
E0/0=.5
E0/1=.9
E0/0=.10
E0/1=.30 E0/0=.14
E0/1=.26
E0/1=.25
E0/0=.21
E0/1=.22
E0/0=.18
E0/3=.33
E0/2=.29
E0/2=.13
E0/3=.17
E0/2=.5
E0/2=.1
S1/0=.1
S1/0=.2
iBGP iBGP
iBGP iBGP
RR RR
E0/0=.6
OSPF MD5 Auth
BGP AS3
OSPF Area 0






6

Q6 6 faults:

All six routers in Area 0 from the MPLS Core have been connected to IPv4-IPv6 dual-stack for testing purposes. R8
is simulating an IPv6 host: it must receive its IPv6 address directly from R5 and must not participate in any IPv6
routing protocol.
Loopback 100 for R4 is simulating an IPv6 server with IPv6 address 2001:CC1E:100::100/128. The Ipv6 host R8 has
lost connectivity to the IPv6 server. (R4 loopback 100). Fix the problem so that the following ping resolves in 100
percent success:
R8#ping 2001:CC1E:100::100

You are NOT allowed to change any existing IPv6 ACL or add new lines to it. Also do not remove completely traffic
filters from any interface.
You are allowed to use any method to resolve this issue but you are not allowed to manually configure a specific
IPv6 address in R8. You are also not allowed to add any new static route or Layer 3 interfaces.
R1 R2
R3
R4 R6
R5
R8
Net: 192.168.10.x/30
Area 101
OSPF MD5 Auth
10.10.10.4/30
iBGP MD5 Auth
10.1.1.8
S1/0=.1
PE
PE
PE
PE
CE
E0/1=.34
E0/0=.6
E0/0=.5
E0/1=.9
E0/0=.10
E0/1=.30 E0/0=.14
E0/1=.26
E0/1=.25
E0/0=.21
E0/1=.22
E0/0=.18
E0/3=.33
E0/2=.29
E0/2=.13
E0/3=.17
E0/2=.5
E0/2=.1
iBGP iBGP
iBGP iBGP
RR RR
E0/0=.6
OSPF MD5 Auth
BGP AS3
OSPF Area 0




















7

Q7 4 faults:



Traffic that is marked with IP precedence 4
and coming from hosts 10.1.1.11 or 10.1.1.12
must reach R7 or R8 with IP precedence 5.
While resolving this issue, you are not allowed
to modify the configuration of any existing
ACL lines in R7, R8 or R9.
Fix the problem so that the following
extended ping result in 100 percent success:



Verify policy output to match Class SILVER,
R9# show policy-map interface Ethernet0/0




Q8 4 faults:

R27 Ethernet 0/1 is supposed to stat administratively enabled at all times. (It is currently connected to a hub so
will stay up/up once enabled). The administrator has configured and EEM script that should automatically re-
enable the interface if it is manually disabled.
The script is not working as expected.
Fix the issue so that the interface is automatically re-enabled when someone issues the shutdown command
under the interface e0/1.
R27
OSPF Area 1 NSSA
Net: 172.16.13.x/29
E0/0=.11
10.1.1.27






R7 R8
R9 R10
R11
R12
OSPF Area 0
Net: 10.10.10.x/30
OSPF MD5 Auth
10.1.1.7
E0/3=.25
E0/1=.21 E0/2=.17
E0/1=.18
E0/0=.14
E0/2=.13 E0/1=.9
E0/0=.10
E0/1=.22
E0/3=.26
E0/3=.29
E0/2=.37
E0/0=.38
E0/2=.41
E0/0=.42
10.1.1.14
10.1.1.12
E0/0=.30
10.1.1.11
10.1.1.8
R14
SW1 SW2
R13
E0/3=.33
E0/0=.34
8

Q9 4 faults:

Host 10.1.1.16 attached to R16 is not able to use Telnet to connect to host 10.1.1.19, which is attached to R19.
Fix problem so that the following Telnet connection can be established:
R16#telnet 10.1.1.19 /source-interface loopback 0

Do not remove or add any ACL line in this configuration.
While you are resolving this issue, you are not allowed to create any new interfaces.
Refer to the Troubleshooting guidelines to determine if your solution is appropriate. Make sure that you
disconnected the telnet session after verification.

R16 R15
R17
R18
R19
EIGRP AS200
Net: 172.16.10.x/29
EIGRP MD5 Auth
PPP CHAP
NTP client
NTP client
NTP MD5 Auth
DHCP Server
Network
172.16.10.16/29
10.1.1.19
E0/1=.1
E0/0=.19
DHCP client
E0/1 E0/0=.10
DHCP client
E0/1 E0/0=.11
E0/0=.9
10.1.1.16
S1/0=.2
S0/1=.1
NTP Server


Q10 4 faults:

R20 Ethernet 1/0 must be able to use Telnet to connect to the host 172.16.11.10, which connected to R22
Ethernet 1/0.
When using Telnet on port 23, the source address must always be translated to R22 Ethernet 1/0 before matching
the destination host.
When using Telnet on port 80, the source address must always be translated to R22 Loopback0.
R20#telnet 172.16.11.10
R20#telnet 172.16.11.10 80
Do not use interface overload command.
Fix the problem so that the following NAT entries are seen on R22, when the two aforementioned connections
are successfully established (inside global IPs and outside global IPs and ports must match).

While you are resolving this issue, you are allowed to create any new interfaces. Refer to the Troubleshooting
guidelines to determine if your solution is appropriate. Make sure that you disconnected the telnet session after
verification.
TG1
R22
R20
OSPF Area 0
Net: 172.16.11.x/30
OSPF MD5 Auth
E0/1=.5
E0/0=.6
E0/1=.9
E0/0=.10


9

Additional Tickets.

Q11 4 faults:

R15 act as NTP Server. Clients are R17 and R18.
Fix the problem so that the following outputs are seen on R17 and R18:
R18#sh ntp associations detail | i authenticate


R18#sh ntp status

While you are resolving this issue, you are allowed to create any new interfaces. Refer to the Troubleshooting
guidelines to determine if your solution is appropriate. Make sure that you disconnected the telnet session after
verification.
R16 R15
R17
R18
R19
EIGRP AS200
Net: 172.16.10.x/29
EIGRP MD5 Auth
PPP CHAP
NTP client
NTP client
NTP MD5 Auth
DHCP Server
Network
172.16.10.16/29
10.1.1.19
E0/1=.1
E0/0=.19
DHCP client
E0/1 E0/0=.10
DHCP client
E0/1 E0/0=.11
E0/0=.9
10.1.1.16
S1/0=.2
S0/1=.1
CE
NTP Server

Q12 4 faults:

R7 in VPN Site-B2 cannot ping host 171.1.1.1, which is attached to R15 in VPN Site-B1. Fix the problem so that the
following ping resolves in 100 percent success:
R7#ping 171.1.1.1


R15#ping 171.2.2.2




10

Outputs should match:
R1# sh mpls ldp neighbor | i Peer LDP Ident

R2# sh mpls ldp neighbor | i Peer LDP Ident

While you are resolving this issue, you are not allowed to change any configuration on R7 and R15.
This incident contains couple separate faults. While you are resolving these faults, you are not allowed to add any
new static or Layer 3 interfaces.
While you are resolving this issue, you are allowed to create any new interfaces. Refer to the Troubleshooting
guidelines to determine if your solution is appropriate. Make sure that you disconnected the telnet session after
verification.
R1 R2
R3
R4 R6
R5
R7
R15
Net: 192.168.10.x/30
Area 101
10.10.10.0/30
OSPF MD5 Auth
OSPF MD5 Auth
iBGP MD5 Auth
VPN Site B1
171.1.1.1
S0/0=.2
1.1.10.x/30
S1/0=.1
PE
CE
PE
PE
PE
CE
VPN Site B2
171.2.2.2
E0/1=.34
E0/0=.6
E0/0=.5
E0/1=.9
E0/0=.10
E0/1=.30 E0/0=.14
E0/1=.26
E0/1=.25
E0/0=.21
E0/1=.22
E0/0=.18
E0/3=.33
E0/2=.29
E0/2=.13
E0/3=.17
E0/2=.5
E0/2=.1
E0/0=.2
S1/0=.1
iBGP iBGP
iBGP iBGP
RR RR
EI GRP AS101
MD5 Auth
BGP AS3
OSPF Area 0