Lab 6 Volume 4
by: CCIE Pilot
Ticket 1: EIGRP
The slower EIGRP link via the FR cloud been used. There is an optimal path via port-channel between SW3 and SW3 found to be down.
The fix of this issue is related to port-channel.
Per Etherchannel tunneling rules, you need to have a single separate VLAN for every pair or opposing channel links. Meaning, every VLAN are used : VLAN 100 and VLAN 101.
Make sure that each access-port is having unique vlan id towards the port-channel interface.
switchport access vlan 100 (or 101 on the second link)
switchport mode dot1q-tunnel
l2protocol-tunnel point-to-point lacp
no cdp enable
spanning-tree bpdufilter enable
The effect is that EIGRP will prefer the faster link vial the etherchannel.
Show ether-channel summary
Ticket 2: Connectivity
Use bottom up approach, check Layer by layer.
Here you will discover some frame-relay map statement is misconfigured.
Easily correct the config.
For RIP running on an NBMA interface, make sure that split-horizon is disabled to encourage route propagation.
Show ip interface serial 0/0/0
Show frame map
Ticket 3: BGP
In dealing with BGP make sure to clear out all lower layer issue.
In this case, the keepalive or essentially the LMI is turn-off effecting ckt to be brought down.
Watch also for IBGP route reflection issue. Make sure RR is enabled or used if you are not having a full mesh connection.
Show ip bgp neig
Sh run interface
Ticket 4: IPv6
This case is related to tunneling IPV6. This case uses 6to4 automatic tunneling.
Make sure the source IPv4 address is properly configured and reachable.
Check static route of 2002://16 towards the Tunnel interface.
Ticket 5: Multicast
Perform basic multicast topology analysis. PIM should be enabled on the path from R3 and R6. Check for tunnel and should run PIM also.
Watch out for RFP failures.
Static mroute command can be useful also.
Ticket 6: Core Dumps
Check reflexive access-list along the way. Passived FTP should be use under normal circumstances, else no data session will be established.
Active FTP will not bypass the packet filter.
Check correct configuration for the core dumps.
ip ftp username R6CORE
ip ftp password CISCO
exception core-file R6DUMP.txt
exception protocol ftp
exception dump 188.8.131.52
Ticket: 7: Time Synchronization
Make sure authentication key is configured properly and should be trusted.
Make sure ACL is correctly configured.
ntp authentication-key 1 md5 13263E212823 7
ntp trusted-key 1
ntp access-group peer 5
ntp master 5
ntp peer 184.108.40.206
ntp server 220.127.116.11 key 1 prefer
access-list 5 permit 127.127.7.1
access-list 5 permit 18.104.22.168
access-list 5 permit 22.214.171.124
show ntp ass
show ntp ?
Ticket 8: NAT
This case is about NAT as a load balancer.
The real servers at the back should be define as type rotary.
Secondly, the access-list specifying the traffic to the virtual server should be mirrored – it should match traffic from sources to the virtual server’s IP address.
ip nat pool POOL1 <start-ip> <end-ip> prefix-length> 24 type rotary
ip access-list ext SERVERS
permit tcp any host x.x.x.x eq www (or 8080 or 443)
Ticket 9: Server Access
For RIP make sure the distance is not set to 255.
Any underlying layer 2 filtering like vlan filter will effectively drop traffic also.
Make sure that RIP udp port is not filtered out.
Take away unnecessary servers if needed.
Show ip route rip
Show vlan filter
Ticket 10: Convergence
Make sure you don’t make unwanted configuration for dampening.
no dampening 30 1000 17956 125 restart 17956
<1-30> Half-life time for the penalty
Rack6R5(config-if)#dampening 30 ?
<1-20000> Value to start reusing an interface
Rack6R5(config-if)#dampening 30 1000 ?
<1-20000> Value to start suppressing an interface
Rack6R5(config-if)#dampening 30 1000 17956 ?
<1-255> Maximum duration to suppress an interface
Rack6R5(config-if)#dampening 30 1000 17956 125 ?
restart Enable restart penalty
Rack6R5(config-if)#dampening 30 1000 17956 125 restart ?
<1-20000> Penalty applied at restart
Rack6R5(config-if)#dampening 30 1000 17956 125 restart 17956