Tshoot 642 832: Your Experience Phantom - 99, and Those Who Share This

TSHOOT www.ciscoGuides.com
642‐832 www.ciscoGuides.com
Special Thanks http://www.networktut.com/tshoot‐share‐
your‐experience phantom_99,and Those who share this V1.1 30/08/10
www.CiscoGuides.com (Free CISCO exams Materials (Books Video Lectures Simulators and Dumps)

PLEASE SHARE YOUR EXPERIENCE WITH OTHERS WHEN
YOU CLEAR THE EXAM
I WILL WAIT POSITIVE REPLY ON
HTTP://MY.CISCOGUIDES.COM/VIEWFORUM.PHP?F=161

Chapter: Please share your experience with others when you clear the exam

2

MCQS & DROG AND DROP

DROG AND DROP
DD1:
FCAPS
Fault Management ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ F
Configuration Management ‐‐‐‐‐‐‐ C
Accounting Management ‐‐‐‐‐‐‐‐‐‐ A
DD2:
FACPS‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Fault, Configuration, Accounting, Performance, Security (ISO)
ITIL‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ framework for it prof
Cisco lifecycle‐‐‐‐‐‐‐‐‐‐‐‐‐‐model is often referred to as the PPDIOO model
TMN‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Telecommunications Management Network (ITU‐T)
DD3:
EEM ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ CLI
SDM ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ GUI
FTP ‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Backup
MCQS
Q1
What will be alternative for: ip ftp username xxxxxx ip ftp password yyyyyy

Answer:
ip http client username xxxxxx
ip http client password yyyyyy
Q2
What will happen if you configure 2 routers to be NTP servers?
Chapter: MCQs & DroG and DrOP

Answer
NTP preffered
Q3
What happens if you run the command: logging console warnings.
Answer:
1‐ notificationn information debuging
2‐ emergency alerts critical
3‐ information debuging
4‐ Warning, Critical, Alert, Emergencies (correct)
3


MY POINT
Logging console warning order is that: (0 – 7)
Emergency 0 Alerts 1 Critical 2 Errors 3 Warning4
Notification 5 Informational 6 Debugging 7

Enabling a higher level of messages shows all lower‐level messages as well. The debugging
level, or level 7, shows all messages.
Q4
Network Maintenance: Choose from the list 2 network maintaining types.

Answer
Structured
Interrupt Driven
Q5
Link/Interface is up and protocol is also up But cdp neighbor not working?

Answer
Data link layer.
Q6
access‐list 199 permit tcp host 10.1.1.1 host 172.16.1.1
access‐list 199 permit tcp host 172.16.1.1 host 10.1.1.1
debug ip packet 199 What would be the output shown on the console?

Answer
Only communication between host 10.1.1.1 and host 172.16.1.1
Q7
The interface is up and protocol is up. When do you get these messages?
%LINEPROTO‐5‐UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to up
%LINKDOWN‐3‐SERIAL:

Answer

Emergency 0 Alerts 1 Critical 2 Errors 3 Warning4
Chapter: MCQs & DroG and DrOP
Notification 5 Informational 6 Debugging 7

4


TROUBLE TICKETS (TT)

CISCO TROUBLE TICKETS EXAMS FORMAT
TROUBLE TICKET STATEMENT
“The implementation group has been using the test bed to do a ‘proof‐of‐concept’ that required both
client 1 and client 2 to access the Web Server at 209.65.200.241. After several changed to interface
status, network addressing, routing schemes and layer 2 connectivity, at trouble ticket has been
opened indicating that client 1 cannot ping the 209.65.200.241 (internet Server)”

After TT Statement u will see Three Question So Every Trouble Tickets Contain Three Question like
that
1. ON WHICH DEVICE IS THE FAULT CONDITION LOCATED
o R1
o R2
o R3
o R4
o DSW1
o ASW1
o DSW2
o ASW2

2.THE FAULT CONDITION IS RELATED TO WHICH TECHNOLOGY
It depends on the fault but overall it likes that
o Static routing
o Interface status
o IPv4 Address
o IPv4 Routing Protocols
o Switch‐Switch Connectivity
o Switch Virtual Interface
Chapter: Trouble Tickets (TT)

3.WHAT IS THE SOLUTION OF FAULT CONDITION?
It depends on faults

5

RECOMMENDATIONS FOR STUDIES
Before Reading the following Trouble Tickets follow these recommendations

1. REAL EXAMS DEMO MUST DO IT
http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html

2. CISCO EXAMS TOPOLOGY MUST READ IT
http://www.ciscoguides.com/ciscoguides_labs/642‐832/tshoot_exam_topology.zip

3. CISCOGUIDES EXAMS TOPOLOGY FOR GNS3 MUST READ IT
http://www.ciscoguides.com/ciscoguides_labs/642‐832/TSHOOTCiscoGuides.zip

4. TSHOOT VIDEO LECTURES FOR TRAINING
http://www.ciscoguides.com/index.php?option=com_content&view=article&id=261&Itemid=299

5. TSHOOT BOOKS
http://www.ciscoguides.com/index.php?option=com_content&view=article&id=260&Itemid=298

6. SPECIAL THANKS
http://www.networktut.com/tshoot‐share‐your‐experience

7. TSHOOT VIDEO MENTOR LABS IN GNS3 & REAL EAXAM TROUBLE
TICKET IN PACKET TRACER AND IN GNS3
http://www.ciscoguides.com/index.php?option=com_content&view=article&id=281:ccnp‐tshoot‐exams‐642‐832‐
labs&catid=147:ciscoguides‐labs&Itemid=311

8. VIDEO MENTOR LABS IN GNS3 DETAILS
http://my.ciscoguides.com/viewforum.php?f=156

9. REAL EXAMS TOPOLOGY + TT IN GNS3
Chapter: Recommendations For studies

10. REAL EXAMS TOPOLOGY + TT IN PACKET TRACER

6


RECOMMENDATIONS FOR EXAMS

1. Killed your fear. If you think you cannot do that you cannot do that. After reading my Notes
you will do that with GOD wills
2. After Complete or Abort Every Trouble Tickets Must Exist Console “exit”. Some time it not
refresh the running‐config file and you cannot trace the problems
3. Memories all networks, Links and so on. Memories the topologies it save your time
4. If you cannot find out any problem “Abort” the trouble tickets and performed others.
5. Memories all fault/TT which I mentioned Below Real Exams TT
6. You can press END EXAM tab directly... or u can press NEXT botton.. 1st I pressed the NEXT
Button.. Then the comp. asked " are you sure you have completed your exam"..(something i
cn't remember now) It just was an warning message.. Then i press END EXAM button...Be
careful.... Don't press END EXAM tab. at first when the demo exam finishes.

EMAIL ME IF YOU FIND ANY TECHNICAL FAULT OR I MADE
ANY BLANDER THAN URGENT EMAIL AT
CISCOGUIDES@GMAIL.COM

Chapter: Recommendations For Exams
7

HOW LOCATE FAULTY DEVICE
CASE 1
When client cannot take ip address for DHCP 169…Than issue between ASW1 DSW1
Perform these steps
ASW1
Show vlan
1. Check interface f0/1 – 2 on vlan 10
2. Check no interface that is related to portchannel (19‐23) display in the Vlan
show running‐config
1. Check any security apply on vlan 10 vlan filter
2. Check any port‐security apply on any interface
3. Check that port‐channel allow proper vlans
show interface f1/0/x
1. Check that interface not shutdown (err or any reason)
DSW1
Show vlan
1. Check no interface that is related to portchannel (19‐23) display in the Vlan
1. Check any security apply on vlan 10 vlan filter
2. Check any port‐security apply on any interface
3. Check that port‐channel allow proper vlans properly
show interface f1/0/x
1. Check that interface not shutdown (err or any reason)
CASE 2
1. Where you get last Successful ping.
a. Where Client Stop
b. Where DSW1 Stop
(Problem is within device where Ping last get success and Ping fail)
2. GO TO Where last one you get Success from DSW1 ping
a. Check Neighbor Table
Chapter: How locate faulty Device
i. If Empty Check Neighboring Issues. See Table one about well know issues [1]
b. Check Interface Status/Security/ACL/Redistribution
3. If Everything is Good of Success Full device than Goto Where ping Fail
a. Check Forward Connectivity. If you get forward Connectivity until 209.65.200.241 than
All router/Device are not considerable
b. Check Backward Connectivity. If No than Check
c. Check Neighbor Table
d. Check Interface Status/Security/ACL and so on

8

NEIGHBORING ISSUES
1. Wrong Subnet mask/Network/OSPF area number 7. OSPF Wrong Network Type/Area type
2. Frame‐relay not gives broadcast 8. Routing Protocol Authentication issues
3. ACL blocking EIGRP Packet 9. OSPF Missmatached MTU
4. The EIGRP/BGP AS numbers do not match. 10. Passive interface
5. EIGRP K Values Do not Matched 11. RIP/OSPF not enable on interface
6. OSPF Hello / dead interval changed 12. Distributed list Not Configure Properly

R4#Show ip protocol command EIGRP AS
Routing Protocol is "eigrp 10"
Outgoing update filter list for all interfaces is not set
Any Filter apply
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates K Values of Eigrp
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1 Redistribution
Default redistribution metric is 10000 100 255 1 10000
Redistributing: eigrp 10, ospf 1 (internal, external 1 & 2, nssa‐external 1 & 2)
EIGRP NSF‐aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks: Network that advertise
10.1.4.4/30
10.1.4.8/30
Routing Information Sources:
Gateway Distance Last Update EIGRP interface included
10.1.4.10 90 00:08:41 S1/0 Connected to R3
10.1.4.6 90 00:08:41 F0/1 connected to DSW1
Distance: internal 90 external 170
So we can easily diagnose above neighboring issues similarly. For ipv6 is below there
R1#show ipv protocols
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "ospf 6"
Chapter: How locate faulty Device
Interfaces (Area 12):
Serial1/0.12
Loopback1
Redistribution:
None
9

HOW TO LOCATE PROBLEMS
FOLLOW THESE STEP
CLICK ON CLIENT 1
Check Ipconfig (10.2.1.X ::::: 255.255.255.0 ::::: 10.2.1.254)

Step 1. If ipconfig has no error
i. Use Tracert(209.65.200.241)
1. if not work do not take tension goto Ping
2. If work than locate where it stop (Half problem Solved Step 2 & 3)
ii. Use Ping
1. Ping 10.2.1.254
a. If reply Yes GoTo Step 3
b. If Reply No GoTo Step 2
Step 2. If ipconfig has error + if ping 10.2.1.254 not reply
i. Check ASW1
1. Check Switch port f1/0/1 is switchport access vlan 10 if not That is
Error 
2. If Yes ASW1 Check Port Status if it is in Error Condition than it is error

3. If Above also not present check last one Port 23 allowed Vlan 10 if Not
than it is error 
ii. If ASW1 Clear goto DSW1
1. Check VACL/or any Filter apply on VLAN 10 if yes that is Error 
2. If no than Check Standby status if track command is wrong that is error

Step 3. Ping reply 10.2.1.254 ‐>10.1.4.5‐>10.1.1.9‐>10.1.1.5‐>10.1.1.1‐>209.65.200.226
i. Goto Next hop Ping that 10.1.4.5 if No Reply than Error is into R4 Step 4
ii. If ping reply yes than Goto Next hop Ping that 10.1.1.9 if No Reply than Error
is into R4 – R3 Step 4
iii. If ping reply yes than Goto Next hop Ping that 10.1.1.5 if No Reply than Error
Chapter: How To Locate Problems
iv. If ping reply yes than Goto Next hop Ping that 10.1.1.1 if No Reply than Error
v. If ping reply yes than Goto Next hop Ping that 209.65.200.226 if No Reply
than Error is into R1 (BGP fault, NAT) Step 4
Step 4. Check the Following Error
In Memories end of TTs.

1
0

REAL EXAMS TROUBLE TICKETS

TROUBLE TICKET 1
CLIENT 1 IS NOT ABLE TO PING THE SERVER
SITUATION:
Unable to ping DSW1(Use L2 Diagram) {ip add gets to client1 from DHCP: 169.x.x.x}
On ASW1 fa1/0/1 and fa1/0/2 switchport access vlan 10 command is not there
ANSWER
Ans1)ASW1
Ans2)Access vlan
Ans3)give command: interface range fa1/0/1‐/2 switchport access vlan 10
CASE1
Show vlan
Practice This TT in GNS3
Practice This TT in Practice Tracer
TROUBLE TICKET 2
SITUATION:
client is not able to ping the web server, but the routers can ping the server.
ANSWER
Ans1) R1
Ans2) IPV4 NAT
Chapter: Real Exams Trouble Tickets
Ans3) under NAT access list, enter the command permit 10.2.0.0 0.0.255.255
TT DEVICES TT1
Next HOPs (Y) X Row can ping Y Colum Explanation
X Client DSW1 R4 R3 R2 R1
10.2.1.1 DSW1 + + + + Client cannot ping 209.65.200.226/241
10.1.4.5 R4 + + + + DSW1 can ping 209.65.200.226/241
(for practice go to GNS3 or Packet Tracer labs)
10.1.1.10 R4 + + + + Practice This TT in GNS3
10.1.1.9 R3 + + + + http://my.ciscoguides.com/viewforum.php?f=160
10.1.1.5 R2 + + + + Practice This TT in Practice Tracer
10.1.1.1 R1 + + + +
209.65.200.226 ISP × × + +
1
1

209.65.200.241 Web × + +

a. Where Client Stop (R1)
b. Where DSW1 Stop (+)
(Problem is within device (R1) where Ping last get success and Ping fail. Here you take intelligent
shortcut that DSW1 are allowed to ping all but Client not this means any ACL stop that )
2. GO TO Where last one you get Success from DSW1 ping (R1)
i. show ip ospf neighbor (No logic here but just check)
ii. show ip protocol (Configuration is fine BGP + OSPF is good)
b. Check Interface Status/ACL/Redistribution.
i. Show access‐list
1. Network 10.2.1.x are not allowed
3. If Everything is Good of Success Full ping device than Goto Where ping Fail(R1)
a. Check Forward Connectivity.
i. R1 can ping Internet Server

(R1 is a special case where we cannot check ISP server this means we only verify R1 response so step
2 and 3 is similar each other for R1)

SHORTCUTS
Just make a hypothesis with reply of ping. It saves your time. But do not forget that may be
problem is hidden anywhere else. So eyes must be open. Here hypotheses or doubt on R1
ACLs
TROUBLE TICKET 3
SITUATION:
Unable to ping R4 fast ethernet port from DSW1
ANSWER
Ans1) R4
Chapter: Trouble Ticket 2
Ans2) IP4 EIGRP
Ans3) Change eigrp process no: from 1 tp 10 on R4 because DSW1

1
2


TT DEVICES TT1
10.2.1.1 DSW1 + × DSW1 cannot ping R4 10.1.1.10
10.1.4.5 R4 × + + IT can ping directly connected Interface 10.1.4.5
Client cannot ping 10.1.4.5
10.1.1.10 R4 × × + (for practice go to GNS3 or Packet Tracer labs)
10.1.1.9 R3 + Practice This TT in GNS3
10.1.1.5 R2 + http://my.ciscoguides.com/viewforum.php?f=160
10.1.1.1 R1 +
209.65.200.226 ISP +
209.65.200.241 Web +
b. Where DSW1 Stop (R4)
(Problem is within device (DSW1+R4) where Ping last get success and Ping fail)
2. GO TO Where last one you get Success from DSW1 ping (DSW1)
i. show ip eigrp neighbor (Only DSW2)
ii. show ip protocol (Configuration is fine AS 10,No redistribution)
i. Show access‐list (no access‐list)
i. R4 can ping Internet Server (R3,R2,R1 No need to check that’s)
b. Check Backward Connectivity.
i. R4 can not ping 10.2.1.1 (means no information of that route)
i. show ip eigrp neighbor (neighbor Table is Empty)
ii. show ip protocol (Configuration is fine AS 1)
d. Check Interface Status/ ACL/Redistribution.
TROUBLE TICKET 4
SITUATION:
client is not able to ping the server. Except for R1, no one else can ping the server.
ANSWER
Ans1) R1
Ans2)IPv4 layer 3 security
Ans3) Add permit 209.65.200.224 0.0.0.3 to R1’ACL

1
3

TT TT1
X
Client DSW1 R4 R3 R2 R1
in out
10.2.1.1 DSW1 + + + + (for practice go to GNS3 or Packet Tracer labs)
10.1.4.5 R4 + + Practice This TT in GNS3
+ + http://my.ciscoguides.com/viewforum.php?f=160
10.1.1.9 R3 + + + + Practice This TT in Practice Tracer
10.1.1.5 R2 + + + + http://my.ciscoguides.com/viewforum.php?f=157
10.1.1.1 R1 + +
+ +
209.65.200.225 R1 + + × +
209.65.200.226 ISP × × × +
209.65.200.241 Web × × × +
(Problem is within device (R1) where Ping last get success and Ping fail)
i. show ip ospf/bgp neighbor (Fine)
ii. show ip protocol (Fine)
i. Show access‐list (access‐list apply but not allowed to the serial interface)
i. R1 can not ping 209.65.200.241
i. R1 can ping 10.2.1.3 means Client
i. show ip ospf/bgp neighbor (fine)
ii. show ip protocol (fine)
d. Check Interface Status/ ACL/Redistribution. (Step 1 finding)
TROUBLE TICKET 5
CLIENT 1 IS NOT ABLE TO PING THE SERVER Chapter: Trouble Ticket 4
SITUATION:
R1 is not able to ping 209.65.200.226. check bgp neighborship. The neighbor’s address in the
neighbor command is wrong under router BGP. (use ipv4 Layer 3)
ANSWER
Ans1) R1
Ans2) BGP
1
4

Ans3) delete the wrong neighbor statement and enter the correct neighbor address in the
neighbor command (change 209.56.200.226 to 209.65.200.226)

TT DEVICES TT1
10.2.1.1 DSW1 + + + DSW1/Client/R1 cannot ping
10.1.4.5 R4 209.65.200.225/226/241
+ + + (for practice go to GNS3 or Packet Tracer labs)
10.1.1.10 R4 + + + Practice This TT in GNS3
10.1.1.9 R3 + + + http://my.ciscoguides.com/viewforum.php?f=160
10.1.1.5 R2 + + + Practice This TT in Practice Tracer
10.1.1.1 R1 + + +
209.65.200.226 ISP × × ×
209.65.200.241 Web
(Problem is within device (R1) where Ping last get success and Ping fail)
i. show ip ospf neighbor (Fine)
ii. show ip bgp sun (wrong Neighbor is wrong address )
i. Show access‐list (Access‐List fine)
i. R4 cannot ping 209.65.200.225 that is directly connected I explain this on
previous topic Here you can see show bgp summary and it is idle means no
connectivity
i. R4 can ping 10.2.1.1 (Fine)
TROUBLE TICKET 6
SITUATION :
Unable to ping serial interface of R4 from the clients.
ANSWER
Ans1) R4
Ans2) route redistribution
Ans3) change the name of the route‐map under the router EIGRP or router OSPF process from
‘to’ to ‘‐>’.

1
5

TT DEVICES TT1
10.2.1.1 DSW1 + + + × DSW1/Client1 have same response
10.1.4.5 R4 + + + × R4 can ping every device
R3 cannot ping backward
10.1.1.9 R3 × × + + Practice This TT in GNS3
10.1.1.5 R2 × × + + http://my.ciscoguides.com/viewforum.php?f=160
10.1.1.1 R1 + + Practice This TT in Practice Tracer
209.65.200.226 ISP + +

209.65.200.241 Web + +
(Problem is within device (R4+R3) where Ping last get success and Ping fail)
i. show ip eigrp neighbor (Fine u can skip this step because R4‐>DSW1 can ping)
ii. show ip ospf neighbor (Fine u can skip this step because R3‐>R4 Reply come)
iii. show ip protocol (Configuration fine Some Redistribution Apply)
ii. Show route‐map (yes Redistribution Apply)
iii. Show running‐config
1. Check that Name where this route‐map applies. Here is Error
i. R4 can ping Internet Server (R2,R1,R3,web No need to check that’s)
i. R4 cannot ping 10.2.1.1 /10.1.4.5(means no information of that route)
(Basically we do not need step 3 because Error is very clear)
SHORTCUTS
Here you can see the behavior of ping where R4 can ping everywhere on network but R3 and
DSW1 cannot. It means R4 cannot take route information each DSW1/R4 so Redistribution or
ACL Problem


1
6

TROUBLE TICKET 7
SITUATION:
Client is unable to ping R1’s serial interface from the client.
ANSWER
Ans1) R2
Ans2) ipv4 OSPF
Ans3)“ip ospf authentication message‐digest” command must be given on s0/0/0
TT DEVICES TT1
10.2.1.1 DSW1 + + × DSW1/Client1/R2 have same response
10.1.4.5 R4 + + × R1 cannot ping Backward but can ping Web
Practice This TT in GNS3
10.1.1.9 R3 + + × http://my.ciscoguides.com/viewforum.php?f=160
10.1.1.5 R2 + + × Practice This TT in Practice Tracer
10.1.1.1 R1 × × + http://my.ciscoguides.com/viewforum.php?f=157

209.65.200.226 ISP +
209.65.200.241 Web +
i. show ip ospf neighbor (R1 not include OSPF neighbor)
ii. show ip protocol (Configuration fine OSPF Area1/network types/)
iii. show running‐config(Check that deeply interface are not passive /
Authentication issue (check the table above neighboring issues)
i. R1 can ping Internet Server
i. R1 cannot ping 10.1.1.5 (means no information of that route)
i. Because R2 has authentication issue so we verify that R1 apply authentication
to 12 (Result is fine)
SHORTCUTS
We can see that R1/R2 can not communicate with each other so basically its neighboring
issues
1
7

TROUBLE TICKET 8
IPV6 LOOPBACK OF R2 CANNOT BE PINGED FROM DSW1’S LOOPBACK.
SITUATION:
IPV6 loopback of R2 cannot be pinged from DSW1’s loopback.
ANSWER
Ans1) *R2/*R1/*R3
Ans2) IPV6 ospf
Ans3) on the serial interface of R2, enter the command, ipv6 ospf 6 area 0
TT DEVICES TT1
X DSW2 DSW1 R4 R3 R2 R1
2026::3:1 DSW1 + + + × DSW1/DSW2 have same response
2026::2:1 R4 + + + × R1 cannot ping Backward 2026::34:1
2026::34:1 R3 + + + × Practice This TT in Practice Tracer
2026::1:1 R2 × × × + http://my.ciscoguides.com/viewforum.php?f=157
2026::12:1 R1 × × × +
a. Where DSW2 Stop (R3)
i. show ipv ospf neighbor (R2 not include OSPF neighbor)
ii. show ipv protocol (Configuration fine OSPF Area1/network types/)
iii. show running‐config(Check that interface are not passive / Authentication issue
(check the table above neighboring issues)
i. R2 can R1
i. R2 cannot ping R3 (means no information of that route)
i. show ipv ospf neighbor (R1 not include OSPF neighbor)
ii. show ipv protocol (serial interface 23 is not included in the ipv6)
iii. show running‐config(confirm it from neighboring )
SHORTCUTS
We can see that R2/R3 cannot communicate with each other so basically its neighboring issues

1
8

TROUBLE TICKET 9
HSRP: DSW1 DOES NOT BECOME ACTIVE.
SITUATION:
HSRP: DSW1 does not become active under the standby configuration of DSW1, the command
standby 10 track 1 decrement 60 is given, u must changed to track 10. (Use ipv4 Layer 3)
ANSWER
Ans1) DSW1
Ans2) HSRP
Ans3) delete the command with track 1 and enter the command with track 10.
TT DEVICES TT1
X DSW2 DSW1 R4 R3 R2 R1
2026::3:1 DSW1 + Issue is that packet not passed from DSW1
2026::2:1 R4 + http://my.ciscoguides.com/viewforum.php?f=160
2026::34:1 R3 + http://my.ciscoguides.com/viewforum.php?f=157
2026::1:1 R2 +
2026::12:1 R1 +

HSRP common issues is that preempt is not apply or track is used to decrease active router or no
commuciation between standby/active router
DSW1
Show standby brief
Preept is apply
Show running‐config
interface Vlan10
ip address 10.2.1.1 255.255.255.0
ip helper‐address 10.1.4.5
standby 10 ip 10.2.1.254
standby 10 priority 150
standby 10 preempt
standby 10 track 1 decrement 60
Find out track in running config
track 1 ip route 0.0.0.0 0.0.0.0 metric threshold
threshold metric up 0 down 1

1
9

TROUBLE TICKET 10
SITUATION:
Here both port channel of ASW1 are configure 20,200 rather than 10,200 . But we have only
one choice that is p23 (but not p13 problem in both so we chose p23)
ANSWER
Ans1)ASW1
Ans2)Switch to switch connectivity
Ans3)on port channel 23 give switchport trunk allowed vlan 10,200
CASE 1
TROUBLE TICKET 11
CLIENT 1 IS NOT ABLE TO PING THE INTERNET SERVER
SITUATION:
Client get ip address 10.2.1.3 but it can not ping 10.2.1.254. ASW1 can ping 10.2.13. GO DSW1
and check vlan filter command
ANSWER
Ans1) DSW1
Ans2) Vlan ACL/ Port ACL
Ans3)No vlan filter xxx vlan 10
COMMANDS
Show running config
CASE1
TROUBLE TICKET 12
SITUATION:
Unable to ping DSW1 under running config the mac address for fa0/1 is 0001 and fa0/2 it
0002.Also check show interfaces fa1/0/1 and fa1/0/2, u will see that the interface is in error
disabled... {ip add gets to client1 from DHCP: 169.x.x.x}
ANSWER
Ans1)ASW1
Ans2)Port security
Ans3) On fa1/0/1 and fa1/0/2 do disable port security and do shut , no shut.
COMMANDS
Show interface fast1/0/1 (see err‐disable)

2
0

MEMORIES
ASW1(3 TT)
1. Access vlan ‐ add "switchport access vlan1"
2. Port Security ‐ "no switchport port sec" and "shut" and "no sh"
3. Sw‐to‐Sw connection ‐ in Po23 (in exam really write as this), "no switchport trunk allow vlan
20,200" and "switchport trunk allow vlan 10,200"
DSW1(2 TT)
1. VACL/vlan filter ‐ "no vlan filter ... vlan‐list 10"
2. HSRP ‐ int vlan10, "no standby 10 track 1..." and "standby 10 track 10..."
R4(2 TT)
1. IPv4 EIGRP ‐ change AS#. from 1 to 10
2. Redis. ‐ change "redis ospf 1 route‐map ..to" to "... ‐>"
R2(1 TT)
1. IPv6 OSPF ‐ enable ipv6 ospf on s0/0/0
R1(4 TT)
1. NAT ‐ add "permit 10.2.0.0 0.0.255.255" to let client1 ping server
2. BGP ‐ change neighbor from "202.56..." to "202.65..." to form nei with ISP
3. Access list ‐ in ip extended..., add "permit 202....22 0.0.0.3" to let every device ping server
4. IPv4 OSPF ‐ add "ip ospf authen" on s0/0/0 to form nei with R2

Chapter: Memories

2
1


POSSIBLE SYMPTOMS OF EIGRP AND SOLUTIONS
NOT FORMING NEIGHBORSHIPS
13. Wrong Subnet mask
14. Wrong network
15. Frame‐relay not gives broadcast
16. ACL blocking EIGRP Packet
17. The AS numbers do not match.
18. K Values Do not Matched
REDISTRIBUTE/EIGRP ROUTES ARE NOT APPEARED
1. Metric not configured
2. Distributed List drop the packet
3. Auto summarization
NOT COMMON SUBNET ERROR MESSAGE
1. Router configure with secondary ip address
LOAD BALANCING ACROSS UNEQUAL‐COST PATHS
1. Variance command s
STUCK IN ACTIVE
1. High CPU issues
2. Cable up/down , Physical issue of cable, Error increase
3. EIGRP routing loops
COMMANDS
show ip eigrp neighbors
Chapter: POSSIBLE SYMPTOMS OF EIGRP and solutions
show ip eigrp topology
show ip route eigrp
show ip eigrp interface
POSSIBLE SYMPTOMS OF REDISTRIBUTION AND SOLUTIONS
NOT EXTERNAL ROUTE ARE BEING INJECTED
Neglect Matrics
GUIDE LINES
Some points to remember about redistributing routes follow:
1. A router redistributes only routes learned by the source protocol. For instance, if you
redistribute connected routes into the protocol, it will advertise them but not redistribute
them.
2. When redistributing routes into BGP, you can use the keyword include‐connected to get
the connected routes into BGP.
3. When you redistribute routes between two OSPF processes, the routes are advertised into the
new process as Type 2.
2
2

4. You generally want to include the subnets keyword on routes distributed from another
routing protocol into OSPF. Otherwise, only routes that use their default classful subnet mask
are redistributed.
5. Be sure to specify a seed metric when redistributing routes into RIP. Otherwise the routes
start with a metric of 16, which RIP interprets as “unreachable.”
6. If you redistribute in multiple places, check the path that traffic takes. You might run into
suboptimal routing. A way to fix this is to tune the administrative distance for some of the
routes.
7. BGP does not redistribute routes learned via IBGP into an IGP by default. To change this
behavior, use the router configuration command bgp redistribute‐internal.
COMMANDS
1. Show route‐map
2. Show ip policy
3. Show ip access‐list
4. Show running‐config
5. Show ip ospf database external x.x.x.x x.x.x.x
6. Show ip eigrp topology x.x.x.x x.x.x.x
POSSIBLE SYMPTOMS OF OSPF AND SOLUTIONS
‘CAN’T ALLOCATE ROUTER‐ID’ MESSAGE
1. If loopback not configures that router pick high ip address interface and if all interface goes
into down state than this message appears
REDISTRIBUTION
1. Subnet Parameter not gives in redistribution command
Chapter: POSSIBLE SYMPTOMS OF OSPF and solutions
OSPF ROUTES NOT APPEARS
2. Neighboring cannot built
3. Virtual links not given
NEIGHBORING ISSUES
1. Wrong Subnet mask/Network/area number
3. Hello / dead interval changed
4. Wrong Network Type/Area type
5. Authentication issues
COMMANDS
1. Show ip ospf neighbor
2. Show ip ospf database
3. Show ip ospf statistics
4. Show ip ospf interface {XXX/brief}
5. Show ip ospf virtual‐link
6. Show ip protocol
2
3

POSSIBLE SYMPTOMS OF BGP SOLUTIONS
BGP PATH SELECTION
1. BGP prefers the path with the highest weight. Note that the BGP weight parameter is a Cisco‐
specific parameter.
2. BGP prefers the path with the highest local preference value.
3. BGP prefers the path originated by BGP on the local router.
4. BGP prefers the path with the shortest autonomous system.
5. BGP prefers the path with the lowest origin type. (NOTE: IGP < EGP < INCOMPLETE.)
6. BGP prefers the path with the lowest multi‐exit discriminator (MED).
7. BGP prefers eBGP paths over iBGP paths.
8. BGP prefers the path with the lowest IGP metric to the BGP next‐hop.
9. BGP prefers the path that points to a BGP router with the lowest BGP router ID.
A BGP router attempts to establish a session with its configured neighbors using TCP
port 179.
COMMAND
1. show ip bgp summary
Neighbor table This command displays a router’s BGP router ID, AS number,
information about the BGP’s memory usage, and summary information about BGP neighbors.
2. show ip bgp neighbors
Neighbor table This command displays the detailed information about all the BGP
neighbors of a router.
3. show ip bgp
BGP table This command displays the network prefixes present in the BGP table.
4. show ip route bgp
IP routing table This command shows routes known to a router’s IP routing table that
were learned via BGP.
Chapter: POSSIBLE SYMPTOMS OF BGP solutions
5. debug ip bgp
Exchanging BGP information with neighbors Although this command does not show the
contents of BGP updates, the output does provide real‐time information about BGP events,
such as the
6. debug ip routing
IP routing table This command displays updates that occur in a router’s IP routing table.
Therefore, this command is not specific to BGP.

BGP ROUTERS MIGHT FAIL:
BGP Cannot make the neighbors
1. The AS numbers must match between the AS number in messages received from a neighbor
and the AS number a router has configured for that neighbor. If the AS numbers fail to match,
the session is reset.
2. TCP establishes a BGP session. Therefore, a lack of IP connectivity between two BGP routers
prevents a peering relationship from forming between those routers.
2
4

3. A BGP router might have multiple active IP addresses configured across its various interfaces.
A router might send a BGP message from one of its IP addresses that do not match the IP
address configured for that router on its peer. If the peer does not recognize the source IP
address of the BGP message, the peering relationship fails.
4. Not give a proper network command with mask + summarize route
BGP Flapping
AS Not Correct + IP address + not Directly connected Loop Back multi hope away + MTU Mismatch
POSSIBLE SYMPTOMS OF OSPFV3 AND SOLUTIONS
‘CAN’T ALLOCATE ROUTER‐ID’ MESSAGE
1. If loopback not configures that router pick high ip address interface and if all interface goes
into down state than this message appears
REDISTRIBUTION
1. Subnet Parameter not gives in redistribution command
OSPF ROUTES NOT APPEARS
2. Neighboring cannot built
3. Virtual links not given
NEIGHBORING ISSUES
1. Wrong Subnet mask/Network/area number
3. Hello / dead interval changed (Missmatched)
4. Wrong Network Type/Area type
Chapter: POSSIBLE SYMPTOMS OF OSPFv3 and solutions
6. Missmatached MTU
7. Passive interface
COMMANDS
1. Show ipv6 route {ospf}
2. Show ipv6 ospf neighbor
3. Show ipv6 ospf database
4. Show ipv6 ospf statistics
5. Show ipv6 ospf interface {XXX/brief}
6. Show ipv6 ospf virtual‐link
7. Show ipv6 protocol
POSSIBLE SYMPTOMS OF RIPNG AND SOLUTIONS
NEIGHBORING ISSUES
1. Wrong Subnet mask/Network
2. Hello / dead interval changed (Missmatched)
4. Missmatached MTU
2
5

5. Passive interface
6. RIP not enable on interface
7. Distributed list
8. Maximum hop
COMMANDS
1. Show ipv6 route
2. Show ipv6 rip
3. Show ipv6 rip database
4. Show ipv6 protocol
POTENTIAL CISCO IOS SECUTRITY ISSUES
1. Forgetting password
2. Traffic block incorrect access‐list
3. Unable log into AAA Server
COMMANDS
1. Show access‐list
2. Show class‐map
3. Show policy‐map
4. Show running‐config
POTENTIAL DHCP ISSUES
DHCP Client can not take ip address both are same subnet. Check out the dhcp pool
DHCP client can not take ip address of different subnet Check ip address command
COMMANDS
Show ip dhcp binding
Show ip dhcp pool
Chapter: POTENTIAL CISCO IOS Secutrity issues
POTENTIAL NAT ISSUES
1. Inside / Outside NAT interface specified incorrectly
2. Overlap of IP address assigned by dynamic pool of ips address or a static ip address
3. Incorrect configuration of access list
COMMANDS
1. Show ip nat translation
2. Show ip nat statistics

2
6


Email me if you find any technical fault or I made blander than urgent email at
ciscoGuides@gmail.com
Following is a flow chart I forget the name but thanks for him last topic
Chapter: POTENTIAL NAT issues
2
7

R4
ip dhcp excluded‐address 10.2.1.1 10.2.1.2 route‐map EIGRP‐>OSPF deny 5
ip dhcp excluded‐address 10.2.1.254 match tag 10
ip dhcp pool CiscoGuides route‐map EIGRP‐>OSPF permit 10
network 10.2.1.0 255.255.255.0 set tag 1
default‐router 10.2.1.254 route‐map OSPF‐>EIGRP deny 5
router eigrp 10 match tag 1
redistribute ospf 1 route‐map OSPF‐>EIGRP route‐map OSPF‐>EIGRP permit 10
network 10.1.4.4 0.0.0.3 set tag 10
network 10.1.4.8 0.0.0.3 interface Tunnel34
default‐metric 10000 100 255 1 10000 no ip address
no auto‐summary ipv6 address 2026::34:2/122
router ospf 1 ipv6 ospf 6 area 34
router‐id 4.4.4.4 tunnel source 10.1.1.10
log‐adjacency‐changes tunnel destination 10.1.1.9
area 34 nssa interface Serial1/0.34 point‐to‐point
redistribute eigrp 10 subnets route‐map EIGRP‐>OSPF ip address 10.1.1.10 255.255.255.252
network 4.4.4.4 0.0.0.0 area 34 frame‐relay interface‐dlci 403
network 10.1.1.8 0.0.0.3 area 34 interface FastEthernet0/0
ipv6 router ospf 6 ip address 10.1.4.5 255.255.255.252
router‐id 4.4.4.4 ipv6 address 2026::2:1/122
log‐adjacency‐changes ipv6 rip tshoot enable
redistribute connected interface Loopback4
redistribute rip tshoot ip address 4.4.4.4 255.255.255.255
ipv6 router rip tshoot ipv6 address FEC0::4:4/122
redistribute connected ipv6 ospf 6 area 34
redistribute ospf 6 metric 4

R3
router ospf 1 interface Loopback3
router‐id 3.3.3.3 ip address 3.3.3.3 255.255.255.255
log‐adjacency‐changes ipv6 address FEC0::3:3/122
area 34 nssa no‐summary ipv6 ospf 6 area 0
network 3.3.3.3 0.0.0.0 area 0 interface Tunnel34
network 10.1.1.4 0.0.0.3 area 0 no ip address
network 10.1.1.8 0.0.0.3 area 34 ipv6 address 2026::34:1/122
ipv6 router ospf 6 ipv6 ospf 6 area 34
router‐id 3.3.3.3 tunnel source 10.1.1.9
log‐adjacency‐changes tunnel destination 10.1.1.10
interface Serial1/0.23 point‐to‐point
ip address 10.1.1.6 255.255.255.252
ipv6 address 2026::1:2/122
ipv6 ospf 6 area 0
frame‐relay interface‐dlci 302
ip address 10.1.1.9 255.255.255.252

R2
log‐adjacency‐changes ip address 2.2.2.2 255.255.255.255
network 2.2.2.2 0.0.0.0 area 0 ipv6 address FEC0::2:2/122
network 10.1.1.0 0.0.0.3 area 12 ipv6 ospf 6 area 0
network 10.1.1.4 0.0.0.3 area 0 interface Serial1/0.12 point‐to‐point
ipv6 router ospf 6 ip address 10.1.1.2 255.255.255.252
router‐id 2.2.2.2 ip ospf authentication message‐digest
log‐adjacency‐changes ip ospf message‐digest‐key 1 md5 CiscoGuides
ipv6 address 2026::12:2/122
ipv6 ospf 6 area 12
ip address 10.1.1.5 255.255.255.252
ipv6 address 2026::1:1/122
ipv6 ospf 6 area 0

R1

router‐id 1.1.1.1 ip address 1.1.1.1 255.255.255.255
log‐adjacency‐changes ipv6 address FEC0::1:1/122
network 1.1.1.1 0.0.0.0 area 12 ipv6 ospf 6 area 12
network 10.1.1.0 0.0.0.3 area 12 interface Serial1/0.12 point‐to‐point
default‐information originate always ip address 10.1.1.1 255.255.255.252
router bgp 65001 ip nat inside
no synchronization ip ospf authentication message‐digest
bgp log‐neighbor‐changes ip ospf message‐digest‐key 1 md5 CiscoGuides
network 209.65.200.224 mask 255.255.255.252 ipv6 address 2026::12:1/122
neighbor 209.65.200.226 remote‐as 65002 ipv6 ospf 6 area 12
ipv6 router ospf 6 frame‐relay interface‐dlci 102
router‐id 1.1.1.1 interface Serial1/1
log‐adjacency‐changes ip address 209.65.200.225 255.255.255.252
ip access‐list extended edge_security ip access‐group edge_security in
permit ip host 209.65.200.241 any ip nat outside
deny ip 10.2.1.0 0.0.0.255 any
deny ip 10.1.4.0 0.0.0.255 any
deny ip 10.1.1.0 0.0.0.255 any
deny ip host 127.0.0.1 any
permit ip 209.65.200.224 0.0.0.3 any

access‐list 10 permit 10.2.1.0 0.0.0.255

DSW1
spanning‐tree vlan 10 priority 8192
spanning‐tree vlan 200 priority 8192
!
!
!
interface Vlan10
ip address 10.2.1.1 255.255.255.0
ip helper‐address 10.1.4.5
standby 10 ip 10.2.1.254
standby 10 priority 150
standby 10 preempt
standby 10 track 10 decrement 60
router eigrp 10
variance 2
network 10.1.4.4 0.0.0.3
network 10.2.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
network 10.2.4.12 0.0.0.3
network 192.168.1.224 0.0.0.31
no auto‐summary
interface FastEthernet0/1
ip address 10.1.4.6 255.255.255.252
ipv6 address 2026::2:2/122
ipv6 rip tshoot enable
TT3:
Client cant ping the server 209.65.200.241...
Answer:
ASW1
Client 1: # ipconfig IP Address: 169.... ? IP Address: 10.2.1.3 ? Switch to Switch connectivity
No channel 23 give switchport trunk allowed vlan 10,200
Yes
No
TT2: Ping 10.1.1.5 from client
Go to ASW1, do #sh run Ping 10.1.1.6 from client
Answer:
check fa 1/0/1 for No
ASW1
Switchport access vlan 10 Yes Yes
Vlan access No
Switchport access vlan 10
Yes
R4: #sh run
Look for „ Router eigrp „
TT4: AS number is 1 but needs 10
Answer: Go to ASW1, do #sh run
ASW1 check fa 1/0/1 for
Port Security Yes fa0/1 is 0000.0000.0000.0001
Fa 1/0/1 – no port security TT5:
and shut / no shut No Answer:
R4
IPV4 EIGRP
Go to DSW1, do #sh run Change EIGRP AS to 10
TT1:
Answer: check for vlan access map
DSW1 Yes Vlan filter for vlan 10 ?
Vlan access map Ping 10.1.1.10 from client R4: #sh run
No vlan filter 10 No Look for „ Router eigrp „
Yes Check route map name
TT6:
Answer:
R4
Route redistribution
Change route‐map EIGRP‐>OSPF
Ping 10.1.1.2 from client Ping 10.1.1.1 from client
No
Yes Yes Ping 209.65.200.241 from client
Should not successfull
R1 and R2 do #sh run Ping 209.65.200.226 from client To verify ping same IP from R1
ip ospf authentication message digest Yes Should successfull
is missing on one of the routers. No Yes
My exam it was R1
Do sh run on R1
Look for access list NAT and check if
TT7: Permit 10.2.0.0 0.0.255.255 is available
Answer:
Yes No
R1 or R2
IPV4 OSPF TT8:
ip ospf authentication message digest Answer:
R1
IPV4 NAT
NAT ACL enter permit 10.2.0.0 0.0.255.255
TT10:
Answer:
R1
IPV4 Layer 3 security
Add permit 209.65.200.224 0.0.0.3 any
TT9:
Answer:
Ping 209.65.200.226 from R1 R1
No BGP
Change neighbor statement
209.56.200.226 to 209.65.200.226
IPV6 loopback of R2 cannot be pinged from DSW1’s loopback ...
Do #sh ipv6 ospf neighbor on R2

Check either R1 or R3 is missing. The interface pointing to the missing neighbor
misses the command #ipv6 ospf 6 are a 0 (when pointing to R3)
Or # ipv6 ospf 6 area 12 (when pointing to R1)

Answer:
R2
IPV6 OSPF
ipv6 ospf 6 are a 0

HSRP: DSW1 does not become active ......

Do #sh run on DSW1 and look the entries
track option 1 10.1..... and
track option 10.2.... (Vlan 10 address space)

Press ESC after it and do sh standby.
You should see that sh standby has command track option 1 decrement 60
Since track 1 is not the correct vlan it must be changed to track 10

Answer:
DSW1
HSRP
delete the command with track 1 and enter the command with track 10
All test takers good luck. Be aware that during my exam for example the EIGRP AS was 16 and not 10 like the “official” topology from CISCO. Also Ips , VLANs
and Portchannels might change. So don't rely on those and keep your eyes open.

Tshoot 642 832: Your Experience Phantom - 99, and Those Who Share This

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Tshoot 642 832: Your Experience Phantom - 99, and Those Who Share This

Enviado por

Direitos autorais:

Formatos disponíveis

Do #sh ipv6 ospf neighbor on R2

Você também pode gostar