CCNPv7 TSHOOT Lab10-2 Sandbox Instructor

CCNPv7 TSHOOT
Chapter 10 Lab 10-2, Sandbox Instructor Version

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Lab Topology
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 198
CCNPv7 TSHOOT Lab 10-2, Sandbox
Overlay Topology
Objectives
 Load the device configuration files for each trouble ticket.
 Diagnose and resolve problems related to features, protocols, or technology that could be encountered in
a complex, integrated enterprise network.
 Document the troubleshooting progress, configuration changes, and problem resolution.
 Practice a representative sample of major technologies in routing and switching to prepare for the final
skills assessment.
Background
This lab covers a range of problems and requires that you make use of the troubleshooting skills acquired
throughout this course to resolve the routing and switching problems introduced. These trouble tickets may
involve technologies from any ROUTE or SWITCH lab. But the focus is on connectivity issues related to
RIPng, RIPv2, GRE, DHCPv4/6, HSRP, MST, VTPv3, OSPFv3, Named EIGRP, MP-BGP, VRF, prefix lists,
distribute lists, offset lists, route maps, the distance command, redistribution, EEM applets, tracking with
ICMPv4 echo SLAs, tracking with IPv6 TCP SLAs, and tracking lists of objects with Boolean expressions.
For each task or trouble ticket, the trouble scenario and problem symptom are described. While
troubleshooting, you will discover the cause of the problem, correct it, and then document the process and
results.
Trouble Tickets and Troubleshooting Logs

This lab includes three tasks. Each task is associated with a trouble ticket (TT) and introduces one or more
errors on one or more devices. If time is a consideration, each task or trouble ticket can be performed
independently.
Instructor note: A variation on the step-by-step solution and validation procedure of earlier labs is used in
TT-A to accommodate the task. A list of useful commands is provided in context. Solutions and discussions
are included in the debrief for each TT. Students are expected to use the commands and troubleshooting
procedures introduced in previous labs to diagnose the problems in this lab.
Note: This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services and
LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates dual-
ipv4-and-ipv6 routing and lanbase-routing, respectively. Depending on the router or switch model and
Cisco IOS Software version, the commands available and output produced might vary from what is shown in
this lab. Any changes made to the baseline configurations or topology (other than errors introduced) are noted
in the trouble ticket so that you are aware of them prior to beginning the troubleshooting process.
Instructor Notes:
 The lab topology should be pre-built prior to the students starting the lab. Ensure that all switches and
routers (ALS1, DLS1, DLS2, R1, R2, and R3) have the course lab configuration files installed in flash
memory. These can be downloaded from NetSpace. The device configurations for all devices are
included at the end of this lab, either directly or by reference to the first trouble ticket, TT-A. The
configuration sequence for ALS1 can be copied into a text file using the naming convention Labxy-
ALS1-TT-z-Cfg.txt where x is the chapter number, y is the lab number within the chapter, and z
is the upper case letter indicating the particular trouble ticket in the lab; similarly for DLS1, DLS2, R1,
R2, and R3.
 The device configurations that contain trouble ticket errors are included at the end of the lab, and the
errors in them are identified.
 All device configurations are provided for TT-A. The configurations provided here are not running-
config outputs, but rather sequences of commands that generate running-config files.
 Device configurations can be used by instructors for cut-and-paste for TT-A and subsequent tickets –
use a terminal emulator line delay of at least 100 ms if pasting configurations directly into global
configuration mode on a device. Some systems may actually require 200 ms.
 Where a configuration is noted as being the same as a previous one, the only change is in the
MOTD, which identifies the Lab and TT.
 Each device should have a directory named “tshoot” in flash. This directory should contain the
baseline configuration file for that device as well as configuration files for all labs in this course.
 Instructors can use a TFTP server, a USB drive, or a flash memory card as source, and use the copy
or archive tar command to copy all course configuration files into the flash:/tshoot directory for
each device in the topology.
 For this lab and subsequent labs, the student is responsible for loading the baseline or trouble ticket
configurations using the procedure described in the BASE Lab.
 Set the correct time on R2, which serves as the primary NTP server for the lab network. These labs
use Pacific Time Zone, but each site should use their own time zone.
 If time is an issue, each task (trouble ticket) can be performed independently.
 Students can work individually or as a team.
 While the narrative describes the Overlay Topology from the business history, pedagogically it is
introduced to provide practice with the use of tunnels in routing and switching with IPv4 and IPv6.
Required Resources
 3 routers (Cisco IOS Release 15.4 or comparable)
 2 multilayer switches and 1 access layer switch (Cisco IOS Release 15.0(2) or comparable with Fast
Ethernet interfaces)
 SRV1 (PC with static IP address): Windows 7 with RADIUS, TFTP, and syslog servers, plus an SSH
client, SNMP monitor, and WireShark software
 PC-B (DHCP client): Windows 7 with SSH client and WireShark software
 PC-C (DHCP client): Windows 7 with SSH client and WireShark software
 Serial and Ethernet cables, as shown in the topology
Instructor Notes:
 This lab is divided into multiple tasks. Each task is associated with a trouble ticket (TT) and
introduces zero or more errors on one or more devices.
 Suggested actions and results presented during the troubleshooting process for each TT can be
shared with the students during debrief or copies of the instructor version of the lab can be made
available to the students to assist them in verifying their work.
Task 1: Verify Routing Tables for Lab 10-2 TT-A

Instructor note: This trouble ticket involves checking that the routing tables are consistent with the ones provided
in Step 7 and verifying seven failover scenarios.
Step 1: Review trouble ticket Lab 10-2 TT-A.

The Sandbox company is a franchisee of Sand Beach corporation. The Sandbox company never got off the
ground due to an unexpected failure in the owner’s creative financing arrangement. The Sand Beach
franchisor initiated a corporate downsizing, which forced two other franchisees in the region to close their
Sand Beach locations. The two owners of these identically constructed Sand Beach locations exercised a
concession offered by the franchisor to consolidate and acquire the Sandbox franchisee.
The owners of the consolidated Sandbox company quickly drafted a transition agreement. The two CIOs were
convinced that the consolidation would result in one of them being let go unless they worked together to
ensure that both were integral to the success of the company. They managed to convince the owners to
include language in the transition agreement which specifies that Sandbox will initially replicate the familiar
network environments associated with the two franchisees’ original locations. The owners signed off on the
transition agreement.
The CIOs drew up the network design for Sandbox, which ensured their job security for the foreseeable
future. The CIOs put their network engineers to work implementing the network design. The outcome is a
complex network, including an overlay of a RIPv2/RIPng implementation with a GRE tunnel on top of an
underlying topology based on OSPF, EIGRP, and multihomed MP-BGP.
The “Lab Topology” is the fully functional topology of one franchisee, involving a multihomed MP-BGP
implementation. The “Overlay Topology” is the fully functional topology of the other franchisee, involving an
integrated, relatively simple, in-house implementation of RIPv2 and RIPng in a singular routing domain. The
two CIOs integrated their respective topologies in a lengthy process, working together to provide a robust,
resilient (and convoluted) network for Sandbox. The resulting implementation is designed so that removing
the RIPv2, RIPng, GRE tunnel, EEM applets, and the secondary serial subinterface configurations reduces
the network to the Lab Topology. The franchisee owners and CIOs have invested enough time and effort with
the network consolidation, and need to focus on business operations.
Lab Note: VRF_A and VRF_B are two VRFs configured on R2. This enables R2 to represent two
independent ISPs, AS65502 and AS65503. These ISPs also connect to the Internet, which is represented
by the global routing table of R2. To reiterate, R2 has a VRF_A routing table, a VRF_B routing table, and
a global routing table, which represent independent networks. It is common with VRF implementations to
have overlapping IP address spaces, where each VRF is associated with a different company. The
VRF_A routing tables are displayed by entering entering show ip route vrf VPN_A and show
ipv6 route vrf VPN_A on R2. The VRF_B routing tables are displayed by entering entering show
ip route vrf VPN_B and show ipv6 route vrf VPN_B on R2. The global routing table
represents a globally unique address space associated with the Internet. Technically, the global routing
tables in this lab are the ones displayed by entering show ip route and show ipv6 route on R2
while the G0/0 interface is shut down; but much of the lab is performed with the G0/0 interface up,
allowing for the injection of VRF routes from the topology into the global routing table of R2 via RIPv2,
RIPng, and EIGRP (inter-VRF routing is normally configured explicitly, and carefully, by the service
provider to effect a specific result, but here inter-VRF routing occurs implicitly).
The network documentation and testing are incomplete and the Sandbox launch is imminent. To help
Sandbox launch on schedule, you have been contracted. Your job is to ensure the consolidated network is
fully functional under any scenario involving two or less failed service provider links. The service provider
gigabit link on R2 connecting to the Sandbox access layer switch is only available on an interim basis, as a
favor from the previous owner – why it links into Sandbox at the access layer and why your company provides
dynamic addressing for the associated R2 interface is a story for another day. In any case, your first task is to
verify full IPv4 and IPv6 network functionality for Scenario 1 of Table 1 (all interfaces are up), and then
document the IPv4 and IPv6 network functionality for Scenarios 2 through 7.
Table 1: R2 Line Protocol States
Scenario 1 S0/0/0 up S0/0/1 up G0/0 up
Scenario 2 S0/0/0 down S0/0/1 up G0/0 up
Scenario 3 S0/0/0 up S0/0/1 down G0/0 up
Scenario 4 S0/0/0 down S0/0/1 down G0/0 up
Scenario 5 S0/0/0 up S0/0/1 up G0/0 down
Scenario 6 S0/0/0 down S0/0/1 up G0/0 down
Scenario 7 S0/0/0 up S0/0/1 down G0/0 down
The CIOs have provided you with a list of routing table outputs for you to validate against as you familiarize
yourself with the Sandbox topology and document your findings. Any errors introduced in the network
implementation are inadvertent. The CIOs give you explicit instructions that you are not to make changes to
the device configurations during this phase of preparing the Sandbox network for the grand opening.
Lab Notes:
 Back-to-back Frame Relay configurations are used on the serial links in order to provide two parallel
point-to-point connections for each of the R2-R1 and R2-R3 serial links. No configuration or
troubleshooting of Frame Relay is required.
 The VRF configuration on R2 is designed to simulate a multi-homed BGP environment. No
configuration or troubleshooting of VRF is required. However, to verify the routing tables of the
simulated service providers, the VRF versions of the associated traditional IOS commands are used.
 There is no inter-VRF routing (route leaking) configured on R2, so the VRF_A, VRF_B, and global
routing tables on R2 are actually independent.
 IPv4 is the BGP transport for both IPv4 and IPv6 routes.
 VLANs 99, 100, 110, 120, 200, 300 are allowed on all port channel interfaces on all switches.
 VLAN 300 is the only VLAN used for OSPF peering between DLS1 and DLS2.
 Subsequent references in this lab to “Scenario 1” should be understood to mean Scenario 1 of Table
1. Similarly for Scenarios 2-7.
 Interfaces G0/1 on R1, G0/1 on R3, F0/5 on DLS1, Po1 on DLS1, Po10 on DLS1, F0/5 on DLS2, Po2
on DLS2, and Po10 on DLS2 should always be “up/up” during any testing and validation in Task 1.
 For the purposes of this lab, R1 is assumed to not support RIPng throughout the entire lab.
Step 2: Load the device trouble ticket configuration files for TT-A.
Using the procedure described in the BASE Lab, verify that the lab configuration files are present in flash.
Load the proper configuration files as indicated in the Device Configuration File table.
Device Configuration File Table
Device Name File to Load Notes

ALS1 Lab102-ALS1-TT-A-Cfg.txt This file contains configurations different than other baselines
DLS1 Lab102-DLS1-TT-A-Cfg.txt This file contains configurations different than other baselines
DLS2 Lab102-DLS2-TT-A-Cfg.txt This file contains configurations different than other baselines
R1 Lab102-R1-TT-A-Cfg.txt This file contains configurations different than other baselines
SRV1 N/A Static IP: 10.1.100.1/24 and 2001:DB8:CAFE:100::1/64
Default gateway: 10.1.100.254 and 2001:DB8:CAFE:100::D1
PC-B N/A DHCPv4 and DHCPv6
PC-C N/A DHCPv4 and DHCPv6
Step 3: Ensure proper MST and VTPv3 operation.

Sometimes MST and VTPv3 do not operate as expected. Check all the items listed below, and make
changes as necessary to validate each item.
a. Check that each switch has VLANs 99, 100, 110, 120, 200, 300, 666, and 999.
b. Check that the MST region name is TSHOOT.
c. Check that the MST configuration revision number is 25.
d. Check that VLANs 99, 110, and 120 are mapped to MST instance 1.
e. Check that VLANs 100, 200, and 300 are mapped to MST instance 2.
f. Check that DLS1 is the root for instance 1 and DLS2 is the root for instance 2.
g. Check that exactly one port channel interface on ALS1 is blocking for each MST instance. Note: If
you see error messages on ALS1, such as
Oct 29 16:36:02.640: %SW_MATM-4-MACFLAP_NOTIF: Host 001e.14cf.1b46 in vlan 200 is flapping
between port Po2 and port Po1
or if MST is not converging properly, try shutting down Po1 and Po2 on ALS1, allowing MST to
converge between DLS1 and DLS2, and then bringing up Po1 and Po2 on ALS1.
Step 4: Configure SRV1 and start the syslog and TFTP servers.
a. Configure SRV1 with the static IPv4/6 static addressing from the Device Configuration File Table.
b. Start the syslog server on SRV1 to monitor console messages from multiple devices.
c. Start the TFTP server on SRV1 to record device configuration changes.
d. Start the SNMP monitor on SRV1 to record SNMPv2c trap reports.
Step 5: Release and renew the DHCP leases.

a. Ensure that PC-B are PC-C are configured as DHCPv4/6 clients.
b. After loading all TT-A device configuration files, issue the ipconfig /release and ipconfig
/renew commands on PC-B and PC-C.
c. Verify that PC-B has DHCPv4/6 data for OFFICE VLAN 120.
d. Verify that PC-C has DHCP4/6 addressing on subnets 10.1.80.0/25 and
2001:DB8:CAFE:800:ABCD::/80 and is allocated the tshoot.net DNS suffix.
e. Verify that the LAN interface of R2 has DHCP4/6 addressing on subnets 10.1.120.0/24 and
2001:DB8:CAFE:120::/64.
Step 6: Outline the troubleshooting approach and validation steps.

The following commands are useful for troubleshooting why a particular route is missing, keeping in mind
that there are no intentional errors introduced in this ticket:
show ip route
show ipv6 route
show ip route vrf VPN_A (on R2)
show ip route vrf VPN_B (on R2)
show ipv6 route vrf VPN_A (on R2)
show ipv6 route vrf VPN_B (on R2)
show ip protocol
show ipv6 protocol
show bgp summary
show bgp all
show bgp ipv4 unicast
show bgp ipv4 unicast summary
show bgp ipv6 unicast
show bgp ipv6 unicast summary
show bgp vpnv4 unicast vrf VPN_A (on R2)
show bgp vpnv4 unicast vrf VPN_B (on R2)
show bgp vpnv4 unicast vrf VPN_A summary (on R2)
show bgp vpnv4 unicast vrf VPN_B summary (on R2)
show bgp vpnv6 unicast vrf VPN_A (on R2)
show bgp vpnv6 unicast vrf VPN_B (on R2)
show bgp vpnv6 unicast vrf VPN_A summary (on R2)
show bgp vpnv6 unicast vrf VPN_B summary (on R2)
show ip interface brief
show ipv6 interface brief
show interfaces description
show track
show track brief
show ip sla statistics
show ip sla configuration
There are several alias exec commands included in the configuration files as shortcuts, such as alias exec
sre show run | begin router eigrp., which allows you to enter sre in place of show run | begin
router eigrp. You can create your own aliases, use the ones provided, or ignore these shortcuts.
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is resolved.
Troubleshooting approaches to select from include the follow-the-path, perform-comparison, bottom-up, top-down,
divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem) methods.
Note: In addition to a specific approach, you can use the generic troubleshooting process: defining a problem,
gathering information, analyzing the information, eliminating possible problem causes, formulating a hypothesis
about the likely cause of the problem, testing that hypothesis, and solving the problem.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
The perform-comparison or follow-the-path method can be used. Other problem-solving methods are the top-
down, bottom-up, follow-the-path, divide-and-conquer, and swap-components approaches.
Verification steps can include:
 SRV1, PC-B, and PC-C can successfully traceroute via IPv4 or IPv6 to any address in the Lab Topology
or Overlay Topology diagrams.
 All routers and switches are successfully archiving configurations to SRV1.
 Syslog messages are logging on SRV1.
 SNMPv2c trap reports are appearing on SRV1
Step 7: Record the troubleshooting process and configuration changes.

Validate each IPv4 and IPv6 route on each device according to the routing table outputs provided by the CIOs.
Use the commands in Step 6 to troubleshoot any inadvertent omissions or additions. For validation and later
reference, here are the IPv4 and IPv6 routing tables provided by the CIOs (Scenario 1):
R1# show ip route | begin Gateway
Gateway of last resort is 209.165.200.226 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 209.165.200.226, 07:37:47

2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/0] via 209.165.200.226, 14:26:21
10.0.0.0/8 is variably subnetted, 15 subnets, 6 masks
S 10.1.0.0/16 is directly connected, Null0
C 10.1.2.0/30 is directly connected, GigabitEthernet0/1
L 10.1.2.2/32 is directly connected, GigabitEthernet0/1
O 10.1.2.12/30 [110/3] via 10.1.2.1, 00:56:11, GigabitEthernet0/1
R 10.1.30.0/24 [109/1] via 10.1.2.1, 00:00:15, GigabitEthernet0/1
O E1 10.1.80.0/25 [110/103] via 10.1.2.1, 00:56:01, GigabitEthernet0/1
O IA 10.1.120.0/24 [110/2] via 10.1.2.1, 13:57:28, GigabitEthernet0/1
R 20.20.20.20 [109/1] via 209.165.200.230, 00:00:08, Serial0/0/0.2
C 192.168.1.1 is directly connected, Loopback0
O 192.168.3.1 [110/4] via 10.1.2.1, 00:56:01, GigabitEthernet0/1
C 209.165.200.224/30 is directly connected, Serial0/0/0.1
L 209.165.200.225/32 is directly connected, Serial0/0/0.1
R1# show ipv6 route | begin 20/0
B ::/0 [20/0]
via 2001:DB8:FEED:10::2
S 2001:DB8:CAFE::/48 [1/0]
via Null0, directly connected
C 2001:DB8:CAFE:6::/126 [0/0]
via Serial0/0/0.2, directly connected
L 2001:DB8:CAFE:6::1/128 [0/0]
via Serial0/0/0.2, receive
C 2001:DB8:CAFE:20::/64 [0/0]
via GigabitEthernet0/1, directly connected
L 2001:DB8:CAFE:20::1/128 [0/0]
via GigabitEthernet0/1, receive
OE1 2001:DB8:CAFE:90::/126 [110/103]
via FE80::D1, GigabitEthernet0/1
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
LC 2001:DB8:CAFE:201::1/128 [0/0]
via Loopback0, receive
O 2001:DB8:CAFE:203::1/128 [110/3]
O 2001:DB8:CAFE:212::/64 [110/3]
O 2001:DB8:CAFE:300::/64 [110/2]
OE1 2001:DB8:CAFE:800::/64 [110/103]
OE1 2001:DB8:CAFE:801::/64 [110/103]
OE1 2001:DB8:CAFE:2020::2/128 [110/103]
O 2001:DB8:CAFE:2110::D1/128 [110/1]
O 2001:DB8:CAFE:2120::D2/128 [110/2]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::1/128 [0/0]
OE1 2001:DB8:FEED:14::/126 [110/103]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:10::2
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [254/0] via 10.1.120.254

R 10.1.2.0/30 [120/1] via 209.165.200.229, 00:00:25, Serial0/0/0.2
R 10.1.2.12/30 [120/1] via 10.1.90.3, 00:00:14, Serial0/0/1.2
R 10.1.30.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
D 10.1.80.0/25 [90/13607262] via 10.1.90.3, 15:23:20, Serial0/0/1.2
D 10.1.80.128/25 [90/13556702] via 10.1.90.3, 15:23:20, Serial0/0/1.2
R 10.1.99.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
R 10.1.100.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
R 10.1.110.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2
R 10.1.200.0/24 [120/2] via 209.165.200.229, 00:00:25, Serial0/0/0.2

C 22.0.0.0/8 is directly connected, Loopback3
L 22.22.22.22/32 is directly connected, Loopback3
R 192.168.1.1 [120/1] via 209.165.200.229, 00:00:25, Serial0/0/0.2
R 192.168.3.1 [120/1] via 10.1.90.3, 00:00:14, Serial0/0/1.2
R 209.165.200.220/30 [120/1] via 10.1.90.3, 00:00:14, Serial0/0/1.2
R 209.165.200.224/30 [120/1] via 209.165.200.229, 00:00:25, Serial0/0/0.2
R2# show ipv6 route | begin ::/0

ND ::/0 [2/0]
via FE80::A1, GigabitEthernet0/0
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::2/128 [0/0]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::2/128 [0/0]
R 2001:DB8:CAFE:99::/64 [120/2]
via FE80::D1, Tunnel0
R 2001:DB8:CAFE:100::/64 [120/2]
R 2001:DB8:CAFE:110::/64 [120/2]
NDp 2001:DB8:CAFE:120::/64 [2/0]
L 2001:DB8:CAFE:120::2/128 [0/0]
S 2001:DB8:CAFE:201::1/128 [1/0]
R 2001:DB8:CAFE:203::1/128 [120/6]
via FE80::3, Serial0/0/1.2
R 2001:DB8:CAFE:212::/64 [120/6]
D 2001:DB8:CAFE:800::/64 [90/13607262]
D 2001:DB8:CAFE:801::/64 [90/13556702]
LC 2001:DB8:CAFE:2020::2/128 [0/0]
R 2001:DB8:CAFE:2110::D1/128 [120/2]
C 2001:DB8:EFAC::/48 [0/0]
via Loopback3, directly connected
L 2001:DB8:EFAC::2/128 [0/0]
D 2001:DB8:FEED:14::/126 [90/23796062]
C FC00::/7 [0/0]
via Tunnel0, directly connected
L FC00::2/128 [0/0]
via Tunnel0, receive
L FF00::/8 [0/0]
via Null0, receive
R2# show ip route vrf VPN_A | begin Gateway

S* 0.0.0.0/0 is directly connected, Null0

B 10.1.0.0 [20/0] via 209.165.200.225, 14:36:47
B 192.168.1.1 [20/0] via 209.165.200.225, 00:22:13

B 192.168.3.1 [20/0] via 209.165.200.225, 00:18:41
B 209.165.200.220/30 [20/0] via 209.165.200.225, 04:31:59
R2# show ipv6 route vrf VPN_A | begin ::/0

S ::/0 [1/0]
B 2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:10::1
B 2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:10::1
B 2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:10::1
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::2/128 [0/0]
B 2001:DB8:FEED:14::/126 [20/0]
via 2001:DB8:FEED:10::1
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive
R2# show ip route vrf VPN_B | begin Gateway


B 10.1.0.0 [20/0] via 209.165.200.221, 14:20:14
B 192.168.1.1 [20/0] via 209.165.200.221, 00:23:17
B 192.168.3.1 [20/0] via 209.165.200.221, 00:19:45
B 209.165.200.224/30 [20/0] via 209.165.200.221, 04:33:00
R2# show ipv6 route vrf VPN_B | begin ::/0

S ::/0 [1/0]
B 2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:14::3
B 2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:14::3
B 2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:14::3
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
B 2001:DB8:FEED:10::/126 [20/0]
via 2001:DB8:FEED:14::3
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

B* 0.0.0.0/0 [20/0] via 209.165.200.222, 14:27:07

B 2.2.2.2 [20/0] via 209.165.200.222, 14:27:07
D 20.20.20.20 [90/13556702] via 10.1.90.2, 14:27:09, Serial0/0/1.2
O E1 209.165.200.224/30
[110/103] via 10.1.2.13, 01:14:34, GigabitEthernet0/1
R 209.165.200.228/30 [120/1] via 10.1.90.2, 00:00:21, Serial0/0/1.2
R3# show ipv6 route | begin 20/0

B ::/0 [20/0]
via 2001:DB8:FEED:14::2
S 2001:DB8:CAFE::/48 [1/0]
D 2001:DB8:CAFE:6::/126 [90/23796062]
O 2001:DB8:CAFE:20::/64 [110/3]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::3/128 [0/0]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
O 2001:DB8:CAFE:201::1/128 [110/3]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::3/128 [0/0]
O 2001:DB8:CAFE:300::/64 [110/2]

C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
D 2001:DB8:CAFE:2020::2/128 [90/13556702]
O 2001:DB8:CAFE:2110::D1/128 [110/2]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:10::/126 [110/103]
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::3/128 [0/0]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:14::2
R FC00::/7 [120/2]
L FF00::/8 [0/0]
via Null0, receive
DLS1# show ip route | begin Gateway

O*E1 0.0.0.0/0 [110/101] via 10.1.2.2, 00:33:34, FastEthernet0/5

O E1 2.2.2.2 [110/101] via 10.1.2.2, 00:33:34, FastEthernet0/5
O E1 10.1.0.0/16 [110/101] via 10.1.2.2, 00:33:34, FastEthernet0/5
C 10.1.2.0/30 is directly connected, FastEthernet0/5
L 10.1.2.1/32 is directly connected, FastEthernet0/5
O 10.1.2.12/30 [110/2] via 10.1.30.253, 00:33:34, Vlan300
C 10.1.30.0/24 is directly connected, Vlan300
L 10.1.30.252/32 is directly connected, Vlan300
O E1 10.1.80.0/25 [110/102] via 10.1.30.253, 00:33:34, Vlan300
O E1 10.1.80.128/25 [110/102] via 10.1.30.253, 00:33:34, Vlan300
O E1 10.1.90.2/31 [110/102] via 10.1.30.253, 00:33:34, Vlan300
O 10.1.212.1/32 [110/2] via 10.1.30.253, 00:33:34, Vlan300
O E1 20.20.20.20 [110/102] via 10.1.30.253, 00:33:34, Vlan300
O 192.168.1.1 [110/2] via 10.1.2.2, 00:33:34, FastEthernet0/5
O 192.168.3.1 [110/3] via 10.1.30.253, 00:33:34, Vlan300
O E1 209.165.200.220 [110/102] via 10.1.30.253, 00:33:34, Vlan300
R 209.165.200.228 [120/1] via 10.1.120.8, 00:00:21, Vlan120
[120/1] via 10.1.2.2, 00:00:01, FastEthernet0/5
DLS1# show ipv6 route | begin ::/0

OE1 ::/0 [110/101], tag 2
via FE80::1, FastEthernet0/5
OE1 2001:DB8:CAFE:6::/126 [110/102]
via FE80::D2, Vlan300
C 2001:DB8:CAFE:20::/64 [0/0]
via FastEthernet0/5, directly connected
L 2001:DB8:CAFE:20::D1/128 [0/0]
via FastEthernet0/5, receive
OE1 2001:DB8:CAFE:90::/126 [110/102]
C 2001:DB8:CAFE:99::/64 [0/0]
via Vlan99, directly connected
L 2001:DB8:CAFE:99::D1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D1/128 [0/0]
via Vlan100, receive
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D1/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1]
O 2001:DB8:CAFE:203::1/128 [110/2]
O 2001:DB8:CAFE:212::/64 [110/2]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D1/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/102]
OE1 2001:DB8:CAFE:801::/64 [110/102]
OE1 2001:DB8:CAFE:2020::2/128 [110/102]
LC 2001:DB8:CAFE:2110::D1/128 [0/0]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:10::/126 [110/101]
OE1 2001:DB8:FEED:14::/126 [110/102]
OE1 2001:DB8:FEED:222::2/128 [110/101]
C FC00::/7 [0/0]
L FC00::D1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive
ALS1# show ip route | begin Gateway

S* 0.0.0.0/0 [1/0] via 10.1.99.254


ALS1# show ipv6 route | begin ::/0

S ::/0 [1/0]
via 2001:DB8:CAFE:99::D1
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::A1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::A1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::A1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::A1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::A1/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::A1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


O 10.1.2.0/30 [110/2] via 10.1.30.252, 14:27:06, Vlan300
O 10.1.211.1/32 [110/2] via 10.1.30.252, 16:53:36, Vlan300
O 192.168.1.1 [110/3] via 10.1.30.252, 14:26:11, Vlan300
O E1 209.165.200.224 [110/102] via 10.1.30.252, 14:26:11, Vlan300
R 209.165.200.228 [120/1] via 10.1.120.8, 00:00:03, Vlan120

OE1 ::/0 [110/101], tag 2
OE1 2001:DB8:CAFE:6::/126 [110/101]
O 2001:DB8:CAFE:20::/64 [110/2]
R 2001:DB8:CAFE:90::/126 [109/2]
via FE80::2, Vlan120
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D2/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D2/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D2/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D2/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D2/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/2]
R 2001:DB8:CAFE:203::1/128 [109/2]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::D2/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D2/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/101]
OE1 2001:DB8:CAFE:801::/64 [110/101]
R 2001:DB8:CAFE:2020::2/128 [109/2]
R 2001:DB8:CAFE:2110::D1/128 [109/2]
LC 2001:DB8:CAFE:2120::D2/128 [0/0]
OE1 2001:DB8:FEED:10::/126 [110/102]
OE1 2001:DB8:FEED:14::/126 [110/101]
OE1 2001:DB8:FEED:222::2/128 [110/101]
R FC00::/7 [109/2]
L FF00::/8 [0/0]
via Null0, receive
Use this log to document your actions and results during the troubleshooting process. List the commands you
used to gather information. As you progress, record your thoughts as to what you think the problem might be and
which actions you take to correct the problem.
Device Actions and Results
Step 8: Document trouble ticket debrief notes.

Use this space to make notes of the key learning points that you picked up during the discussion of this
trouble ticket with your instructor. The notes can include problems encountered, solutions applied, useful
commands employed, alternate solutions, methods, and processes, and procedure and communication
improvements.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Trouble Ticket TT-A Debrief—Instructor Notes

This trouble ticket has no intentional errors introduced. Task 1 is intended to set a baseline and give students
time to familiarize themselves with the network, for the purpose of facilitating their troubleshooting in
subsequent tasks. The commands in Step 6 should be sufficient for identifying issues that may be preventing
the routing tables from being populated properly.
It will take some time for students to verify all the routing tables. The primary considerations are:
(1) The devices and images and templates are as advertised earlier in the lab:
“This lab uses Cisco ISR G2 routers running Cisco IOS 15.4(3) images with IP Base and Security
packages enabled, and Cisco Catalyst 3560 and 2960 switches running Cisco IOS 15.0(2) IP Services
and LAN Base images, respectively. The 3560 and 2960 switches are configured with the SDM templates
dual-ipv4-and-ipv6 routing and lanbase-routing, respectively.”
(2) The configuration files loaded properly without any errors.
(3) The MST and VTPv3 implementation is verified prior to route analysis.
(4) The interfaces appearing in the Lab Topology and the Overlay Topology at the beginning of the lab are all
up/up.
(5) PC-B, PC-C, and G0/0 of R2 all have their IPv4 and IPv6 addressing automatically allocated.
Interestingly, for the Scenarios where G0/0 is up, R2 obtains its IPv4 default route via DHCP (with AD
254) and its IPv6 route via SLAAC; NDp route (Network Discovery prefix) 2001:DB8:CAFE:120::/64
appears in the IPv6 routing table with an AD of 2, in addition to the ::/0 route marked ND.
(6) DLS1, DLS2, R1, R2, and R3 all have some type of tracking configured. The tracking states of the various
objects are used by HSRP and MST on DLS1 and DLS2 and by EEM applets on R1, R2, R3, DLS1, and
DLS1. ALL tracking states should be up for Scenario 1 (show track brief), except for the state of
object 23 on R1 (down).
For verifying actions related to SLAs, tracking, and applets:
 show ip sla configuration – View the details of the SLA configuration for all SLAs. Append the
SLA entry number to only view details for a particular SLA. The details include information such as the
type of operation (icmp-echo or tcp-connect), the frequency of the operation, and statistics pertinent
to the SLA.
 show track – View the SLAs (and their entry numbers) being tracked, view the interface line
protocols being tracked, and view the Boolean constructs that are being tracked. The track number
associated with each tracked object is displayed in the output. Append the track number to the
command to view only information specific to that tracked object. The state or reachability for each
tracked object is given as Up or Down – reachability only takes into account if the destination is
reachable as prescribed, whereas state also takes into account whether thresholds associated with
the operation are within prescribed bounds – we use state for tracking objects in this lab (which also
has the advantage of being more descriptive for our use in launching applets).
 show run | begin event manager applet – View the association between the tracked object
and the applet that launches based on the change in state of the tracked object.
Note that DLS1 is load balancing for the destination network 209.165.200.228/30:
R 209.165.200.228 [120/1] via 10.1.120.8, 00:00:21, Vlan120
The next hop 10.1.120.8 is the DHCPv4-learned address on interface G0/0 of R2; your router R2 may very
well learn a different IPv4 address, which will appear here. The other RIPv2 path is through G0/1 of R1.
The next 40+ pages document the IPv4 and IPv6 routing tables on each device for Scenarios 2-7 of Table 1.
For R2, the global routing table, the VRF VPN_A routing table, and the VRF VPN_B routing table are given in
each case. Descriptions of the EEM applet actions and their motivation are provided in context, as well as
explanations for the installation or removal of particular routes associated with the applets.
Routing tables for Scenario 2 (R2 S0/0/0 down):
O*E1 0.0.0.0/0 [110/103] via 10.1.2.1, 00:02:41, GigabitEthernet0/1

O E1 2.2.2.2 [110/103] via 10.1.2.1, 00:02:41, GigabitEthernet0/1

OE1 ::/0 [110/103], tag 2
B 2001:DB8:CAFE::/48 [200/0]
via 2001:DB8:CAFE:203::1
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/103]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/3]
O 2001:DB8:CAFE:212::/64 [110/3]
O 2001:DB8:CAFE:300::/64 [110/2]
OE1 2001:DB8:CAFE:800::/64 [110/103]
OE1 2001:DB8:CAFE:801::/64 [110/103]
OE1 2001:DB8:CAFE:2020::2/128 [110/103]
O 2001:DB8:CAFE:2110::D1/128 [110/1]
O 2001:DB8:CAFE:2120::D2/128 [110/2]
OE1 2001:DB8:FEED:14::/126 [110/103]
OE1 2001:DB8:FEED:222::2/128 [110/103]
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [254/0] via 10.1.120.254

R 10.1.2.12/30 [120/1] via 10.1.90.3, 00:00:23, Serial0/0/1.2
D 10.1.80.0/25 [90/13607262] via 10.1.90.3, 15:49:18, Serial0/0/1.2
D 10.1.80.128/25 [90/13556702] via 10.1.90.3, 15:49:18, Serial0/0/1.2
R 192.168.3.1 [120/1] via 10.1.90.3, 00:00:23, Serial0/0/1.2
R 209.165.200.220 [120/1] via 10.1.90.3, 00:00:23, Serial0/0/1.2

ND ::/0 [2/0]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::2/128 [0/0]
NDp 2001:DB8:CAFE:120::/64 [2/0]
L 2001:DB8:CAFE:120::2/128 [0/0]
R 2001:DB8:CAFE:203::1/128 [120/6]
R 2001:DB8:CAFE:212::/64 [120/6]
D 2001:DB8:CAFE:800::/64 [90/13607262]
D 2001:DB8:CAFE:801::/64 [90/13556702]
LC 2001:DB8:CAFE:2020::2/128 [0/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
D 2001:DB8:FEED:14::/126 [90/23796062]
R FC00::/7 [120/6]
L FF00::/8 [0/0]
via Null0, receive



S ::/0 [1/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


B 10.1.0.0 [20/0] via 209.165.200.221, 09:40:49
B 192.168.1.1 [20/0] via 209.165.200.221, 09:08:22
B 192.168.3.1 [20/0] via 209.165.200.221, 09:40:49

S ::/0 [1/0]
B 2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:14::3
B 2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:14::3
B 2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:14::3
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

B* 0.0.0.0/0 [20/0] via 209.165.200.222, 09:19:31

B 2.2.2.2 [20/0] via 209.165.200.222, 09:19:31

D 20.20.20.20 [90/13556702] via 10.1.90.2, 09:19:31, Serial0/0/1.2

B ::/0 [20/0]
via 2001:DB8:FEED:14::2
S 2001:DB8:CAFE::/48 [1/0]
O 2001:DB8:CAFE:20::/64 [110/3]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::3/128 [0/0]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
O 2001:DB8:CAFE:201::1/128 [110/3]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::3/128 [0/0]
O 2001:DB8:CAFE:300::/64 [110/2]
C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
D 2001:DB8:CAFE:2020::2/128 [90/13556702]
O 2001:DB8:CAFE:2110::D1/128 [110/2]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::3/128 [0/0]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:14::2
R FC00::/7 [120/3]
L FF00::/8 [0/0]
via Null0, receive

O*E1 0.0.0.0/0 [110/102] via 10.1.30.253, 00:49:57, Vlan300

O E1 2.2.2.2 [110/102] via 10.1.30.253, 00:49:57, Vlan300
O 10.1.2.12/30 [110/2] via 10.1.30.253, 20:18:50, Vlan300
O E1 10.1.80.0/25 [110/102] via 10.1.30.253, 20:18:40, Vlan300
O E1 10.1.80.128/25 [110/102] via 10.1.30.253, 20:18:40, Vlan300
O E1 10.1.90.2/31 [110/102] via 10.1.30.253, 20:18:40, Vlan300
O 10.1.212.1/32 [110/2] via 10.1.30.253, 20:39:19, Vlan300
O E1 20.20.20.20 [110/102] via 10.1.30.253, 20:18:40, Vlan300
O 192.168.3.1 [110/3] via 10.1.30.253, 20:18:40, Vlan300
O E1 209.165.200.220 [110/102] via 10.1.30.253, 20:18:40, Vlan300

OE1 ::/0 [110/102], tag 2
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::D1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/102]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D1/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1]
O 2001:DB8:CAFE:203::1/128 [110/2]
O 2001:DB8:CAFE:212::/64 [110/2]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D1/128 [0/0]

OE1 2001:DB8:CAFE:800::/64 [110/102]
OE1 2001:DB8:CAFE:801::/64 [110/102]
OE1 2001:DB8:CAFE:2020::2/128 [110/102]
LC 2001:DB8:CAFE:2110::D1/128 [0/0]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:14::/126 [110/102]
OE1 2001:DB8:FEED:222::2/128 [110/102]
C FC00::/7 [0/0]
L FC00::D1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 10.1.99.254


S ::/0 [1/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::A1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::A1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::A1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::A1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::A1/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::A1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


O 10.1.2.0/30 [110/2] via 10.1.30.252, 20:41:15, Vlan300
O 10.1.211.1/32 [110/2] via 10.1.30.252, 20:41:15, Vlan300
O 192.168.1.1 [110/3] via 10.1.30.252, 20:41:15, Vlan300

OE1 ::/0 [110/101], tag 2
O 2001:DB8:CAFE:20::/64 [110/2]
R 2001:DB8:CAFE:90::/126 [109/2]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D2/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D2/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D2/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D2/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D2/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/2]
O 2001:DB8:CAFE:203::1/128 [110/1]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::D2/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D2/128 [0/0]

OE1 2001:DB8:CAFE:800::/64 [110/101]
OE1 2001:DB8:CAFE:801::/64 [110/101]
R 2001:DB8:CAFE:2020::2/128 [109/2]
R 2001:DB8:CAFE:2110::D1/128 [109/2]
LC 2001:DB8:CAFE:2120::D2/128 [0/0]
OE1 2001:DB8:FEED:14::/126 [110/101]
OE1 2001:DB8:FEED:222::2/128 [110/101]
R FC00::/7 [109/2]
L FF00::/8 [0/0]
via Null0, receive
Note that R3 learned a path to the GRE tunnel spanning the FC00::/7 network. In practice, FC00::/7 is the
space of Unique Local Addresses (ULAs) within the IPv6 address space. ULAs are intended for use in private
networks, and are not globally routable addreses. Anyone can use them, so they are not globally unique.
Ask students the difference between the Boolean AND and the Boolean OR tracking combinations. With
Boolean AND, only one of the tracked objects has to be down for the combination to be down. With Boolean
OR, both of the tracked objects have to be down for the combination to be down. States involving three or
more objects with Boolean operations are determined by sequentially applying the AND and OR rules for two
objects. A NOT operation is created by using the not option within a Boolean AND tracking object.
The Track 4 state on R1 is down in this Scenario.

Ask students what the purpose is for the associated EEM applet. On R1, removing the route
2001:DB8:CAFE::/48 pointing to Null0 causes the iBGP route 2001:DB8:CAFE::/48, learned from R3, to be
injected into the routing table because BGP synchronization for IPv6 routes is not enabled on R1 even though
the synchronization command is configured for both the IPv4 and IPv6 address families (presumably
because we are using IPv4 as the transport protocol for both IPv4 and IPv6 routes – the show ip
protocol command shows that synchronization is enabled and the show ipv6 protocol shows that
synchronization is disabled). This provides a bootstrap mechanism for reaching any destination in the
2001:DB8:CAFE::/48 address space: start with 2001:DB8:CAFE::/48 in the R1 routing table and recursively
follow the next hops; this leads to DLS1, from which all IPv6 destinations in the 2001:DB8:CAFE::/48 address
space are accessible (the path back to DLS1 from R3 is via OSPF; the path back from R2 is via a default
route to ALS1; and the path back from ALS1 is via a default route pointing to DLS1).
The Track 23 state on DLS1 is down in this Scenario.

Ask students what the purpose is for the associated EEM applet. The DLS2-MST1-Root and DLS1-MST1-
Root applets on DLS1 adjust the MST instance priorities so that the MST root for each instance aligns with
the active HSRP router for the VLANs in that instance.
Note that R2 installs via DHCPv4 a default route pointing to the HSRP virtual IP address for VLAN 120 and
R2 installs via SLAAC a default route for IPv6 pointing to a non-GUA that resolves to a VLAN 120 address –
some observed instances include FE80::A1 on ALS1 and FC00::D1 or FE80::D1 on DLS1 (compare these
with the IPv6 default routes installed on PC-B, as seen in the output of the Windows route print command).
Also, since it is not possible to configure an FHRP simultaneously for IPv4 and IPv6 on 3560 switches, ALS1
has an IPv6 default route pointing to 2001:DB8:CAFE:99::D1 on DLS1 with a floating static route pointing to
2001:DB8:CAFE:99::D2 on DLS2 for failover.
The IPv6 static route on R2 pointing to R1 Lo0 via S0/0/0.2 is not installed because S0/0/0 is down on R2.
Routing tables for Scenario 3 (R2 S0/0/1 down):

S* 0.0.0.0/0 [1/0] via 209.165.200.230

B 2.2.2.2 [20/0] via 209.165.200.226, 00:20:04
R 20.20.20.20 [109/1] via 209.165.200.230, 00:00:03, Serial0/0/0.2

S ::/0 [1/0]
via 2001:DB8:CAFE:6::2
B 2001:DB8:CAFE::/48 [200/0]
via 2001:DB8:CAFE:203::1
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::1/128 [0/0]
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::1/128 [0/0]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/3]
O 2001:DB8:CAFE:212::/64 [110/3]
O 2001:DB8:CAFE:300::/64 [110/2]
OE1 2001:DB8:CAFE:800::/64 [110/103]
OE1 2001:DB8:CAFE:801::/64 [110/103]
O 2001:DB8:CAFE:2110::D1/128 [110/1]
O 2001:DB8:CAFE:2120::D2/128 [110/2]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::1/128 [0/0]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:10::2
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [254/0] via 10.1.120.254

R 10.1.2.0/30 [120/1] via 209.165.200.229, 00:00:04, Serial0/0/0.2
R 10.1.30.0/24 [120/2] via 209.165.200.229, 00:00:04, Serial0/0/0.2
R 10.1.99.0/24 [120/2] via 209.165.200.229, 00:00:04, Serial0/0/0.2
R 10.1.100.0/24 [120/2] via 209.165.200.229, 00:00:04, Serial0/0/0.2
R 10.1.110.0/24 [120/2] via 209.165.200.229, 00:00:04, Serial0/0/0.2
R 10.1.200.0/24 [120/2] via 209.165.200.229, 00:00:04, Serial0/0/0.2
R 192.168.1.1 [120/1] via 209.165.200.229, 00:00:04, Serial0/0/0.2
R 209.165.200.224/30
[120/1] via 209.165.200.229, 00:00:04, Serial0/0/0.2

ND ::/0 [2/0]
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::2/128 [0/0]
R 2001:DB8:CAFE:99::/64 [120/2]
R 2001:DB8:CAFE:100::/64 [120/2]
R 2001:DB8:CAFE:110::/64 [120/2]
NDp 2001:DB8:CAFE:120::/64 [2/0]
L 2001:DB8:CAFE:120::2/128 [0/0]
S 2001:DB8:CAFE:201::1/128 [1/0]
LC 2001:DB8:CAFE:2020::2/128 [0/0]
R 2001:DB8:CAFE:2110::D1/128 [120/2]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
C FC00::/7 [0/0]
L FC00::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


B 10.1.0.0 [20/0] via 209.165.200.225, 00:23:46
B 192.168.1.1 [20/0] via 209.165.200.225, 00:23:46
B 192.168.3.1 [20/0] via 209.165.200.225, 00:23:46

S ::/0 [1/0]
B 2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:10::1
B 2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:10::1
B 2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:10::1
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive



S ::/0 [1/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive



R 20.20.20.20 [120/2] via 10.1.2.13, 00:00:04, GigabitEthernet0/1

OE1 ::/0 [110/103], tag 2
S 2001:DB8:CAFE::/48 [1/0]
O 2001:DB8:CAFE:20::/64 [110/3]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
O 2001:DB8:CAFE:201::1/128 [110/3]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::3/128 [0/0]
O 2001:DB8:CAFE:300::/64 [110/2]
C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
R 2001:DB8:CAFE:2020::2/128 [120/3]
O 2001:DB8:CAFE:2110::D1/128 [110/2]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:10::/126 [110/103]
OE1 2001:DB8:FEED:222::2/128 [110/103]
R FC00::/7 [120/3]
L FF00::/8 [0/0]
via Null0, receive


O 10.1.2.12/30 [110/2] via 10.1.30.253, 09:56:06, Vlan300
O E1 10.1.80.0/25 [110/102] via 10.1.30.253, 09:56:06, Vlan300
O E1 10.1.80.128/25 [110/102] via 10.1.30.253, 09:56:06, Vlan300
O 10.1.212.1/32 [110/2] via 10.1.30.253, 09:56:06, Vlan300
R 20.20.20.20 [120/1] via 10.1.120.14, 00:00:10, Vlan120
O 192.168.3.1 [110/3] via 10.1.30.253, 09:56:06, Vlan300
R 209.165.200.228 [120/1] via 10.1.120.14, 00:00:10, Vlan120

OE1 ::/0 [110/101], tag 2
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::D1/128 [0/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D1/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1]
O 2001:DB8:CAFE:203::1/128 [110/2]
O 2001:DB8:CAFE:212::/64 [110/2]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D1/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/102]
OE1 2001:DB8:CAFE:801::/64 [110/102]
R 2001:DB8:CAFE:2020::2/128 [120/2]
via FE80::2, Tunnel0
LC 2001:DB8:CAFE:2110::D1/128 [0/0]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:10::/126 [110/101]
OE1 2001:DB8:FEED:222::2/128 [110/101]
C FC00::/7 [0/0]
L FC00::D1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 10.1.99.254


S ::/0 [1/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::A1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::A1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::A1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::A1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::A1/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::A1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive
O*E1 0.0.0.0/0 [110/102] via 10.1.30.252, 00:19:42, Vlan300

O E1 2.2.2.2 [110/102] via 10.1.30.252, 00:19:42, Vlan300
O 10.1.2.0/30 [110/2] via 10.1.30.252, 09:58:21, Vlan300
O 10.1.211.1/32 [110/2] via 10.1.30.252, 09:58:21, Vlan300
R 20.20.20.20 [120/1] via 10.1.120.14, 00:00:17, Vlan120
O 192.168.1.1 [110/3] via 10.1.30.252, 09:58:21, Vlan300
O E1 209.165.200.224 [110/102] via 10.1.30.252, 00:30:35, Vlan300
R 209.165.200.228 [120/1] via 10.1.120.14, 00:00:17, Vlan120

OE1 ::/0 [110/102], tag 2
O 2001:DB8:CAFE:20::/64 [110/2]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D2/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D2/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D2/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D2/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D2/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/2]
R 2001:DB8:CAFE:203::1/128 [109/2]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::D2/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D2/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/101]

OE1 2001:DB8:CAFE:801::/64 [110/101]
R 2001:DB8:CAFE:2020::2/128 [109/2]
R 2001:DB8:CAFE:2110::D1/128 [109/2]
LC 2001:DB8:CAFE:2120::D2/128 [0/0]
OE1 2001:DB8:FEED:10::/126 [110/102]
OE1 2001:DB8:FEED:222::2/128 [110/102]
R FC00::/7 [109/2]
L FF00::/8 [0/0]
via Null0, receive
Note the highlighted RIPng routes learned via the GRE tunnel on R2. Stepping out of the mindset of the CIOs,
pedagogically the Overlay Topology construct with RIPng and GRE is introduced for the sake of illustrating
the use of GRE tunnels to connect IPv6 islands via IPv4; also note that there are several opportunities for
route summarization in the network that are avoided to keep the focus on the routing analysis (and in so
doing, address some specific TSHOOT certification exam objectives).

Ask students what the purpose is for the associated EEM applet. The route 2001:DB8:CAFE:2020::2/128
does not reach R3 via EIGRP over S0/0/1.2 so R3 does not redistribute the EIGRP route into OSPF as it
does when R2 S0/0/1 is up. On R2 this route is also advertised via RIPng, so DLS1, DLS2, and R3 learn this
route via RIPng over VLAN 120 (through R2 G0/0). But as indicated in the Lab Topology and Overlay
Topology diagrams, R1 does not run EIGRP, R1 does not run RIPng, and R1 does not learn any global routes
via BGP from R2; so R1 does not learn this route. In this case, R1 would normally use the null route
2001:DB8:CAFE::/48 to route IPv6 packets destined for 2001:DB8:CAFE:2020::2/128 (since this destination
is not represented by any more specific route in the IPv6 routing table), but the DoNotUseIPv6Null applet
removed this null route (which it does when either of the WAN links go down); as a result, R1 injects the iBGP
route 2001:DB8:CAFE::/48 learned from R3 into the routing table (because BGP synchronization of IPv6
routes is effectively off). R1 installs the route in the routing table with next hop 2001:DB8:CAFE:203::1 (Lo1
on R3). For 2001:DB8:CAFE:203::1/128, the R1 routing table points to a next hop on DLS1. But DLS1 can
reach any route in the 2001:DB8:CAFE::/48 space (and vice versa, via OSPFv3, BGP, RIPng, and/or default
routes). It follows that R1 can reach 2001:DB8:CAFE:2020::2/128 as a result of the DoNotUseIPv6Null
applet action (verify with traceroute). The InstallIPv6Null applet installs the IPv6 null route when both WAN
links come up. Note that the assumption up to this point is that all the LAN interfaces are up; in particular,
G0/1 on R3 is up, tracked by IP SLA ICMP echo from R1 (Track 19); this SLA is built into Track 4 and will be
used later when we consider LAN interfaces.
The Track 23 state on DLS2 is down in this Scenario.

Ask students what the purpose is for the associated EEM applet. The DLS1-MST2-Root and DLS2-MST2-
Root applets on DLS2 adjust the MST instance priorities so that the MST root for each instance aligns with
the active HSRP router for the VLANs in that instance.

Ask students what the purpose is for the associated EEM applet. The DEFAULT and NoDEFAULT applets
on R1 install/remove IPv4 and IPv6 default routes on R1 pointing to R2 S0/0/0.2, according to the Track 37
state. If you work through the logic, the routes are installed if the R2-R3 WAN link goes down while R3 G0/0
is up, and removed if the R2-R3 WAN link comes up while G0/0 is up (more on this later). The IPv6 default
route via 2001:DB8:CAFE:6::2 (R2 S0/0/0.2) replaces the eBGP ::/0 route pointing to 2001:DB8:FEED:10::2
in the routing table learned from VRF VPN_A in AS 65502. The IPv6 default route provides a path for R1 to
route IPv6 packets outside of 2001:DB8:CAFE::/48 (e.g., 2001:DB8:EFAC::2/48). Similarly, the parallel IPv4
default route only affects IPv4 packets outside the 10.1.0.0/16 address space (e.g., 22.22.22/8). These
default routes are not necessary for this Scenario – rather than IP packets being sent to the Internet by way of
the premise service provider VRFs, they are routed via the global routing table on R2.
Routing tables for Scenario 4 (R2 S0/0/0 down and S0/0/1 down):


OE1 ::/0 [110/103], tag 2
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::1/128 [0/0]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/3]
O 2001:DB8:CAFE:212::/64 [110/3]
O 2001:DB8:CAFE:300::/64 [110/2]
OE1 2001:DB8:CAFE:800::/64 [110/103]
OE1 2001:DB8:CAFE:801::/64 [110/103]
O 2001:DB8:CAFE:2110::D1/128 [110/1]
O 2001:DB8:CAFE:2120::D2/128 [110/2]
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [254/0] via 10.1.120.254


ND ::/0 [2/0]
R 2001:DB8:CAFE:99::/64 [120/6]
R 2001:DB8:CAFE:100::/64 [120/6]
R 2001:DB8:CAFE:110::/64 [120/6]
NDp 2001:DB8:CAFE:120::/64 [2/0]
L 2001:DB8:CAFE:120::2/128 [0/0]
R 2001:DB8:CAFE:200::/64 [120/6]
R 2001:DB8:CAFE:203::1/128 [120/7]
R 2001:DB8:CAFE:212::/64 [120/6]
LC 2001:DB8:CAFE:2020::2/128 [0/0]
R 2001:DB8:CAFE:2110::D1/128 [120/6]
R 2001:DB8:CAFE:2120::D2/128 [120/6]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
R FC00::/7 [120/6]
L FF00::/8 [0/0]
via Null0, receive



S ::/0 [1/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive



S ::/0 [1/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

R* 0.0.0.0/0 [120/2] via 10.1.2.13, 00:00:10, GigabitEthernet0/1


R ::/0 [120/3]
O 2001:DB8:CAFE:20::/64 [110/3]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]

OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
O 2001:DB8:CAFE:201::1/128 [110/3]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::3/128 [0/0]
O 2001:DB8:CAFE:300::/64 [110/2]
C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
R 2001:DB8:CAFE:2020::2/128 [120/3]
O 2001:DB8:CAFE:2110::D1/128 [110/2]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
R FC00::/7 [120/3]
L FF00::/8 [0/0]
via Null0, receive

O*E1 0.0.0.0/0 [110/102] via 10.1.30.253, 03:15:30, Vlan300

O 10.1.2.12/30 [110/2] via 10.1.30.253, 13:31:40, Vlan300
O E1 10.1.80.0/25 [110/102] via 10.1.30.253, 13:31:40, Vlan300
O E1 10.1.80.128/25 [110/102] via 10.1.30.253, 13:31:40, Vlan300
O 10.1.212.1/32 [110/2] via 10.1.30.253, 13:31:40, Vlan300
R 20.20.20.20 [120/1] via 10.1.120.14, 00:00:11, Vlan120
O 192.168.3.1 [110/3] via 10.1.30.253, 13:31:40, Vlan300

OE1 ::/0 [110/102], tag 2
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::D1/128 [0/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D1/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1]
O 2001:DB8:CAFE:203::1/128 [110/2]
O 2001:DB8:CAFE:212::/64 [110/2]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D1/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/102]
OE1 2001:DB8:CAFE:801::/64 [110/102]
R 2001:DB8:CAFE:2020::2/128 [120/2]
LC 2001:DB8:CAFE:2110::D1/128 [0/0]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
C FC00::/7 [0/0]
L FC00::D1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 10.1.99.254


S ::/0 [1/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::A1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]

L 2001:DB8:CAFE:100::A1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::A1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::A1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::A1/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::A1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

R* 0.0.0.0/0 [120/1] via 10.1.120.14, 00:00:08, Vlan120

O 10.1.2.0/30 [110/2] via 10.1.30.252, 13:33:51, Vlan300
O 10.1.211.1/32 [110/2] via 10.1.30.252, 13:33:51, Vlan300
R 20.20.20.20 [120/1] via 10.1.120.14, 00:00:08, Vlan120
O 192.168.1.1 [110/3] via 10.1.30.252, 13:33:51, Vlan300

R ::/0 [109/2]
O 2001:DB8:CAFE:20::/64 [110/2]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D2/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D2/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D2/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D2/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D2/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/2]
O 2001:DB8:CAFE:203::1/128 [110/1]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::D2/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D2/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/101]
OE1 2001:DB8:CAFE:801::/64 [110/101]
R 2001:DB8:CAFE:2020::2/128 [109/2]
R 2001:DB8:CAFE:2110::D1/128 [109/2]
LC 2001:DB8:CAFE:2120::D2/128 [0/0]
R FC00::/7 [109/2]
L FF00::/8 [0/0]
via Null0, receive

Ask students what the purpose is for the associated EEM applets on R3, DoNotUseIPv6Null and
InstallIPv6Null. The first applet removes the static IPv6 route 2001:DB8:CAFE::/48 pointing to Null0 so that
R3 uses the RIPng default route ::/0 for routing those IPv6 packets which are not explicitly represented by a
route in the routing table (the description below of the Track 3 state on R2 for this Scenario explains why
DLS1 and DLS2 are now learning IPv4 and IPv6 default routes from R2). R3 does not redistribute the ::/0 into
OSPF because R3 is only configured to redistribute EIGRP, BGP, and connected IPv6 routes (neither R1 nor
R3 learns ::/0 via BGP because their serial interfaces are down); neither R1 nor R3 has the null route for
2001:DB8:CAFE::/48 as a result of their respective EEM applet actions, so neither R1 nor R3 is injecting a
BGP route for 2001:DB8:CAFE::/48 into the routing table; so R3 does not have the BGP route
2001:DB8:CAFE::/48 to redistribute into OSPF as before (when one of the WAN links is up). Stepping back a
bit, DLS1 and DLS2 learn ::/0 from G0/0 on R2 via RIPng; DLS2 sets the administrative distance of incoming
RIPng routes to 109 (AD is only locally significant), so ::/0 installs in the DLS2 IPv6 routing table as a RIPng
route. R3 learns the ::/0 RIPng route from DLS2 and installs it in the routing table as a RIPng route. Since R3,
an OSPF ASBR, is configured to propagate a default route via OSPFv3 as an external type-1 route
irregardless of the external source of the default route, it does so, as evidenced by the presence of the Type-5
External Link State for ::/0 in the respective IPv6 OSPF link-state databases of R1, DLS1, DLS2, and R3,
advertised by 192.168.3.1 (router ID for OSPFv3 process ID 2 on R3). So DLS1 and R1 install ::/0 as an
OSPF external type-1 route in their routing tables. The net result is default route vectors
R1 DLS1 DLS2 R2  DLS2  R3
R1 does not learn the ::/0 RIPng route from DLS1, even though ::/0 is in the RIPng database for DLS1 (show
ipv6 rip database), because R1 does not have RIPng configured (simulating the ticket TT-A stipulation
that R1 does not support RIPng). Note that, even though ASBR R1 is configured to propagate a default route,
R1 does not propagate the OE1 ::/0 route learned from R3 because it is an internal OSPF route; on the other
hand, R3 does not install in its routing table the ::/0 OE1 route it propagated based on the learned external-to-
OSPF ::/0 RIPng route in its routing table, even though the OE1 AD is lower than the RIPng AD – the
propagator of a default route in an IGP propagates the default route based on a seed default route external to
the IGP (either static or learned from another routing protocol); after the propagator advertises this default
route, the propagator continues to use the seed default route as the installed default route in its routing table.
What if the null route 2001:DB8:CAFE::/48 is not removed from R3?

In this case, R1 blackholes IPv6 packets with destination the Internet (simulated by 2001:DB8:EFAC::/48
on R2 Lo3, Lo4, and Lo5):
Assume that the null route 2001:DB8:CAFE::/48 is on R3; then R3 advertises 2001:DB8:CAFE::/48 to R1 via
iBGP, which R1 installs in its routing table with AD 200, and redistributes via OSPF to DLS1 (because R1 is
configured to propagate a default route in OSPFv3). At the same time, R1 installs in its routing table an IPv6
default route pointing to 2001:DB8:CAFE:6::2, as in Scenario 3, even though 2001:DB8:CAFE:6::2 is
assigned to S0/0/0.2 on R2 and S0/0/0 is down – the address 2001:DB8:CAFE:6::2 is in the address space of
the BGP route 2001:DB8:CAFE::/48, so the router deems the ::/0 route legitimate and installs it in the routing
table. OSPF propagates the default route as OE1 to DLS1, DLS2, and R3 (verified by their respective IPv6
OSPF databases). Nota bene: DLS1 installs ::/0 as an OE1 route in its routing table pointing to R1 (the
propagator). DLS2 has an AD 109 RIPng learned default route in its routing table that points to G0/0 of R2.
R3 has now traded places with R1 relative to the last walkthrough, and installs ::/0 as an OE1 route in its
routing table, pointing to DLS2, sourced from propagator R1 (in the last walkthrough, R1 did not propagate an
OE1 default route so R3 did not learn an OE1 default route; in this walkthrough, R1 propagates the static-
sourced OE1 route, so R3 learns it and installs it in its routing table because the AD is 110, which is lower
than 120, the AD of the RIPng default route learned from DLS2; in this walkthrough, R3 does not propagate
an OE1 default route because there is no external default route in its routing table to seed a default route).
The problem with all this is illustrated by a snippet from the R1 routing table and the CEF entry for
2001:DB8:EFAC::2:
S ::/0 [1/0] R1# show ipv6 cef 2001:db8:efac::2 detail
via 2001:DB8:CAFE:6::2 ::/0, epoch 0
B 2001:DB8:CAFE::/48 [200/0] recursive via 2001:DB8:CAFE:6::2
via 2001:DB8:CAFE:203::1 recursive via 2001:DB8:CAFE::/48
O 2001:DB8:CAFE:203::1/128 [110/3] recursive via 2001:DB8:CAFE:203::1
via FE80::D1, GigabitEthernet0/1 nexthop FE80::D1 GigabitEthernet0/1
An IPv6 packet destined to the Internet (2001:DB8:EFAC::2) will use the default route, which uses the BGP
route, which uses the OSPF route, which sends the packet to DLS1. But DLS1 has a default route pointing
back to R1, so the packets cycle back-and-forth between R1 and DLS1. In conclusion, under Scenario 4, with
both WAN links down,
(1) When the null route 2001:DB8:CAFE::/48 on R3 is removed, full IPv4 and IPv6 functionality results.
(2) When the null route 2001:DB8:CAFE::/48 is added to R3, Internet connectivity is lost from some
sources.
This completes the explanation of the purpose of the EEM applets on R3, DoNotUseIPv6Null and
InstallIPv6Null, which are triggered when the Boolean Track 5 state goes down (both WAN links go down) or
comes up (at least one WAN link comes up).

Ask students what the purpose is for the associated EEM applets. The R2 applet G0/0way allows LAN IPv4
and IPv6 routes to propagate to R2 through the G0/0 “gateway”. In Scenarios 1, 2, and 3, the RIPv2 and
RIPng distribute lists were denying the installation of LAN subnets of 10.1.0.0/16 and 2001:DB8:CAFE::/48
when at least one of the WAN links was up. To illustrate, for the first time in this lab, the RIPv2 route
10.1.200.0/24 and the RIPng route 2001:DB8:CAFE:200::/64, both highlighted in the R2 routing tables,
appear as being accessed via G0/0; side note: the ingress G0/0 offset-lists for RIP on R2, applied in RIPv2
configuration mode and G0/0 interface mode, respectively, cause the IPv4 and IPv6 hop-count metrics to be 5
higher than in previous Scenarios. The G0/0way applet also forces RIPv2 and RIPng default route
propagation when (and only when) both WAN links go down – this explains why DLS1 and DLS2 did not learn
default routes from R2 in previous Scenarios (default routes were learned from R1 or R3). The NoG0/0way
applet reverses the actions of G0/0way when at least one WAN link comes up. The route analysis for Track 5,
combined with the installation of LAN subnets of 10.1.0.0/16 and 2001:DB8:CAFE::/48, and combined with
the coverage of traffic by the R2-originated IPv4 and IPv6 default routes, reveal that the G0/0way applet
ensures full connectivity for the Sandbox network in this Scenario.
The Track 37 state on R1 is still down, so the static routes added by the DEFAULT applet are still present in
the running configuration file. In this Scenario, it is a moot point, though, because the R2-R1 WAN link is
down, so the static routes are not installed.
Note that the Track 23 states on DLS1 and DLS2 are both down, so the HSRP priorities for VLANs 99, 110,
and 120 have been decremented by 20 on DLS1, and the HSRP priorities for VLANs 100, 200, and 300 have
been decremented by 20 on DLS2, resulting in the status quo HSRP active router status for this Scenario
(same as Scenario 1).
The Track 4 state on R1 is still down (as in Scenario 2 and 3), so the null route to 2001:DB8:CAFE::/48 is not
present in the configuration file or IPv6 routing table of R1.
Note: Consistent with the requirements of Task 1, all route computations so far assume that all LAN links are
up. The G0/0 link on R2 is a temporary service provider link and is not considered a LAN link for this lab.
Routing tables for Scenario 5 (R2 G0/0 down):

B* 0.0.0.0/0 [20/0] via 209.165.200.226, 00:19:30

B 2.2.2.2 [20/0] via 209.165.200.226, 00:20:13
R 20.20.20.20 [109/1] via 209.165.200.230, 00:00:24, Serial0/0/0.2
O E1 209.165.200.220/30

B ::/0 [20/0]
via 2001:DB8:FEED:10::2
S 2001:DB8:CAFE::/48 [1/0]
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::1/128 [0/0]
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/103]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/3]
O 2001:DB8:CAFE:212::/64 [110/3]
O 2001:DB8:CAFE:300::/64 [110/2]
OE1 2001:DB8:CAFE:800::/64 [110/103]
OE1 2001:DB8:CAFE:801::/64 [110/103]
OE1 2001:DB8:CAFE:2020::2/128 [110/103]
O 2001:DB8:CAFE:2110::D1/128 [110/1]
O 2001:DB8:CAFE:2120::D2/128 [110/2]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::1/128 [0/0]
OE1 2001:DB8:FEED:14::/126 [110/103]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:10::2
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 209.165.200.229

[1/0] via 10.1.90.3
R 10.1.2.0/30 [120/1] via 209.165.200.229, 00:00:26, Serial0/0/0.2
R 10.1.2.12/30 [120/1] via 10.1.90.3, 00:00:15, Serial0/0/1.2
R 10.1.30.0/24 [120/2] via 209.165.200.229, 00:00:26, Serial0/0/0.2
D 10.1.80.0/25 [90/13607262] via 10.1.90.3, 00:15:06, Serial0/0/1.2
D 10.1.80.128/25 [90/13556702] via 10.1.90.3, 00:15:06, Serial0/0/1.2
R 10.1.99.0/24 [120/2] via 209.165.200.229, 00:00:26, Serial0/0/0.2
R 10.1.100.0/24 [120/2] via 209.165.200.229, 00:00:26, Serial0/0/0.2
R 10.1.110.0/24 [120/2] via 209.165.200.229, 00:00:26, Serial0/0/0.2
R 10.1.200.0/24 [120/2] via 209.165.200.229, 00:00:26, Serial0/0/0.2
R 192.168.1.1 [120/1] via 209.165.200.229, 00:00:26, Serial0/0/0.2
R 192.168.3.1 [120/1] via 10.1.90.3, 00:00:15, Serial0/0/1.2

R 209.165.200.220/30 [120/1] via 10.1.90.3, 00:00:15, Serial0/0/1.2
R 209.165.200.224/30
[120/1] via 209.165.200.229, 00:00:26, Serial0/0/0.2

S ::/0 [1/0]
via FC00::D1
via 2001:DB8:CAFE:90::3
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::2/128 [0/0]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::2/128 [0/0]
R 2001:DB8:CAFE:99::/64 [120/2]
R 2001:DB8:CAFE:100::/64 [120/2]
R 2001:DB8:CAFE:110::/64 [120/2]
S 2001:DB8:CAFE:201::1/128 [1/0]
R 2001:DB8:CAFE:203::1/128 [120/6]
R 2001:DB8:CAFE:212::/64 [120/6]
D 2001:DB8:CAFE:800::/64 [90/13607262]
D 2001:DB8:CAFE:801::/64 [90/13556702]
LC 2001:DB8:CAFE:2020::2/128 [0/0]
R 2001:DB8:CAFE:2110::D1/128 [120/2]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
D 2001:DB8:FEED:14::/126 [90/23796062]
C FC00::/7 [0/0]
L FC00::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


B 10.1.0.0 [20/0] via 209.165.200.225, 00:24:05
B 192.168.1.1 [20/0] via 209.165.200.225, 00:24:05
B 192.168.3.1 [20/0] via 209.165.200.225, 00:24:05
B 209.165.200.220/30 [20/0] via 209.165.200.225, 00:23:34
S ::/0 [1/0]
B 2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:10::1
B 2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:10::1
B 2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:10::1
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::2/128 [0/0]
B 2001:DB8:FEED:14::/126 [20/0]
via 2001:DB8:FEED:10::1
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


B 10.1.0.0 [20/0] via 209.165.200.221, 00:25:31
B 192.168.1.1 [20/0] via 209.165.200.221, 00:25:31
B 192.168.3.1 [20/0] via 209.165.200.221, 00:25:31
B 209.165.200.224/30 [20/0] via 209.165.200.221, 00:25:31

S ::/0 [1/0]
B 2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:14::3
B 2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:14::3
B 2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:14::3
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
B 2001:DB8:FEED:10::/126 [20/0]
via 2001:DB8:FEED:14::3
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

B* 0.0.0.0/0 [20/0] via 209.165.200.222, 00:26:26

B 2.2.2.2 [20/0] via 209.165.200.222, 00:26:26

D 20.20.20.20 [90/13556702] via 10.1.90.2, 00:26:20, Serial0/0/1.2
O E1 209.165.200.224/30
R 209.165.200.228/30 [120/1] via 10.1.90.2, 00:00:14, Serial0/0/1.2

B ::/0 [20/0]
via 2001:DB8:FEED:14::2
S 2001:DB8:CAFE::/48 [1/0]
D 2001:DB8:CAFE:6::/126 [90/23796062]
O 2001:DB8:CAFE:20::/64 [110/3]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::3/128 [0/0]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
O 2001:DB8:CAFE:201::1/128 [110/3]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::3/128 [0/0]
O 2001:DB8:CAFE:300::/64 [110/2]
C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
D 2001:DB8:CAFE:2020::2/128 [90/13556702]
O 2001:DB8:CAFE:2110::D1/128 [110/2]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:10::/126 [110/103]
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::3/128 [0/0]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:14::2
R FC00::/7 [120/2]
L FF00::/8 [0/0]
via Null0, receive


O 10.1.2.12/30 [110/2] via 10.1.30.253, 03:23:24, Vlan300
O E1 10.1.80.0/25 [110/102] via 10.1.30.253, 03:23:24, Vlan300
O E1 10.1.80.128/25 [110/102] via 10.1.30.253, 03:23:24, Vlan300
O E1 10.1.90.2/31 [110/102] via 10.1.30.253, 00:28:12, Vlan300
O 10.1.212.1/32 [110/2] via 10.1.30.253, 03:23:24, Vlan300
O E1 20.20.20.20 [110/102] via 10.1.30.253, 00:28:06, Vlan300
O 192.168.3.1 [110/3] via 10.1.30.253, 03:23:24, Vlan300
O E1 209.165.200.220 [110/102] via 10.1.30.253, 00:28:12, Vlan300
R 209.165.200.228 [120/1] via 10.1.2.2, 00:00:18, FastEthernet0/5

OE1 ::/0 [110/101], tag 2
OE1 2001:DB8:CAFE:6::/126 [110/102]
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::D1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/102]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D1/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1]
O 2001:DB8:CAFE:203::1/128 [110/2]
O 2001:DB8:CAFE:212::/64 [110/2]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D1/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/102]
OE1 2001:DB8:CAFE:801::/64 [110/102]
OE1 2001:DB8:CAFE:2020::2/128 [110/102]
LC 2001:DB8:CAFE:2110::D1/128 [0/0]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:10::/126 [110/101]
OE1 2001:DB8:FEED:14::/126 [110/102]
OE1 2001:DB8:FEED:222::2/128 [110/101]
C FC00::/7 [0/0]
L FC00::D1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 10.1.99.254


S ::/0 [1/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::A1/128 [0/0]
via Vlan99, receive

C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::A1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::A1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::A1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::A1/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::A1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


O 10.1.2.0/30 [110/2] via 10.1.30.252, 03:25:49, Vlan300
O 10.1.211.1/32 [110/2] via 10.1.30.252, 03:25:49, Vlan300
O 192.168.1.1 [110/3] via 10.1.30.252, 03:25:49, Vlan300
O E1 209.165.200.224 [110/102] via 10.1.30.252, 00:30:42, Vlan300
R 209.165.200.228 [120/2] via 10.1.200.252, 00:00:07, Vlan200
[120/2] via 10.1.120.252, 00:00:21, Vlan120
[120/2] via 10.1.110.252, 00:00:00, Vlan110
[120/2] via 10.1.99.252, 00:00:26, Vlan99

OE1 ::/0 [110/101], tag 2
OE1 2001:DB8:CAFE:6::/126 [110/101]
O 2001:DB8:CAFE:20::/64 [110/2]
R 2001:DB8:CAFE:90::/126 [109/2]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D2/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D2/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D2/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D2/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D2/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/2]
R 2001:DB8:CAFE:203::1/128 [109/2]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::D2/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D2/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/101]
OE1 2001:DB8:CAFE:801::/64 [110/101]
OE1 2001:DB8:CAFE:2020::2/128 [110/101]
R 2001:DB8:CAFE:2110::D1/128 [109/2]
LC 2001:DB8:CAFE:2120::D2/128 [0/0]
OE1 2001:DB8:FEED:10::/126 [110/102]
OE1 2001:DB8:FEED:14::/126 [110/101]
OE1 2001:DB8:FEED:222::2/128 [110/101]
R FC00::/7 [109/2]
L FF00::/8 [0/0]
via Null0, receive
Note, for example, that if you enter trace 2.2.2.2 on DLS1 you end up in VRF VPN_A and if you enter
trace 2.2.2.2 on DLS2 you end up in VRF VPN_B. It is common practice to reuse addresses in distinct
VRFs, which usually are associated with distinct companies and kept independent by the service provider.

Ask students what the purpose is for the associated EEM applet. The LANdown applet on R2 adds IPv4
default routes pointing to the S0/0/0.2 and S0/0/1.2 interface IPv4 addresses of R1 and R3, respectively. The
applet also adds IPv6 default routes pointing to the Tunnel0 and S0/0/1.2 interface IPv6 addresses of DLS1
and R3, respectively. When G0/0 is down, these default routes provide connectivity for unknown destinations
previously handled by the default routes installed on R2 via DHCPv4 and SLAAC. The LANup applet is
triggered when G0/0 comes up, and removes the default routes on R2 pointing to the respective tunnel and
serial interfaces on DLS1 and R3.
Routing tables for Scenario 6 (R2 S0/0/0 down and G0/0 down):


B ::/0 [200/0]
via 2001:DB8:CAFE:203::1
B 2001:DB8:CAFE::/48 [200/0]
via 2001:DB8:CAFE:203::1
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/103]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/3]
O 2001:DB8:CAFE:212::/64 [110/3]
O 2001:DB8:CAFE:300::/64 [110/2]
OE1 2001:DB8:CAFE:800::/64 [110/103]
OE1 2001:DB8:CAFE:801::/64 [110/103]
OE1 2001:DB8:CAFE:2020::2/128 [110/103]

O 2001:DB8:CAFE:2110::D1/128 [110/1]
O 2001:DB8:CAFE:2120::D2/128 [110/2]
OE1 2001:DB8:FEED:14::/126 [110/103]
B 2001:DB8:FEED:222::2/128 [200/0]
via 2001:DB8:CAFE:203::1
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 10.1.90.3

R 10.1.2.12/30 [120/1] via 10.1.90.3, 00:00:04, Serial0/0/1.2
D 10.1.80.0/25 [90/13607262] via 10.1.90.3, 00:58:34, Serial0/0/1.2
D 10.1.80.128/25 [90/13556702] via 10.1.90.3, 00:58:34, Serial0/0/1.2
R 192.168.3.1 [120/1] via 10.1.90.3, 00:00:04, Serial0/0/1.2
R 209.165.200.220 [120/1] via 10.1.90.3, 00:00:04, Serial0/0/1.2

S ::/0 [1/0]
via 2001:DB8:CAFE:90::3
via FC00::D1
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::2/128 [0/0]
R 2001:DB8:CAFE:203::1/128 [120/6]
R 2001:DB8:CAFE:212::/64 [120/6]
D 2001:DB8:CAFE:800::/64 [90/13607262]
D 2001:DB8:CAFE:801::/64 [90/13556702]
LC 2001:DB8:CAFE:2020::2/128 [0/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
D 2001:DB8:FEED:14::/126 [90/23796062]
R FC00::/7 [120/8]
L FF00::/8 [0/0]
via Null0, receive


S ::/0 [1/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


B 10.1.0.0 [20/0] via 209.165.200.221, 01:12:22
B 192.168.1.1 [20/0] via 209.165.200.221, 01:12:22
B 192.168.3.1 [20/0] via 209.165.200.221, 01:12:22

S ::/0 [1/0]
B 2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:14::3
B 2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:14::3
B 2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:14::3
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

B* 0.0.0.0/0 [20/0] via 209.165.200.222, 01:13:40

B 2.2.2.2 [20/0] via 209.165.200.222, 01:13:40

D 20.20.20.20 [90/13556702] via 10.1.90.2, 01:13:34, Serial0/0/1.2

B ::/0 [20/0]
via 2001:DB8:FEED:14::2
S 2001:DB8:CAFE::/48 [1/0]
O 2001:DB8:CAFE:20::/64 [110/3]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::3/128 [0/0]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
O 2001:DB8:CAFE:201::1/128 [110/3]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::3/128 [0/0]
O 2001:DB8:CAFE:300::/64 [110/2]
C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
D 2001:DB8:CAFE:2020::2/128 [90/13556702]
O 2001:DB8:CAFE:2110::D1/128 [110/2]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::3/128 [0/0]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:14::2
R FC00::/7 [120/3]
L FF00::/8 [0/0]
via Null0, receive

O*E1 0.0.0.0/0 [110/102] via 10.1.30.253, 00:13:17, Vlan300

O E1 2.2.2.2 [110/102] via 10.1.30.253, 00:13:17, Vlan300
O 10.1.2.12/30 [110/2] via 10.1.30.253, 04:10:18, Vlan300
O E1 10.1.80.0/25 [110/102] via 10.1.30.253, 04:10:18, Vlan300
O E1 10.1.80.128/25 [110/102] via 10.1.30.253, 04:10:18, Vlan300
O E1 10.1.90.2/31 [110/102] via 10.1.30.253, 01:15:06, Vlan300
O 10.1.212.1/32 [110/2] via 10.1.30.253, 04:10:18, Vlan300
O E1 20.20.20.20 [110/102] via 10.1.30.253, 01:15:00, Vlan300
O 192.168.3.1 [110/3] via 10.1.30.253, 04:10:18, Vlan300
O E1 209.165.200.220 [110/102] via 10.1.30.253, 01:15:06, Vlan300

OE1 ::/0 [110/102], tag 2
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::D1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/102]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D1/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1]
O 2001:DB8:CAFE:203::1/128 [110/2]
O 2001:DB8:CAFE:212::/64 [110/2]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D1/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/102]

OE1 2001:DB8:CAFE:801::/64 [110/102]
OE1 2001:DB8:CAFE:2020::2/128 [110/102]
LC 2001:DB8:CAFE:2110::D1/128 [0/0]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:14::/126 [110/102]
OE1 2001:DB8:FEED:222::2/128 [110/102]
C FC00::/7 [0/0]
L FC00::D1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 10.1.99.254


S ::/0 [1/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::A1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::A1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::A1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::A1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::A1/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::A1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


O 10.1.2.0/30 [110/2] via 10.1.30.252, 04:12:35, Vlan300
O 10.1.211.1/32 [110/2] via 10.1.30.252, 04:12:35, Vlan300
O 192.168.1.1 [110/3] via 10.1.30.252, 04:12:35, Vlan300

OE1 ::/0 [110/101], tag 2
O 2001:DB8:CAFE:20::/64 [110/2]
R 2001:DB8:CAFE:90::/126 [109/2]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D2/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D2/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D2/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D2/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D2/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/2]
O 2001:DB8:CAFE:203::1/128 [110/1]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::D2/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D2/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/101]

OE1 2001:DB8:CAFE:801::/64 [110/101]
OE1 2001:DB8:CAFE:2020::2/128 [110/101]
R 2001:DB8:CAFE:2110::D1/128 [109/2]
LC 2001:DB8:CAFE:2120::D2/128 [0/0]
OE1 2001:DB8:FEED:14::/126 [110/101]
OE1 2001:DB8:FEED:222::2/128 [110/101]
R FC00::/7 [109/2]
L FF00::/8 [0/0]
via Null0, receive
The Track 5 state on R2, the Track 4 state on R1, and the Track 23 state on DLS1 are down. This Scenario
was much simpler because the logical topology is basically linear: the devices running dynamic routing
protocols are ordered as R1-DLS1-DLS2-R3-R2.
Routing tables for Scenario 7 (R2 S0/0/1 and G0/0 down):

S* 0.0.0.0/0 [1/0] via 209.165.200.230

B 2.2.2.2 [20/0] via 209.165.200.226, 00:10:46
R 20.20.20.20 [109/1] via 209.165.200.230, 00:00:02, Serial0/0/0.2

S ::/0 [1/0]
via 2001:DB8:CAFE:6::2
B 2001:DB8:CAFE::/48 [200/0]
via 2001:DB8:CAFE:203::1
C 2001:DB8:CAFE:6::/126 [0/0]

L 2001:DB8:CAFE:6::1/128 [0/0]
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::1/128 [0/0]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/3]
O 2001:DB8:CAFE:212::/64 [110/3]
O 2001:DB8:CAFE:300::/64 [110/2]
OE1 2001:DB8:CAFE:800::/64 [110/103]
OE1 2001:DB8:CAFE:801::/64 [110/103]
O 2001:DB8:CAFE:2110::D1/128 [110/1]
O 2001:DB8:CAFE:2120::D2/128 [110/2]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::1/128 [0/0]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:10::2
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 209.165.200.229

R 10.1.2.0/30 [120/1] via 209.165.200.229, 00:00:14, Serial0/0/0.2
R 10.1.30.0/24 [120/2] via 209.165.200.229, 00:00:14, Serial0/0/0.2
R 10.1.99.0/24 [120/2] via 209.165.200.229, 00:00:14, Serial0/0/0.2
R 10.1.100.0/24 [120/2] via 209.165.200.229, 00:00:14, Serial0/0/0.2
R 10.1.110.0/24 [120/2] via 209.165.200.229, 00:00:14, Serial0/0/0.2
R 10.1.200.0/24 [120/2] via 209.165.200.229, 00:00:14, Serial0/0/0.2
R 192.168.1.1 [120/1] via 209.165.200.229, 00:00:14, Serial0/0/0.2
R 209.165.200.224/30
[120/1] via 209.165.200.229, 00:00:14, Serial0/0/0.2

S ::/0 [1/0]
via FC00::D1
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::2/128 [0/0]
R 2001:DB8:CAFE:99::/64 [120/2]
R 2001:DB8:CAFE:100::/64 [120/2]
R 2001:DB8:CAFE:110::/64 [120/2]
S 2001:DB8:CAFE:201::1/128 [1/0]
LC 2001:DB8:CAFE:2020::2/128 [0/0]
R 2001:DB8:CAFE:2110::D1/128 [120/2]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
C FC00::/7 [0/0]
L FC00::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive


B 10.1.0.0 [20/0] via 209.165.200.225, 00:13:54
B 192.168.1.1 [20/0] via 209.165.200.225, 00:13:54
B 192.168.3.1 [20/0] via 209.165.200.225, 00:13:54

S ::/0 [1/0]
B 2001:DB8:CAFE::/48 [20/0]
via 2001:DB8:FEED:10::1
B 2001:DB8:CAFE:201::1/128 [20/0]
via 2001:DB8:FEED:10::1
B 2001:DB8:CAFE:203::1/128 [20/0]
via 2001:DB8:FEED:10::1
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive



S ::/0 [1/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
LC 2001:DB8:FEED:222::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive



OE1 ::/0 [110/103], tag 2
S 2001:DB8:CAFE::/48 [1/0]
O 2001:DB8:CAFE:20::/64 [110/3]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
O 2001:DB8:CAFE:201::1/128 [110/3]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::3/128 [0/0]
O 2001:DB8:CAFE:300::/64 [110/2]
C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
R 2001:DB8:CAFE:2020::2/128 [120/4]
O 2001:DB8:CAFE:2110::D1/128 [110/2]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:10::/126 [110/103]
OE1 2001:DB8:FEED:222::2/128 [110/103]
R FC00::/7 [120/3]
L FF00::/8 [0/0]
via Null0, receive


O 10.1.2.12/30 [110/2] via 10.1.30.253, 04:41:21, Vlan300
O E1 10.1.80.0/25 [110/102] via 10.1.30.253, 04:41:21, Vlan300
O E1 10.1.80.128/25 [110/102] via 10.1.30.253, 04:41:21, Vlan300
O 10.1.212.1/32 [110/2] via 10.1.30.253, 04:41:21, Vlan300
O 192.168.3.1 [110/3] via 10.1.30.253, 04:41:21, Vlan300

OE1 ::/0 [110/101], tag 2
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::D1/128 [0/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::D1/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D1/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1]
O 2001:DB8:CAFE:203::1/128 [110/2]
O 2001:DB8:CAFE:212::/64 [110/2]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D1/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/102]
OE1 2001:DB8:CAFE:801::/64 [110/102]
R 2001:DB8:CAFE:2020::2/128 [120/2]
LC 2001:DB8:CAFE:2110::D1/128 [0/0]
O 2001:DB8:CAFE:2120::D2/128 [110/1]
OE1 2001:DB8:FEED:10::/126 [110/101]
OE1 2001:DB8:FEED:222::2/128 [110/101]
C FC00::/7 [0/0]
L FC00::D1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

S* 0.0.0.0/0 [1/0] via 10.1.99.254


S ::/0 [1/0]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::A1/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]
L 2001:DB8:CAFE:100::A1/128 [0/0]

C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::A1/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::A1/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::A1/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::A1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

O*E1 0.0.0.0/0 [110/102] via 10.1.30.252, 00:19:56, Vlan300

O E1 2.2.2.2 [110/102] via 10.1.30.252, 00:19:56, Vlan300
O 10.1.2.0/30 [110/2] via 10.1.30.252, 04:43:25, Vlan300
O 10.1.211.1/32 [110/2] via 10.1.30.252, 04:43:25, Vlan300
R 20.20.20.20 [120/3] via 10.1.110.252, 00:00:06, Vlan110
[120/3] via 10.1.100.252, 00:00:10, Vlan100
[120/3] via 10.1.99.252, 00:00:14, Vlan99
[120/3] via 10.1.30.252, 00:00:16, Vlan300
O 192.168.1.1 [110/3] via 10.1.30.252, 04:43:25, Vlan300
O E1 209.165.200.224 [110/102] via 10.1.30.252, 00:20:01, Vlan300
R 209.165.200.228 [120/2] via 10.1.120.252, 00:00:22, Vlan120
[120/2] via 10.1.110.252, 00:00:06, Vlan110
[120/2] via 10.1.100.252, 00:00:10, Vlan100
[120/2] via 10.1.99.252, 00:00:14, Vlan99

OE1 ::/0 [110/102], tag 2
O 2001:DB8:CAFE:20::/64 [110/2]
C 2001:DB8:CAFE:99::/64 [0/0]
L 2001:DB8:CAFE:99::D2/128 [0/0]
via Vlan99, receive
C 2001:DB8:CAFE:100::/64 [0/0]

L 2001:DB8:CAFE:100::D2/128 [0/0]
C 2001:DB8:CAFE:110::/64 [0/0]
L 2001:DB8:CAFE:110::D2/128 [0/0]
C 2001:DB8:CAFE:120::/64 [0/0]
L 2001:DB8:CAFE:120::D2/128 [0/0]
C 2001:DB8:CAFE:200::/64 [0/0]
L 2001:DB8:CAFE:200::D2/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/2]
O 2001:DB8:CAFE:203::1/128 [110/1]
C 2001:DB8:CAFE:212::/64 [0/0]
L 2001:DB8:CAFE:212::D2/128 [0/0]
C 2001:DB8:CAFE:300::/64 [0/0]
L 2001:DB8:CAFE:300::D2/128 [0/0]
OE1 2001:DB8:CAFE:800::/64 [110/101]
OE1 2001:DB8:CAFE:801::/64 [110/101]
R 2001:DB8:CAFE:2020::2/128 [109/3]
R 2001:DB8:CAFE:2110::D1/128 [109/2]
LC 2001:DB8:CAFE:2120::D2/128 [0/0]
OE1 2001:DB8:FEED:10::/126 [110/102]
OE1 2001:DB8:FEED:222::2/128 [110/102]
R FC00::/7 [109/2]
L FF00::/8 [0/0]
via Null0, receive
Note that R2 uses the GRE tunnel to reach all non-connected IPv6 networks.
The Track 5 state on R2, the Track 37 state on R1, and the Track 23 state on DLS2 are down. This Scenario
is even simpler than the last one, as the logical topology is decidedly linear: R2-R1-DLS1-DLS2-R3. Note that
in all the Scenarios, the iBGP connection is maintained between Lo0 of R1 and Lo0 of R3 (via IPv4 transport);
for example, in this Scenario we have:
R1# show bgp summary

BGP router identifier 1.0.0.1, local AS number 65501
BGP table version is 56, main routing table version 56
6 network entries using 864 bytes of memory
7 path entries using 560 bytes of memory
3/3 BGP path/bestpath attribute entries using 480 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1928 total bytes of memory

BGP activity 95/83 prefixes, 193/180 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

192.168.3.1 4 65501 314 317 56 0 0 04:02:13 2
209.165.200.226 4 65502 35 40 56 0 0 00:21:51 2
If S0/0/0, S0/0/1, and G0/0 on R2 are all down, then we have an isolated network with no Internet connection.
In this case, only the OSPF and EIGRP portions of the Lab Topology remain (everything minus R2 and the
service provider links). The iBGP connection R1-R3 is still up!
The only remaining failover considerations for the Sandbox company network involve Ethernet links:
R1-DLS1, DLS1-DLS2, DLS1-ALS1, DLS2-ALS1, and R3-DLS2. The specificatons for Task 1 only involve
failed service provider links, so it is appropriate that we did not test the network for resiliency when any of
these Ethernet links fail. These Cases are all handled by FHRP and spanning tree anyway…right? Not really.
See OPTIONAL Cases beginning on the next page.
This completes the student requirements for Task 1: documenting network functionality for Scenarios 1-7.
(OPTIONAL) Routing Behavior in the Sandbox with LAN Failover
We now analyze the LAN failover scenarios by alternately shutting down interfaces F0/5, Po1, and Po10 on
DLS1 and interfaces F0/5 and Po2 on DLS2 to bring down the R1-DLS1, DLS1-DLS2, DLS1-ALS1, DLS2-
ALS1, and R3-DLS2 links for testing.
Case: R3-DLS2 link down

Shut down F0/5 on DLS2. Track 37 on R1 is always up and Track 4 is always down – ask the students to
work through the Boolean logic, as it illustrates how to use negation for a desired effect. Observe that the
applets on R1 associated with Track 37 and Track 4 do not install default routes from R1 and R3 to the global
routing space on R2, and the null route 2001:DB8:CAFE::/48 is removed from R1. All BGP adjacencies are
maintained, basically because Lo0 on R1 and R3 are mutually reachable via IPv4. Also, note that R2, DLS1,
and DLS2 can reach Lo0 on R1 and Lo0 on R3 via global IPv6 routing.
By design, all IPv6 iBGP routes on R1 learned from R3 have a next hop of 2001:DB8:CAFE:203::1. But
2001:DB8:CAFE:203::1 is not IGP-reachable anymore by R1 because any non-VRF path to
2001:DB8:CAFE:203::1 traverses the intermediate link 2001:DB8:CAFE:90::/126, and this network is not in
the R1 routing table. A VRF-path is even more problematic. DLS1 and R2 advertise 2001:DB8:CAFE:90::/126
via RIPng, but R1 does not run RIPng, so BGP is the only dynamic means for R1 to learn the route without
configuring redistribution on DLS1 or R2. Here are some possible solutions:
1. Use a route map on R1 to change the next hop of iBGP-learned routes to 2001:DB8:CAFE:6::2
(S0/0/0.2 on R2).
2. Advertise 2001:DB8:CAFE:90::/126 in BGP on R3.
3. Redistribution on R2 or DLS1 or DLS2.
4. Add a static route on R1 to Lo0 on R3 (if R1 can get an IPv6 packet to R2 then R2 is able to route the
packet the remainder of the path).
5. Replace R1 with a router or an image that supports RIPng (recall from the beginning of the lab that
R1 is assumed throughout the lab to not support RIPng).
6. Use an IPv6-over-IPv4 GRE tunnel between R1 and R3.
However impractical, configuring a GRE tunnel has the advantage that all Scenarios so far maintain the iBGP
adjacency between R1 and R3 via IPv4 transport. So a tunnel between these loopbacks is a good candidate.
We configure the tunnel at this point, using ABCD::/16 to span the tunnel. Test that you can ping ABCD::1
from R3; if there is any trouble, (1) double-check that the iBGP adjacency is up between Lo0 on R1 and Lo0
on R3 and, if there is still an issue, (2) “do a shut/no shut” on Tun0. The only IGP available on both ends is
OSPFv3, which we configure on the tunnel interfaces in Area 0 (remember to configure the Tunnel0 interfaces
in OSPFv3 as not passive):
R1# show ospfv3 neighbor
OSPFv3 2 address-family ipv6 (router-id 192.168.1.1)
Neighbor ID Pri State Dead Time Interface ID Interface

33.0.0.33 0 FULL/ - 00:00:36 17 Tunnel0
11.11.11.11 1 FULL/BDR 00:00:31 473 GigabitEthernet0/1
We add ABCD::/16 to BGP/IPv6 on R1 and R3, and we add Tun0 to EIGRP/IPv6 on R3 (use no shutdown
in the af-interface mode for Tun0 in the IPv6 EIGRP address-family). Then full IPv6 network functionality
is restored. For example, here is the updated IPv6 routing table on R1:

B ::/0 [20/0]
via 2001:DB8:FEED:10::2
B 2001:DB8:CAFE::/48 [200/0]
via 2001:DB8:CAFE:203::1
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::1/128 [0/0]
C 2001:DB8:CAFE:20::/64 [0/0]
L 2001:DB8:CAFE:20::1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/1100]
OI 2001:DB8:CAFE:99::/64 [110/2]
OI 2001:DB8:CAFE:100::/64 [110/2]
OI 2001:DB8:CAFE:110::/64 [110/2]
OI 2001:DB8:CAFE:120::/64 [110/2]
OI 2001:DB8:CAFE:200::/64 [110/2]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/1000]
O 2001:DB8:CAFE:300::/64 [110/2]
OE1 2001:DB8:CAFE:800::/64 [110/1100]
OE1 2001:DB8:CAFE:801::/64 [110/1100]
OE1 2001:DB8:CAFE:2020::2/128 [110/1100]
O 2001:DB8:CAFE:2110::D1/128 [110/1]
O 2001:DB8:CAFE:2120::D2/128 [110/2]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::1/128 [0/0]
OE1 2001:DB8:FEED:14::/126 [110/1100]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:10::2
C ABCD::/16 [0/0]
L ABCD::1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive
With the added connectivity, SSH access remains available (with F0/5 down on DLS2) to the IPv6 address of
S0/0/1.1 on R3 (which links out to VRF VPN_B in AS 65503), illustrating why the state of the TCP Connect
SLA on DLS2 is still up! Track 23 was defined with a Boolean AND to include F0/5 line-protocol monitoring on
DLS2 so that the HSRP/MST applets are triggered on DLS2 when F0/5 goes up or down; similarly for DLS1
Track 23.
Case: R1-DLS1 link down

Shut down F0/5 on DLS1. The only applet in the network triggered is the HSRP/MST applet associated with
Track 23 on DLS1, as desired. Note the trace from DLS1 to AS 65502:
DLS1# trace 2001:db8:feed:10::2

Type escape sequence to abort.
Tracing the route to 2001:DB8:FEED:10::2
1 2001:DB8:CAFE:300::D2 0 msec 8 msec 0 msec

2 2001:DB8:CAFE:212::3 9 msec 0 msec 0 msec
3 ABCD::1 8 msec 0 msec 8 msec
4 2001:DB8:FEED:10::2 0 msec 9 msec 0 msec
The third hop is facilitated by the GRE tunnel (via IPv4), composed of the path R3-to-R2-to-R1 over the non-
VRF WAN links. The last hop is the VPN_A VRF WAN link from R1 to AS 65502. In toto, the path is a spiral!
Case: R1-DLS1 down and R3-DLS2 link down

Shut down F0/5 on DLS1 and DLS2. The HSRP/MST applets both triggered resulting in DLS1 being the root
for MST instance 2 and DLS2 for instance 1, aligned appropriately with the active/standby HSRP router status
for VLAN 99, 100, 110, 120, 200, and 300.
The iBGP connection R1-R3 is still up! This means the R1-R3 GRE tunnel is still up.
The null route 2001:DB8:CAFE::/48 is removed by the Track 4 applet on R1, so R1 learns an iBGP route for
2001:DB8:CAFE::/48, with next hop 2001:DB8:CAFE:203::1 on R3 accessed via ABCD::/16 (the GRE tunnel).
The IPv6 routes on R1 are mostly accessed through the GRE tunnel. The IPv6 routes on R3 are mostly
accessed through the “global” link to R2, and with a smorgasbord of route types: C, L, R, B, OE1, D, O, S
route codes. R2 reaches the Sandbox IPv6 LAN via a default route pointing to ALS1 (which in turn has a
default route pointing to DLS1, with a backup default route pointing to DLS2). R2 reaches the Sandbox IPv4
LAN via a default route pointing to the HSRP virtual IP address for MANAGEMENT VLAN 99. Here are the
IPv6 routing tables for R1, R2, and R3:

B ::/0 [20/0]
via 2001:DB8:FEED:10::2
B 2001:DB8:CAFE::/48 [200/0]
via 2001:DB8:CAFE:203::1
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/1100]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/1000]
OE1 2001:DB8:CAFE:800::/64 [110/1100]
OE1 2001:DB8:CAFE:801::/64 [110/1100]
OE1 2001:DB8:CAFE:2020::2/128 [110/1100]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::1/128 [0/0]
OE1 2001:DB8:FEED:14::/126 [110/1100]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:10::2
C ABCD::/16 [0/0]
L ABCD::1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

ND ::/0 [2/0]
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::2/128 [0/0]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::2/128 [0/0]
NDp 2001:DB8:CAFE:120::/64 [2/0]
L 2001:DB8:CAFE:120::2/128 [0/0]
S 2001:DB8:CAFE:201::1/128 [1/0]
R 2001:DB8:CAFE:203::1/128 [120/6]
D 2001:DB8:CAFE:800::/64 [90/13607262]
D 2001:DB8:CAFE:801::/64 [90/13556702]
LC 2001:DB8:CAFE:2020::2/128 [0/0]
C 2001:DB8:EFAC::/48 [0/0]
L 2001:DB8:EFAC::2/128 [0/0]
D 2001:DB8:FEED:14::/126 [90/23796062]
D ABCD::/16 [90/87040000]
C FC00::/7 [0/0]
L FC00::2/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

B ::/0 [20/0]
via 2001:DB8:FEED:14::2
S 2001:DB8:CAFE::/48 [1/0]
D 2001:DB8:CAFE:6::/126 [90/23796062]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::3/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1000]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
D 2001:DB8:CAFE:2020::2/128 [90/13556702]
OE1 2001:DB8:FEED:10::/126 [110/1100]
C 2001:DB8:FEED:14::/126 [0/0]
L 2001:DB8:FEED:14::3/128 [0/0]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:14::2
C ABCD::/16 [0/0]
L ABCD::3/128 [0/0]
R FC00::/7 [120/2]
L FF00::/8 [0/0]
via Null0, receive
Notice that DLS1 and DLS2 no longer have the IPv4 or IPv6 default routes they previously learned from R1 or
R3. For example, DLS1 can no longer reach 2001:DB8:FEED:222::2. DLS1 and DLS2 will now have to add
new routes to be able to access AS 65502 and AS 65503.
As is clear by now, there are any number of ways to resolve routing issues, just as there are many correct
ways to solve a math problem. Since this issue is uniquely the result of both the R1-DLS1 and R3-DLS2 links
being down, we create tracked SLAs tied to new applets which add/remove default routes on DLS1 and
DLS2, respectively, as the associated Boolean-defined state changes from Up to Down or from Down to Up.
(Since we do not want to override any earlier traffic engineering up to this point, the routes are added
precisely when both R1-DLS1 and R3-DLS2 have gone down.)
The only option we have for a next hop for the default routes is G0/0 of R2; but the addresses on this
interface changes with DHCPv4 and SLAAC, so we instead point to another interface in the routing table
which recursively uses the R2 G0/0 next hop (in a sense, R2 G0/0 is a variable and the next hop used by our
bootstrap route is a value of the variable, coincident with the automatically learned address on R2 G0/0).
For DLS1, we use the bootstrap route associated with S0/0/0.2 on R2:
209.165.200.228/30 and 2001:DB8:CAFE:6::/126 (global route).
For DLS2, we use the bootstrap route associated with S0/0/1.2 on R2:
10.1.90.2/31 and 2001:DB8:CAFE:90::/126 (global route).
The appropriate SLA and object tracking definitions for both DLS1 and DLS2 are:
ip sla 11
tcp-connect 2001:DB8:CAFE:20::D1 22 control disable
threshold 100
timeout 200
frequency 6
!
ip sla schedule 11 life forever start-time now
!
track 61 ip sla 11
delay down 30 up 30
!
ip sla 13
threshold 100
timeout 200
frequency 6
!
!
track 67 ip sla 13
delay down 30 up 30
!
track 71 list Boolean or
object 61
object 67
The appropriate applet definitions for DLS1 are:

event manager applet WAN-LANdissociation
event syslog pattern "71 list boolean and Up->Down"
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 1.2 cli command "ip route 0.0.0.0 0.0.0.0 209.165.200.229 215"
action 1.25 cli command "ipv6 route ::/0 2001:DB8:CAFE:6::1 215"
action 1.3 syslog msg "WAN dissociated from LAN"
event manager applet WAN-LANassociation
event syslog pattern "71 list boolean and Down->Up"
action 1.2 cli command "no ip route 0.0.0.0 0.0.0.0 209.165.200.229 215"
action 1.25 cli command "no ipv6 route ::/0 2001:DB8:CAFE:6::1 215"
action 1.3 syslog msg "WAN reassociated with LAN"
The appropriate applet definitions for DLS2 are:


action 1.25 cli command "ipv6 route ::/0 2001:DB8:CAFE:90::3 215"
action 1.25 cli command "no ipv6 route ::/0 2001:DB8:CAFE:90::3 215"
action 1.3 syslog msg "WAN reassociated with LAN"
Next, note that 2001:DB8:CAFE:6::/126 is missing from the routing tables of DLS1 and DLS2; this route is
needed in order to resolve the next hop for their IPv6 default routes. DLS1 and DLS2 previously learned this
route as an external OSPFv3 redistributed from EIGRP. But the R1-DLS1 and R3-DLS2 OSPFv3 adjacencies
are down. Hence, we enable RIPng on S0/0/0.2 of R2, so that our DLS1 default route next hops are
accessible. Recall that R1 is assumed to not support RIPng throughout this lab.
Note: There are no Cisco IOS CLI command options for configuring a passive interface with RIPng. R2 is
configured with RIPng on its S0/0/0.2 interface, so multicast updates are sent out this interface for RIPng,
even though R1 cannot process the incoming updates. Optionally, you can configure the following to
prevent RIPng multicast updates from being sent out S0/0/0.2:
ipv6 router rip V120
distribute-list prefix-list PASSIVE out Serial0/0/0.2
!
ipv6 prefix-list PASSIVE seq 5 deny ::/0 le 128
The next observation is that, in order for R2 to reach AS 65502 and AS 65503 via the global routing table, R2
must learn the VRF VPN_A serial link route and the VRF VPN_B serial link route from R1 and R3,
respectively. Checking, we see that R2 already learns the VRF VPN_B serial link route from R3 via EIGRP for
IPv6 and via RIPv2 for IPv4; and R2 learns the VRF VPN_A serial link IPv4 route via RIPv2. But the only way
R2 (global) can learn the 2001:DB8:FEED:10::/126 (VRF VPN_A serial link) route in this Case is by using
redistribution or a static route; we have avoided two-way redistribution up to now, so we do not want to go
down the path of introducing redistribution into EIGRP or RIPng, as would be required for R2 to learn this
route for its global routing table; so we add an IPv6 static route on R2 pointing toward AS 65502 with an AD of
215 (so the route has lower precedence than any non-default route used to get to AS 65502):
ipv6 route 2001:DB8:FEED:10::/126 2001:DB8:CAFE:6::1 215
Next, when both R1-DLS1 and R3-DLS2 links are down, to reach AS 65502 and AS 65503 via the global
routing table, R2 needs appropriate routes for 2.2.2.2/32 and 2001:DB8:FEED:222::2/128. Recall that the
Sandbox company consolidated two franchisees with their respective networks; the previous two companies
had used overlapping address spaces (represented by 2.2.2.2/32 and 2001:DB8:FEED:222::2/128), which
were kept separate/independent by the service providers using VRFs.
For redundancy, we add static routes for IPv4 and IPv6 with AD 215 on R2 pointing to R1 s0/0/0.2 and static
routes for IPv4 and IPv6 with AD 220 on R2 pointing to R3 s0/0/1.2. To ensure that these four static routes do
not override earlier routing behavior, we create applets on R2 to add/remove these routes exactly when the
appropriate Boolean object tracking state reflects that both R1-DLS1 and R3-DLS2 links have gone down or,
respectively, that one of them has come up. The appropriate SLAs and object tracking definitions on R2 are:
ip sla 11
threshold 100
timeout 200
frequency 6
!
!
track 61 ip sla 11
delay down 30 up 30
!
ip sla 13
threshold 100
timeout 200
frequency 6
!
!
track 67 ip sla 13
delay down 30 up 30
!
track 71 list Boolean or
object 61
object 67
The appropriate applet definitions for R2 are:

action 1.4 cli command "ipv6 route 2001:DB8:FEED:222::2/128 2001:DB8:CAFE:6::1 215"
action 1.5 cli command "ipv6 route 2001:DB8:FEED:222::2/128 2001:DB8:CAFE:90:3 220"
action 1.6 cli command "ipv6 router rip V120"
action 1.7 cli command "no distribute-list prefix-list NoLAN in GigabitEthernet0/0"
action 1.8 cli command "router rip"
action 1.9 cli command "no distribute-list prefix-list NoLAN in GigabitEthernet0/0"
action 1.4 cli command "no ipv6 route 2001:DB8:FEED:222::2/128 2001:DB8:CAFE:6::1 215"
action 1.5 cli command "no ipv6 route 2001:DB8:FEED:222::2/128 2001:DB8:CAFE:90:3 220"
action 1.7 cli command "distribute-list prefix-list NoLAN in GigabitEthernet0/0"
action 1.9 cli command "distribute-list prefix-list NoLAN in GigabitEthernet0/0"
action 2.0 syslog msg "WAN associated with LAN"
Notice that the WAN-LANdissociation applet also removes the filters in RIPv2 and RIPng which block the
Sandbox LAN routes. This is necessary for R2 to be able to reach some of the LAN routes.
Finally, R3 is not receiving the VLAN 120 IPv6 route because the NDp route on R2 has a lower AD. Many
packets from the Sandbox LAN are sourced from VLAN 120, so we make sure R3 can route to VLAN 120 by
summarizing the VLAN 100, 110, and 120 networks via RIPng on R2 G0/0:
ipv6 rip V120 summary-address 2001:DB8:CAFE:100::/58
Then R3 installs the summary:

R 2001:DB8:CAFE:100::/58 [120/7]
This enables R3 to reach VLAN 120 via R2. According to the VRF VPN_A eBGP route 2001:DB8:CAFE::/48,
R2 sends IPv6 packets to R1. R1 forwards any IPv6 packets destined for 2001:DB8:CAFE::/48 to R3
according to the iBGP instance of this network (which R1 learned from R3). And R3 is now able to reach all
the Sandbox LAN networks. In addition, VRF VPN_B eBGP route 2001:DB8:CAFE::/48 instructs R2 to
forward IPv6 packets to R3. Combining the connectivity observations in this paragraph, we see that Sandbox
LAN devices now have full connectivity with devices in AS 65502 and AS 65503.
Note that PC-C cannot get an IPv4 or IPv6 address automatically because its DHCP server is not reachable
via DHCP relay. This points out a way to improve the resiliency of automatic address allocation. Change the
IPv4 and IPv6 DHCP relay commands on R3 G0/0 to point to SVI 120 of DLS2 instead of F0/5 of DLS2; in
parallel, move the ipv6 dhcp server v6_BranchLAN command on DLS2 from F0/5 to SVI 120. With
these changes, PC-C receives all of its addressing information as long as either S0/0/1 or G0/1 is up on R3.
Bring the R1-DLS1 and R3-DLS2 links up and save the configurations for the routers and switches.
For the record, we display summaries of the tracked object states on all devices with applets when the
interfaces are up:
R1# show track brief

Track Type Instance Parameter State Last Change
2 interface Serial0/0/0 line-protocol Up 1d09h
4 list boolean Up 01:16:13
17 ip sla 3 state Up 1d09h
19 ip sla 5 state Up 01:16:13
23 list boolean Down 01:15:43
37 list boolean Up 1d09h
5 interface GigabitEthernet0/0 line-protocol Up 1d09h
71 list boolean Up 01:16:36
31 ip sla 3 state Up 1d09h
DLS1# show track brief
Track Object Parameter Value
7 ip sla 2 state Up
23 list boolean Up
31 interface FastEthernet0/5 line-protocol Up
61 ip sla 11 state Up
71 list boolean Up
DLS2# show track brief
Track Object Parameter Value
7 ip sla 2 state Up
23 list boolean Up
31 interface FastEthernet0/5 line-protocol Up
71 list boolean Up
Case: R1-DLS1 down, R3-DLS2 link down, and DLS1-DLS2 link down
BGP adjacencies remain intact. DLS1 remains root for MST2 and DLS2 remains root for MST1. HSRP still
works, aligning properly with the MST instances. Basically, nothing changed from the previous Case thanks to
spanning tree.
Case: R1-DLS1 down, R3-DLS2 link down, and DLS1-ALS1 link down
Again, no changes with MST, HSRP, and BGP.
Case: R1-DLS1 down, R3-DLS2 link down, and DLS2-ALS1 link down
Same as previous Case.
Case: R1-DLS1 down, R3-DLS2 link down, DLS1-ALS1 link down, DLS2-ALS1 link down
Two disconnected islands are now formed: (1) ALS1, R1, R2, R3 and (2) DLS1, DLS2. The BGP adjacencies
between R1, R2, and R3 are still up. R1, R2, and R3 now blackhole 10.1.0.0/16 and 2001:DB8:CAFE::/48
traffic, but all other destinations are still reachable. DLS1 and DLS2 can only talk to each other.
Case: R1-DLS1 down, R3-DLS2 link down, DLS1-ALS1 link down, DLS1-DLS2 link down
Here DLS1 is completely isolated. But DLS2-ALS1-R2-R1 and DLS2-ALS1-R2-R3 are active paths. Of
course, all BGP adjacencies are still up! DLS2 still adds applet-triggered IPv4/v6 default routes.
Case: R1-DLS1 down, R3-DLS2 link down, DLS2-ALS1 link down, DLS1-DLS2 link down
Parallel to previous case.
Case: R1-DLS1 down, R3-DLS2 link down, R2 G0/0 down

Here the WAN (R1, R2, R3) is isolated from the LAN (DLS1, ALS1, DLS2). All BGP adjacencies remain intact.
Here are the IPv6 routing tables for R1 and R3 in this Case:

B ::/0 [20/0]
via 2001:DB8:FEED:10::2
B 2001:DB8:CAFE::/48 [200/0]
via 2001:DB8:CAFE:203::1
C 2001:DB8:CAFE:6::/126 [0/0]
L 2001:DB8:CAFE:6::1/128 [0/0]
OE1 2001:DB8:CAFE:90::/126 [110/1100]
LC 2001:DB8:CAFE:201::1/128 [0/0]
O 2001:DB8:CAFE:203::1/128 [110/1000]
OE1 2001:DB8:CAFE:800::/64 [110/1100]
OE1 2001:DB8:CAFE:801::/64 [110/1100]
OE1 2001:DB8:CAFE:2020::2/128 [110/1100]
C 2001:DB8:FEED:10::/126 [0/0]
L 2001:DB8:FEED:10::1/128 [0/0]
OE1 2001:DB8:FEED:14::/126 [110/1100]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:10::2
C ABCD::/16 [0/0]
L ABCD::1/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive

B ::/0 [20/0]
via 2001:DB8:FEED:14::2
S 2001:DB8:CAFE::/48 [1/0]
D 2001:DB8:CAFE:6::/126 [90/23796062]
C 2001:DB8:CAFE:90::/126 [0/0]
L 2001:DB8:CAFE:90::3/128 [0/0]
O 2001:DB8:CAFE:201::1/128 [110/1000]
LC 2001:DB8:CAFE:203::1/128 [0/0]
C 2001:DB8:CAFE:800::/64 [0/0]
L 2001:DB8:CAFE:800::1/128 [0/0]
C 2001:DB8:CAFE:801::/64 [0/0]
L 2001:DB8:CAFE:801::1/128 [0/0]
D 2001:DB8:CAFE:2020::2/128 [90/13556702]
OE1 2001:DB8:FEED:10::/126 [110/1100]
C 2001:DB8:FEED:14::/126 [0/0]

L 2001:DB8:FEED:14::3/128 [0/0]
B 2001:DB8:FEED:222::2/128 [20/0]
via 2001:DB8:FEED:14::2
C ABCD::/16 [0/0]
L ABCD::3/128 [0/0]
R FC00::/7 [120/2]
L FF00::/8 [0/0]
via Null0, receive
The remaining failover Cases can be inferred from the Cases detailed above. For example, in the last Case
one could consider what happens if the R2-R1 link failed, which isolates R1 from R2-R3; one difference would
be that all BGP adjacencies would be dropped except for eBGP between R2 and R3; and LAN failover would
reduce entirely to spanning tree redundancy, with HSRP intact but irrelevant.
Note (reminder): The Sandbox network was designed by the CIOs so that removing the RIPv2, RIPng, GRE
tunnel, EEM applets, and the secondary serial subinterface configurations reduces the network to the Lab
Topology, which is fully functional. Although less appealing, removing all but the RIPv2, RIPng, GRE tunnel,
EEM applets, and secondary serial interface configurations reduces the network to the Overlay Topology,
which is fully functional. The franchisees basically replicated the network designs from their former locations
and introduced path controls to handle the interplay of the routing protocols, spanning tree, DHCP, and HSRP.
Challenge: With the network back to normal (Scenario 0), ask students to explain why SSH via IPv4 from R2
to R3 is failing. Ask students to change the configuration on R2 to resolve the issue while still prescribing a
source interface for SSH connections on R2.
Solution: Change the source interface for SSH on R2 to Lo2. Recall that the VRF configuration on R2
enables R2 to serve as two ISPs (each with their own AS#). Sourcing SSH connections from one of the VRFs
is problematic; for example, traffic sourced from R2 VPN_A Lo0 (2.2.2.2) and received by R3 at 10.1.90.3 is
returned by R3 to 2.2.2.2 via 209.165.200.222 on S0/0/1.1 of R2 (R3 has no knowledge of VRF networks),
but S0/0/1.1 of R2 is strictly a VPN_B VRF interface, so R2 uses the VPN_B routing table which instructs R2
to forward the packet to Lo1 of R2, which is not the source of the SSH connection defined by R2! But Lo2
works: Lo2 is not a VRF interface, Lo2 is the only interface with IPv4 address 20.20.20.20, and all devices are
able to reach 20.20.20.20.
Task 2: Trouble Ticket Lab 10-2 TT-B

Instructor note: This trouble ticket involves devices DLS1, DLS2, and R1 with issues related to MST-HSRP
alignment, IGP peering, BGP peering, and route filtering.
Step 1: Review trouble ticket Lab 10-2 TT-B.

Your contract work paid off. The CIOs are happy with your documentation, which verifies connectivity under all
service provider failover scenarios. They asked you to give a presentation tomorrow to demonstrate the
network resiliency. In preparation for the presentation, you discover that some LAN failover scenarios are not
working properly. There are a lot of missing routes as well. It appears that someone made some
undocumented changes after your network testing. The pressure is on for you to fix the issue(s) today!
Step 2: Load the device trouble ticket configuration files for TT-B.
Load the proper configuration files as indicated in the Device Configuration File table. Watch the configuration
sequences load to ensure that no commands are failing upon being entered. Remember to check that the
appropriate SDM templates are loading on the switches.

ALS1 Lab102-ALS1-TT-B-Cfg.txt This file contains configurations different than other baselines
DLS1 Lab102-DLS1-TT-B-Cfg.txt This file contains errors
DLS2 Lab102-DLS2-TT-B-Cfg.txt This file contains errors
R1 Lab102-R1-TT-B-Cfg.txt This file contains errors
R2 Lab102-R2-TT-B-Cfg.txt This file contains configurations different than other baselines
R3 Lab102-R3-TT-B-Cfg.txt This file contains configurations different than other baselines
Instructor note: The student loads the “broken” TT configuration files for all devices, even though only the
configurations indicated in the Notes column contain errors.

Sometimes MST and VTPv3 do not operate as expect. Check all the items listed below, and make
a. Check that each switch has VLANs 99, 100, 120, 200, 300, 666, and 999.
g. Check that exactly one port channel interface on ALS1 is blocking for each MST instance.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
Step 5: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. Ensure that PC-C is configured as a DHCP client in the R3 branch office LAN.
c. After loading all TT-B device configuration files, issue the ipconfig /release and ipconfig
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
The follow-the-path, divide-and-conquer, or perform-comparison method can be used. Other problem-solving
methods are the top-down, bottom-up, shoot-from-the-hip, and swap-components approaches.
 Bringing down any of the links as in Task 1 effects the desired behavior.
 The tracking states on all devices trigger the expected actions.
 The routes from Task 1 Scenario 1 appear on the devices.


trouble ticket with the instructor. The notes can include problems encountered, solutions applied, useful
improvements.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Trouble Ticket TT-B Debrief—Instructor Notes

TT-B Issue 1
DLS1 is not modifying its MST priority when the DLS1-R1 link goes down or when TCP connectivity via IPv6
from DLS1 to S0/0/0.1 is lost. The EEM implementation on the Catalyst 3560 switches is version 3.2, and on
the ISR G2 routers running IOS 15.4, the version is 4.0. The 3.2 implementation on the switches does not
have the ability to trigger applets based directly on tracked objects, as it does on the routers. So the
workaround is to use syslog pattern matching, which is supported. When a tracked object state changes, a
syslog message is generated that includes an exact match of text specified in an EEM applet, triggering the
applet.
Logging is disabled on DLS1, so the tracked object changes state but does not trigger the applet to run. The
fix is to enable logging! Compare with the DLS2 switch (show logging) for guidance in returning the logging
settings to normal.
TT-B Issue 2
All the IPv4 OSPF routes are missing on R3. The adjacency with DLS2 is down. Using debug ip ospf
hello reveals a mismatch in hello parameters. Going down the list, you get to network type and discover that
DLS2 F0/5 is configured with non-broadcast OSPF network type. Change this to broadcast and the OSPF
routes come back.
TT-B Issue 3
R1 is missing its R3 BGP neighbor. Try various BGP debug options on R1. Nothing obvious is revealed this
way, so it is prudent to use the perform-comparison troubleshooting approach on R1 and R3 – this reveals
that the no neighbor 192.168.3.1 activate command appears under the IPv4 address-family mode
of the BGP AS 65501 configuration on R1; entering neighbor 192.168.3.1 activate and adding the
neighbor 192.168.3.1 next-hop-self command solves the problem.
TT-B Issue 4
The last issue requires some detective work. It is useful to compare the routing tables from Scenario 1 in Task
1. You will eventually find that RIPng routes are missing on R2. Further detective work determines that the
routes missing were sourced from Tunnel0 on DLS1. The same networks are advertised as before; that is, the
same interfaces on the same devices are configured with RIPng. The only remaining explanation is route
filtering. The work to this point leads you review the RIPng route filtering on DLS1. You realize the “RIP”
prefix-list is referenced by a RIPng outgoing distribute list in prescribing which RIPng routes are propagated to
R2 via Tunnel0. Doing the hexadecimal-to-decimal conversion and reviewing how the ge and le options work
with IPv6 prefix lists leads to the conclusion that the 2001:DB8:CAFE:100::/64, 2001:DB8:CAFE:110::/64, and
2001:DB8:CAFE:120::/64 routes are being explicitly blocked by this prefix list; previously, only the
2001:DB8:CAFE:120::/64 network was missing. Changing the line first line of the prefix list to
ipv6 prefix-list RIP seq 10 deny 2001:DB8:CAFE:120:ABCD::/80 ge 81
returns the situation to normal. It turns out this original prefix list is not even blocking
2001:DB8:CAFE:120::/64; this network is “beat out” by an IPv6 Network Discovery learned version of this
route from DLS1 or ALS1; the ND route has an administrative distance of 2, which is much better than 120!
The G0/0 interface of R2 is configured for SLAAC, which explains this default route installation.
Task 3: Trouble Ticket Lab 10-2 TT-C

Instructor note: This trouble ticket involves DLS1, DLS2, R2, and R3, with issues related to EIGRP stub
routing, route summarization, and IPv6 addressing.
Step 1: Review trouble ticket Lab 10-2 TT-C.

You resolved the issues in time to finish your presentation to the CIOs and it went smoothly. You have some
down time and decide to try implementing the EIGRP Stub Routing feature to simplify the EIGRP
configuration for the collocated office. The complexity of the network is making it difficult for you to get it
working. Your window of opportunity is closing today, but you want to show the CIOs that you have a proof-of-
concept for an EIGRP stub solution. It makes sense to include some selective route summarization in the
network, but now you need to troubleshoot your own work. Ensure that network connectivity is at least at the
same level as you validated for TT-A (Task 1) Scenario 1.
Step 2: Load the device trouble ticket configuration files for TT-C.
Load the proper configuration files as indicated in the Device Configuration File table. Watch the configuration
sequences load to ensure that no commands are failing upon being entered. Remember to check that the
appropriate SDM templates are loading on the switches.

ALS1 Lab102-ALS1-TT-C-Cfg.txt This file contains configurations different than other baselines
DLS1 Lab102-DLS1-TT-C-Cfg.txt This file contains errors
DLS2 Lab102-DLS2-TT-C-Cfg.txt This file contains errors
R1 Lab102-R1-TT-C-Cfg.txt This file contains configurations different than other baselines
R2 Lab102-R2-TT-C-Cfg.txt This file contains errors
R3 Lab102-R3-TT-C-Cfg.txt This file contains errors
Instructor note: The student loads the “broken” TT configuration files for all devices, even though only the
configurations indicated in the Notes column contain errors.

Sometimes MST and VTPv3 do not operate as expect. Check all the items listed below, and make
a. Check that each switch has VLANs 99, 100, 120, 200, 300, 666, and 999.
g. Check that exactly one port channel interface on ALS1 is blocking for each MST instance.
a. Configure SRV1 with the static IP address 10.1.100.1/24 and default gateway 10.1.100.254.
Step 5: Release and renew the DHCP lease on PC-B and PC-C.
a. Ensure that PC-B is configured as a DHCP client in the OFFICE VLAN.
b. Ensure that PC-C is configured as a DHCP client in the R3 branch office LAN.
c. After loading all TT-B device configuration files, issue the ipconfig /release and ipconfig
Use this space to identify your troubleshooting approach and the key steps to verify that the problem is
resolved. Troubleshooting approaches to select from include the follow-the-path, perform-comparison,
bottom-up, top-down, divide-and-conquer, shoot-from-the-hip, and swap-components (move-the-problem)
methods.
gathering information, analyzing the information, eliminating possible problem causes, formulating a
hypothesis about the likely cause of the problem, testing that hypothesis, and solving the problem.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
The follow-the-path, divide-and-conquer, or perform-comparison method can be used. Other problem-solving
methods are the top-down, bottom-up, shoot-from-the-hip, and swap-components approaches.
 Modified routing via EIGRP stub and selective route summarization results in comparable connectivity to
Task 1 (TT-A) Scenario 1.
 Archiving, SNMPv2c, and syslog to SRV1 are still working.


trouble ticket with the instructor. The notes can include problems encountered, solutions applied, useful
improvements.
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
_________________________________________________________________________________
Trouble Ticket TT-C Debrief—Instructor Notes

TT-C Issue 1
R1 no longer receives the EIGRP-to-OSPF redistributed R2 Lo2 route because the EIGRP Stub Routing
feature was configured on R2 with the receive-only option for both IPv4 and IPv6 address-families, which
means that R2 does not advertise any EIGRP routes. R2 Lo2 is configured for RIPng, but R1 never receives
these routes because R1 is not configured with RIPng (thus the GRE tunnel around it), and RIPng is never
redistributed to or from any other routing protocol (thus the “Overlay Topology”).
Change EIGRP stub option to connected as this entails all EIGRP routes that were previously advertised by
R2 to R3 via EIGRP. Note that the net effect is zero with respect to the routes that are propagated. The point
of the feature is really more about limiting EIGRP queries used by DUAL when they are not needed in a stub
network topology (although it does not physically look like it in the Logical Toplogy diagram, the EIGRP
implementation on R2 and R3 does simulate a hub-and-spoke topology, with R3 the “distribution router” and
R2 the “remote router”). Here is a pertinent quote from Cisco.com:
“The router responds to queries for summaries, connected routes, redistributed static routes, external routes, and internal routes
with the message "inaccessible." A router that is configured as a stub will send a special peer information packet to all neighboring
routers to report its status as a stub router. Any neighbor that receives a packet informing it of the stub status will not query the stub
router for any routes, and a router that has a stub peer will not query that peer. The stub router will depend on the distribution router
to send the proper updates to all peers.”
TT-C Issue 2
The OSPF Area 1 summarization of the 10.1.80.0/25 and 10.1.80.128/25 OE1 routes on ABRs DLS1 and
DLS2 is not working. The routes are external, so should be summarized by ASBRs. Remove the area 1
range commands on DLS1 and DLS2. On the redistributing ASBR for these routes, R1, enter the command:
summary-address 10.1.80.0 255.255.255.0
This works! DLS1, DLS2, and R1 now learn a single OE1 route for 10.1.80.0/24. R3 displays the 10.1.80.0/24
route as a summary with next hop Null0, as is normal for summarizing routers.
For OSPFv3 summarization of the IPv6 instances of these routes, 2001:DB8:CAFE:800::0/64 and
2001:DB8:CAFE:801::/64, on R3 enter the following command in IPv6 address-family mode:
summary-prefix 2001:db8:cafe:800::/63
DLS1, DLS2, and R1 learn this route and install it in their routing tables in place of the two original routes.
TT-C Issue 3
R2 is missing IPv6 routes again. After some analysis, the routes missing were all sourced from the GRE
tunnel. A look at the tunnel status shows it is up/up. Pings from R2 to FC00::D1 succeed, but fail for FC00:2
(the R2 end of the tunnel). The Tun0 interface configuration is missing all the IPv6 commmands that were
there before. Add these back:
ipv6 address FE80::2 link-local
ipv6 address FC00::2/7
ipv6 rip V120 enable
With this addition, R2 relearns the missing RIPng routes.
Device Configurations (Instructor version)

Note: All device configurations are provided for the three tickets in this lab.
Trouble Ticket—TT-A Configurations

Switch ALS1
!Lab 10-2 Switch ALS1 TT-A Config
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ALS1
!
logging buffered 16384
enable secret cisco
!
username cisco secret cisco
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec default local
!
!
clock timezone PST -8
clock summer-time PDT recurring
do clock set 09:05:00 Oct 29 2014
system mtu routing 1500
vtp domain TSHOOT
vtp mode transparent
vtp version 3
ip routing
ipv6 unicast-routing
!
!
no ip domain-lookup
ip domain-name tshoot.net
!
!
errdisable recovery cause psecure-violation
errdisable recovery interval 120
!
spanning-tree mode mst
spanning-tree portfast default
spanning-tree extend system-id
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
spanning-tree mst configuration
name TSHOOT
revision 25
instance 1 vlan 99, 110, 120
!
vtp mode server
vtp mode server mst
vtp password cisco hidden
!
lldp run
!
!
ip ssh source-interface Vlan99
ip ssh dh min size 2048
!
!
interface Port-channel1
description Channel to DLS1
switchport trunk native vlan 666
switchport trunk allowed vlan 99,100,110,120,200,300
switchport mode trunk
switchport nonegotiate
no shutdown
!
no shutdown
!
interface FastEthernet0/1
channel-group 1 mode on
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
description PARKING_LOT
switchport access vlan 999
switchport mode access
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
shutdown
!
description To PC-B
switchport voice vlan 200
spanning-tree portfast
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface GigabitEthernet0/1
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.251 255.255.255.0
ipv6 address FE80::A1 link-local
ipv6 address 2001:DB8:CAFE:99::A1/64
no ip proxy-arp
no shutdown
!
interface Vlan100
ip address 10.1.100.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan110
ip address 10.1.110.251 255.255.255.0
ipv6 nd prefix 2001:DB8:CAFE:110::/64 no-autoconfig
ipv6 nd managed-config-flag
no ip proxy-arp
no shutdown
!
interface Vlan120
ip address 10.1.120.251 255.255.255.0
ipv6 nd prefix 2001:DB8:CAFE:120::/64
ipv6 nd other-config-flag
no ip proxy-arp
no shutdown
!
interface Vlan200
ip address 10.1.200.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan300
ip address 10.1.30.251 255.255.255.0
no ip proxy-arp
no shutdown
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.99.254
logging source-interface Vlan99
logging host 10.1.100.1
ipv6 route ::/0 2001:DB8:CAFE:99::D1
ipv6 route ::/0 2001:DB8:CAFE:99::D2 5
!
snmp-server community cisco RO
snmp-server community san-fran RW
snmp-server trap-source Vlan99
snmp-server location TSHOOT Lab Facility
snmp-server contact support@tshoot.net

snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps vlan-membership
snmp-server host 10.1.100.1 version 2c cisco
!
banner motd ^*** Lab 10-2 Switch ALS1 TT-A Config ***^
!
ipv6 access-list REMOTEv6
deny ipv6 any any
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication CONSOLE
line vty 0 4
exec-timeout 0 0
ipv6 access-class REMOTEv6 in
logging synchronous
length 0
transport input ssh
!
ntp source Vlan99
ntp server 2.2.2.2
!
crypto key gen rsa general-keys modulus 1024
!
!
archive
log config
logging enable
logging size 50
notify syslog contenttype plaintext
hidekeys
path tftp://10.1.100.1/$h-archive-config
write-memory
file prompt quiet
!
end
!
Switch DLS1
!Lab 10-2 Switch DLS1 TT-A Config
!
!
hostname DLS1
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
vtp domain TSHOOT
vtp version 3
ip routing
no ip domain-lookup
!
!
ip dhcp excluded-address 10.1.110.1 10.1.110.5
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
default-router 10.1.110.254
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
domain-name tshoot.net
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
!
!
ipv6 dhcp pool DHCPv6GUEST
address prefix 2001:DB8:CAFE:110:ABCD::/80
!
ipv6 dhcp pool DHCPv6OFFICE
!
ipv6 dhcp pool DHCPv6VOICE
!
errdisable recovery cause bpduguard
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
name TSHOOT
revision 25

!
spanning-tree mst 1 priority 24576
!
vtp mode server
vtp mode server mst
!
track 7 ip sla 2
delay down 30 up 30
!
track 23 list boolean and
object 7
object 31
!
track 31 interface FastEthernet0/5 line-protocol
delay down 30 up 30
!
lldp run
!
!
!
interface Loopback0
description Anchor
ip address 10.1.211.1 255.255.255.255
ip ospf network point-to-point
ipv6 address FE80::D1 link-local
ipv6 address 2001:DB8:CAFE:2110::D1/128
ipv6 ospf network point-to-point
ipv6 ospf 1 area 0
!
description Channel to ALS1
switchport trunk encapsulation dot1q
no shutdown
!
no shutdown
!
interface Tunnel0
no ip address
ipv6 address FC00::D1/7
tunnel source FastEthernet0/5
tunnel destination 209.165.200.230
!
no shutdown
!

no shutdown
!
no shutdown
!
no shutdown
!
description FE to R1
no switchport
ip address 10.1.2.1 255.255.255.252
ip access-group 101 in
ipv6 ospf 1 area 0
speed 100
duplex full
spanning-tree bpduguard enable
no shutdown
!
description FE to SRV1
no shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.252 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 priority 110
standby 99 preempt
standby 99 track 23 decrement 20
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan100
ip address 10.1.100.252 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan110
ip address 10.1.110.252 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 ospf 1 area 1
ipv6 dhcp server DHCPv6GUEST
no shutdown
!
interface Vlan120
ip address 10.1.120.252 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 ospf 1 area 1
ipv6 dhcp server DHCPv6OFFICE
no shutdown
!
interface Vlan200
ip address 10.1.200.252 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 ospf 1 area 1
ipv6 dhcp server DHCPv6VOICE
no shutdown
!
interface Vlan300
ip address 10.1.30.252 255.255.255.0
no ip proxy-arp
standby 30 ip 10.1.30.254
standby 30 preempt
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 sheaf
ipv6 ospf 1 area 0
ipv6 ospf authentication ipsec spi 500 sha1 1234567890123456789012345678901234567890
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
passive-interface default
no passive-interface Vlan300
no passive-interface FastEthernet0/5
network 10.1.99.0 0.0.0.255 area 1
network 10.1.100.0 0.0.0.255 area 1
network 10.1.110.0 0.0.0.255 area 1
network 10.1.120.0 0.0.0.255 area 1
network 10.1.200.0 0.0.0.255 area 1
network 10.1.30.0 0.0.0.255 area 0
network 10.1.2.0 0.0.0.3 area 0
network 10.1.211.1 0.0.0.0 area 0
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
no ip http server
!
ip sla 2
tcp-connect 2001:DB8:FEED:10::1 22 control disable
threshold 100
timeout 200
frequency 6
!
!
access-list 101 permit tcp host 192.168.1.1 host 192.168.3.1 eq bgp
access-list 101 permit tcp host 192.168.1.1 eq bgp host 192.168.3.1
access-list 101 permit ospf any any
access-list 101 permit icmp any any
access-list 101 permit udp any any
access-list 101 permit ip host 10.1.2.2 any
access-list 101 permit gre any any
!
ipv6 router ospf 1
router-id 11.11.11.11
!
distribute-list prefix-list RIP in
distribute-list prefix-list RIP out Tunnel0
!
!
ipv6 prefix-list RIP seq 20 permit ::/0 le 128
!
!
snmp-server enable traps eigrp
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps errdisable
!
!
banner motd ^*** Lab 10-2 Switch DLS1 TT-A Config ***^
!
alias exec sro show run | begin router ospf
alias exec srr show run | begin router rip
alias exec srr6 show run | begin ipv6 router rip
alias exec sra show run | be section event manager
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 2.2.2.2

!
event manager applet DLS2-MST1-Root
action 1.2 cli command "spanning-tree mst 1 priority 32768"
action 1.3 syslog msg "DLS2 Root for MST1"
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Switch DLS2
!Lab 10-2 Switch DLS2 TT-A Config
!
service timestamps log datetime
!
hostname DLS2
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
vtp domain TSHOOT
vtp version 3
ip routing
no ip domain-lookup
!
!
!
ip dhcp pool VOICE

network 10.1.200.0 255.255.255.0
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
domain tshoot.net
!
ip dhcp pool v4_BranchLAN
network 10.1.80.0 255.255.255.128
!
!
!
ipv6 dhcp pool v6_BranchLAN
!
!
!
!
!
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
name TSHOOT
revision 25
!

!
vtp mode server
vtp mode server mst
!
track 7 ip sla 2
delay down 30 up 30
!
object 7
object 31
!
delay down 30 up 30
!
lldp run
!
!
!
interface Loopback0
description Anchor
ip address 10.1.212.1 255.255.255.255
ipv6 ospf 1 area 0
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!

no shutdown
!
no shutdown
!
no switchport
ip address 10.1.2.13 255.255.255.252
ipv6 ospf 1 area 0
speed 100
duplex full
ipv6 dhcp server v6_BranchLAN
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
description FE to PC-C
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.253 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan100
ip address 10.1.100.253 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan110
ip address 10.1.110.253 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan120
ip address 10.1.120.253 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan200
ip address 10.1.200.253 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan300
ip address 10.1.30.253 255.255.255.0
no ip proxy-arp
standby 30 ip 10.1.30.254
standby 30 preempt
ipv6 ospf 1 area 0
no shutdown
!
router ospf 1
router-id 2.2.2.2
network 10.1.99.0 0.0.0.255 area 1
network 10.1.100.0 0.0.0.255 area 1
network 10.1.110.0 0.0.0.255 area 1
network 10.1.120.0 0.0.0.255 area 1
network 10.1.200.0 0.0.0.255 area 1
network 10.1.30.0 0.0.0.255 area 0
network 10.1.2.12 0.0.0.3 area 0
network 10.1.212.1 0.0.0.0 area 0
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
no ip http server
!
ip sla 2
threshold 100
timeout 200
frequency 6
!
!
access-list 100 permit ip any host 20.20.20.20
access-list 101 permit ip 10.1.80.0 0.0.0.255 any
!
ipv6 router ospf 1
router-id 22.22.22.22
!
distribute-list prefix-list R2PrimeG0/0 in
distance 109
!
!
ipv6 prefix-list R2PrimeG0/0 seq 10 deny 2001:DB8:CAFE:120:ABCD::/80 ge 81
ipv6 prefix-list R2PrimeG0/0 seq 20 permit ::/0 le 128
!
!
!
!
banner motd ^*** Lab 10-2 Switch DLS2 TT-A Config ***^
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99

ntp server 2.2.2.2
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R1
!Lab 10-2 Router R1 TT-A Config
!
!
hostname R1
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip domain name tshoot.net
ip cef
ipv6 cef
!
!
!
lldp run
!
!
track 2 interface Serial0/0/0 line-protocol
delay down 30 up 30
!

object 2
object 17
object 19
!
track 17 ip sla 3
delay down 30 up 30
!
track 19 ip sla 5
delay down 30 up 30
!
object 19 not
delay down 30 up 30
!
track 37 list boolean or
object 17
object 23
delay down 30 up 30
!
!
!
ip ssh source-interface Loopback0
!
interface Loopback0
description iBGP Peer
ip address 192.168.1.1 255.255.255.255
ipv6 address 2001:DB8:CAFE:201::1/128
ospfv3 2 ipv6 area 0
ospfv3 2 ipv6 network point-to-point
!
!
no ip address
shutdown
duplex auto
speed auto
shutdown
!
description FE to DLS1
ip address 10.1.2.2 255.255.255.252
ip nat inside
ip flow ingress
duplex full
speed 100
no shutdown
!
interface Serial0/0/0
description WAN link to R2: 2 Mbps leased line
no ip address
encapsulation frame-relay
no keepalive
clock rate 2000000
no shutdown
!
interface Serial0/0/0.1 point-to-point
ip address 209.165.200.225 255.255.255.252
ipv6 address 2001:DB8:FEED:10::1/126
frame-relay interface-dlci 201
!
ip address 209.165.200.229 255.255.255.252

!
!
router ospfv3 2
!
address-family ipv6 unicast
no passive-interface GigabitEthernet0/1
default-information originate metric 100 metric-type 1
redistribute connected metric 100 metric-type 1 route-map IPv6s0/0/0.1
redistribute bgp 65501 route-map IPv6METRIC
router-id 11.0.0.11
exit-address-family
!
router ospf 1
router-id 1.0.0.1
redistribute bgp 65501 metric 100 metric-type 1 subnets
network 10.1.2.0 0.0.0.3 area 0
network 192.168.1.1 0.0.0.0 area 0
!
router rip
version 2
no passive-interface Serial0/0/0.2
network 10.0.0.0
network 192.168.1.0
network 209.165.200.0
distribute-list prefix RIP out
distance 109 209.165.200.230 0.0.0.0 20
distance 109 10.1.2.1 0.0.0.0 30
no auto-summary
!
router bgp 65501
bgp router-id 1.0.0.1
bgp log-neighbor-changes
neighbor 192.168.3.1 remote-as 65501
neighbor 192.168.3.1 password cisco
neighbor 192.168.3.1 update-source Loopback0
!
address-family ipv4
network 10.1.0.0 mask 255.255.0.0
network 192.168.1.1 mask 255.255.255.255
network 209.165.200.224 mask 255.255.255.252
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 next-hop-self
exit-address-family
!
address-family ipv6
network 2001:DB8:CAFE::/48
network 2001:DB8:FEED:10::/126
network 2001:DB8:CAFE:201::1/128
neighbor 192.168.3.1 route-map IPv4TransportIPv6RouteFromR3 in
exit-address-family
!
!
!
!
ip http server
ip http secure-server
!
ip flow-top-talkers
top 3
sort-by bytes
cache-timeout 600000
!
ip route 10.1.0.0 255.255.0.0 Null0
!
!
ip prefix-list RIP seq 5 permit 192.168.1.1/32
!
!
ip sla 3
icmp-echo 209.165.200.221
frequency 10
ip sla 5
icmp-echo 10.1.2.14
frequency 10
!
!
logging source-interface Loopback0
!
!
ipv6 route 2001:DB8:CAFE::/48 Null0
!
route-map IPv6s0/0/0.1 permit 10
match interface Serial0/0/0.1
!
route-map IPv4TransportIPv6RouteFromR2 permit 10
set ipv6 next-hop 2001:DB8:FEED:10::2
!
set ipv6 next-hop 2001:DB8:CAFE:203::1
!
route-map IPv6METRIC permit 10
set metric 100
set metric-type type-1
!
!
snmp-server trap-source Loopback0
snmp-server enable traps flash insertion
snmp-server enable traps flash removal
snmp-server enable traps cpu threshold
!
access-list 20 permit 20.0.0.0 0.255.255.255
!
!
banner motd ^*** Lab 10-2 Router R1 TT-A Config ***^
!
alias exec srb show run | begin router bgp

alias exec srr show run | b router rip
alias exec sra show run | begin section event manager
banner motd ^CCCCCC*** Lab 10-2 Router R1 TT-A Config ***^C
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Loopback0
ntp update-calendar
ntp server 2.2.2.2
!
event manager applet DoNotUseIPv6Null
event track 4 state down
action 1.2 cli command "no ipv6 route 2001:db8:cafe::/48 Null0"
action 1.4 syslog msg "Uninstall IPv6 Null!"
event manager applet InstallIPv6Null
event track 4 state up
action 1.2 cli command "ipv6 route 2001:db8:cafe::/48 Null0"
action 1.3 syslog msg "Install IPv6 Null!"
event manager applet DEFAULT
action 1.2 cli command "ip route 0.0.0.0 0.0.0.0 209.165.200.230"
action 1.3 cli command "ipv6 route ::/0 2001:db8:cafe:6::2"
action 1.4 syslog msg "DEFAULT for Internet"
event manager applet NoDEFAULT
action 1.2 cli command "no ip route 0.0.0.0 0.0.0.0 209.165.200.230"
action 1.3 cli command "no ipv6 route ::/0 2001:db8:cafe:6::2"
action 1.4 syslog msg "No Default for Internet"
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R2
!
!
hostname R2
!
vrf definition VPN_A
rd 100:1
route-target export 100:1
route-target import 100:1

!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition VPN_B
rd 200:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip cef
ipv6 cef
!
!
lldp run
!
delay down 30 up 30
!
delay down 30 up 30
!
object 1
object 2
!
track 5 interface GigabitEthernet0/0 line-protocol
delay down 30 up 30
!
!
!
!
interface Loopback0
description VPN_A
vrf forwarding VPN_A
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
description VPN_B
vrf forwarding VPN_B
ip address 2.2.2.2 255.255.255.255

!
interface Loopback2
description EIGRP & RIP
ip address 20.20.20.20 255.255.255.255
!
interface Loopback3
description Internet
ip address 22.22.22.22 255.0.0.0
ipv6 address 2001:DB8:EFAC::2/48
!
interface Loopback4
ip address 22.22.22.22 255.0.0.0
!
interface Loopback5
ip address 22.22.22.22 255.0.0.0
!
!
ip address dhcp
duplex auto
speed auto
ipv6 address autoconfig
ipv6 enable
ipv6 nd autoconfig default-route
ipv6 rip V120 metric-offset 5
ipv6 dhcp client pd hint ::/64
no shutdown
!
no ip address
no keepalive
no shutdown
!
ip address 209.165.200.226 255.255.255.252
!
ip address 209.165.200.230 255.255.255.252
!
interface Tunnel0
no ip address
tunnel source Serial0/0/0.2
!

no ip address
no keepalive
clock rate 2000000
no shutdown
!
ip address 209.165.200.222 255.255.255.252
!
ip address 10.1.90.2 255.255.255.254
!
!
router eigrp HQ
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
shutdown
passive-interface
exit-af-interface
!
af-interface Serial0/0/1.2
no shutdown
no passive-interface
exit-af-interface
!
af-interface Loopback2
no shutdown
exit-af-interface
!
topology base
exit-af-topology
network 10.1.90.2 0.0.0.1
network 20.20.20.20 0.0.0.0
exit-address-family
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
!
router rip
version 2
offset-list 0 in 5 GigabitEthernet0/0
network 10.0.0.0
network 20.0.0.0
network 209.165.200.0
distribute-list prefix NoLAN in GigabitEthernet0/0
no auto-summary
!
!
router bgp 65502
no bgp default ipv4-unicast
!
address-family ipv4 vrf VPN_A
network 0.0.0.0
network 2.2.2.2 mask 255.255.255.255
neighbor 209.165.200.225 password 7 14141B180F0B
exit-address-family
!
network ::/0
network 2001:DB8:FEED:222::2/128
neighbor 209.165.200.225 route-map IPv4TransportIPv6RouteA in
exit-address-family
!
address-family ipv4 vrf VPN_B
network 0.0.0.0
network 2.2.2.2 mask 255.255.255.255
neighbor 209.165.200.221 local-as 65503 no-prepend replace-as
neighbor 209.165.200.221 password 7 0822455D0A16
neighbor 209.165.200.221 allowas-in
exit-address-family
!
network ::/0
neighbor 209.165.200.221 route-map IPv4TransportIPv6RouteB in
exit-address-family
!
!
!
!
ip http server
!
ip flow-top-talkers
top 3
sort-by bytes
!
ip route vrf VPN_A 0.0.0.0 0.0.0.0 Null0
ip route vrf VPN_B 0.0.0.0 0.0.0.0 Null0

!
ip prefix-list NoLAN seq 10 deny 10.1.0.0/16 ge 17
ip prefix-list NoLAN seq 20 permit 0.0.0.0/0 le 32
!
!
ip sla 3
icmp-echo 10.1.2.2
frequency 10
ip sla 5
icmp-echo 10.1.2.14
frequency 10
!
!
!
!
ipv6 route 2001:DB8:CAFE:201::1/128 Serial0/0/0.2
ipv6 route vrf VPN_B ::/0 Null0
ipv6 route vrf VPN_A ::/0 Null0
!
!
distribute-list prefix-list NoLAN in GigabitEthernet0/0
distribute-list prefix-list RIP in Tunnel0
!
!
ipv6 prefix-list NoLAN seq 10 deny 2001:DB8:CAFE::/48 ge 49
ipv6 prefix-list NoLAN seq 20 permit ::/0 le 128
!
ipv6 prefix-list RIP seq 10 deny 2001:DB8:CAFE:120::/64
!
!
route-map IPv4TransportIPv6RouteA permit 10
!
route-map IPv4TransportIPv6RouteB permit 10
!
!
!
!
alias exec sre show run | begin router eigrp
alias exec srr6 show run | b ipv6 router rip
alias exec sra show run | section event manager
alias exec srig show run inter g0/0
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp master 3
!
!
event manager applet G0/0way
action 1.14 cli command "no distribute-list prefix NoLAN in G0/0"
action 1.145 cli command "int g0/0"
action 1.15 cli command "ipv6 rip V120 default-information originate"
action 1.3 cli command "no distribute-list prefix NoLAN in GigabitEthernet0/0"
action 1.35 cli command "default-information originate"
action 1.4 syslog msg "G0/0 Way!"
event manager applet NoG0/0way
action 1.14 cli command "distribute-list prefix NoLAN in G0/0"
action 1.15 cli command "no ipv6 rip V120 default-information originate"
action 1.3 cli command "distribute-list prefix NoLAN in GigabitEthernet0/0"
action 1.35 cli command "no default-information originate"
action 1.4 syslog msg "No G0/0 Way!"
event manager applet LANdown
action 1.4 cli command "ipv6 route ::/0 FC00::D1"
action 1.6 syslog msg "LAN Down!"
event manager applet LANup
action 1.4 cli command "no ipv6 route ::/0 FC00::D1"
action 1.6 syslog msg "LAN Up!"
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R3
!
!
hostname R3
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip cef
!
!
ip dhcp pool Simulatedv4LAN
network 10.1.80.128 255.255.255.128
!
ipv6 cef
!
!
lldp run
!
!
delay down 30 up 30
!
object 4
object 31
!
track 31 ip sla 3
delay down 30 up 30
!
!
!
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.255
!
interface Loopback1
description Branch Office Simulated LAN
ip address pool Simulatedv4LAN
!
!
description Collocated Office LAN
ip address 10.1.80.1 255.255.255.128
ip helper-address 10.1.2.13
duplex full
speed 100
ipv6 nd prefix 2001:DB8:CAFE:800::/64 2592000 604800 no-autoconfig
ipv6 dhcp relay destination 2001:DB8:CAFE:212::D2
ipv6 traffic-filter ALLOW-TCP-ICMP in
no shutdown
!
ip address 10.1.2.14 255.255.255.252
ip flow ingress
duplex full
speed 100
no shutdown
!
no ip address
no keepalive
no shutdown
!
ip address 209.165.200.221 255.255.255.252
!
ip address 10.1.90.3 255.255.255.254
!
!
router eigrp HQ
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
af-interface GigabitEthernet0/0
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
network 10.1.80.0 0.0.0.255
network 10.1.90.2 0.0.0.1
exit-address-family
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
!
router ospfv3 2
!
redistribute connected route-map IPv6EIGRP&s0/0/1.1
redistribute eigrp 1 metric 100 metric-type 1
router-id 33.0.0.33
exit-address-family
!
!
router ospf 1
router-id 3.0.0.3
redistribute eigrp 1 metric 100 metric-type 1 subnets route-map EIGRP
network 10.1.2.12 0.0.0.3 area 0
network 192.168.3.1 0.0.0.0 area 0
!
!
router rip
version 2
network 10.0.0.0
network 192.168.3.0
network 209.165.200.0
no auto-summary
!
!
router bgp 65501
neighbor 192.168.1.1 password 7 045802150C2E
neighbor 209.165.200.222 password 7 110A1016141D
!
address-family ipv4
network 10.1.0.0 mask 255.255.0.0

network 192.168.3.1 mask 255.255.255.255
network 209.165.200.220 mask 255.255.255.252
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
!
ip http server
ip flow-top-talkers
top 3
sort-by bytes
!
!
ip route 10.1.0.0 255.255.0.0 Null0
!
!
ip prefix-list 20 seq 10 permit 10.1.90.2/31
!
!
!
!
ip sla 3
icmp-echo 209.165.200.225
frequency 10
!
!
!
!
!
!
!
!
ipv6 prefix-list EIGRP seq 10 permit 2001:DB8:CAFE:90::/126
!
!
!
route-map EIGRP permit 10
match ip address prefix-list 20
!
!
!
set metric 100
!
route-map IPv6EIGRP&s0/0/1.1 permit 10
match ipv6 address prefix-list EIGRP
set metric 100
!
set metric 100
!
!
!
!
alias exec sre show run | b router eigrp
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
!
ntp update-calendar
ntp server 2.2.2.2
!

action 1.3 syslog msg "Unnstall IPv6 Null!"

!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Trouble Ticket - TT-B Configurations
Switch ALS1
!Lab 10-2 Switch ALS1 TT-B Config
!
!
hostname ALS1
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
vtp domain TSHOOT
vtp version 3
ip routing
!
!
no ip domain-lookup
!
!
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
name TSHOOT
revision 25
!
vtp mode server
vtp mode server mst
!
lldp run
!
!
!
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
description To PC-B
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan100
ip address 10.1.100.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan110
ip address 10.1.110.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan120
ip address 10.1.120.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan200
ip address 10.1.200.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan300
ip address 10.1.30.251 255.255.255.0
no ip proxy-arp
no shutdown
!
no ip http server
ip route 0.0.0.0 0.0.0.0 10.1.99.254

!
!
banner motd ^*** Lab 10-2 Switch ALS1 TT-B Config ***^
!
deny ipv6 any any
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
length 0
transport input ssh
!
ntp source Vlan99
ntp server 2.2.2.2
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Switch DLS1
!Lab 10-2 Switch DLS1 TT-B Config
!
!
hostname DLS1
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
vtp domain TSHOOT
vtp version 3
ip routing
no ip domain-lookup
!
!
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
!
!
!
!
!
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
name TSHOOT
revision 25
!
!
vtp mode server
vtp mode server mst
!
track 7 ip sla 2
delay down 30 up 30
!
object 7
object 31
!
delay down 30 up 30
!
lldp run
!
!
!
interface Loopback0
description Anchor
ip address 10.1.211.1 255.255.255.255
ipv6 ospf 1 area 0
!
no shutdown
!
no shutdown
!
interface Tunnel0
no ip address
!

no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no switchport
ip address 10.1.2.1 255.255.255.252
ipv6 ospf 1 area 0
speed 100
duplex full
no shutdown
!
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
no logging console
no logging monitor
no logging buffered
no logging exception
no logging trap
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.252 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 preempt

ipv6 ospf 1 area 1
no shutdown
!
interface Vlan100
ip address 10.1.100.252 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan110
ip address 10.1.110.252 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan120
ip address 10.1.120.252 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan200
ip address 10.1.200.252 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan300
ip address 10.1.30.252 255.255.255.0
no ip proxy-arp
standby 30 ip 10.1.30.254
standby 30 preempt
ipv6 ospf 1 area 0
!
router ospf 1
router-id 1.1.1.1
network 10.1.99.0 0.0.0.255 area 1
network 10.1.100.0 0.0.0.255 area 1
network 10.1.110.0 0.0.0.255 area 1
network 10.1.120.0 0.0.0.255 area 1
network 10.1.200.0 0.0.0.255 area 1
network 10.1.30.0 0.0.0.255 area 0
network 10.1.2.0 0.0.0.3 area 0
network 10.1.211.1 0.0.0.0 area 0
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
no ip http server
!
ip sla 2
threshold 100
timeout 200
frequency 6
!
!
!
ipv6 router ospf 1
router-id 11.11.11.11
!
!
!
ipv6 prefix-list RIP seq 10 deny 2001:DB8:CAFE:100::/58 ge 59
!
!
!
!
banner motd ^*** Lab 10-2 Switch DLS1 TT-B Config ***^
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 2.2.2.2
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Switch DLS2
!Lab 10-2 Switch DLS2 TT-B Config
!
!
hostname DLS2
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
vtp domain TSHOOT
vtp version 3
ip routing
no ip domain-lookup
!
!
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
domain tshoot.net
!
network 10.1.80.0 255.255.255.128
!
!
!
!
!
!
!
!
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
name TSHOOT
revision 25
!
!
vtp mode server
vtp mode server mst
!
track 7 ip sla 2
delay down 30 up 30
!
object 7
object 31
!
delay down 30 up 30
!
lldp run
!
!
!
interface Loopback0
description Anchor
ip address 10.1.212.1 255.255.255.255
ipv6 ospf 1 area 0
!
no shutdown
!
no shutdown
!

no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no switchport
ip address 10.1.2.13 255.255.255.252
ip ospf network non-broadcast
ipv6 ospf 1 area 0
speed 100
duplex full
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.253 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan100
ip address 10.1.100.253 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254

standby 100 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan110
ip address 10.1.110.253 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan120
ip address 10.1.120.253 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan200
ip address 10.1.200.253 255.255.255.0
no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan300
ip address 10.1.30.253 255.255.255.0
no ip proxy-arp
standby 30 ip 10.1.30.254
standby 30 preempt
ipv6 ospf 1 area 0
no shutdown
!
router ospf 1
router-id 2.2.2.2
network 10.1.99.0 0.0.0.255 area 1
network 10.1.100.0 0.0.0.255 area 1
network 10.1.110.0 0.0.0.255 area 1
network 10.1.120.0 0.0.0.255 area 1
network 10.1.200.0 0.0.0.255 area 1
network 10.1.30.0 0.0.0.255 area 0
network 10.1.2.12 0.0.0.3 area 0
network 10.1.212.1 0.0.0.0 area 0
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
no ip http server
!
ip sla 2
threshold 100
timeout 200
frequency 6
!
!
!
ipv6 router ospf 1
router-id 22.22.22.22
!
distance 109
!
!
!
!
!
!
banner motd ^*** Lab 10-2 Switch DLS2 TT-B Config
***^
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 2.2.2.2
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R1
!Lab 10-2 Router R1 TT-B Config
!
!
hostname R1
!
enable secret cisco
!
aaa new-model
!
!
!
!

do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip cef
ipv6 cef
!
!
!
lldp run
!
!
delay down 30 up 30
!
object 2
object 17
object 19
!
track 17 ip sla 3
delay down 30 up 30
!
track 19 ip sla 5
delay down 30 up 30
!
object 19 not
delay down 30 up 30
!
object 17
object 23
delay down 30 up 30
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
!
no ip address
shutdown
duplex auto
speed auto
shutdown
!
ip address 10.1.2.2 255.255.255.252
ip nat inside
ip flow ingress
duplex full
speed 100
no shutdown
!
no ip address
no keepalive
clock rate 2000000
no shutdown
!
ip address 209.165.200.225 255.255.255.252
!
ip address 209.165.200.229 255.255.255.252
!
!
router ospfv3 2
!
router-id 11.0.0.11
exit-address-family
!
router ospf 1
router-id 1.0.0.1
network 10.1.2.0 0.0.0.3 area 0
network 192.168.1.1 0.0.0.0 area 0
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
network 209.165.200.0
distance 109 209.165.200.230 0.0.0.0 20
distance 109 10.1.2.1 0.0.0.0 30
no auto-summary
!
router bgp 65501
!
address-family ipv4
network 10.1.0.0 mask 255.255.0.0
network 192.168.1.1 mask 255.255.255.255
network 209.165.200.224 mask 255.255.255.252
exit-address-family
!
address-family ipv6
!neighbor 192.168.3.1 activate
exit-address-family
!
!
!
!
ip http server
!
ip flow-top-talkers
top 3
sort-by bytes
!
ip route 10.1.0.0 255.255.0.0 Null0
!
!
!
!
ip sla 3
icmp-echo 209.165.200.221
frequency 10
ip sla 5
icmp-echo 10.1.2.14
frequency 10
!
!
!
!
!
!
!
!
set metric 100
!
!

!
!
!
banner motd ^*** Lab 10-2 Router R1 TT-B Config ***^
!
alias exec sra show run | begin section event manager
banner motd ^CCCCCC*** Lab 10-2 Router R1 TT-B Config ***^C
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp update-calendar
ntp server 2.2.2.2
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R2
!
!
hostname R2
!
rd 100:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
rd 200:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip cef
ipv6 cef
!
!
lldp run
!
delay down 30 up 30
!
delay down 30 up 30
!
object 1
object 2
!
delay down 30 up 30
!
!
!
!
interface Loopback0
description VPN_A
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
description VPN_B
ip address 2.2.2.2 255.255.255.255
!
interface Loopback2
ip address 20.20.20.20 255.255.255.255
!
interface Loopback3
ip address 22.22.22.22 255.0.0.0
!
interface Loopback4
ip address 22.22.22.22 255.0.0.0
!
interface Loopback5
ip address 22.22.22.22 255.0.0.0
!
!
ip address dhcp
duplex auto
speed auto
ipv6 enable
no shutdown
!
no ip address
no keepalive
no shutdown
!
ip address 209.165.200.226 255.255.255.252

!
ip address 209.165.200.230 255.255.255.252
!
interface Tunnel0
no ip address
!
no ip address
no keepalive
clock rate 2000000
no shutdown
!
ip address 209.165.200.222 255.255.255.252
!
ip address 10.1.90.2 255.255.255.254
!
!
router eigrp HQ
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
network 10.1.90.2 0.0.0.1
network 20.20.20.20 0.0.0.0
exit-address-family
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
!
router rip
version 2
network 10.0.0.0
network 20.0.0.0
network 209.165.200.0
no auto-summary
!
!
router bgp 65502
!
network 0.0.0.0
network 2.2.2.2 mask 255.255.255.255
exit-address-family
!
network ::/0
exit-address-family
!
network 0.0.0.0
network 2.2.2.2 mask 255.255.255.255
exit-address-family
!
network ::/0

exit-address-family
!
!
!
!
ip http server
!
ip flow-top-talkers
top 3
sort-by bytes
!
!
!
!
ip sla 3
icmp-echo 10.1.2.2
frequency 10
ip sla 5
icmp-echo 10.1.2.14
frequency 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp master 3
!
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R3
!
!
hostname R3
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip cef
!
!
network 10.1.80.128 255.255.255.128
!
ipv6 cef
!
!
lldp run
!
!
delay down 30 up 30
!
object 4
object 31
!
track 31 ip sla 3
delay down 30 up 30
!
!
!
!
!
interface Loopback0

ip address 192.168.3.1 255.255.255.255
!
interface Loopback1
!
!
ip address 10.1.80.1 255.255.255.128
duplex full
speed 100
no shutdown
!
ip address 10.1.2.14 255.255.255.252
ip flow ingress
duplex full
speed 100
no shutdown
!
no ip address
no keepalive
no shutdown
!
ip address 209.165.200.221 255.255.255.252
!
ip address 10.1.90.3 255.255.255.254
!
!
router eigrp HQ
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
network 10.1.80.0 0.0.0.255
network 10.1.90.2 0.0.0.1
exit-address-family
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
!
router ospfv3 2
!
router-id 33.0.0.33
exit-address-family
!
!
router ospf 1
router-id 3.0.0.3
network 10.1.2.12 0.0.0.3 area 0
network 192.168.3.1 0.0.0.0 area 0
!
!
router rip
version 2
network 10.0.0.0
network 192.168.3.0
network 209.165.200.0
no auto-summary
!
!
router bgp 65501
!
address-family ipv4
network 10.1.0.0 mask 255.255.0.0
network 192.168.3.1 mask 255.255.255.255
network 209.165.200.220 mask 255.255.255.252
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
!
ip http server
ip flow-top-talkers
top 3
sort-by bytes
!
!
ip route 10.1.0.0 255.255.0.0 Null0
!
!
!
!
!
!
ip sla 3
icmp-echo 209.165.200.225
frequency 10
!
!

!
!
!
!
!
!
!
!
!
!
!
!
set metric 100
!
set metric 100
!
set metric 100
!
!
!
!
alias exec sre show run | b router eigrp
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
!
ntp update-calendar
ntp server 2.2.2.2
!

!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Trouble Ticket - TT-C Configurations
Switch ALS1
!Lab 10-2 Switch ALS1 TT-C Config
!
!
hostname ALS1
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
vtp domain TSHOOT
vtp version 3
ip routing
!
!
no ip domain-lookup
!
!
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
name TSHOOT
revision 25
!
vtp mode server
vtp mode server mst
!
lldp run
!
!
!
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
description To PC-B
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan100
ip address 10.1.100.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan110
ip address 10.1.110.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan120
ip address 10.1.120.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan200
ip address 10.1.200.251 255.255.255.0
no ip proxy-arp
no shutdown
!
interface Vlan300
ip address 10.1.30.251 255.255.255.0
no ip proxy-arp
no shutdown
!
no ip http server
ip route 0.0.0.0 0.0.0.0 10.1.99.254
!
!
banner motd ^*** Lab 10-2 Switch ALS1 TT-C Config ***^
!
alias exec sira show ip route vrf VPN_A
alias exec sirb show ip route vrf VPN_B
alias exec sir show ip route
alias exec six show ipv6 route
alias exec sixa show ipv6 route vrf VPN_A
alias exec sixb show ipv6 route vrf VPN_B
!
deny ipv6 any any
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
length 0
transport input ssh
!
ntp source Vlan99
ntp server 2.2.2.2
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Switch DLS1
!Lab 10-2 Switch DLS1 TT-C Config
!
!
hostname DLS1
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
vtp domain TSHOOT
vtp version 3
ip routing
no ip domain-lookup
!
!
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
!
!
!
!
!
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
name TSHOOT
revision 25
!
!
vtp mode server
vtp mode server mst
!
track 7 ip sla 2
delay down 30 up 30
!
object 7
object 31
!
delay down 30 up 30
!
lldp run
!
!
interface Loopback0
description Anchor
ip address 10.1.211.1 255.255.255.255

ipv6 ospf 1 area 0
!
no shutdown
!
no shutdown
!
interface Tunnel0
no ip address
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no switchport
ip address 10.1.2.1 255.255.255.252

ipv6 ospf 1 area 0
speed 100
duplex full
no shutdown
!
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!

shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.252 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan100
ip address 10.1.100.252 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan110
ip address 10.1.110.252 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan120
ip address 10.1.120.252 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan200
ip address 10.1.200.252 255.255.255.0

no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan300
ip address 10.1.30.252 255.255.255.0
no ip proxy-arp
standby 30 ip 10.1.30.254
standby 30 preempt
ipv6 ospf 1 area 0
!
router ospf 1
router-id 1.1.1.1
area 1 range 10.1.80.0 255.255.255.0
network 10.1.99.0 0.0.0.255 area 1
network 10.1.100.0 0.0.0.255 area 1
network 10.1.110.0 0.0.0.255 area 1
network 10.1.120.0 0.0.0.255 area 1
network 10.1.200.0 0.0.0.255 area 1
network 10.1.30.0 0.0.0.255 area 0
network 10.1.2.0 0.0.0.3 area 0
network 10.1.211.1 0.0.0.0 area 0
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
no ip http server
!
ip sla 2
threshold 100
timeout 200
frequency 6
!
!
!
ipv6 router ospf 1
router-id 11.11.11.11
!

!
!
!
!
!
!
banner motd ^*** Lab 10-2 Switch DLS1 TT-C Config ***^
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 2.2.2.2
!
!
!
archive
log config
logging enable
logging size 50

hidekeys
write-memory
file prompt quiet
!
end
!
Switch DLS2
!Lab 10-2 Switch DLS2 TT-C Config
!
!
hostname DLS2
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
vtp domain TSHOOT
vtp version 3
ip routing
no ip domain-lookup
!
!
!
ip dhcp pool VOICE
network 10.1.200.0 255.255.255.0
!
ip dhcp pool GUEST
network 10.1.110.0 255.255.255.0
!
ip dhcp pool OFFICE
network 10.1.120.0 255.255.255.0
domain tshoot.net
!
network 10.1.80.0 255.255.255.128
!
!
!

!
!
!
!
!
!
!
vlan 99
name MANAGEMENT
!
vlan 100
name SERVERS
!
vlan 110
name GUEST
!
vlan 120
name OFFICE
!
vlan 200
name VOICE
!
vlan 300
name O-PEER
!
vlan 666
name NATIVE
!
vlan 999
name PARKING_LOT
!
!
name TSHOOT
revision 25
!
!
vtp mode server
vtp mode server mst
!
track 7 ip sla 2
delay down 30 up 30
!
object 7
object 31
!
delay down 30 up 30
!
lldp run
!
!

!
interface Loopback0
description Anchor
ip address 10.1.212.1 255.255.255.255
ipv6 ospf 1 area 0
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no shutdown
!
no switchport
ip address 10.1.2.13 255.255.255.252

ipv6 ospf 1 area 0
speed 100
duplex full
no shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 10.1.99.253 255.255.255.0
no ip proxy-arp
standby 99 ip 10.1.99.254
standby 99 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan100
ip address 10.1.100.253 255.255.255.0
no ip proxy-arp
standby 100 ip 10.1.100.254
standby 100 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan110
ip address 10.1.110.253 255.255.255.0
no ip proxy-arp
standby 110 ip 10.1.110.254
standby 110 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan120
ip address 10.1.120.253 255.255.255.0
no ip proxy-arp
standby 120 ip 10.1.120.254
standby 120 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan200
ip address 10.1.200.253 255.255.255.0

no ip proxy-arp
standby 200 ip 10.1.200.254
standby 200 preempt
ipv6 ospf 1 area 1
no shutdown
!
interface Vlan300
ip address 10.1.30.253 255.255.255.0
no ip proxy-arp
standby 30 ip 10.1.30.254
standby 30 preempt
ipv6 ospf 1 area 0
no shutdown
!
router ospf 1
router-id 2.2.2.2
area 1 range 10.1.80.0 255.255.255.0
network 10.1.99.0 0.0.0.255 area 1
network 10.1.100.0 0.0.0.255 area 1
network 10.1.110.0 0.0.0.255 area 1
network 10.1.120.0 0.0.0.255 area 1
network 10.1.200.0 0.0.0.255 area 1
network 10.1.30.0 0.0.0.255 area 0
network 10.1.2.12 0.0.0.3 area 0
network 10.1.212.1 0.0.0.0 area 0
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
no ip http server
!
ip sla 2
threshold 100
timeout 200
frequency 6
!
!

!
ipv6 router ospf 1
router-id 22.22.22.22
!
distance 109
!
!
!
!
!
!
banner motd ^*** Lab 10-2 Switch DLS2 TT-C Config ***^
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp source Vlan99
ntp server 2.2.2.2
!

!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R1
!Lab 10-2 Router R1 TT-C Config
!
!
hostname R1
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip cef
ipv6 cef
!
!
!
lldp run
!
!
delay down 30 up 30
!
object 2
object 17
object 19
!
track 17 ip sla 3
delay down 30 up 30
!
track 19 ip sla 5
delay down 30 up 30
!

object 19 not
delay down 30 up 30
!
object 17
object 23
delay down 30 up 30
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
!
no ip address
shutdown
duplex auto
speed auto
shutdown
!
ip address 10.1.2.2 255.255.255.252
ip nat inside
ip flow ingress
duplex full
speed 100
no shutdown
!
no ip address
no keepalive
clock rate 2000000
no shutdown
!
ip address 209.165.200.225 255.255.255.252
!
ip address 209.165.200.229 255.255.255.252
!
!
router ospfv3 2
!

router-id 11.0.0.11
exit-address-family
!
router ospf 1
router-id 1.0.0.1
network 10.1.2.0 0.0.0.3 area 0
network 192.168.1.1 0.0.0.0 area 0
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
network 209.165.200.0
distance 109 209.165.200.230 0.0.0.0 20
distance 109 10.1.2.1 0.0.0.0 30
no auto-summary
!
router bgp 65501
!
address-family ipv4
network 10.1.0.0 mask 255.255.0.0
network 192.168.1.1 mask 255.255.255.255
network 209.165.200.224 mask 255.255.255.252
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
!
ip http server
!
ip flow-top-talkers
top 3
sort-by bytes
!
ip route 10.1.0.0 255.255.0.0 Null0
!
!

!
!
ip sla 3
icmp-echo 209.165.200.221
frequency 10
ip sla 5
icmp-echo 10.1.2.14
frequency 10
!
!
!
!
!
!
!
!
set metric 100
!
!
!
!
!
banner motd ^C*** Lab 10-2 Router R1 TT-C Config ***^C
!

!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp update-calendar
ntp server 2.2.2.2
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R2
!
!
hostname R2
!
rd 100:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
rd 200:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip cef
ipv6 cef
!
!
lldp run
!
delay down 30 up 30
!
delay down 30 up 30
!
object 1
object 2
!
delay down 30 up 30
!
!
!
!
interface Loopback0
description VPN_A
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
description VPN_B
ip address 2.2.2.2 255.255.255.255
!
interface Loopback2
ip address 20.20.20.20 255.255.255.255
!
interface Loopback3
ip address 22.22.22.22 255.0.0.0
!
interface Loopback4
ip address 22.22.22.22 255.0.0.0
!
interface Loopback5
ip address 22.22.22.22 255.0.0.0
!
!
ip address dhcp
duplex auto
speed auto
ipv6 enable
no shutdown
!
no ip address
no keepalive
no shutdown
!
ip address 209.165.200.226 255.255.255.252
!
ip address 209.165.200.230 255.255.255.252
!
interface Tunnel0
no ip address
!
no ip address
no keepalive
clock rate 2000000
no shutdown
!
ip address 209.165.200.222 255.255.255.252
!
ip address 10.1.90.2 255.255.255.254
!
!
router eigrp HQ
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
network 10.1.90.2 0.0.0.1
network 20.20.20.20 0.0.0.0
eigrp stub receive-only
exit-address-family
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
eigrp stub receive-only
exit-address-family
!
!
router rip
version 2
network 10.0.0.0
network 20.0.0.0
network 209.165.200.0
no auto-summary
!
!
router bgp 65502
!
network 0.0.0.0
network 2.2.2.2 mask 255.255.255.255
exit-address-family
!
network ::/0
exit-address-family
!
network 0.0.0.0
network 2.2.2.2 mask 255.255.255.255
exit-address-family
!
network ::/0
exit-address-family
!
!
!
!
ip http server
!
ip flow-top-talkers
top 3
sort-by bytes
!
!
!
!
ip sla 3
icmp-echo 10.1.2.2
frequency 10
ip sla 5
icmp-echo 10.1.2.14
frequency 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
banner motd ^C*** Lab 10-2 Router R2 TT-C Config ***^C
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
transport input ssh
!
ntp master 3
!
!
!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!
Router R3
!

!
hostname R3
!
!
enable secret cisco
!
aaa new-model
!
!
!
!
do clock set 09:05:00 Oct 29 2014
!
!
no ip domain lookup
ip cef
!
!
network 10.1.80.128 255.255.255.128
!
ipv6 cef
!
!
lldp run
!
!
delay down 30 up 30
!
object 4
object 31
!
track 31 ip sla 3
delay down 30 up 30
!
!
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.255
!
interface Loopback1
!
!

ip address 10.1.80.1 255.255.255.128
duplex full
speed 100
no shutdown
!
ip address 10.1.2.14 255.255.255.252
ip flow ingress
duplex full
speed 100
no shutdown
!
no ip address
no keepalive
no shutdown
!
ip address 209.165.200.221 255.255.255.252
!
ip address 10.1.90.3 255.255.255.254
!
!
router eigrp HQ
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
network 10.1.80.0 0.0.0.255
network 10.1.90.2 0.0.0.1
exit-address-family
!
!
shutdown
passive-interface
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
no shutdown
exit-af-interface
!
topology base
exit-af-topology
exit-address-family
!
!
router ospfv3 2
!
router-id 33.0.0.33
exit-address-family
!
!
router ospf 1
router-id 3.0.0.3
network 10.1.2.12 0.0.0.3 area 0
network 192.168.3.1 0.0.0.0 area 0
!
!
router rip
version 2
network 10.0.0.0
network 192.168.3.0
network 209.165.200.0
no auto-summary
!
!
router bgp 65501

!
address-family ipv4
network 10.1.0.0 mask 255.255.0.0
network 192.168.3.1 mask 255.255.255.255
network 209.165.200.220 mask 255.255.255.252
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
!
ip http server
ip flow-top-talkers
top 3
sort-by bytes
!
!
ip route 10.1.0.0 255.255.0.0 Null0
!
!
!
!
!
!
ip sla 3
icmp-echo 209.165.200.225
frequency 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
set metric 100
!
set metric 100
!
set metric 100
!
!
!
!
banner motd ^CCCCCC*** Lab 10-2 Router R3 TT-C Config ***^C
!
!
line con 0
exec-timeout 0 0
logging synchronous
!
line vty 0 4
exec-timeout 0 0
logging synchronous
!
!
ntp update-calendar
ntp server 2.2.2.2
!


!
!
archive
log config
logging enable
logging size 50
hidekeys
write-memory
file prompt quiet
!
end
!

CCNPv7 TSHOOT Lab10-2 Sandbox Instructor

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CCNPv7 TSHOOT Lab10-2 Sandbox Instructor

Încărcat de

Drepturi de autor:

Formate disponibile

CCNPv7 TSHOOT

Chapter 10 Lab 10-2, Sandbox Instructor Version

Trouble Tickets and Troubleshooting Logs

Task 1: Verify Routing Tables for Lab 10-2 TT-A

Step 1: Review trouble ticket Lab 10-2 TT-A.

Table 1: R2 Line Protocol States

Scenario 1 S0/0/0 up S0/0/1 up G0/0 up

Scenario 2 S0/0/0 down S0/0/1 up G0/0 up

Scenario 3 S0/0/0 up S0/0/1 down G0/0 up

Scenario 4 S0/0/0 down S0/0/1 down G0/0 up

Scenario 5 S0/0/0 up S0/0/1 up G0/0 down

Scenario 6 S0/0/0 down S0/0/1 up G0/0 down

Scenario 7 S0/0/0 up S0/0/1 down G0/0 down

Device Name File to Load Notes

Step 3: Ensure proper MST and VTPv3 operation.

Step 5: Release and renew the DHCP leases.

Step 6: Outline the troubleshooting approach and validation steps.

Step 7: Record the troubleshooting process and configuration changes.

B* 0.0.0.0/0 [20/0] via 209.165.200.226, 07:37:47

R1# show ipv6 route | begin 20/0

R2# show ip route | begin Gateway

S* 0.0.0.0/0 [254/0] via 10.1.120.254

22.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R2# show ipv6 route | begin ::/0

R2# show ip route vrf VPN_A | begin Gateway

S* 0.0.0.0/0 is directly connected, Null0

B 192.168.1.1 [20/0] via 209.165.200.225, 00:22:13

R2# show ipv6 route vrf VPN_A | begin ::/0

R2# show ip route vrf VPN_B | begin Gateway

S* 0.0.0.0/0 is directly connected, Null0

R2# show ipv6 route vrf VPN_B | begin ::/0

R3# show ip route | begin Gateway

B* 0.0.0.0/0 [20/0] via 209.165.200.222, 14:27:07

R3# show ipv6 route | begin 20/0

via FE80::D2, GigabitEthernet0/1

DLS1# show ip route | begin Gateway

O*E1 0.0.0.0/0 [110/101] via 10.1.2.2, 00:33:34, FastEthernet0/5

DLS1# show ipv6 route | begin ::/0

ALS1# show ip route | begin Gateway

S* 0.0.0.0/0 [1/0] via 10.1.99.254

L 10.1.120.251/32 is directly connected, Vlan120

ALS1# show ipv6 route | begin ::/0

DLS2# show ip route | begin Gateway

O*E1 0.0.0.0/0 [110/101] via 10.1.2.14, 01:25:05, FastEthernet0/5

DLS2# show ipv6 route | begin ::/0

Device Actions and Results

Step 8: Document trouble ticket debrief notes.

Trouble Ticket TT-A Debrief—Instructor Notes

O*E1 0.0.0.0/0 [110/103] via 10.1.2.1, 00:02:41, GigabitEthernet0/1

R1# show ipv6 route | begin ::/0

R2# show ip route | begin Gateway

S* 0.0.0.0/0 [254/0] via 10.1.120.254

R2# show ipv6 route | begin ::/0

R2# show ip route vrf VPN_A | begin Gateway

S* 0.0.0.0/0 is directly connected, Null0

R2# show ipv6 route vrf VPN_A | begin ::/0

R2# show ip route vrf VPN_B | begin Gateway

S* 0.0.0.0/0 is directly connected, Null0

R2# show ipv6 route vrf VPN_B | begin ::/0

R3# show ip route | begin Gateway

B* 0.0.0.0/0 [20/0] via 209.165.200.222, 09:19:31

O IA 10.1.110.0/24 [110/2] via 10.1.2.13, 09:12:33, GigabitEthernet0/1

R3# show ipv6 route | begin ::/0