Home

Lab 8.5.1: Troubleshooting Enterprise Networks 1

1. Lab 8 5 1 Troubleshooting Enterprise Networks 1 Topology Diagram 192 168 20 0 24 Hn P Serven 192 168 20 254 24 S0 0 0 192 168 10 0 24 Fa0 1 Addressing Table 10 1 1 0 30 BD s0 0 1 S0 0 0 Fa0 1 10 3 3 0 30 LoO 209 165 200 225 27 S0 0 1 DCE 192 168 11 0 24 10 2 2 0 30 Cisco Networking Academy 192 168 30 0 24 Device Interface IP Address Subnet Mask Default Gateway Fa0 0 192 168 10 1 255 255 255 0 N A R1 Fa0 1 192 168 11 1 255 255 255 0 N A 0 0 0 10 1 1 1 255 255 255 252 N A 0 0 1 10 3 3 1 255 255 255 252 N A Fa0 1 192 168 20 1 255 255 255 0 N A R2 0 0 0 10 1 1 2 255 255 255 252 N A 0 0 1 10 2 2 1 255 255 255 252 N A Lo0 209 165 200 225 255 255 255 224 209 165 200 226 Fa0 1 N A N A N A Fa0 1 11 192 168 11 3 255 255 255 0 N A R3 Fa0 1 30 192 168 30 1 255 255 255 0 N A 0 0 0 10 3 3 2 255 255 255 252 N A 0 0 1 10 2 2 2 255 255 255 252 N A 1 VLAN10 DHCP 255 255 255 0 N A 2 VLAN11 192 168 11 2 255 255 255 0 N A 3 VLAN30 192 168 30 2 255 255 255 0 N A All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 1 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 PC1 NIC 192 168 10 10 255 255 255 0 192 168 10 1 PC2 NIC 192
2. 168 11 10 255 255 255 0 192 168 11 1 PC3 NIC 192 168 30 10 255 255 255 0 192 168 30 1 TFTP Server NIC 192 168 20 254 255 255 255 0 192 168 20 1 Learning Objectives Upon completion of this lab you will be able to Cable a network according to the topology diagram Erase the startup configuration and reload a router to the default state Load the routers and switches with supplied scripts Find and correct all network errors Document the corrected network Scenario You have been asked to correct configuration errors in the company network For this lab do not use login or password protection on any console lines to prevent accidental lockout Use ciscoccna for all passwords in this scenario Note Because this lab is cumulative you will be using all the knowledge and troubleshooting techniques that you have acquired from the previous material to successfully complete this lab Requirements S2 is the spanning tree root for VLAN 11 and S3 is the spanning tree root for VLAN 30 S3 is a VTP server with S2 as a client The serial link between R1 and R2 is Frame Relay Make sure that each router can ping their own Frame Relay interface The serial link between R2 and R3 uses HDLC encapsulation The serial link between R1 and R3 uses PPP The serial link between R1 and R3 is authenticated using CHAP R2 must have secure login procedures because it is the Internet edge router All vty lines except those belonging to R2 allow co
3. contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 9 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 switchport trunk allowed vlan 11 30 switchport mode trunk I interface FastEthernet0 4 switchport trunk native vlan 99 switchport trunk allowed vlan 11 30 switchport mode trunk interface range FastEthernet0 5 24 shutdown j interface GigabitEthernet0 1 shutdown interface GigabitEthernet0 2 shutdown j interface Vlanl no ip address no ip route cache interface Vlanll ip address 192 168 11 2 255 255 255 0 no ip route cache ip http server l control plane line con 0 exec timeout 0 0 logging synchronous line vty 0 4 password ciscoccna login line vty 5 15 no login end S3 no service password encryption hostname S3 security passwords min length 6 enable secret ciscoccna no aaa new model vtp domain CCNA_troubleshooting vtp mode server vtp password ciscoccna ip subnet zero no ip domain lookup All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 10 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 no file verify auto l spanning tree mode rapid pvs
4. 2 168 10 1 no ip domain lookup l username R3 password 0 ciscoccna username ccna password 0O ciscoccna interface FastEthernet0 0 ip address 192 168 10 1 255 255 ip rip authentication mode md5 ip rip authentication key chain no shutdown interface FastEthernet0 1 ip address 192 168 11 1 255 255 ip rip authentication mode md5 ip rip authentication key chain no shutdown l interface Serial0 0 0 ip address 10 1 1 1 255 255 255 ip rip authentication mode md5 ip rip authentication key chain encapsulation frame relay clockrate 128000 frame relay map ip 10 1 1 1 201 frame relay map ip 10 1 1 2 201 no frame relay inverse arp no shutdown l interface Serial0 0 1 25540 RIP KEY 255 0 RIP_KEY 252 RIP_KEY broadcast All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 3 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 ip address 10 3371 255 255 255 252 ip rip authentication mode md5 ip rip authentication key chain RIP_KEY encapsulation ppp ppp authentication chap no shutdown router rip version 2 passive interface default network 192 168 10 0 network 192 168 11 0 no auto summary I ip classless l no ip http server l ip access list standard Anti spoofing permit 192 168 10 0 0 0 0 255 deny any ip access list st
5. 5 Clean Up Erase the configurations and reload the routers Disconnect and store the cabling For PC hosts that are normally connected to other networks such as the school LAN or to the Internet reconnect the appropriate cabling and restore the TCP IP settings All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 12 of 12
6. andard VTY permit 10 0 0 0 0 255 255 255 permit 192 168 10 0 0 0 0 255 permit 192 168 11 0 0 0 0 255 permit 192 168 20 0 0 0 0 255 permit 192 168 30 0 0 0 0 255 line con 0 exec timeout 0 0 logging synchronous line aux 0 line vty 0 4 access class VTY in login local end R2 no service password encryption l hostname R2 security passwords min length 6 enable secret ciscoccna aaa new model aaa authentication login LOCAL_AUTH local aaa session id common ip cef l no ip domain lookup All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 4 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 l key chain RIP_KEY key 1 key string cisco username ccna password 0O ciscoccna l interface LoopbackO description Simulated ISP Connection ip address 209 165 200 245 255 255 255 224 interface FastEthernet0 0 ip address 192 168 20 1 255 255 255 0 ip access group TFTP out ip access group Anti spoofing in ip nat outside duplex auto speed auto interface FastEthernet0 1 no ip address shutdown duplex auto speed auto I interface Serial0 0 0 ip address 10 1 1 2 255 255 255 0 ip nat inside encapsulation frame relay no keepalive frame relay map ip 10 1 1 1 201 broadcast no frame relay inverse arp interfa
7. ce Serial0 0 1 ip address 10 2 2 1 255 255 255 0 ip access group R3 telnet in ip nat inside ip rip authentication mode md5 ip rip authentication key chain RIP_KEY clockrate 128000 router rip version 2 passive interface default no passive interface Serial0 0 0 no passive interface Serial0 0 1 network 10 0 0 0 network 192 168 20 0 default information originate no auto summary l ip classless ip route 0 0 0 0 0 0 0 0 209 165 200 226 l no ip http server ip nat inside source list NAT interface FastEthernet0 0 overload All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 5 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting I ip access list standard Anti spoofing permit 192 168 20 0 0 0 0 255 deny any ip access list standard NAT permit 10 0 0 0 0 255 255 255 permit 192 168 0 0 0 0 255 255 l ip access list extended R3 telnet deny tcp host 10 2 2 2 host 10 2 2 1 deny tep Host 103 342 host 10 2 2 1 deny tcp host 192 168 11 3 host 10 2 deny tcp host 192 168 30 1 host 10 2 permit ip any any ip access list standard TFTP permit 192 168 20 0 0 0 0 255 I control plane line con 0 exec timeout 0 0 logging synchronous line aux 0 exec timeout 15 0 logging synchronous login authentication local_auth transport output telnet line vty 0 4 exec timeout 15 0 logging synchronous l
8. interface Serial0 0 1 network 10 0 0 0 network 192 168 11 0 network 192 168 30 0 no auto summary l ip classless l ip http server ip access list standard Anti spoofing permit 192 168 30 0 0 0 0 255 deny any ip access list standard VTY permit 10 0 0 0 0 255 255 255 permit 192 168 10 0 0 0 0 255 permit 192 168 11 0 0 0 0 255 permit 192 168 20 0 0 0 0 255 permit 192 168 30 0 0 0 0 255 control plane line con 0 exec timeout 0 0 logging synchronous All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 7 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 line aux 0 exec timeout 15 0 logging synchronous line vty 0 4 access class VTY in exec timeout 15 0 logging synchronous login local end Sl l no service password encryption l hostname S1 l security passwords min length 6 enable secret ciscoccna l no aaa new model vtp domain CCNA_Troubleshooting vtp mode transparent vtp password ciscoccna ip subnet zero l no ip domain lookup no file verify auto spanning tree mode pvst spanning tree extend system id j vlan internal allocation policy ascending vlan 10 l interface FastEthernet0 1 switchport access vlan 10 switchport mode access interface FastEthernet0 2 switchport access vlan 10 sw
9. itchport mode access l interface range FastEthernet0 3 24 interface GigabitEthernet0 1 shutdown interface GigabitEthernet0 2 shutdown j interface Vlan1 no ip address no ip route cache l All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 8 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 interface Vlanl10 ip address dhcp no ip route cache l ip default gateway 192 168 10 1 ip http server l control plane l line con 0 exec timeout 0 0 logging synchronous line vty 0 4 password ciscoccna login line vty 5 15 no login l end S2 no service password encryption l hostname S2 l security passwords min length 6 enable secret ciscoccna l no aaa new model vtp domain CCNA_Troubleshooting vtp mode transparent vtp password ciscoccna ip subnet zero l no ip domain lookup l no file verify auto l spanning tree mode rapid pvst spanning tree extend system id spanning tree vlan 11 priority 24576 spanning tree vlan 30 priority 28672 vlan internal allocation policy ascending interface FastEthernet0 1 switchport access vlan 11 switchport mode access interface FastEthernet0 2 switchport access vlan 11 switchport mode access interface FastEthernet0 3 switchport trunk native vlan 99 All
10. nnections only from the subnets shown in the topology diagram excluding the public address Hint R2 telnet 10 1 1 1 source interface loopback 0 Trying 10 1 1 1 Connection refused by remote host Source IP address spoofing should be prevented on all links that do not connect to other routers Routing protocols must be secured All RIP routers must use MD5 authentication R3 must not be able to telnet to R2 through the directly connected serial link R3 has access to both VLAN 11 and 30 via its Fast Ethernet port 0 0 The TFTP server should not get any traffic that has a source address outside the subnet All devices have access to the TFTP server All devices on the 192 168 10 0 subnet must be able to get their IP addresses from DHCP on R1 This includes S1 All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 2 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting e R1 must be accessible via SDM Lab 8 5 1 Troubleshooting Enterprise Networks 1 e All addresses shown in the diagram must be reachable from every device Task 1 Load Routers with the Supplied Scripts R1 no service password encryption l hostname R1 boot start marker boot end marker security passwords min length 6 enable secret 5 ciscoccna ip cef ip dhcp pool Access1l network 192 168 10 0 255 255 255 0 default router 19
11. ogin authentication local_auth transport input telnet l end Lab 8 5 1 Troubleshooting Enterprise Networks 1 eq telnet eq telnet 2 1 eq tel Inet 2 1 eq tel R3 l no service password encryption l hostname R3 security passwords min length 6 enable secret ciscoccna I no aaa new model j ip cef no ip domain lookup key chain RIP_KEY key 1 key string cisco username R1 password 0 ciscoccna username ccna password 0 ciscoccna Inet All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 6 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 interface FastEthernet0 1 no shutdown interface FastEthernet0 1 11 encapsulation dot1Q 11 ip address 192 168 11 3 255 255 255 0 no snmp trap link status interface FastEthernet0 1 30 encapsulation dot1lQ 30 ip address 192 168 30 1 255 255 255 0 ip access group Anti spoofing in no snmp trap link status I interface Serial0 0 0 ip address 10 3 3 2 255 255 255 252 encapsulation ppp clockrate 125000 ppp authentication chap j interface Serial0 0 1 ip address 10 2 2 2 255 255 255 252 router rip version 2 passive interface default no passive interface FastEthernet0 0 11 no passive interface FastEthernet0 0 30 no passive interface Serial0 0 0 no passive
12. t spanning tree extend system id spanning tree vlan 11 priority 28672 spanning tree vlan 30 priority 24576 l vlan internal allocation policy ascending interface FastEthernet0 1 switchport trunk allowed vlan 30 switchport mode trunk interface FastEthernet0 2 switchport access vlan 30 switchport mode access interface FastEthernet0 3 switchport trunk native vlan 99 switchport trunk allowed vlan 11 30 switchport mode trunk interface FastEthernet0 4 switchport trunk native vlan 99 switchport trunk allowed vlan 11 30 switchport mode trunk interface range FastEthernet0 5 24 shutdown j interface GigabitEthernet0 1 shutdown interface GigabitEthernet0 2 shutdown l interface Vlanl no ip address no ip route cache l interface Vlan30 ip address 192 168 30 2 255 255 255 0 no ip route cache l ip default gateway 192 168 30 1 ip http server l control plane line con 0 exec timeout 5 0 logging synchronous line vty 0 4 password ciscoccna All contents are Copyright 1992 2007 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 11 of 12 CCNA Exploration Accessing the WAN Network Troubleshooting Lab 8 5 1 Troubleshooting Enterprise Networks 1 login line vty 5 15 no login l end Task 2 Find and Correct All Network Errors Task 3 Verify that Requirements Are Fully Met Task 4 Document the Corrected Network Task

Lab 8.5.1: Troubleshooting Enterprise Networks 1

Contents

Download Pdf Manuals

Related Search

Related Contents