CCNP TSHOOT

Ticket 1 OSPF Authentication Ticket 2 HSRP Track Ticket 3 BGP Neighbor Ticket 4 NAT ACL Ticket 5 R1 ACL Ticket 6 VLAN filter Ticket 7 Port Security Ticket 8 Switchport VLAN 10 Ticket 9 Switchport trunk Ticket 10 EIGRP AS Ticket 11 EIGRP to OSPF Ticket 12 IPv6 OSPF Ticket 13 DHCP Range Ticket 14 EIGRP Passive Interface

Ticket 1 OSPF Authentication

Configuration:
R1 interface Serial0/0/0/0.12 point-to-point ip address [Link] [Link] ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ! router ospf 1 log-adjacency-changes network [Link] [Link] area 12 R2 interface Serial0/0/0/0.12 point-to-point ip address [Link] [Link] ip ospf authentication message-digest ip ospf message-digest-key 1 md5 TSHOOT ! router ospf 1 log-adjacency-changes network [Link] [Link] area 12

Solution:
R1 OSPF ip ospf authentication message-digest command must be given on s0/0/0/0.12

Explanation:
Authentication types: - 0 means that there is a null authentication. - 1 means that the authentication type is plain text. - 2 means that the authentication type is MD5.

R1(config-if)#ip ospf authentication ? message-digest Use message-digest authentication null Use no authentication <cr> R1(config-if)#ip ospf authentication-key ? <0-7> Encryption type (0 for not yet encrypted, 7 for proprietary) LINE The OSPF password (key) (maximum 8 characters) R1(config-if)#ip ospf message-digest-key 1 md5 ? <0-7> Encryption type (0 for not yet encrypted, 7 for proprietary) LINE The OSPF password (key) (maximum 16 characters) R1(config)#router ospf 1 R1(config-router)#area 1 authentication ? message-digest Use message-digest authentication <cr>

Troubleshooting:
R1#show ip ospf interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Internet Address [Link]/24, Area 0 Process ID 1, Router ID [Link], Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) [Link], Interface address [Link] Backup Designated router (ID) [Link], Interface address [Link] Message digest authentication enabled Youngest key id is 1 R1#show ip ospf External flood list length 0 Area BACKBONE(0) Number of interfaces in this area is 1 Area has simple password authentication Area 1 Number of interfaces in this area is 0 Area has message digest authentication

Area 2 Number of interfaces in this area is 0 Area has no authentication R1# R1# debug ip ospf adj *Mar 1 [Link].207: OSPF: Rcv pkt from [Link], FastEthernet0/0 : Mismatch Authentication Key - No message digest key 0 on interface *Mar 1 [Link].311: OSPF: Rcv pkt from [Link], FastEthernet0/0 : Mismatch Authentication Key - Message Digest Key 1 *Mar 1 [Link].287: OSPF: Rcv pkt from [Link], FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 1, we use type 2 *Mar 1 [Link].419: OSPF: Rcv pkt from [Link], FastEthernet0/0 : Mismatch Authentication Key - Clear Text

Ticket 2 HSRP Track

Configuration:
DSW1: track 1 ip route [Link] [Link] metric threshold threshold metric up 1 down 2 ! track 10 ip route [Link] [Link] metric threshold threshold metric up 63 down 64 ! interface Vlan10 ip address [Link] [Link] standby 10 ip [Link] standby 10 priority 200 standby 10 preempt standby 10 track 1 decrement 60

Solution:
DSW1 HSRP Delete the command with track 1 and enter the command with track 10 (standby 10 track 10 decrement 60).

Explanation:
Router(config-if)# standby 39 ip [Link] Router(config-if)# stand 2 authentication md5 key-string cisco Router(config-if)# standby 39 priority 150 Router(config-if)# standby 39 preempt Router(config-if)# standby 39 preempt delay minimum 90 Router(config-if)# standby 39 timers 1 3 Router(config-if)# standby 39 track s1/0/0 100 R2(config-if)#standby track 1 decrement 33 R2(config)#track 1 ip route [Link]/24 ? metric Route metric reachability Route reachability state R2(config)#track 1 ip route [Link]/24 metric threshold R2(config-track)#threshold metric up 100 down 150

Troubleshooting:
R2#show standby FastEthernet0/0 - Group 0 State is Standby 3 state changes, last state change [Link] Virtual IP address is [Link] Active virtual MAC address is 0000.0c07.ac00 Local virtual MAC address is 0000.0c07.ac00 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.000 secs Preemption enabled Active router is [Link], priority 99 (expires in 7.960 sec) Standby router is local Priority 67 (default 100) Track object 1 state Down decrement 33 IP redundancy name is "hsrp-Fa0/0-0" (default)

R2#show track 1 Track 1 IP route [Link] [Link] metric threshold Metric threshold is Down (EIGRP/409600/160) 2 changes, last change [Link] Metric threshold down 150 up 100 First-hop interface is FastEthernet0/1 Tracked by: HSRP FastEthernet0/0 0

Ticket 3 BGP Neighbor

Configuration:
R1 router bgp 65001 no synchronization bgp log-neighbor-changes network [Link] mask [Link] neighbor [Link] remote-as 65002 no auto-summary

Solution:
R1 BGP Delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change neighbor [Link] remote-as 65002 to neighbor [Link] remote-as 65002)

Explanation:

Troubleshooting:
*Mar 1 [Link].191: %BGP-3-NOTIFICATION: received from neighbor [Link] 2/2 (peer in wrong AS) 2 bytes 0001

R2#show ip bgp summary BGP router identifier [Link], local AS number 2 BGP table version is 1, main routing table version 1 2 network entries using 234 bytes of memory 2 path entries using 104 bytes of memory 3/0 BGP path/bestpath attribute entries using 372 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 734 total bytes of memory BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs Neighbor [Link] [Link] V 4 4 AS MsgRcvd MsgSent 1 4 3 3 0 0 InQ OutQ 0 0 0 0 Up/Down State/PfxRcd [Link] 1 never Active

R2# show ip bgp neighbors [Link] BGP neighbor is [Link], remote AS 3, external link BGP version 4, remote router ID [Link] BGP state = Active Last read [Link], last write [Link], hold time is 180, keepalive interval is 60 seconds Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 0 0 Notifications: 0 0 Updates: 0 0 Keepalives: 0 0 Route Refresh: 0 0 Total: 0 0 Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast BGP table version 3, neighbor version 0/0 Output queue size : 0 Index 1, Offset 0, Mask 0x2 1 update-group member Sent Rcvd Prefix activity: -------

Prefixes Current: Prefixes Total: Implicit Withdraw: Explicit Withdraw: Used as bestpath: Used as multipath:

2 0 0 0 n/a n/a

0 0 0 0 0 0

Outbound Inbound Local Policy Denied Prefixes: -------------Total: 0 0 Number of NLRIs in the update sent: max 0, min 0 Connections established 0; dropped 0 Last reset never External BGP neighbor may be up to 10 hops away. No active TCP connection R2#

Ticket 4 NAT ACL

Configuration: R1
ip nat inside source list nat_pool interface s0/0/0/1 overload ip access-list standard nat_pool permit [Link] ! interface serial0/0/0/1 ip address [Link] [Link] ip nat outside ! interface Serial0/0/0/0.12 ip address [Link] [Link] ip nat inside ip ospf message-digest-key 1 md5 TSHOOT ip ospf authentication message-digest!

Solution:
R1 NAT Add the command permit [Link] in the nat_pool access-list

Explanation:
R2(config)#ip nat ? Stateful Stateful NAT configuration commands create Create flow entries inside Inside address translation log NAT Logging outside Outside address translation pool Define pool of addresses service Special translation for application using nonstandard port source Source address translation translation NAT translation entry configuration

R2(config)#ip nat inside source list 1 interface fastEthernet 0/1 overload

Troubleshooting:
R2#show ip nat translations Pro Inside global Inside local icmp [Link]:2 [Link]:2 icmp [Link]:3 [Link]:3 Outside local [Link]:2 [Link]:3 Outside global [Link]:2 [Link]:3

R2#show ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 18 Misses: 2 CEF Translated packets: 20, CEF Punted packets: 0 Expired translations: 2 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface FastEthernet0/1 refcount 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0

Ticket 5 R1 ACL
Configuration: R1
router bgp 65001 no synchronization bgp log-neighbor-changes network [Link] mask [Link] neighbor [Link] remote-as 65002 no auto-summary ! access-list 30 permit host [Link] access-list 30 deny [Link] [Link] access-list 30 deny [Link] [Link] ! interface Serial0/0/0/1 ip address [Link] [Link] ip nat outside ip access-group 30 in

Solution:
R1 IP Access list Add permit [Link] [Link] to R1s ACL

Explanation:
Routing protocols and BGP will fail due to this ACL

Troubleshooting:
R2#show ip access-lists R2#show ip bgp neighbors R2#show ip bgp summary

Ticket 6 VLAN filter

Configuration: DSW1
vlan access-map test1 10 drop match ip address 10 ! vlan filter test1 vlan-list 10 ! ip access-list standard 10 permit [Link] [Link] ! interface VLAN10 ip address [Link] [Link]

Solution:
DSW1 (but in the exam maybe you have to choose ASW1) Vlan access map Remove VLAN filter test1 from DSW1

Explanation:
Switch(config)# vlan access-map Drop101 10 Switch(config-access-map)# match ip address 101 Switch(config-access-map)# action drop ! Switch(config-access-map)# vlan access-map Drop101 20 Switch(config-access-map)# action forward ! Switch(config)# vlan filter Drop101 vlan-list 10

Troubleshooting:
show vlan access-map vacl_name or show vlan filter access-map Vlan access-map access_map_example_1 match: ip address 13 action: forward capture

Ticket 7 Port Security

Configuration: ASW1
interface fa1/0/1 switchport mode access switchport port-security switchport port-security mac-address 0000.0000.0001

Solution:
ASW1 Port security issue no switchport port-security mac-address 0000.0000.0001 command followed by shutdown & no shutdown commands on port fa1/0/1 on ASW1

Explanation:

Troubleshooting:
Switch# show port-security Port Security : Enabled Port Status : Secure-Up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging Maximum MAC Addresses : 2 Total MAC Addresses : 0 Configured MAC Addresses : Sticky MAC Addresses : 0 Last Source Address:Vlan : Security Violation Count : interface fa 1/0/15

: Disabled

0 0000.0000.0000:0 0

Ticket 8 Switchport VLAN 10

Configuration: ASW1
interface FastEthernet1/0/1 switchport mode access switchport access vlan 1 ! interface FastEthernet1/0/2 switchport mode access switchport access vlan 1

Solution:
ASW1 Vlan Give command: interface range fa1/0/1-/2 & switchport access vlan 10

Explanation:
Creating a VLAN and Assigning Ports (config)# vlan 12 (config-vlan)# name MYVLAN (config-if)# switchport mode access (config-if)# switchport access vlan 12

Troubleshooting:
Verifying VLAN Configuration ASW# show vlan brief VLAN Name Status Ports - 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/10,Fa0/11,Fa0/12 20 VLAN0020 active Fa0/5,Fa0/6,Fa0/7 21 VLAN0021 active Fa0/8,Fa0/9 1002 fddi-default active 1003 trcrf-default active 1004 fddinet-default active 1005 trbrf-default active

ASW# show run interface fa0/5 Building configuration... Current configuration 64 bytes interface FastEthernet 0/5 switchport access vlan 20 switchport mode access ASW# show mac address-table interface fa0/1 Mac Address Table Vlan Mac Address Type Ports - 1 0030.b656.7c3d DYNAMIC Fa0/1 Total Mac Addresses for this criterion: 1 ASW# show interfaces fa0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Protected: false Unknown unicast blocked: false Unknown multicast blocked: false Broadcast Suppression Level: 100 Multicast Suppression Level: 100 Unicast Suppression Level: 100

Ticket 9 Switchport trunk

Configuration: ASW1
interface PortChannel13 switchport mode trunk switchport trunk allowed vlan 1-9 ! interface PortChannel23 switchport mode trunk switchport trunk allowed vlan 1-9 ! interface FastEthernet1/0/1 switchport mode access switchport access vlan 10 ! interface FastEthernet1/0/2 switchport mode access switchport access vlan 10

Solution:
ASW1 Switch to switch connectivity Int range portchannel13, portchannel23 switchport trunk allowed vlan none, switchport trunk allowed vlan 10,200

Explanation:
By default, a trunk carries traffic for all VLANs. You can change that behavior for a particular trunk link by giving thefollowing command at the interface config mode: switchport trunk allowed vlan vlans

Troubleshooting:
ASW# show interfaces fastethernet 0/1 trunk Port Mode Encapsulation Status Native vlan Fa0/1 desirable n-802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-150 <further output omitted>

Ticket 10 EIGRP AS
Configuration:
DSW1 can ping fa0/1 of R4 but cant ping s0/0/0/0.34

Solution:
R4 EIGRP Change EIGRP AS number from 1 to 10

Explanation:
EIGRP AS Numbers have to match.

Troubleshooting:
R2#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Pending Interface Peers Un/Reliable Routes Fa0/0 0 0/0 0 Lo1 0 0/0 0 R2#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold (sec) 0 [Link] Fa0/0 14 [Link]

Mean SRTT 0 0

Pacing Time Un/Reliable 0/2 0/1

Multicast Flow Timer 50 0

Uptime (ms) 137

SRTT 822

RTO

Q Cnt 0

Seq Num 18

R2#show ip eigrp traffic IP-EIGRP Traffic Statistics for AS 1 Hellos sent/received: 15/15 Updates sent/received: 11/13 Queries sent/received: 0/0 Replies sent/received: 0/0 Acks sent/received: 4/5 SIA-Queries sent/received: 0/0 SIA-Replies sent/received: 0/0 Hello Process ID: 157 PDM Process ID: 155 IP Socket queue: 0/2000/5/0 (current/max/highest/drops) Eigrp input queue: 0/2000/5/0 (current/max/highest/drops)

Ticket 11 EIGRP to OSPF

Configuration: R4
router eigrp 10 network [Link] [Link] no auto-summary redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF ! router ospf 1 network [Link] [Link] area 34 redistribute eigrp 10 subnets ! route-map EIGRP->OSPF match ip address 1

Solution:
R4 Route redistribution Change the name of the route-map under the router EIGRP or router OSPF process from EIGRP_to_OSPF to EIGRP->OSPF.

Explanation:
Route-map name has to be the same

Troubleshooting:
R2#show route-map route-map TEST, permit, sequence 10 Match clauses: ip address (access-lists): 1 Set clauses: tag 2 Policy routing matches: 0 packets, 0 bytes

Ticket 12 IPv6 OSPF

Configuration: R2
ipv6 router ospf 6 router-id [Link] ! interface s0/0/0/0.23 ipv6 address 2026::1:1/122 Configuration of R3 ipv6 router ospf 6 router-id [Link] ! interface s0/0/0/0.23 ipv6 address 2026::1:2/122 ipv6 ospf 6 area 0

Solution:
R2 OSPFv3 On the serial interface of R2, enter the command ipv6 ospf 6 area 0 (notice that it is area 0, not area 12)

Explanation:
IP addresses are already in place, the commands to implement basic OSPFv3 are shown in the following example.
Router(config)# ipv6 router ospf process-id Router(config-rtr)# router-id 32bit-address ! Router(config-rtr)# interface type number Router(config-if)# ipv6 ospf process-id area area

Troubleshooting:
R2#show ipv6 interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::C201:CFF:FE2C:0 Global unicast address(es): 2001::2, subnet is 2001::/64 Joined group address(es): FF02::1 FF02::2 FF02::5 FF02::6 FF02::1:FF00:2 FF02::1:FF2C:0 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds R2#show ipv6 Interface Fa0/0 Lo1 ospf interface brief PID Area 1 0 1 1 Intf ID 4 10 Cost 10 1 State Nbrs F/C BDR 1/1 LOOP 0/0

R2#show ipv6 ospf interface FastEthernet0/0 is up, line protocol is up Link Local Address FE80::C201:CFF:FE2C:0, Interface ID 4 Area 0, Process ID 1, Instance ID 0, Router ID [Link] Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) [Link], local address FE80::C200:CFF:FE2C:0 Backup Designated router (ID) [Link], local address FE80::C201:CFF:FE2C:0 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor [Link] (Designated Router Loopback1 is up, line protocol is up Link Local Address FE80::C201:CFF:FE2C:0, Interface ID 10 Area 1, Process ID 1, Instance ID 0, Router ID [Link] Network Type LOOPBACK, Cost: 1 Loopback interface is treated as a stub Host

*Mar

1 [Link].979: %OSPFv3-4-AREA_MISMATCH: Received packet with incorrect area from FE80::C200:CFF:FE2C:0, FastEthernet0/0, area [Link], packet area [Link]

Ticket 13 DHCP Range

Configuration:
R4
ip dhcp exclude [Link]-[Link]

Solution:
R4 DHCP On R4 delete ip dhcp exclude [Link]-[Link] and apply ip dhcp-excluded [Link]-[Link]

Explanation:
ip dhcp excluded-address [Link] [Link] ! ip dhcp pool TEST network [Link] [Link] dns-server [Link] default-router [Link] !

Troubleshooting:
R2#show ip dhcp pool Pool TEST : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 254 Leased addresses : 1 Pending event : none 1 subnet is currently in the pool : Current index IP address range [Link] [Link] - [Link]

Leased addresses 1

R2#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Hardware address/ User name [Link] 0063.6973.636f.2d63. Mar 02 2002 12:15 AM 030.302e.3063.3263. 2e30.3030.302d.4661. 302f.30

Type

Automatic

Ticket 14 EIGRP Passive Interface

Configuration:
R4
router eigrp 10 passive-interface default redistribute ospf 1 route-map OSPF->EIGRP network [Link] [Link] network [Link] [Link] default-metric 10000 100 255 1 10000 no auto-summary

Solution:
R4 IPv4 EIGRP Routing Remove Passive interface under EIGRP 10 (or in Interface f0/1 and f0/0, something like this)

Explanation:
R1(config-router)#passive-interface fastEthernet 0/1 R1(config-router)#passive-interface default R1(config-router)#no passive-interface fastEthernet 0/2 Troubleshooting: R1#show ip protocols Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 1 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is not in effect Maximum path: 4 Routing for Networks: [Link] [Link] Passive Interface(s): FastEthernet0/1 Routing Information Sources: Gateway Distance Last Update Distance: internal 90 external 170

Multiple Choice Questions

1)FCAPS is a network maintenance model defined by ISO. What does it stand for? A Action Management B Fault Management C Configuration Management D Protocol Management E Security Management Answer: B C E (Fault, Configuration & Security Management) Notice that A stands for Accounting, not Action. 2) Which alerts will be seen on the console when running the command: logging console warnings. A warnings only B warnings, notifications, error, debugging, informational C warnings, errors, critical, alerts, emergencies D notifications, warnings, errors E warnings, errors, critical, alerts Answer: C (warning, critical, alert, emergencies) Explanation The Message Logging is divided into 8 levels as listed below Level Keyword 0 1 2 3 4 5 6 7 alerts critical errors warnings notification debugging Description Immediate action is needed Critical conditions exist Error conditions exist Warning conditions exist Normal, but significant, conditions exist Debugging messages

emergencies System is unusable

informational Informational messages

The highest level is level 0 (emergencies). The lowest level is level 7. If you specify a level with the logging console level command, that level and all the higher levels will be displayed. For example, by using the logging console warnings command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed.

In this question, E is also correct but it is less information -> C is the best answer. 3) You have 2 commands used for ftp: ip ftp username xxxxxx ip ftp password yyyyyy Which two commands will be used when switching from ftp to http? Answer: ip http client username xxxxxx ip http client password yyyyyy 4) Which two of the following options are categories of Network Maintenance tasks? A Firefighting B Interrupt-driven C Policy-based D Structured E Foundational Answer: B D 5) The following commands are issued on a Cisco router:
Router(config)#access-list 199 permit tcp host [Link] host [Link] Router(config)#access-list 199 permit tcp host [Link] host [Link] Router#debug ip packet 199

What would be the output shown on the console? A All IP packets passing through the router B Only IP packets with the source address of [Link] C All IP packets from [Link] to [Link] D All IP packets between [Link] to [Link] Answer: D Only communication between host [Link] and host [Link]

6) You have two NTP servers [Link] & [Link] and want to configure a router to use [Link] as its NTP server before falling back to [Link]. Which command will you use? Answer:
ntp server [Link] ntp server [Link] prefer

(notice the answer with the word prefer) 7) The interface is up and protocol is up. What level of logging is enabled when you get these messages? %LINEPROTO5UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up %LINKDOWN3SERIAL: A -alerts B errors C critical D notifications Answer: D 8) Two Cisco routers are connected to each other and are enabled CDP. Serial line is up,protocol is also up but cdp neighbor not working. What layer of the OSI model does the problem most likely exist? Answer: Data link layer. Here you will find answers to Drag and Drop Questions

Drag and Drop Questions

Question 1
FCAPS Fault Management F Configuration Management C Accounting Management A

Question 2
FCAPSmodel defined by the International Organization for Standardization (ISO). ITIL framework for it prof TNMnetwork management model is the Telecommunications Standardization Sectors (ITU-T) Cisco lifecyclemodel is often referred to as the PPDIOO model

Question 3
EEM CLI based for Management and Monitoring SDM provide a GUI for Administration FTP Used for Backup and restore