Solution Manual for CCNP Enterprise: Advanced Routing (ENARSI) v8 Lab Manual

CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Instructor’s Answer Key Cisco Networking Academy Cisco Press 221 River St Hoboken, NJ 07030 ii CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual Version 8 Instructor’s Answer Key Cisco Networking Academy Copyright© 2021 Cisco Systems, Inc. Published by: Cisco Press 221 River St Hoboken, NJ 07030 All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. ScoutAutomatedPrintCode Editor-in-Chief Mark Taub Alliances Manager, Cisco Press Arezou Gol Director, ITP Product Management Brett Bartow Senior Editor James Manly Managing Editor Sandra Schroeder Project Editor Mandie Frank Editorial Assistant Cindy Teeters Designer Chuti Prasertsith Composition Bronkella Publishing, Inc. Library of Congress Control Number: 2020908350 ISBN-13: 978-0-13-687093-7 ISBN-10: 0-13-687093-7 Instructor Answer Key ISBN-13: 978-0-13-687092-0 ISBN-10: 0-13-687092-9 Warning and Disclaimer This book is designed to provide information about networking. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. Proofreader Debbie Williams iii Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. This book is part of the Cisco Networking Academy series from Cisco Press. The products in this series support and complement the Cisco Networking Academy curriculum. If you are using this book outside the Networking Academy, then you are not preparing with a Cisco trained and authorized Networking Academy provider. For more information on the Cisco Networking Academy or to locate a Networking Academy, please visit www.cisco.com/edu. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at [email protected] or (800) 382-3419. For government sales inquiries, please contact [email protected]. For questions about sales outside the U.S., please contact [email protected]. Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at [email protected]. Please make sure to include the book title and ISBN in your message. We greatly appreciate your assistance. Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Contents Chapter 1 IPv4/IPv6 Addressing and Routing Review 1 1.1.2 Lab – Troubleshoot IPv4 and IPv6 Addressing Issues (Instructor Version) 1 Topology 1 Addressing Table Objectives 1 1 Background/Scenario Required Resources Instructions 2 2 2 Part 1: Trouble Ticket 1.1.2.1 2 Part 2: Trouble Ticket 1.1.2.2 3 Part 3: Trouble Ticket 1.1.2.3 4 Router Interface Summary Table 4 Uploading Configuration Files 5 R1 Configuration File Scripts 6 R2 Configuration File Scripts 9 R3 Configuration File Scripts – Not Used in This Lab D1 Configuration File Scripts 11 11 D2 Configuration File Scripts – Not Used in This Lab 13 A1 Confgiuration File Scripts – Not Used in This Lab 13 1.1.3 Lab – Troubleshoot IPv4 and IPv6 Static Routing (Instructor Version) 14 Topology 14 Addressing Table Objectives 14 15 Background/Scenario 15 Required Resources 15 Instructions 16 Part 1: Trouble Ticket 1.1.3.1 16 Part 2: Trouble Ticket 1.1.3.2 16 Router Interface Summary Table 17 Uploading Configuration Files 18 R1 Configuration File Scripts 19 R2 Configuration File Scripts 20 R3 Configuration File Scripts 21 D1 Configuration File Scripts 22 D2 Configuration File Scripts 24 A1 Configuration File Scripts – Not Used In This Lab 25 vi CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Chapter 2 EIGRP 27 2.1.2 Lab – Implement EIGRP for IPv4 (Instructor Version) 27 Topology 27 Addressing Table Objectives 27 28 Background/Scenario 28 Required Resources 28 Part 1: Build the Network and Configure Basic Device Settings Part 2: Configure and Verify EIGRP for IPv4 Part 3: Tune EIGRP for IPv4 36 Router Interface Summary Table 42 Device Configs – Final Router R1 42 Router R2 45 Router R3 47 28 32 42 Switch D1 49 Switch D2 54 Chapter 3 Advanced EIGRP 61 3.1.2 Lab – Implement Advanced EIGRP for IPv4 Features (Instructor Version) 61 Topology 61 Addressing Table Objectives 61 62 Background/Scenario 62 Required Resources 62 Instructions 62 Part 1: Build the Network and Configure Basic Device Settings Part 2: Implement EIGRP for IPv4 65 Part 3: Implement Advanced Features 67 Router Interface Summary Table 73 Device Configs – Final 74 Router R1 74 Router R2 75 Router R3 77 Switch D1 79 Chapter 4 Troubleshooting EIGRP for IPv4 85 4.1.2 Lab – Troubleshoot EIGRP for IPv4 (Instructor Version) Topology 85 Addressing Table Objectives 85 85 Background/Scenario 86 Required Resources 86 85 62 vii Instructions 86 Part 1: Trouble Ticket 4.1.2.1 86 Part 2: Trouble Ticket 4.1.2.2 87 Part 3: Trouble Ticket 4.1.2.3 88 Topology Update: 88 Addressing Table Update: 88 Router Interface Summary Table 90 Uploading Configuration Files 90 Reset Scripts 91 R1 Configuration File Scripts 92 R2 Configuration File Scripts 95 R3 Configuration File Scripts 97 D1 Configuration File Scripts 100 D2 Configuration File Scripts 102 A1 Configuration File Scripts – Not Used In This Lab 104 Chapter 5 EIGRPv6 105 5.1.2 Lab – Implement EIGRP for IPv6 (Instructor Version) 105 Topology 105 Addressing Table Objectives 105 106 Background/Scenario 106 Required Resources 106 Instructions 107 Part 1: Build the Network and Configure Basic Device Settings Part 2: Implement EIGRP for IPv6 and Named EIGRP Part 3: Tune and Optimize EIGRP for IPv6 111 116 Router Interface Summary Table 124 Device Configs – Final 125 Router R1 125 Router R2 127 Router R3 130 Switch D1 133 Switch D2 138 5.1.3 Lab – Troubleshoot EIGRP for IPv6 (Instructor Version) 144 Topology 144 Addressing Table Objectives 144 145 Background/Scenario 145 Required Resources 145 Instructions 146 Part 1: Trouble Ticket 5.1.3.1 146 107 viii CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Router Interface Summary Table 147 Uploading Configuration Files 148 R1 Configuration File Scripts 149 R2 Configuration File Scripts 150 R3 Configuration File Scripts 151 D1 Configuration File Scripts 152 D2 Configuration File Scripts 153 A1 Configuration File Scripts – Not Used In This Lab Chapter 6 154 OSPF 155 6.1.2 Lab – Implement Single-Area OSPFv2 (Instructor Version) 155 Topology 155 Addressing Table Objectives 155 156 Background/Scenario 156 Required Resources 156 Instructions 157 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 157 Part 2: Configure Single-Area OSPFv2 159 Part 3: Configure and Verify the Advertising of a Default Route 166 Part 4: Implement OSPF Network Optimizing Features 167 Part 5: DR and BDR Placement 173 Router Interface Summary Table 175 Device Configs – Final 176 Router R1 176 Switch D1 178 Switch D2 182 Chapter 7 Advanced OSPF 187 7.1.2 Lab – Implement Multiarea OSPFv2 (Instructor Version) Topology Addressing Table Objectives 187 188 Background/Scenario 188 Required Resources 188 Instructions 187 187 189 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 189 Part 2: Configure Multiarea OSPFv2 191 Part 3: Exploring Link-State Announcements 205 Router Interface Summary Table 213 Device Configs – Final 213 Router R1 213 Contents ix Router R2 215 Router R3 217 Switch D1 218 Switch D2 223 7.1.3 Lab – OSPFv2 Route Summarization and Filtering (Instructor Version) 228 Topology 228 Addressing Table Objectives 228 229 Background/Scenario 229 Required Resources 230 Instructions 230 Part 1: Build the Network, Configure Basic Device Settings and Routing Part 2: OSPFv2 Route Summarization Part 3: OSPFv2 Route Filtering 238 242 Router Interface Summary Table 245 Device Configs – Final 245 Router R1 245 Router R2 247 Router R3 249 Switch D1 251 Switch D2 255 Chapter 8 Troubleshooting OSPFv2 261 8.1.2 Lab – Troubleshoot OSPFv2 (Instructor Version) 261 Topology 261 Addressing Table Objectives 261 262 Background/Scenario 262 Required Resources 263 Instructions 263 Part 1: Trouble Ticket 8.1.2.1 263 Part 2: Trouble Ticket 8.1.2.2 264 Part 3: Trouble Ticket 8.1.2.3 265 Topology Update 265 Addressing Table Update 266 Router Interface Summary Table 267 Uploading Configuration Files 268 R1 Configuration File Scripts 269 R2 Configuration File Scripts 271 R3 Configuration File Scripts 272 D1 Configuration File Scripts 274 D2 Configuration File Scripts 278 A1 Configuration File Scripts – Not Used In This Lab 281 230 x CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Chapter 9 OSPFv3 283 9.1.2 Lab – Implement Multiarea OSPFv3 (Instructor Version) 283 Topology 283 Addressing Table Objectives 283 284 Background/Scenario 284 Required Resources 284 Instructions 285 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 285 Part 2: Configure Traditional OSPFv3 for IPv6 on D1 Part 3: Configure OSPFv3 for AF IPv4 and AF IPv6 Part 4: Verify OSPFv3 293 Part 5: Tune OSPFv3 299 287 289 Router Interface Summary Table 302 Device Configs – Final 302 Router R1 302 Router R2 304 Router R3 306 Switch D1 308 Switch D2 312 Chapter 10 Troubleshooting OSPFv3 319 10.1.2 Lab – Troubleshoot OSPFv3 (Instructor Version) 319 Topology 319 Addressing Table Objectives 319 320 Background/Scenario 320 Required Resources 321 Instructions 321 Part 1: Trouble Ticket 10.1.2.1 321 Part 2: Trouble Ticket 10.1.2.2 322 Part 3: Trouble Ticket 10.1.2.3 323 Uploading Configuration Files 324 Reset Scripts 324 R1 Configuration File Scripts 325 R2 Configuration File Scripts 327 R3 Configuration File Scripts 329 D1 Configuration File Scripts 330 D2 Configuration File Scripts 335 A1 Configuration File Scripts – Not Used In This Lab 338 Contents xi Chapter 11 BGP 339 11.1.2 Lab – Implement eBGP for IPv4 (Instructor Version) 339 Topology 339 Addressing Table Objectives 339 340 Background/Scenario 340 Required Resources 340 Instructions 340 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 340 Part 2: Configure and Verify eBGP for IPv4 on all Routers 342 Part 3: Configure and Verify Route Summarization and Atomic Aggregate 349 Part 4: Configure and Verify Route Summarization with Atomic Aggregate and AS-Set 352 Part 5: Configure and Verify the Advertising of a Default Route 354 Router Interface Summary Table 355 Device Configs – Final 355 Router R1 355 Router R2 357 Router R3 359 11.1.3 Lab – Implement MP-BGP (Instructor Version) Topology 362 Addressing Table Objectives 362 363 Background/Scenario 363 Required Resources 363 Instructions 362 363 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 363 Part 2: Configure MP-BGP on all Routers 366 Part 3: Verify MP-BGP 368 Part 4: Configure and Verify IPv6 Route Summarization 375 Router Interface Summary Table 376 Device Configs – Final 377 Chapter 12 Router R1 377 Router R2 379 Router R3 382 Advanced BGP 385 12.1.2 Lab – Implement BGP Path Manipulation (Instructor Version) 385 Topology 385 Addressing Table Objectives 386 385 xii CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Background/Scenario 386 Required Resources 386 Instructions 386 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 386 Part 2: Configure and Verify Multi-Protocol BGP on all Routers 389 Part 3: Configure and Verify BGP Path Manipulation Settings on all Routers 393 Router Interface Summary Table Device Configs – Final Chapter 13 Router R1 399 Router R2 402 Router R3 404 BGP Path Selection 399 399 409 13.1.2 Lab – Implement BGP Communities (Instructor Version) 409 Topology 409 Addressing Table Objectives 409 410 Background/Scenario 410 Required Resources 410 Instructions 410 Part 1: Build the Network and Configure Basic Device Settings and Interface Addressing 410 Part 2: Configure and Verify Multi-Protocol BGP on all Routers Part 3: Configure and Verify BGP Communities on all Routers Reflection Questions 424 Router Interface Summary Table 424 Device Configs – Final 425 Chapter 14 Router R1 425 Router R2 428 Router R3 430 Troubleshooting BGP 435 14.1.2 Lab – Troubleshoot BGP (Instructor Version) 435 Topology 435 Addressing Table Objectives 436 437 Background/Scenario 437 Required Resources 438 Part 1: Trouble Ticket 14.1.2.1 438 Part 2: Trouble Ticket 14.1.2.2 440 413 418 Contents xiii Router Interface Summary Table 441 Uploading Configuration Files 441 R1 Configuration File Scripts 442 R2 Configuration File Scripts 446 R3 Configuration File Scripts 449 D1 Configuration File Scripts 452 D2 Configuration File Scripts 455 A1 Configuration File Scripts – Not Used In This Lab Chapter 15 Route Maps and Conditional Forwarding 457 459 15.1.2 Lab – Control Routing Updates (Instructor Version) Topology 459 Addressing Table Objectives 459 460 Background/Scenario 460 Required Resources 461 Instructions 459 461 Part 1: Build the Network and Configure Basic Device Settings 461 Part 2: Configure Routing and Redistribution 463 Part 3: Filter Redistributed Routes using a Distribute List and ACL 468 Part 4: Filter Redistributed Routes using a Distribute List and Prefix List 469 Part 5: Filter Redistributed Routes using a Route Map 471 Router Interface Summary Table 474 Device Configs – Final 474 Router R1 474 Router R2 476 Router R3 479 15.1.3 Lab – Path Control Using PBR (Instructor Version) Topology Addressing Table Objectives 482 483 Background/Scenario 483 Required Resources 483 Instructions 482 482 484 Part 1: Build the Network and Configure Basic Device Settings Part 2: Configure and Verify Routing 486 Part 3: Configure PBR to Provide Path Control 491 Part 4: Configure Local PBR to Provide Path Control Router Interface Summary Table 495 Device Configs – Final 495 Router R1 495 493 484 xiv CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Router R2 497 Router R3 499 Switch D1 501 Switch D2 505 15.1.4 Lab – Troubleshoot Route Maps and PBR (Instructor Version) 510 Topology 510 Addressing Table Objectives 510 511 Background/Scenario 511 Required Resources 511 Instructions 512 Part 1: Trouble Ticket 15.1.4.1 512 Part 2: Trouble Ticket 15.1.4.2 513 Part 3: Trouble Ticket 15.1.4.3 515 Router Interface Summary Table 516 Uploading Configuration Files 516 R1 Configuration File Scripts 517 R2 Configuration File Scripts 520 R3 Configuration File Scripts 522 D1 Configuration File Scripts 524 D2 Configuration File Scripts 527 A1 Configuration File Scripts – Not Used In This Lab Chapter 16 529 Route Redistribution 531 16.1.2 Lab – Configure Route Redistribution Between EIGRP and OSPF (Instructor Version) 531 Topology 531 Addressing Table Objectives 531 532 Background/Scenario 532 Required Resources 532 Instructions 533 Part 1: Build the Network and Configure Basic Device Settings 533 Part 2: Verify OSPFv3 AF Neighborships and Routing for IPv4 and IPv6 538 Part 3: Verify EIGRP Neighborships and Routing for IPv4 and IPv6 540 Part 4: Configure Redistribution from OSPFv3 to EIGRP Part 5: Configure Redistribution from EIGRP for IPv4 into OSPFv3 543 Reflection Questions 545 Router Interface Summary Table Device Configs – Final Router R1 546 546 546 541 Contents xv Router R2 548 Router R3 551 Switch D1 554 Switch D2 559 16.1.3 Lab – Configure Route Redistribution Within the Same Interior Gateway Protocol (Instructor Version) 565 Topology 565 Addressing Table Objectives 565 566 Background/Scenario 566 Required Resources 566 Instructions 566 Part 1: Build the Network and Configure Basic Device Settings 566 Part 2: Configure Two-Way Redistribution on R1 571 Part 3: Configure Two-Way Redistribution on R3 572 Part 4: Filter and Verify Redistribution using a Distribute List and Prefix List 574 Reflection Questions 575 Router Interface Summary Table 576 Device Configs – Final 576 Router R1 576 Router R2 578 Router R3 580 Switch D1 582 Switch D2 587 16.1.4 Lab – Implement Route Redistribution Between Multiple Protocols (Instructor Version) 592 Topology 592 Addressing Table Objectives 592 593 Background/Scenario 593 Required Resources 593 Instructions 594 Part 1: Build the Network and Configure Basic Device Settings 594 Part 2: Configure Two-Way Redistribution on R1 598 Part 3: Configure Two-Way Redistribution on R3 599 Part 4: Filter and Verify Redistribution using a Prefix List and Route Map 602 Reflection Questions 603 Router Interface Summary Table Device Configs – Final Router R1 604 Router R2 606 604 604 xvi CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Router R3 608 Switch D1 610 Switch D2 615 Chapter 17 Troubleshooting Redistribution 621 17.1.2 Lab – Troubleshoot Redistribution (Instructor Version) 621 Objectives 621 Background/Scenario 621 Required Resources 621 Instructions 622 Part 1: Trouble Ticket 17.1.2.1 Topology 622 Addressing Table Scenario 622 622 623 Part 2: Trouble Ticket 17.1.2.2 Topology 624 Addressing Table Scenario 624 624 625 Part 3: Trouble Ticket 17.1.2.3 Topology 626 Addressing Table Scenario 626 626 627 Router Interface Summary Table 627 Uploading Configuration Files 628 R1 Configuration File Scripts 629 R2 Configuration File Scripts 631 R3 Configuration File Scripts 633 D1 Configuration File Scripts 635 D2 Configuration File Scripts – Not Used In Trouble Ticket 1 A1 Configuration File Scripts – Not Used In This Lab Chapter 18 VRF, MPLS, and MPLS Layer 3 VPNs 639 639 Addressing Table Objectives 638 639 18.1.2 Lab – Implement VRF-Lite (Instructor Version) Topology 637 639 640 Background/Scenario 640 Required Resources 640 Part 1: Build the Network and Configure Basic Device Settings Part 2: Configure and Verify VRF and Interface Addressing 641 645 Part 3: Configure and Verify Static Routing for Reachability Inside Each VRF 647 Router Interface Summary Table 650 Contents xvii Device Configs – Final Router R1 651 Router R2 654 Router R3 655 651 Switch D1 657 Switch D2 662 Switch A1 668 Chapter 19 DMVPN Tunnels 671 19.1.2 Lab – Implement a GRE Tunnel (Instructor Version) 671 Topology 671 Addressing Table Objectives 671 671 Background/Scenario 672 Required Resources 672 Instructions 672 Part 1: Build the Network and Configure Basic Device Settings 672 Part 2: Configure and Verify GRE Tunnels with Static Routing 675 Part 3: Configure and Verify GRE Tunnels with Dynamic Routing 678 Router Interface Summary Table 683 Device Configs – Final 683 Router R1 683 Router R2 686 Router R3 687 19.1.3 Lab – Implement a DMVPN Phase 1 Hub-to-Spoke Topology (Instructor Version) 691 Topology 691 Addressing Table Objectives 691 691 Background/Scenario 692 Required Resources 693 Instructions 693 Part 1: Build the Network and Configure Basic Device Settings Part 2: Configure and Verify DMVPN Phase 1 Part 3: Configure EIGRP Routing for the Tunnel Networks Router Interface Summary Table 703 Device Configs – Final 704 Router R1 704 Router R2 705 Router R3 706 Layer 3 Switch DMVPN 707 693 696 700 xviii CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 19.1.4 Lab – Implement a DMVPN Phase 3 Spoke-to-Spoke Topology (Instructor Version) 709 Topology 709 Addressing Table Objectives 709 709 Background/Scenario 710 Required Resources 711 Initial Configurations 711 Instructions 715 Part 1: Build the Network and Configure Basic Device Settings 715 Part 2: Configure DMVPN Phase 3 716 Part 3: Verify DMVPN Phase 3 717 Router Interface Summary Table 721 Device Configs – Final 721 Router R1 721 Router R2 722 Router R3 724 19.1.5 Lab – Implement an IPv6 DMVPN Phase 3 Spoke-to-Spoke Topology (Instructor Version) 726 Topology 726 Addressing Table Objectives 726 726 Background/Scenario 727 Required Resources 727 Instructions 728 Part 1: Build the Network and Configure Basic Device Settings Part 2: Implement IPv6 DMVPN Phase 3 Part 3: Configure EIGRP for IPv6 728 731 736 Router Interface Summary Table 739 Device Configs – Final (Use Lab Section and Lab Section Gray) 740 Router R1 740 Router R2 741 Router R3 742 Layer 3 Switch DMVPN 744 Chapter 20 Securing DMVPN Tunnels 747 20.1.2 Lab – Configure Secure DMVPN Tunnels (Instructor Version) Topology 747 Addressing Table Objectives 747 747 Background/Scenario 748 Required Resources 748 Initial Configurations 748 747 Contents xix Instructions 752 Part 1: Build the Network and Verify DMVPN Phase 3 Operation Part 2: Secure DMVPN Phase 3 Tunnels 753 Router Interface Summary Table 761 Device Configs – Final 761 Routers R1, R2, and R3 Chapter 21 761 Troubleshooting ACLs and Prefix Lists 763 21.1.2 Lab – Troubleshoot IPv4 ACLs (Instructor Version) Topology Addressing Table Objectives 763 763 763 764 Background/Scenario 764 Required Resources 764 Instructions 764 Part 1: Trouble Ticket 21.1.2.1 764 Part 2: Trouble Ticket 21.1.2.2 765 Part 3: Trouble Ticket 21.1.2.3 766 Router Interface Summary Table 768 Uploading Configuration Files 768 Reset Scripts 768 R1 Configuration File Scripts 769 R2 Configuration File Scripts – Not Used In This Lab R3 Configuration File Scripts 774 D1 Configuration File Scripts 779 D2 Configuration File Scripts 783 774 A1 Configuration File Scripts – Not Used In This Lab 786 21.1.3 Lab – Troubleshoot IPv6 ACLs (Instructor Version) 787 Topology 787 Addressing Table Objectives 787 787 Background/Scenario 788 Required Resources 788 Part 1: Trouble Ticket 21.1.3.1 788 Part 2: Trouble Ticket 21.1.3.2 789 Part 3: Trouble Ticket 21.1.3.3 790 Router Interface Summary Table 791 Uploading Configuration Files Reset Scripts 791 792 R1 Configuration File Scripts 793 R2 Configuration File Scripts – Not Used In This Lab R3 Configuration File Scripts 797 D1 Configuration File Scripts 802 797 752 xx CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 D2 Configuration File Scripts 807 A1 Configuration File Scripts – Not Used In This Lab 810 21.1.4 Lab – Troubleshoot Prefix Lists (Instructor Version) 811 Topology 811 Addressing Table Objectives 811 811 Background/Scenario 811 Required Resources 812 Part 1: Trouble Ticket 21.1.4.1 812 Part 2: Trouble Ticket 21.1.4.2 813 Router Interface Summary Table 814 Uploading Configuration Files 814 R1 Configuration File Scripts 816 R2 Configuration File Scripts – Not Used In This Lab R3 Configuration File Scripts 819 D1 Configuration File Scripts 823 D2 Configuration File Scripts 827 A1 Configuration File Scripts – Not Used In This Lab Chapter 22 Infrastructure Security 819 831 833 22.1.2 Lab – Troubleshoot IOS AAA Authentication (Instructor Version) Topology 833 Addressing Table Objectives 833 833 Background/Scenario 834 Required Resources 834 Instructions 834 Part 1: Trouble Ticket 22.1.2.1 834 Part 2: Trouble Ticket 22.1.2.2 835 Router Interface Summary Table 837 Uploading Configuration Files 837 Reset Scripts 837 R1 Configuration File Scripts 838 D1 Configuration File Scripts 839 A1 Configuration File Scripts 841 22.1.3 Lab – Troubleshoot uRPF (Instructor Version) Topology 843 Addressing Table Objectives 843 843 Background/Scenario 843 Required Resources 844 843 833 Contents xxi Instructions 844 Part 1: Trouble Ticket 22.1.3.1 844 Router Interface Summary Table 845 Uploading Configuration Files 846 Reset Scripts 846 R1 Configuration File Scripts 846 R2 Configuration File Scripts 847 R3 Configuration File Scripts 847 22.1.4 Lab – Troubleshoot Control Plane Policing (CoPP) (Instructor Version) 849 Topology 849 Addressing Table Objectives 849 849 Background/Scenario 849 Required Resources 850 Instructions 850 Part 1: Trouble Ticket 22.1.4.1 850 Part 2: Trouble Ticket 22.1.4.2 852 Router Interface Summary Table 853 Uploading Configuration Files 853 Reset Scripts 854 Router R1 Configuration File Scripts 854 Router R2 Configuration File Scripts 859 Switch A1 Configurationi File Scripts 860 Chapter 23 Device Management and Management Tools Troubleshooting 865 23.1.2 Lab – Troubleshoot Device Access and File Transfer (Instructor Version) 865 Topology 865 Addressing Table Objectives 865 865 Background/Scenario 866 Required Resources 866 Instructions 866 Part 1: Trouble Ticket 23.1.2.1 866 Part 2: Trouble Ticket 23.1.2.2 867 Part 3: Trouble Ticket 23.1.2.3 868 Router Interface Summary Table 869 Uploading Configuration Files 869 Reset Scripts 870 R1 Configuration File Scripts 870 R2 Configuration File Scripts 873 D1 Configuration File Scripts 876 xxii CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 23.1.3 Lab – Troubleshoot SNMP and Logging Issues (Instructor Version) 881 Topology 881 Addressing Table Objectives 881 881 Background/Scenario 881 Required Resources 882 Part 1: Trouble Ticket 23.1.3.1 882 Part 2: Trouble Ticket 23.1.3.2 883 Router Interface Summary Table 884 Uploading Configuration Files 885 Reset Scripts 885 R1 Configuration File Scripts 885 R2 Configuration File Scripts 888 D1 Configuration File Scripts 889 23.1.4 Lab – Troubleshoot IP SLA and Netflow (Instructor Version) 893 Topology 893 Addressing Table Objectives 893 894 Background/Scenario 894 Required Resources 895 Instructions 895 Part 1: Trouble Ticket 23.1.4.1 895 Part 2: Trouble Ticket 23.1.4.2 896 Part 3: Trouble Ticket 23.1.4.3 897 Router Interface Summary Table 898 Uploading Configuration Files 899 Reset Scripts 899 R1 Configuration File Scripts 900 R2 Configuration File Scripts 904 R3 Configuration File Scripts 908 D1 Configuration File Scripts 912 D2 Configuration File Scripts 921 A1 Configuration File Scripts 930 xxiii About This Lab Manual This is the only authorized Lab Manual for the Cisco Networking Academy CCNP Enterprise: Advanced Routing (ENARSI) v8 Course. The two courses in this CCNP Enterprise version 8.0 curriculum provide students with knowledge and skills needed to configure, operate, and troubleshoot large scale enterprise networks. The courses cover a broad range of routing, switching, and wireless topics along with security best practices used in software-driven digital networks. CCNP Enterprise certification requires candidates to pass two 120-minute exams: CCNP and CCIE Enterprise Core ENCOR 350-401 and CCNP Enterprise Advanced Routing ENARSI 300-410. By the end of the CCNP course series, students gain practical, hands-on lab experience preparing them for the CCNP Enterprise certification exams and career-ready skills for professional-level roles in the Information & Communication Technologies (ICT) industry. CCNP Enterprise: Advanced Routing This second of the 2-course CCNP Enterprise series focuses on implementation and troubleshooting of advanced routing and redistribution for OSPF, EIGRP, and BGP along with VPN technologies, infrastructure security, and management tools used in Enterprise networks. Comprehensive labs emphasize hands-on learning and practice to reinforce configuration and troubleshooting skills. This course directly prepares for the Cisco Enterprise Advanced Routing and Services concentration exam (300-410) to earn the Enterprise Advanced Infrastructure Implementation Specialist certification. By also passing the core exam (350-401 ENCOR), you will earn the CCNP Enterprise certification. The 40 comprehensive labs in this manual emphasize hands-on learning and practice to reinforce configuration skills. CHAPTER 1 IPv4/IPv6 Addressing and Routing Review 1.1.2 Lab – Troubleshoot IPv4 and IPv6 Addressing Issues (Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IPv4 Address/Mask IPv6 Address/Prefix IPv6 Link Local R1 G0/0/0 10.10.20.1/24 2001:db8:a:b::1/64 fe80::1:1 G0/0/1 10.10.10.1/24 2001:db8:a:a::1/64 fe80::1:2 Lo0 209.165.200.225/29 2001:db8:a:c::1/64 fe80::1:3 R2 G0/0/0 10.10.20.254/24 2001:db8:a:b::1/64 fe80::2:1 D1 VLAN 10 10.10.10.2/24 2001:db8:a:a::2/64 fe80::d1:1 PC1 NIC DHCP SLAAC EUI-64 PC2 NIC DHCP SLAAC EUI-64 Objectives Troubleshoot network issues related to IPv4 and IPv6 addressing. 2 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Background/Scenario In this topology, router R1 provides connectivity to a simulated internet for VLAN 10. R2 serves as a DHCP server. Switch D1 provides connectivity for VLAN 10. You will be loading configurations with intentional errors onto the network. Your tasks are to FIND the error(s), document your findings and the command(s) or method(s) used to fix them, FIX the issue(s) presented here and then test the network to ensure both of the following conditions are met: 1. the complaint received in the ticket is resolved 2. full reachability is restored Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release 16.9.4 (universalk9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers. Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure, contact your instructor. Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices. Required Resources ■ 2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable) ■ 1 Switch (Cisco 3560 with Cisco IOS XE Release 16.9.4 universal image or comparable) ■ 2 PCs (Choice of operating system with terminal emulation program installed) ■ Console cables to configure the Cisco IOS devices via the console ports ■ Ethernet cables as shown in the topology Instructions Part 1: Trouble Ticket 1.1.2.1 Scenario: PC1 is unable to access resources on web server 209.165.200.225. Use the commands listed below to load the configuration files for this trouble ticket: Instructor Note: Commands for uploading the configuration are provided at the end of this document. Device Command R1 copy flash:/enarsi/1.1.2.1-r1-config.txt run R2 copy flash:/enarsi/1.1.2.1-r2-config.txt run D1 copy flash:/enarsi/1.1.2.1-d1-config.txt run ■ PC1 and PC2 should be configured for and receive an address from an IPv4 DHCP server. ■ Passwords on all devices are cisco12345. If a username is required, use admin. Chapter 1: IPv4/IPv6 Addressing and Routing Review ■ When you have fixed the ticket, change the MOTD on EACH DEVICE using the following command: banner motd # This is $(hostname) FIXED from ticket # ■ Then save the configuration by issuing the wri command (on each device). ■ Inform your instructor that you are ready for the next ticket. ■ After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices. Instructor Notes: This trouble ticket contains 1 intentional error. The default-router command on the DHCP server is assigning the wrong default-gateway address. The commands used to fix these errors should be: R2(config)# ip dhcp pool LAN4_10 R2(config-router)# no default-router 10.10.20.254 R2(config-router)# default-router 10.10.10.1 R2(config-router)# end Part 2: Trouble Ticket 1.1.2.2 Scenario: PC1 and PC2 are unable to lease IPv4 addresses from the DHCP server. Use the commands listed below to load the configuration files for this trouble ticket: Instructor Note: Commands for creating these files are at the end of this document. Device Command R1 copy flash:/enarsi/1.1.2.2-r1-config.txt run R2 copy flash:/enarsi/1.1.2.2-r2-config.txt run D1 copy flash:/enarsi/1.1.2.2-d1-config.txt run ■ PC1 and PC2 should be configured for and receive an address from an IPv4 DHCP server. ■ Passwords on all devices are cisco12345. If a username is required, use admin. ■ When you have fixed the ticket, change the MOTD on EACH DEVICE using the following command: banner motd # This is $(hostname) FIXED from ticket # ■ Then save the configuration by issuing the wri command (on each device). ■ Inform your instructor that you are ready for the next ticket. ■ After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices. Instructor Notes: This trouble ticket contains 1 intentional error. The ip helper-address command has been configured on the wrong interface on R1. The commands used to fix these errors should be: R1(config)# interface g0/0/0 R1(config-if)# no ip helper-address 10.10.20.254 R1(config-if)# exit 3 4 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 R1(config)# interface g0/0/1 R1(config-if)# ip helper-address 10.10.20.254 R1(config-if)# end Part 3: Trouble Ticket 1.1.2.3 Scenario: PC1 and PC2 are unable to resolve IPv6 addresses to hostnames. Upon investigation, it appears that they are not receiving DNS server information from the DHCPv6 server. Use the commands listed below to load the configuration files for this trouble ticket: Instructor Note: Commands for creating these files are at the end of this document. Device Command R1 copy flash:/enarsi/1.1.2.3-r1-config.txt run R2 copy flash:/enarsi/1.1.2.3-r2-config.txt run D1 copy flash:/enarsi/1.1.2.3-d1-config.txt run ■ PC1 and PC2 should be configured to assign an address via SLAAC. ■ Passwords on all devices are cisco12345. If a username is required, use admin. ■ When you have fixed the ticket, change the MOTD on EACH DEVICE using the following command: banner motd # This is $(hostname) FIXED from ticket # ■ Then save the configuration by issuing the wri command (on each device). ■ Inform your instructor that you are ready for the next ticket. ■ After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices. Instructor Notes: This trouble ticket contains 1 intentional error. The ipv6 nd other-config-flag command is not present in the R1 configuration. R1(config)# interface g0/0/1 R1(config-if)# ipv6 nd other-config-flag R1(config-if)# end Router Interface Summary Table Router Ethernet Interface #1 Model Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) Chapter 1: IPv4/IPv6 Addressing and Routing Review Router Ethernet Interface #1 Model Ethernet Interface #2 Serial Interface #1 4221 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 4300 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 5 Serial Interface #2 Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface. Uploading Configuration Files Use the commands below to create the configuration files on the lab devices for each trouble ticket in this lab. The TCL script commands help create and copy the configurations. However, the configuration commands could also be copied and pasted directly into global config mode on each device. Simply remove the TCL script commands, enter the enable and configure t commands on the device, and copy and paste the configuration commands. Important: The device requires a folder in flash named enarsi. Use the dir command to verify. If the folder is missing, then create it using the mkdir flash:/enarsi privileged EXEC command. For all switches, make sure the vlan.dat file is set to the default. Use the delete vlan.dat privileged EXEC command, if necessary. Reset scripts These TCL scripts will completely clear and reload the device in preparation for the next ticket. Copy and paste the appropriate script to the appropriate device. Router Reset Script tclsh puts [ open “flash:/enarsi/reset.tcl” w+ ] { typeahead “n” copy running-config startup-config typeahead “n” erase startup-config puts “Reloading the router” typeahead “n” reload } tclquit D1/D2 (Cisco 3650) Reset Script – The default 3650 SDM template supports IPv6, so it is not set by this script. tclsh puts [ open “flash:/enarsi/reset.tcl” w+ ] { typeahead “n” copy running-config startup-config typeahead “n” 6 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 erase startup-config delete /force vlan.dat puts “Reloading the switch” typeahead “n” reload } tclquit A1 (Cisco 2960 Script) – The default 2960 SDM template does not support IPv6, so this script includes that setting. tclsh puts [ open “flash:/enarsi/reset.tcl” w+ ] { typeahead “n” copy running-config startup-config typeahead “n” erase startup-config delete /force vlan.dat delete /force multiple-fs ios_config “sdm prefer lanbase-routing” typeahead “n” puts “Reloading the switch” typeahead “n” reload } tclquit R1 Configuration File Scripts !R1 – Trouble Ticket # 1 tclsh puts [ open “flash:/enarsi/1.1.2.1-r1-config.txt” w+ ] { hostname R1 banner motd # This is R1, Trouble Ticket 1.1.2.1 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 ipv6 unicast-routing interface g0/0/0 ip address 10.10.20.1 255.255.255.0 ipv6 address fe80::1:1 link-local ipv6 address 2001:db8:a:b::1/64 no shutdown exit interface g0/0/1 ip address 10.10.10.1 255.255.255.0 ipv6 address fe80::1:2 link-local ipv6 address 2001:db8:a:a::1/64 ipv6 nd other-config-flag ip helper-address 10.10.20.254 ipv6 dhcp relay destination 2001:db8:a:b::2 no shutdown exit interface loopback0 ip address 209.165.200.225 255.255.255.248 ipv6 address fe80::1:3 link-local Chapter 1: IPv4/IPv6 Addressing and Routing Review ipv6 address 2001:db8:a:c::1/64 no shutdown exit ip route 0.0.0.0 0.0.0.0 loopback0 ipv6 route ::/0 loopback0 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit !R1 – Trouble Ticket # 2 tclsh puts [ open “flash:/enarsi/1.1.2.2-r1-config.txt” w+ ] { hostname R1 banner motd # This is R1, Trouble Ticket 1.1.2.2 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 ipv6 unicast-routing interface g0/0/0 ip address 10.10.20.1 255.255.255.0 ipv6 address fe80::1:1 link-local ipv6 address 2001:db8:a:b::1/64 ip helper-address 10.10.20.254 no shutdown exit interface g0/0/1 ip address 10.10.10.1 255.255.255.0 ipv6 address fe80::1:2 link-local ipv6 address 2001:db8:a:a::1/64 ipv6 nd other-config-flag ipv6 dhcp relay destination 2001:db8:a:b::2 no shutdown exit interface loopback0 ip address 209.165.200.225 255.255.255.248 ipv6 address fe80::1:3 link-local ipv6 address 2001:db8:a:c::1/64 no shutdown exit ip route 0.0.0.0 0.0.0.0 loopback0 ipv6 route ::/0 loopback0 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 7 8 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit !R1 – Trouble Ticket # 3 tclsh puts [ open “flash:/enarsi/1.1.2.3-r1-config.txt” w+ ] { hostname R1 banner motd # This is R1, Trouble Ticket 1.1.2.3 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 ipv6 unicast-routing interface g0/0/0 ip address 10.10.20.1 255.255.255.0 ipv6 address fe80::1:1 link-local ipv6 address 2001:db8:a:b::1/64 no shutdown exit interface g0/0/1 ip address 10.10.10.1 255.255.255.0 ip helper-address 10.10.20.254 ipv6 address fe80::1:2 link-local ipv6 address 2001:db8:a:a::1/64 ipv6 dhcp relay destination 2001:db8:a:b::2 no shutdown exit interface loopback0 ip address 209.165.200.225 255.255.255.248 ipv6 address fe80::1:3 link-local ipv6 address 2001:db8:a:c::1/64 no shutdown exit ip route 0.0.0.0 0.0.0.0 loopback0 ipv6 route ::/0 loopback0 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit Chapter 1: IPv4/IPv6 Addressing and Routing Review R2 Configuration File Scripts !R2 – Trouble Ticket # 1 tclsh puts [ open “flash:/enarsi/1.1.2.1-r2-config.txt” w+ ] { hostname R2 banner motd # This is R2, Trouble Ticket 1.1.2.1 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 ipv6 unicast-routing ip dhcp excluded-address 10.10.10.1 10.10.10.100 ip dhcp pool LAN4_10 network 10.10.10.0 255.255.255.0 default-router 10.10.10.254 domain-name ccnp4lab.com dns-server 10.10.20.254 exit ipv6 dhcp pool LAN6_A dns-server 2001:db8:a:b::1 domain-name ccnp6lab.om exit interface g0/0/0 ip address 10.10.20.254 255.255.255.0 ipv6 address fe80::2:1 link-local ipv6 address 2001:db8:a:b::2/64 ipv6 dhcp server LAN6_A no shutdown exit ip route 0.0.0.0 0.0.0.0 10.10.20.1 ipv6 route ::/0 2001:db8:a:b::1 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit !R2 – Trouble Ticket # 2 tclsh puts [ open “flash:/enarsi/1.1.2.2-r2-config.txt” w+ ] { hostname R2 banner motd # This is R2, Trouble Ticket 1.1.2.2 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 ipv6 unicast-routing ip dhcp excluded-address 10.10.10.1 10.10.10.100 ip dhcp pool LAN4_10 network 10.10.10.0 255.255.255.0 9 10 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 default-router 10.10.10.1 domain-name ccnp4lab.com dns-server 10.10.20.1 exit ipv6 dhcp pool LAN6_A dns-server 2001:db8:a:b::1 domain-name ccnp6lab.om exit interface g0/0/0 ip address 10.10.20.254 255.255.255.0 ipv6 address fe80::2:1 link-local ipv6 address 2001:db8:a:b::2/64 ipv6 dhcp server LAN6_A no shutdown exit ip route 0.0.0.0 0.0.0.0 10.10.20.1 ipv6 route ::/0 2001:db8:a:b::1 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit !R2 – Trouble Ticket # 3 tclsh puts [ open “flash:/enarsi/1.1.2.3-r2-config.txt” w+ ] { hostname R2 banner motd # This is R2, Trouble Ticket 1.1.2.3 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 ipv6 unicast-routing ip dhcp excluded-address 10.10.10.1 10.10.10.100 ip dhcp pool LAN4_10 network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 domain-name ccnp4lab.com dns-server 10.10.20.1 exit ipv6 dhcp pool LAN6_A dns-server 2001:db8:a:b::1 domain-name ccnp6lab.om exit interface g0/0/0 ip address 10.10.20.254 255.255.255.0 ipv6 address fe80::2:1 link-local ipv6 address 2001:db8:a:b::2/64 ipv6 dhcp server LAN6_A Chapter 1: IPv4/IPv6 Addressing and Routing Review no shutdown exit ip route 0.0.0.0 0.0.0.0 10.10.20.1 ipv6 route ::/0 2001:db8:a:b::1 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit R3 Configuration File Scripts – Not Used in This Lab D1 Configuration File Scripts !D1 – Trouble Ticket # 1 tclsh puts [ open “flash:/enarsi/1.1.2.1-d1-config.txt” w+ ] { hostname D1 banner motd # This is D1, Trouble Ticket 1.1.2.1 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 interface range g1/0/1 – 24 switchport mode access shutdown exit interface g1/0/11 switchport mode access switchport access vlan 10 no shutdown exit interface range g1/0/23-24 switchport mode access switchport access vlan 10 no shutdown exit interface vlan 10 ip address 10.10.10.2 255.255.255.0 no shutdown exit ip default-gateway 10.10.10.1 line con 0 exec-timeout 0 0 logging synchronous exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end 11 12 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 } tclquit !D1 – Trouble Ticket # 2 tclsh puts [ open “flash:/enarsi/1.1.2.2-d1-config.txt” w+ ] { hostname D1 banner motd # This is D1, Trouble Ticket 1.1.2.2 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 interface range g1/0/1 – 24 switchport mode access shutdown exit interface g1/0/11 switchport mode access switchport access vlan 10 no shutdown exit interface range g1/0/23-24 switchport mode access switchport access vlan 10 no shutdown exit interface vlan 10 ip address 10.10.10.2 255.255.255.0 no shutdown exit ip default-gateway 10.10.10.1 line con 0 exec-timeout 0 0 logging synchronous exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit !D1 – Trouble Ticket # 3 tclsh puts [ open “flash:/enarsi/1.1.2.3-d1-config.txt” w+ ] { hostname D1 banner motd # This is D1, Trouble Ticket 1.1.2.3 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 interface range g1/0/1 – 24 switchport mode access shutdown exit interface g1/0/11 switchport mode access switchport access vlan 10 no shutdown exit interface range g1/0/23-24 Chapter 1: IPv4/IPv6 Addressing and Routing Review switchport mode access switchport access vlan 10 no shutdown exit interface vlan 10 ip address 10.10.10.2 255.255.255.0 no shutdown exit ip default-gateway 10.10.10.1 line con 0 exec-timeout 0 0 logging synchronous exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit D2 Configuration File Scripts – Not Used in This Lab A1 Confgiuration File Scripts – Not Used in This Lab 13 14 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 1.1.3 Lab – Troubleshoot IPv4 and IPv6 Static Routing (Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Topology Addressing Table Device Interface IPv4 Address/Mask IPv6 Address/Prefix IPv6 Link Local Default Gateway R1 G0/0/0 10.10.12.1/24 2001:db8:0:12::1/64 fe80::1:1 N/A G0/0/1 10.10.1.1/24 2001:db8:0:1::1/64 fe80::1:2 S0/1/0 N/A 2001:db8:0:13::1/64 fe80::1:3 G0/0/0 10.10.12.2/24 2001:db8:0:12::2/64 fe80::2:1 G0/0/1 10.10.23.1/24 2001:db8:0:23::1/64 fe80::2:2 G0/0/0 10.10.23.2/24 2001:db8:0:23::2/64 fe80::3:1 G0/0/1 10.10.3.1/24 2001:db8:0:3::1/64 fe80::3:2 R2 R3 N/A N/A S0/1/0 2001:db8:0:13::2/64 fe80::3:3 D1 VLAN 10 10.10.1.2/24 N/A N/A 10.10.1.1 D2 VLAN 10 10.10.3.2/24 N/A N/A 10.10.3.1 PC1 NIC 2001:db8:0:1::10/64 EUI-64/CGA 10.10.1.1 10.10.1.10/24 2001:db8:0:1::1 Chapter 1: IPv4/IPv6 Addressing and Routing Review 15 Device Interface IPv4 Address/Mask IPv6 Address/Prefix IPv6 Link Local Default Gateway PC2 NIC 10.10.1.20/24 2001:db8:0:1::20/64 EUI-64/CGA 10.10.1.1 2001:db8:0:1::1 Web Server NIC FTP Server NIC 10.10.3.5/24 2001:db8:0:3::5/64 EUI-64/CGA 10.10.3.1 2001:db8:0:3::1 10.10.3.20/24 2001:db8:0:3::20/64 EUI-64/CGA 10.10.3.1 2001:db8:0:3::1 Objectives Troubleshoot network issues related to IPv4 and IPv6 static routing. Background/Scenario In this topology, routers R1, R2, and R3 are configured for static routing. Switches D1 and D2 provide LAN connectivity for VLAN 10 for the respective locations. You will be loading configurations with intentional errors onto the network. Your tasks are to FIND the error(s), document your findings and the command(s) or method(s) used to fix them, FIX the issue(s) presented here and then test the network to ensure both of the following conditions are met: 1. the complaint received in the ticket is resolved 2. full reachability is restored Note: The routers used with CCNA hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3560 with Cisco IOS XE Release 16.9.4 (universalk9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers. Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure, contact your instructor. Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices. Required Resources ■ 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable) ■ 2 Switches (Cisco 3650 with Cisco IOS XE Release 16.9.4 universalk9 image or comparable) ■ 4 PCs (Choice of operating system with terminal emulation program installed) ■ Console cables to configure the Cisco IOS devices via the console ports ■ Ethernet cables as shown in the topology 16 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Instructions Part 1: Trouble Ticket 1.1.3.1 Scenario: An FTP Server was recently added to the HQ network. The FTP Server is accessible from all devices in the HQ network. Branch network hosts PC1 and PC2 are able to connect to the Web Server but are unable to connect to the FTP Server using IPv4. Note: Web or FTP services are not required on the PCs. Use the commands listed below to load the configuration files for both trouble tickets: Instructor Note: Commands for uploading the configuration are provided at the end of this document. Device Command R1 copy flash:/enarsi/1.1.3.1-r1-config.txt run R2 copy flash:/enarsi/1.1.3.1-r2-config.txt run R3 copy flash:/enarsi/1.1.3.1-r3-config.txt run D1 copy flash:/enarsi/1.1.3.1-d1-config.txt run D2 copy flash:/enarsi/1.1.3.1-d2-config.txt run ■ PC 1, PC 2, FTP Server, and Web Server should be configured with the addressing listed in the Addressing Table. ■ Passwords on all devices are cisco12345. If a username is required, use admin. ■ After you have fixed the ticket, change the MOTD on EACH DEVICE using the following command: banner motd # This is $(hostname) FIXED from ticket # ■ Then save the configuration by issuing the wri command (on each device). ■ Inform your instructor that you are ready for the next ticket. ■ After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices. Instructor Notes: This trouble ticket contains 1 intentional error. R1 has an incorrect netmask on the IPv4 static route. The commands used to fix these errors should be: R1(config)# no ip route 10.10.3.0 255.255.255.240 10.10.12.2 R1(config)# ip route 10.10.3.0 255.255.255.0 10.10.12.2 R1(config-router)# end Part 2: Trouble Ticket 1.1.3.2 Scenario: A WAN connection through R2 was recently added to increase the bandwidth that is available between the branch and HQ. It was decided to keep the dedicated T1 connection from R1 to R3 as a backup link for IPv6 traffic. Users at the branch have been complaining that data transfer speeds to PCs at HQ seem to be slow; however, downloads seem to be fine. Chapter 1: IPv4/IPv6 Addressing and Routing Review 17 Use the commands listed below to load the configuration files for both trouble tickets: Instructor Note: Commands for uploading the configuration are provided at the end of this document. Device Command R1 copy flash:/enarsi/1.1.3.2-r1-config.txt run R2 copy flash:/enarsi/1.1.3.2-r2-config.txt run R3 copy flash:/enarsi/1.1.3.2-r3-config.txt run D1 copy flash:/enarsi/1.1.3.2-d1-config.txt run D2 copy flash:/enarsi/1.1.3.2-d2-config.txt run ■ PC 1, PC 2, FTPServer, and WebServer should be configured with the IPv6 addressing listed in the Addressing Table. It is not necessary to configure the IPv4 addresses. ■ Passwords on all devices are cisco12345. If a username is required, use admin. ■ After you have fixed the ticket, change the MOTD on EACH DEVICE using the following command: banner motd # This is $(hostname) FIXED from ticket # ■ Then save the configuration by issuing the wri command (on each device). ■ Inform your instructor that you are ready for the next ticket. ■ After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices. Instructor Notes: This trouble ticket contains 1 intentional error. R1 has an incorrect administrative distance assigned to the primary and backup routes. The commands used to fix these errors should be: R1(config)# no ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:13::2 10 R1(config)# ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:13::2 15 R1(config)# end Router Interface Summary Table Router Ethernet Interface #1 Model Ethernet Interface #2 Serial Interface #1 Serial Interface #2 1800 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 1900 Gigabit Ethernet 0/0 (G0/0) 2801 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 2811 Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 2900 Gigabit Ethernet 0/0 (G0/0) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 4221 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) 4300 Gigabit Ethernet 0/0/0 (G0/0/0) Gigabit Ethernet 0/0/1 (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1) Gigabit Ethernet 0/1 (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1) 18 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface. Uploading Configuration Files Use the commands below to create the configuration files on the lab devices for each trouble ticket in this lab. The TCL script commands help create and copy the configurations. However, the configuration commands could also be copied and pasted directly into global config mode on each device. Simply remove the TCL script commands, enter the enable and configure t commands on the device, and copy and paste the configuration commands. Important: The device requires a folder in flash named enarsi. Use the dir command to verify. If the folder is missing, then create it using the mkdir flash:/enarsi privileged EXEC command. For all switches, make sure the vlan.dat file is set to the default. Use the delete vlan.dat privileged EXEC command, if necessary. Reset scripts These TCL scripts will completely clear and reload the device in preparation for the next ticket. Copy and paste the appropriate script to the appropriate device. Router Reset Script tclsh puts [ open “flash:/enarsi/reset.tcl” w+ ] { typeahead “n” copy running-config startup-config typeahead “n” erase startup-config puts “Reloading the router” typeahead “n” reload } tclquit D1/D2 (Cisco 3650) Reset Script – The default 3650 SDM template supports IPv6, so it is not set by this script. tclsh puts [ open “flash:/enarsi/reset.tcl” w+ ] { typeahead “n” copy running-config startup-config typeahead “n” erase startup-config delete /force vlan.dat puts “Reloading the switch” typeahead “n” reload } tclquit Chapter 1: IPv4/IPv6 Addressing and Routing Review A1 (Cisco 2960 Script) – The default 2960 SDM template does not support IPv6, so this script includes that setting. tclsh puts [ open “flash:/enarsi/reset.tcl” w+ ] { typeahead “n” copy running-config startup-config typeahead “n” erase startup-config delete /force vlan.dat delete /force multiple-fs ios_config “sdm prefer lanbase-routing” typeahead “n” puts “Reloading the switch” typeahead “n” reload } tclquit R1 Configuration File Scripts !R1 – Trouble Ticket # 1 tclsh puts [ open “flash:/enarsi/1.1.3.1-r1-config.txt” w+ ] { hostname R1 banner motd # This is R1, Trouble Ticket 1.1.3.1 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 interface GigabitEthernet0/0/0 ip address 10.10.12.1 255.255.255.0 no shutdown interface GigabitEthernet0/0/1 ip address 10.10.1.1 255.255.255.0 no shutdown ip route 10.10.23.0 255.255.255.252 10.10.12.2 ip route 10.10.3.0 255.255.255.240 10.10.12.2 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit !R1 – Trouble Ticket # 2 tclsh puts [ open “flash:/enarsi/1.1.3.2-r1-config.txt” w+ ] { hostname R1 banner motd # This is R1, Trouble Ticket 1.1.3.2 # enable secret cisco12345 19 20 CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8 username admin privilege 15 algorithm-type scrypt secret cisco12345 ipv6 unicast-routing interface GigabitEthernet0/0/0 ipv6 address FE80::1:1 link-local ipv6 address 2001:DB8:0:12::1/64 no shutdown interface GigabitEthernet0/0/1 ipv6 address FE80::1:2 link-local ipv6 address 2001:DB8:0:1::1/64 no shutdown interface Serial0/1/0 ipv6 address FE80::1:3 link-local ipv6 address 2001:DB8:0:13::1/64 no shutdown ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:13::2 10 ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:12::2 12 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit R2 Configuration File Scripts !R2 – Trouble Ticket # 1 tclsh puts [ open “flash:/enarsi/1.1.3.1-r2-config.txt” w+ ] { hostname R2 banner motd # This is R2, Trouble Ticket 1.1.3.1 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 interface GigabitEthernet0/0/0 ip address 10.10.12.2 255.255.255.252 no shutdown interface GigabitEthernet0/0/1 ip address 10.10.23.1 255.255.255.252 no shutdown ip route 10.10.1.0 255.255.255.0 10.10.12.1 ip route 10.10.3.0 255.255.255.0 10.10.23.2 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit Chapter 1: IPv4/IPv6 Addressing and Routing Review alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit !R2 – Trouble Ticket #2 tclsh puts [ open “flash:/enarsi/1.1.3.2-r2-config.txt” w+ ] { hostname R2 banner motd # This is R2, Trouble Ticket 1.1.3.2 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 ipv6 unicast-routing interface GigabitEthernet0/0/0 ipv6 address FE80::2:1 link-local ipv6 address 2001:DB8:0:12::2/64 no shutdown interface GigabitEthernet0/0/1 ipv6 address FE80::2:2 link-local ipv6 address 2001:DB8:0:23::1/64 no shutdown ipv6 route 2001:DB8:0:1::/64 2001:DB8:0:12::1 ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:23::2 line con 0 exec-timeout 0 0 logging synchronous exit line vty 0 4 login local transport input telnet exit alias exec reset.now tclsh flash:/enarsi/reset.tcl end } tclquit R3 Configuration File Scripts !R3 – Trouble Ticket #1 tclsh puts [ open “flash:/enarsi/1.1.3.1-r3-config.txt” w+ ] { hostname R3 banner motd # This is R3, Trouble Ticket 1.1.3.1 # enable secret cisco12345 username admin privilege 15 algorithm-type scrypt secret cisco12345 interface GigabitEthernet0/0/0 ip address 10.10.23.2 255.255.255.252 no shutdown interface GigabitEthernet0/0/1 ip address 10.10.3.1 255.255.255.0 no shutdown ip route 0.0.0.0 0.0.0.0 10.10.23.1 line con 0 exec-timeout 0 0 21