RnS TSHOOT CHAPTER 1 (VLAN)
CCNP TSHOOT CHAPTER 1 (VLAN)
1.What are troubleshooting steps for vlan .
Solution:
–>
– show vlan brief
– show int fa0/1
– sh vlan id 100
– sh inter fa0/1 switchport
–>
SW8#sh vlan brief
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4
10 VLAN0010 active
to check witch ports are associated with the VLAN10.
SW8#sh int fa1/0/4
FastEthernet1/0/4 is administratively down, line protocol is down (disabled)
Hardware is Fast Ethernet, address is 000f.f72c.c606 (bia 000f.f72c.c606)
MTU 1504 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
to check port is admin down/ status of line protocol.
SW8#sh vlan id 10
VLAN Name Status Ports
—- ——————————– ——— ——————————-
10 VLAN0010 active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
10 enet 100010 1500 – – – – – 0 0
suppope is we shut down vlan 11 & then take the output:
SW8#sh vlan id 11
VLAN Name Status Ports
—- ——————————– ——— ——————————-
11 VLAN0011 act/lshut
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
11 enet 100011 1500 – – – – – 0 0
it will show status as act/lshut.
SW8#sh interfaces fastEthernet 1/0/1 switchport | ex private|Unknown
Name: Fa1/0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
This will give you handful of information .
RnS TSHOOT CHAPTER 2 (TRUNK)
CCNP TSHOOT CHAPTER 2 (TRUNK)
2. What are the commands to on/off DTP ?
3. List different options to trunk negotiation ?
4. What are different check-list for Trunk troubleshooting ?
Solution:
–>
2. What are the commands to on/off DTP ?
–>
switchport mode access > will off DTP
switchport mode trunk > will on DTP
switchport nonegotiate
Puts the LAN port into permanent trunking mode but prevents
the port from generating DTP frames. You must configure the
neighboring port manually as a trunk port to establish a
trunk link.
3. List different options to trunk negotiation ?
–>
Mode1 Mode2 Trunk
Trunk Acess No
Trunk Trunk Yes
Dynamic desirable Trunk Yes
Dynamic auto D. D Yes
4. What are different check-list for Trunk troubleshooting ?
–>
a. check encapsulation mismatch : ISL vs 802.1Q
b . Native vlan mismatch (check untagged vlan)
c . Any layer 1 issue
d . DTP misconfig (auto — auto ) will not form trunk
e . Check VTP issue ( VTP ver 1 —- VTP ver 2) will not form trunk.
f . # sh inter trunk
# sh int fa0/2 switchport | ex private|unknown
RnS TSHOOT CHAPTER 3 (VTP)
CCNP TSHOOT CHAPTER 3 (VTP)
5. List some important point relates to VTP ?
6. List verification steps of VTP ?
–>
Solution:
5. List some important point relates to VTP ?
–>
1.vtp versions are not compatible: ver1,2,3.
2.vtp need trunk to replicate vlans.
3.if you want to reset the configuration revision number change the domain.
CR will reset to 0 , then u can change the doamin as your original domain.
4.vtp transparent mode does not replicate vlan information , because its
CR value is always zero.
5. VTP domain-name must be same.
6. VTP rewrites vlan information according to its highest C R number.
6. List verification steps of VTP ?
—>
1. sh vtp status
2. sh vtp password
3. sh interface fa0/5 switchport | ex private|Unknow
4. sh cdp neighbour
SW1#sh vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : cisco
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0015.6264.3300
Configuration last modified by 0.0.0.0 at 3-1-93 00:53:51
Feature VLAN:
————–
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs : 7
Configuration Revision : 0
MD5 digest : 0x50 0x10 0x84 0x08 0x73 0x6A 0x6B 0x40
0x65 0x5A 0x0D 0x68 0x19 0x17 0x94 0x6B
SW1#sh vtp password
VTP Password: cisco
SW1#sh cdp neig
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone,
D – Remote, C – CVTA, M – Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
RnS TSHOOT CHAPTER 4 (STP)
CCNP TSHOOT CHAPTER 4 (STP)
7. List Spanning-tree Troubleshoot steps .
–>
Solution:
sh spanning-tree vlan 10
sh spanning-tree vlan 10 bridge
sh spanning-tree vlan 10 root
sh spanning-tree vlan 10 summary
sh spanning-tree vlan 10 brief
R1#sh spanning-tree vlan 10
VLAN10 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address c000.213c.0001
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 2 last change occurred 00:22:12 ago
from FastEthernet1/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 42 (FastEthernet1/1) of VLAN10 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.42.
Designated root has priority 32768, address c000.213c.0001
Designated bridge has priority 32768, address c000.213c.0001
Designated port id is 128.42, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 705, received 5
Port 43 (FastEthernet1/2) of VLAN10 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.43.
Designated root has priority 32768, address c000.213c.0001
Designated bridge has priority 32768, address c000.213c.0001
Designated port id is 128.43, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 703, received 2
R1#sh spanning-tree vlan 10 bridge
Bridge ID Priority 32768
Address c000.213c.0001
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
R1#sh spanning-tree vlan 10 root
Root ID Priority 32768
Address c000.213c.0001
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
R1#sh spanning-tree vlan 10 summary
Root bridge for VLAN10 is this bridge.
PortFast BPDU Guard is disabled
UplinkFast is disabled
BackboneFast is disabled
Name Blocking Listening Learning Forwarding STP Active
——————– ——– ——— ——– ———- ———-
VLAN10 0 0 0 2 2
R1#sh spanning-tree vlan 10 brief
VLAN10
Spanning tree enabled protocol ieee
Root ID Priority 32768
Address c000.213c.0001
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address c000.213c.0001
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
——————– ——- —- —– — —– ——————– ——-
FastEthernet1/1 128.42 128 19 FWD 0 32768 c000.213c.0001 128.42
FastEthernet1/2 128.43 128 19 FWD 0 32768 c000.213c.0001 128.43
RnS TSHOOT CHAPTER 5 (MST)
CCNP TSHOOT CHAPTER 5 (MST)
8. What are the configuration & verification steps of MST ?
9. What are the troubleshoot steps of MST ?
–>
Solution:
8. What are the configuration & verification steps of MST ?
–>
Spanning-tree mst configuration
name RAT1
revision 1234
instance 1 vlan 11-20
instance 2 vlan 21-40
# sh spanning-tree mst 1
# sh spanning-tree mst 0 (for all the vlans that are not part of other configured mst
they come in this part )
! make sw2 as root
)# spanning-tree mst 1 root primary
9. What are the troubleshoot steps of MST ?
–>
Tshoot steps:
1. verify same region/revision/version
2. instance mapping vlans must be the same
we can change the eleciotn process:
spanning-tree mst 2 port-priority 64
RnS TSHOOT CHAPTER 6 (ETHERCHANNEL)
RnS TSHOOT CHAPTER 6 (ETHERCHANNEL)
10. What are the configuration steps to make etherchannel ?
11. What are the troubleshooting steps of etherchannel ?
–>
Solution:
10. What are the configuration steps to make etherchannel ?
–>
! Mirror configuration on both sides of switches
!
default intetface range fa0/1 – 6
interface range fa0/1 – 6
shutdown
!
do sh int status | in disable
!
switchport trunk encapsulation dot11q
switchport mode trunk
switchport trunk allowed vlan 10,20,30
channel-group 1 mode active
no shut
!
do debug etherchannel
! look at the status
show inter status | in trunk
sh int p01 switchport
!
! see the interfaces in bundle
!
sh etherchannel summary
sh interface trunk
sh spanning-tree vlan 10
!
! no blocking for sw1 & sw2 , for spanning tree perspective:
# sh etherchannel load-balance
( src-mac) by default
! use the command “port-channel load-balance ” to change the default behaviour
! not working etherchannel
11. What are the troubleshooting steps of etherchannel ?
–>
check on both the switches
1. physical layer is working :
show cdp neighbors
2. show etherchannel summary : po1(SD) in down state
3. sh inter po1 switchport ( operationally down)
4. may be switches uses different protocol like pagp & lacp
sh run | in FashEthernet|channel-group
! remove the auto-created po1 int
int range fa0/1- 6
shut
channel-group 1 mode active
no shut
# sh etherchannel summary (now it is working)
some more commands:
sh int po1 switchport | ex private-vlan|Unknow
sh interface trunk
Note: but in other switch it only forward 10,20 vlans instead of 10,20,30
lacp allow this misconfiguration. we have to correct this
int por 1
swi trunk allowed vlan add 20
!
now it will work
!
do sh int trunk
!
so all the commands that is in po1 they have inherited on physical interface.
RnS TSHOOT CHAPTER 7 (EIGRP ADj)
CCNP TSHOOT CHAPTER 7 (EIGRP ADj)
12. What are the possible issues for Eigrp adj formatoin ?
13. What are common issues to build eigrp routes ?
–>
Solution:
1. Network Properly not configured.
!
sh ip protocols
!
2. AS-number must match.
3. By default it uses multicast , to stop multicast we can use neighbour commad.
! neighbour 10.0.0.55 s0/1
4. Authentication issues
!
# sh run int s1/0 | in authen
sh key chain
!
5. K-values must match.
6. Check passive interface plus L1/L2/L3 issues
7. Eigrp Masks and timers “do not” have to always be an exact match.
sh ip eig interface
sh ip protocols
sh ip eigrp neigh
show interfa s1/0 | in Encapsulation|Internet address
8. for slow links eigrp send hellos after 60 sec in fast link it send pkt after 5 secs.
13. What are common issues to build eigrp routes ?
–>
1. First check the adjacency table : with show ip eigrp neighbour command
2. Is Distribute list blocking any route.
3. Check auto-summary command.
4. Is any eigrp stub is configured .
5. Check in the network same Router-id is configured.
Check outputs in case of eigrp :
1.1.1.1(L1)—R1(10.1.1.1/24)—————–10.1.1.2/24(R2)—-2.2.2.2(L1)
R1
!
!
hostname R1
!
!
key chain RAT
key 1
key-string cisco
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip authentication mode eigrp 10 md5
ip authentication key-chain eigrp 10 RAT
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 10
network 1.0.0.0
network 10.0.0.0
no auto-summary
!
end
!
hostname R2
!
key chain RAT
key 1
key-string cisco
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
ip authentication mode eigrp 10 md5
ip authentication key-chain eigrp 10 RAT
duplex auto
speed auto
!
router eigrp 10
network 2.0.0.0
network 10.0.0.0
no auto-summary
!
—————– OUTPUTs
R2#sh ip protocols
Routing Protocol is “eigrp 10”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 10
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
2.0.0.0
10.0.0.0
Routing Information Sources:
Gateway Distance Last Update
10.1.1.1 90 00:02:21
Distance: internal 90 external 170
R2#sh run int fa0/0 | in authentication
ip authentication mode eigrp 10 md5
ip authentication key-chain eigrp 10 RAT
R2#sh key chain
Key-chain RAT:
key 1 — text “cisco”
accept lifetime (always valid) – (always valid) [valid now]
send lifetime (always valid) – (always valid) [valid now]
R2#sh ip eigrp interface
IP-EIGRP interfaces for process 10
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Lo1 0 0/0 0 0/1 0 0
Fa0/0 1 0/0 56 0/2 276 0
R2#sh ip eigrp neighbor
IP-EIGRP neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.1.1.1 Fa0/0 12 00:04:03 56 336 0 8
R2#sh interfaces fa0/0 | in Encapsulation|Internet address
Internet address is 10.1.1.2/24
Encapsulation ARPA, loopback not set
CCNP TSHOOT CHAPTER 8 (OSPF)
14. To form full ospf adjacency which attributes of ospf must match ?
15. List out ospf verification commands .
16. List out all points if ospf routes are not installed in routing table.
Solution:
14. To form full ospf adjacency which attributes of ospf must match ?
–>
1. Subnet/Mask (except for P2P or Virtual link)
2. Area
3. Timers
4. Different Router IDs
5. Flags (Stub , NSSA)
6. MTU
7. Authentication type ( 0-null ,1-pliantext ,2-MD5)
8. Compatible Network Types ( To DR or not to DR)
15. List out ospf verification commands .
–>
#sh ip ospf | be area 1
# sh ip ospf int brief
# sh ip ospf neighbor
R1#sh ip ospf | be Area
Area BACKBONE(0)
Number of interfaces in this area is 2 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:00:54.308 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 4. Checksum Sum 0x01D6C0
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R1#sh ip ospf interface brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo1 1 0 1.1.1.1/32 1 LOOP 0/0
Fa0/0 1 0 10.1.1.1/24 10 DR 2/2
R1#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/BDR 00:00:38 10.1.1.3 FastEthernet0/0
4.4.4.4 1 FULL/DROTHER 00:00:32 10.1.1.4 FastEthernet0/0
16. List out all points if ospf routes are not installed in routing table.
–>
1. Interface shut down.
2. Missing network/interface statements.
3. Incorrect redistribution.
4. Distribute lists/filters
5. Network types between neighbors.
6. Improper network design.
7. Summarization (Stub, manual summary)
R1#sh ip ospf database self-originate
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 196 0x80000002 0x008071 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.1.1.1 1.1.1.1 143 0x80000002 0x00A55E
R1#sh ip ospf database router 1.1.1.1
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
LS age: 222
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 1.1.1.1
Advertising Router: 1.1.1.1
LS Seq Number: 80000002
Checksum: 0x8071
Length: 48
Number of Links: 2
Link connected to: a Stub Network
(Link ID) Network/subnet number: 1.1.1.1
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.1.1.1
(Link Data) Router Interface address: 10.1.1.1
Number of TOS metrics: 0
TOS 0 Metrics: 10
R1#sh ip route 3.3.3.3
Routing entry for 3.3.3.3/32
Known via “ospf 1”, distance 110, metric 11, type intra area
Last update from 10.1.1.3 on FastEthernet0/0, 00:05:55 ago
Routing Descriptor Blocks:
* 10.1.1.3, from 3.3.3.3, 00:05:55 ago, via FastEthernet0/0
Route metric is 11, traffic share count is 1
RnS TSHOOT CHAPTER 9 (BGP)
CCNP TSHOOT CHAPTER 9 (BGP)
17. What are the problems to not form BGP neighbour relationship ?
18. Write down bgp verification commands.
17. What are the problems to not form BGP neighbour relationship ?
Solution:
–>
1. Unreachable next-hop .
2. Wrong AS-number .
3. Wrong neighbour command .
4. Wrong update-source.
5. Wrong use of ebgp-multihop .
6. MD5 authentication .
7. Any filtering device between routers.(like firewall)
commands:
access-list BGPMD5 permit tcp host 2.2.2.2 host 3.3.3.3 eq bgp
access-list BGPMD5 permit tcp host 3.3.3.3 eq bgp host 2.2.2.2
class-map BGPMD5CLASSMAP
match access-list BGPMD5
!
tcp-map BGPMD5OPTION
tcp-options range 19 19 allow
!
policy-map global_policy
class BGPMD5CLASSMAP
set connection random-sequence-number disable
set connection advanced-options BGPMD5OPTION
!
18. Write down bgp verification commands.
–>
sh ip bgp neighbors 3.3.3.3
sh ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 2, main routing table version 2
1 network entries using 117 bytes of memory
1 path entries using 52 bytes of memory
2/1 BGP path/bestpath attribute entries using 248 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 417 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 100 7 8 2 0 0 00:04:21 0
10.1.1.4 4 200 7 8 2 0 0 00:04:39 0
RnS TSHOOT CHAPTER 10(POLICY BASED ROUTING & GRE)
CCNP TSHOOT CHAPTER 10(POLICY BASED ROUTING & GRE)
19. What is PBR ?
20. What are verification steps of PBR ?
21. What are the troubleshooting steps of GRE ?
—>
Solution:
19. What is PBR ?
PBR is feature for transit router:
local PBR , can be used for local policy based router.
set ip next-hop will set the next hop with respect to
route-map not with respect to routing table.
20. What are verification steps of PBR ?
Let us see the output:
R1#sh route-map
route-map POL, permit, sequence 10
Match clauses:
ip address (access-lists): f2221
Set clauses:
ip next-hop 10.1.13.3
Policy routing matches: 3 packets, 96 bytes
route-map POL, permit, sequence 20
Match clauses:
ip address (access-lists): f2222
Set clauses:
ip next-hop 10.1.14.4
Policy routing matches: 27 packets, 864 bytes
—->
1.may be wrong acess-list :
2.wrong route-map
3.wrong next-hop or wrong next interface:
21. What are the troubleshooting steps of GRE ?
–>
1. Incorrect configuration.
2. No route to tunnel destination.
3. Interface source of tunnel is down.
4. Route to tunnel destination is through tunnel.
5. Other challenges : MTU, Fragmentation, Qos.