PROYECTOFINAL

CCNP TSHOOT LABORATORIO DE TICKETS

Universidad Galileo
Ivan Estuardo Echeverria Catalán
INDICE
CARATULA ........................................................................................................................................... 0
Ticket 1 – OSPF Authentication ........................................................................................................... 2
Ticket 2 – HSRP Track .......................................................................................................................... 3
Ticket 3 – BGP Neighbor...................................................................................................................... 4
Ticket 4 – NAT ACL .............................................................................................................................. 5
Ticket 5 – ACL ...................................................................................................................................... 6
Ticket 6 – VLAN filter ........................................................................................................................... 7
Ticket 7 – Port Security ....................................................................................................................... 8
Ticket 8 – Switchport VLAN 10 ............................................................................................................ 9
Ticket 9 – Switchport trunk ............................................................................................................... 10
Ticket 10 – OSPF to EIGRP ................................................................................................................. 11
Ticket 12 – DHCP Range .................................................................................................................... 12
Ticket 13 – EIGRP Passive Interface .................................................................................................. 13
Ticket 14 – EIGRP Passive Interface .................................................................................................. 13
Ticket 15 – IPv6 GRE Tunnel .............................................................................................................. 14
Ticket 1 – OSPF Authentication
1.Client is unable to ping R1’s serial interface from the client.

client 1 have ip address 10.x.x.x

R1 ping 209.65.200.241 working

R2 ping 209.65.200.241 not working
R3 ping 209.65.200.241 not working
R4 ping 209.65.200.241 not working

Configuración R1:

interface Serial0/0/0/0
description Link to R2
ip address 10.1.1.1 255.255.255.252
ip nat inside
encapsulation frame-relay
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf network point-to-point
!
router ospf 1
log-adjacency-changes
area 12 authentication message-digest
default-information originate always
!

Configuración de of R2:
interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TSHOOT
!

Respuesta: agregar el siguiente commando a R1 “ip ospf authentication message-digest”

Respuesta 1) R1
Respuesta 2) IPv4 OSPF Routing
Respuesta 3) Enable OSPF authentication on the s0/0/0 interface using the “ip ospf
authentication message-digest” command.
Ticket 2 – HSRP Track
HSRP was configured on DSW1 & DSW2. DSW1 is configured to be active but it does not
become active.

Configuración de of DSW1:

track 1 ip route 10.1.21.128 255.255.0.0 metric threshold

threshold metric up 1 down 2
!
track 10 ip route 10.2.21.128 255.255.255.0 metric threshold
threshold metric up 63 down 64
!

interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60

Respuesta: (utilizar IPv4 Layer 3 Topology)

En DSW1 vlan 10 agregar los siguientes comandos:

no standby 10 track 1 decrement 60
standby 10 track 10 decrement 60

Respuesta 1) DSW1
Respuesta 2) HSRP
Respuesta 3) borrar el commando con track 1 e ingresar el commando con track 10
(standby 10 track 10 decrement 60).
Ticket 3 – BGP Neighbor
client 1 have ip address 10.x.x.x

R1 ping 209.65.200.241 not working

R2 ping 209.65.200.241 not working
R3 ping 209.65.200.241 not working
R4 ping 209.65.200.241 not working

Problem: Client 1 is able to ping 209.65.200.226 but can’t ping the Web Server
209.65.200.241.

Configuración de of R1:
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.56.200.226 remote-as 65002
no auto-summary

Verificar BGP: show ip bgp summary

The neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4
Layer 3)

Respuesta: realizer un cambio en el mode del R1 neighbor 209.65.200.226

Respuesta 1) R1
Respuesta 2) BGP
Respuesta 3) corregir la direccion del vecino en R1. (change “neighbor 209.56.200.226
remote-as 65002″ to “neighbor 209.65.200.226 remote-as 65002″)
Ticket 4 – NAT ACL
client 1 have ip address 10.x.x.x

R1 ping 209.65.200.241 working

R2 ping 209.65.200.241 working
R3 ping 209.65.200.241 working
R4 ping 209.65.200.241 working

Client 1 & 2 are not able to ping the web server 209.65.200.241, but all the routers &
DSW1,2 can ping the server.

NAT problem. (use ipv4 Layer 3)

problem on R1 Nat acl

Configuración de of R1
ip nat inside source list nat_pool interface s0/0/0/1 overload

ip access-list standard nat_pool

permit 10.1.0.0
!
interface serial0/0/0/1
ip address 209.65.200.225 255.255.255.252
ip nat outside
!
interface Serial0/0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

Respuesta: agregar acl y permitir la ip 10.2.1.0 0.0.0.255

Respuesta 1) R1
Respuesta 2) ip NAT
Respuesta 3) agregar el comanto permit 10.2.0.0 al nat_pool access-list
Ticket 5 – ACL
client 1 have ip address 10.x.x.x

R1 ping 209.65.200.241 working

R2 ping 209.65.200.241 working
R3 ping 209.65.200.241 working
R4 ping 209.65.200.241 working

Client is not able to ping the server. Except for R1, no one else can ping the server. (use
ipv4 Layer 3)

Problem:on R1 acl blocking ip

Configuración de R1

interface Serial0/0/0/1
description Link to ISP
ip address 209.65.200.224 255.255.255.252
ip nat outside

ip access-group edge_security in
!

ip access-list extended edge_security

deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny 127.0.0.0 0.255.255.255 any
permit ip host 209.65.200.241 any
!

Respuesta: agregar permit ip 209.65.200.224 0.0.0.3 a ACL de R1

Respuesta 1) R1
Respuesta 2) IP Access list
Respuesta 3) En la lista de acceso de IP, configuración de seguridad de borde extendida
agregue el permiso ip 209.65.200.224 0.0.0.3
Ticket 6 – VLAN filter
client 1 have ip address 10.x.x.x

DSW1 ping 209.65.200.241 not working

R4 ping 209.65.200.241 not working

Client 1 is getting the correct IP address from DHCP but Client 1 is not able to ping the
server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3
Configuración de DSW1
vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

Respuesta 1) DSW1
Respuesta 2) VLAN ACL/Port ACL
Respuesta 3) en el modo de Configuración global agregar el comando no vlan filter test1
vlan-list 10.
Ticket 7 – Port Security
client 1 have ip address 169.x.x.x

ASW1 USING THE SHOW COMMAND

-show interface fa1/0/1

Client 1 is getting a 169.x.x.x IP address & is unable to ping Client 2 as well as DSW1. The
command ‘sh interfaces fa1/0/1′ will show following message in the first line
‘FastEthernet1/0/1 is down, line protocol is down (err-disabled)’

On ASW1 port-security mac 0000.0000.0001, interface in err-disable state

Configuración de of ASW1
interface fa1/0/1
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001

Respuesta: eliminar la Configuración de port security en ASW1 apagar y encender de

nuevo la interfaz.

Respuesta 1) ASW1
Respuesta 2) Port security
Respuesta 3) en el modo de Configuración global utilizar el rango Fa1/0/1 – 2, deshabilitar
port security y realizar un shutdown no shutdown en las interfaces.
Ticket 8 – Switchport VLAN 10
client 1 have ip address 169.x.x.x

Client 1 & 2 are getting 169.x.x.x ip addresses and can’t ping DSW1 or FTP Server but
they are able to ping each other.

Situation: in port channel Configuración de of ASW1 vlan 10 is not allowed. (Use L2

Diagram)
Configuración de ASW1
interface FastEthernet1/0/1
switchport mode access
switchport access vlan 1
!
interface FastEthernet1/0/2
switchport mode access
switchport access vlan 1

Respuesta: realizar en ASW1 el cambio de acceso a la vlan 1 para la vlan 10

Respuesta 1) ASW1
Respuesta 2) Vlan
Respuesta 3) Ingresar el siguiente commando: interface range fa1/0/1-/2 luego switchport
access vlan 10.
Ticket 9 – Switchport trunk
Client 1 is getting 169.x.x.x ip address.

Client 1 & 2 can ping each other but they are unable to ping DSW1 or FTP Server (Use
L2/3 Diagram)
Configuración de of ASW1
interface PortChannel13
switchport mode trunk
switchport trunk allowed vlan 1-9
!
interface PortChannel23
switchport mode trunk
switchport trunk allowed vlan 1-9
!
interface FastEthernet1/0/1
switchport mode access
switchport access vlan 10
!
interface FastEthernet1/0/2
switchport mode access
switchport access vlan 10

Respuesta: deshabilitar todas las vlans y configurara como truncal permitiendo las vlan 10
y 200 en los port channel 13, 23

Respuesta 1) ASW1
Respuesta 2) Conectividad de Switch a switch
Respuesta 3)

int range portchannel13,portchannel23

switchport trunk allowed vlan none
switchport trunk allowed vlan 10,200
Ticket 10 – OSPF to EIGRP
Client 1 is getting 10.x.x.x ip address.

DSW1 ping 209.65.200.241 not working

R4 ping 209.65.200.241 not working

Client 1 is not able to ping the Webserver

DSW1 can ping fa0/1 of R4. However clients and DSW1 can’t ping R4′s S0/0/0/0.34
interface (10.1.1.10)

On R4 in router eigrp:
router eigrp 10
network 10.1.4.5 0.0.0.0
no auto-summary
redistribute ospf 1 metric 100 10 255 1 1500 route-map OSPF_to_EIGRP
!
router ospf 1
network 10.1.1.8 0.0.0.0 area 34
redistribute eigrp 10 subnets
!

route-map OSPF->EIGRP
match ip address 1

Respuesta: cambio en el enrutador eigrp nombre del mapa del enrutador

Respuesta 1) R4
Respuesta 2) IPv4 Route Redistribution
Respuesta 3) En el proceso EIGRP, elimine el comando redistribuir ospf 1 route-map
OSPF_to_EIGRP e ingrese el comando redistribuir ospf 1 route-map OSPF-> EIGRP.

Ticket 11 – IPv6 OSPF

DSW1 & R4 can’t ping R2′s loopback interface or s0/0/0/0.12 IPv6 address.
R2 is not an OSPFv3 neighbor on R3
Situation: ipv6 ospf was not enabled on R2’s serial interface connecting to R3. (use ipv6
Layer 3)

Configuración de of R2
ipv6 router ospf 6
router-id 2.2.2.2
!
interface s0/0/0/0.23
ipv6 address 2026::1:1/122

Configuración de of R3
ipv6 router ospf 6
router-id 3.3.3.3
!
interface s0/0/0/0.23
ipv6 address 2026::1:2/122
ipv6 ospf 6 area 0

Respuesta:

En la interfaz s0/0/0/0.23 de R2 agregar el siguiente comando:

ipv6 ospf 6 area 12

Respuesta 1) R2
Respuesta 2) IPv6 OSPF Routing
Respuesta 3) en la interfaz serial de R2, ingresar el comando ipv6 ospf 6 area 0

Ticket 12 – DHCP Range

Client 1 is getting 169.x.x.x ip address.

In this ticket, check the IP on Client1, if it gets 169.x.x.x then use the “show run” command
on R4. If you see the “ip dhcp exclude 10.2.1.1-1.10.2.1.253″ then the DHCP range has
been misconfigured.

Configuración de R4:

!
ip dhcp excluded-address 10.2.1.1 10.2.1.253
!

Respuesta 1) R4
Respuesta 2) IP DHCP Server
Respuesta 3) en R4 eliminar ip dhcp excluded-address 10.2.1.1 10.2.1.253 y aplicar ip dhcp
excluded-address 10.2.1.1 10.2.1.2
Ticket 13 – EIGRP Passive Interface
R4 using - show runing-config

the neighborship between R4 and DSW1 wasn’t establised. Client 1 can’t ping R4

Configuración de R4:
router eigrp 10
passive-interface default
redistribute ospf 1 route-map OSPF->EIGRP
network 10.1.4.4 0.0.0.3
network 10.1.4.8 0.0.0.3
default-metric 10000 100 255 1 10000
no auto-summary

Respuesta 1) R4
Respuesta 2) IPv4 EIGRP Routing
Respuesta 3) ingresar el comando no passive interface para las interfaces conectadas a D

Ticket 14 – EIGRP Passive Interface

the neighborship between R4 and DSW1 wasn’t establised. Client 1 can’t ping R4

Configuración de R4:
router eigrp 10
passive-interface default
redistribute ospf 1 route-map OSPF->EIGRP
network 10.1.4.4 0.0.0.3
network 10.1.4.8 0.0.0.3
network 10.1.21.128 0.0.0.3
default-metric 10000 100 255 1 10000
no auto-summary

Respuesta 1) R4
Respuesta 2) IPv4 EIGRP Routing
Respuesta 3) ingresar el comando no passive interface a las interfaces conectadas a DSW1
por EIGRP incluir el comando “network 10.1.21.128 0.0.0.3” para la inyección de la red.
Ticket 15 – IPv6 GRE Tunnel
Problem: Loopback address on R1 (2026::111:1) is not able to ping the loopback address
on DSW2 (2026::102:1).

Configuración de R3:
!
interface Tunnel34
no ip address
ipv6 address 2026::34:1/122
ipv6 enable
ipv6 ospf 6 area 34
tunnel source Serial0/0/0.34
tunnel destination 10.1.1.10
tunnel mode ipv6
!

Configuración de R4:
interface Tunnel34
no ip address
ipv6 address 2026::34:2/122
ipv6 enable
ipv6 ospf 6 area 34
tunnel source Serial0/0/0
tunnel destination 10.1.1.9
!

Respuesta 1) R3
Respuesta 2) interoperabilidad Ipv4 entre Ipv6
Respuesta 3) Debajo de la interfaz Tunnel34, quite el comando 'tunnel mode ipv6'