8/12/2019 TS5v2 Qbook

1/12

Troubleshoot Questions

March, 2013

TSv5.504 eBGP

8/12/2019 TS5v2 Qbook

2/12

Troubleshooting Guidelines

This section is comprised of a set of troubleshooting scenarios.

You have a maximum of 2 hours to complete the section.

The final score of this section is combined with the Configuration sections to comprise your final Pass

or Fail status on the given lab exam.

A candidate is required to pass both sections to achieve Cisco CCIE certification.

You will be presented with preconfigured routers and Frame-Relay switches in the topology. DO NOT

change the following configuration on the devices.

Hostname

Enable password "cisco"

Console line configuration

For all of the authentication configuration in the lab, password is "cisco" unless changed to introduce a

break. Do NOT change AAA configuration unless explicitly stated in a question.

Points are awarded for finding AND fixing inserted faults in the presented fully configured topology.

An inserted fault is an introduced break for a scenario that was previously working. Depending on the

scenario, fixing the inserted faults could require multiple command lines on the same or multiple

devices.

The resolution of one incident may depend on the resolution of previous incident(s). The dependency

will not be visible if the tickets are resolved in sequence.

There are NO physical faults introducedin the presented topology. Do NOT change any routing protocol boundaries. Refer to the provided diagram.

DO NOT REMOVE ANY FEATURE CONFIGURED IN ORDER TO RESOLVE AN INCIDENT, YOU MUST

RESOLVE MISCONFIGURATION RATHER THAN REMOVING IT ALL (examples: Access-lists, PBR, CoPP,

MQC, etc.)

Static and default routes are NOT permitted unless preconfigured. These restrictions include floating

static and those generated by routing protocols. Routes to Null0 that are generated of a dynamic

routing protocol solution are permitted.

Tunneling and policy-routing are NOT permitted unless preconfigured.

Dynamic Frame Relay mappings are NOT permitted.

Points will be deducted for every incident in which candidate uses a prohibited solution.

Candidates have control of all required devices in the topology.

If required to verify the reachability from a host machine during the lab exam, use the ping command

with source optionon the router that is shown connected to the subjected host in the diagram.

8/12/2019 TS5v2 Qbook

3/12

Q1 IP SLA. [2 Points]6 Faults:

The IP Service Level Agreement configured between R14 and R9 is not working as expected

Fix problem so that it matches the following outputs:

clear IP SLA counters

conf t

ip sla restart 9

While you are resolving this issue, you are not allowed to create any new interfaces.

Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

R9

R14

.9 E0/1

.10 E0/1

.25 E0/0

.18 E0/1

EIGRP 222

BGP AS 65222

192.168.222.X/29

PE

IP SLA

Querier

IP SLA

responder

.17 E0/2

.26 E0/0

.27 E0/0

R17

vrf ACME

.2 E0/0

.1 E0/1

R16

R15

eBGP

8/12/2019 TS5v2 Qbook

4/12

- 4 -

Q2 BGP. [3 Points]5 Faults:

R14 from AS 65222 is not able to reach the Web Server 192.168.133.100 on AS65333

Fix problem so that ping results in 100% success:

R14# ping 192.168.133.100

You are not allowed to add any new ACL line or delete existing, if necessary modify ACL.Refer to the While you are resolving this issue, you are not allowed to create any new interfaces.

Troubleshooting guidelines to determine if your solution is appropriate.

R12

R11

R13R9

R5

R7

R20

R10

R8

SW1 SW2

R14

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.1 E1/0

.34 E0/1

.30 E0/0

.13 E1/0

.2 E0/1

.1 E0/0 .2 E0/0

.9 E0/1

E0/0

.10 E0/1

.2 E0/0

.10 E0/1

E0/2

.14 E0/0

.6 E0/1

R32

.9 E0/1

.10 E0/1

.25 E0/0

.18 E0/1

EIGRP 222

BGP AS 65222

192.168.222.X/29

BGP AS 65001

PE

PE

PE

PE

PE

RR

RR

RR

RR

BGP AS 65333

EIGRP AS 333

Pingwww.abc.com

IP SLA

Querier

IP SLA

responder

SW4

Cluster ID100.1.1.2

ClusterI D100.1.1.3

ClusterI D100.1.1.4

ClusterID100.1.1.5

MSDP Anycast RP

198.23.23.23

DMZ Server

www.abc.com

192.168.133.100

DNSInternalServer

192.168.233.100

www.abc.com

IGMP Join

Internet A S 65535

R1

.17 E0/2

.26 E0/0

.27 E0/0

R6

R17

R21

ZBF

PE

vrfACME

vrf ACME

RD=111:111

OSPF3 Area 1

.49 E0/0

.50 E0/0

.42 E0/2

.10 E0/1

.46 E0/1

.45 E0/0

.1 E1/3

.2 E0/0

.2 E0/0

.1 E0/1

.100 E0/0

E0/0

.1 E0/0

192.168.33.0/29

OSPF3 Area 0

Extended

Backbone

Global Telecom

Provider (ISP)

VLAN 11 VLAN 12

2001:CC1E:ABCD:624::13/64

IPv6Tunnel

OSPFArea0

Multicast

Boundary

10.1.1.0/2410.1.2.0/24

10.(Area#).0.0/30

201.12.34.0/30 202.12.34.0/30

R2

R4

R3

R16

R15

.1 SVI11

Management workstations

PC1 PC2

.1 SVI12

VLAN 101

VLAN 133

192.168.133.0/24

192.168.233.0/24

E0/0

R22

.1 SVI 133

.11SVI 101

VLAN 100

Distribution

Access

eBGP

eBGP

eBGP

E0/0

Random Office

OSPF MD5 Auth

OSPF MD5 Auth

R42

Default

information

originate

8/12/2019 TS5v2 Qbook

5/12

- 5 -

Q3 PPP Multilink. [2 Points]7 Faults:

Telnet from R27 should reach 100.25.25.25 located on R25

Fix the Network so R27 can telnet R25:

R27# telnet 100.25.25.25

While you are resolving this issue:

You are NOT allowed to remove NAT configuration from any interface.

You are NOT allowed to add or MODIFY any ACL on R26.

Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

FR1

R23

R26

R28

.2 S0/0

.9 S0/1

S0/0

S0/1

S0/2

.10 S1/0

.25 E0/0

.11 S0/0

S1/0

S1/1

S0/1

S0/2

.1 E0/0

E0/0

.26 E0/0

OSPF 3 Area 0MD5 Auth

10.10.10.X/29

234

235

253

254

243

245

MultilinkRIP v2

192.168.20.0/30

PPP MD5

.1 S1/0 BGP AS 65002

QoS DLCI

Video Streamer

DHCP/NAT

R27

Local Service

Provider (ISP)

2001:CC1E:ABCD:10:10:10:0:X/125

Multicast

Boundary

MSDP Anycast RP

198.23.23.23

224.28.28.28

R24

DHCP

eBGP

OSPF MD5 Auth

R13

R25

8/12/2019 TS5v2 Qbook

6/12

- 6 -

Q4 IPv6 Phone. [2 Points]6 Faults:

R19 is acting as an IPv6 phone.

Fix problem so that the IPv6 Phone can reach R28 on AS65002:

Phone# ping 2001:CC1E:ABCD:28::28

While you are resolving this issue,

You are not allowed to configure Auto-Tunnel feature.Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

Deepends from question, can be any router behind R23.

FR1

R18

R12

R11

R13R9

R5

R7

R10

R8

R23

R25

R26

R28

SW1 SW2

.2 S0/0

.9 S0/1

S0/0

S0/1

S0/2

.10 S1/0

.25 E0/0

.11 S0/0

S1/0

S1/1

S0/1

S0/2

.1 E0/0

E0/0

.26 E0/0

OSPF Area 0

10.10.10.X/29

234235

253243

MultilinkRIP v2

192.168.20.0/30

PPP MD5

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.1 E1/0

.34 E0/1

.30 E0/0

.13 E1/0

.2 E0/1.1 E0/0

.2 E0/0.1 E0/1

E0/0

.1 S1/0.2 E0/0

.10 E0/1

E0/2

.14 E0/0

.6 E0/1

BGP AS 65001

PE

PE

PE

PE

PE

RR

RR

RR

RR

BGP AS 65002

IPv6 Domain

QoS DLCI

IGMP Join

232.2.2.2

Internet AS 65535

R1

R6

Smart phone

DHCP/NAT

PE

vrf ACME

vrf ACMERD=111:111

OSPFArea 1

.49 E0/0

.50 E0/0

.42 E0/2

.10 E0/1

.46 E0/1

.45 E0/0

.1 E1/3

.2 E0/0

.100 E0/0

OSPFArea 0

Extended

BackboneGlobal Telecom

Provider (ISP)

Local Service

Provider (ISP)

VLAN 11 VLAN 12

2001:CC1E:ABCD:X::0/64

2001:CC1E:ABCD:624::11/64

2001:CC1E:ABCD:624::13/64

IPv6Tunnel

OSPFArea0

Multicast

Boundary

10.1.1.0/24

10.1.2.0/24

Mobile NetworkIPv6 OSPFArea 1

10.(Area#).0.0/30

201.12.34.0/30 202.12.34.0/30

R2

R4

R3

.1SVI 11

Management workstations

.1SVI 12

Autoconfig

R24

DHCP

Distribution

Access

eBGP

eBGP

OSPF MD5Auth

OSPF MD5Auth

OSPF MD5Auth

Default

information

originate

Default

originate

X=2X=1

IPv4IPv6

Frame relay 245254

10.(Area#).0.0/30

R27

R32

User User

R19

User

8/12/2019 TS5v2 Qbook

7/12

- 7 -

Q5 DNS. [2 Points]6 Faults:

1. Ping and telnet from R20 to www.abc.com should reach the Web Server on the same AS.a) Packet count under ZBF map should increase with the DNS traffic as shown in the ZBF output:b) Telnet should match as per output:You are not allowed to add any new ACL line or delete existing, if necessary modify ACL.

You are not allowed to modify SW4policy-map or class-map or delete service-policy under interfaces.

To cear ZBF counters use:

clear zone-pair counter

While you are resolving this issue, you are not allowed to create any new interfaces.

Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

R12 R20

.1 E0/0 .2 E0/0

.9 E0/1

E0/0

.10 E0/1

PE

BGP AS 65333

EIGRP AS 333

Ping www.abc.com

SW4

DMZ Server

www.abc.com

192.168.133.100

DNS Internal Server

192.168.233.100

www.abc.com

R21

ZBF E0/0

.1 E0/0

192.168.33.0/29

VLAN 101

VLAN 133

192.168.133.0/24

192.168.233.0/24

E0/0

R22

.1 SVI 133

.11 SVI 101

VLAN 100

eBGP

E0/0

Random Office

R42

8/12/2019 TS5v2 Qbook

8/12

- 8 -

Q6 Frame-Relay QoS. [2 Points]7 Faults:

Traffic that is marked with IP Precedence 5/ToS 160 coming from R26 must reach R23

Fix problem so that the extended ping result in 100% success and QoS Class-map output:

Class-map voice should increase packets count when ping R23.

Class-map MISSIONCRITICAL increase packets count randomly.

IP precedence should match per output.

While you are resolving this issue, you are not allowed to create any new interfaces.

Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

R13

R23

R28

.2 S0/0

.9 S0/1

S0/0

S0/1

S0/2

.10 S1/0

.25 E0/0

.11 S0/0

S1/0

S1/1

S0/1

S0/2

.1 E0/0

E0/0

.26 E0/0

OSPF 3 Area 0MD5 Auth

10.10.10.X/29

234

235

253

254

243

245

MultilinkRIP v2

192.168.20.0/30

PPP MD5

.1 S1/0 BGP AS 65002

QoS DLCI

Video Streamer

R27

Local Service

Provider (ISP)

MSDP Anycast RP

198.23.23.23

224.28.28.28

R24

DHCP

OSPF MD5 Auth

R25

FR1

R26

DHCP/NAT

8/12/2019 TS5v2 Qbook

9/12

- 9 -

R12

R11

R5

SW2

S2/0

.53 E0/1

.1 S0/0 .1 S0/1

.2 S1/0.1

E0/

0

.29 E0/2

.54 E0/1

/0

.33 E0/1

.5E0/2

.34 E0/1

.30 E0/0

.1E1/

1

.1E1/2

.13 E1/0.9E0

/2

.2 E0/1

.2E0/

1

.2E0/0

0 E0/1

.14 E0/0

.6 E0/1

BGP AS 65001

PE

PE

PE

RR

RR

Cluster ID

100.1.1.2

Cluster ID

100.1.1.3

Cluster ID

100.1.1.4

Cluster ID

100.1.1.5

MSDP Anycast RP

198.23.23.23

IGMP Join

PF 3 Area 1

OSPF 3 Area 0

Global Telecom

Provider (ISP)

11 VLAN 12

OSPF

area2

OSPF

area3

OSPFare

a4

IPv6Tunnel

OSPFArea0

/24

10.1.2.0/24

10.(Area#).0.0/30

4.0/30 202.12.34.0/30

2 1E0/3

.22E0/3

10.2.1.0/30

R3

.25E0

/3

.26E

0/3

10.3.0.0/3

0

10.4.0.0/30

tations

PC1 PC2

.1 SVI 12

Distribution

Access

eBGP

OSPF MD5 Auth

OSPF MD5 Auth

Default

information

originate

FR1

R23

R26

R28

.2 S0/0

.9 S0/1

S0/0

S0/1

S0/2

.10 S1/0

.25 E0/0

.11 S0/0

S1/0

S1/1

S0/1

S0/2

.1 E0/0

E0/0

.26 E0/0

OSPF 3 Area 0MD5 Auth

10.10.10.X/29

234

235

253

254

243

245

MultilinkRIP v2

192.168.20.0/30

PPP MD5

.1 S1/0 BGP AS 65002

QoS DLCI

Video Streamer

DHCP/NAT

R27

Local Service

Provider (ISP)

2001:CC1E:ABCD:10:10:10:0:X/125

MSDP Anycast RP

198.23.23.23

224.28.28.28

DHCP

OSPF MD5 Auth

R25

R24

R13

Q7 MSDP Multicast on Frame Relay. [2 Points]7 Faults

R28 in AS65002 has to get the Multicast Stream 232.2.2.2 from PC2 connected to SW2.

Fix problem so the ping results in 100% success WITHOUT Packet loss:

R28# ping 232.2.2.2 re 50

While you are resolving this issue, you are not

allowed to create any new interfaces.

Refer to the Troubleshooting guidelines to

determine if your solution is appropriate.

8/12/2019 TS5v2 Qbook

10/12

- 10 -

Q8 IGP Routing (OSPF to BGP Redistribution). [3 Points]8 Faults

Traffic going from R32 must reach 4.2.2.2 going through R1 over the internet

Fix problem so that the extended ping result in 100% success:

While you are resolving this issue,

You are not allowed to redistribute OSPF to BGP or vice versa anywhere.

You are not allowed to remove any configuration line. Correct if needed.

Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

Trace path should match output:

R12

R11

R13R9

R5

R7

R8

SW1 SW2

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.1 E1/0

.34 E0/1

.30 E0/0

.13 E1/0

.2 E0/1

.2 E0/0

.10 E0/1

E0/2

.14 E0/0

.6 E0/1

R32

BGP AS 65001

PE

PE

PE

PE

PE

RR

RR

RR

RR

MSDP Anycast RP

198.23.23.23

IGMP Join

Internet AS 65535

R1

R6

PE

vrf ACME

vrf ACME

RD=111:111

OSPF 3 Area 1

.49 E0/0

.50 E0/0

.42 E0/2

.10 E0/1

.46 E0/1

.45 E0/0

.1 E1/3

.2 E0/0

.100 E0/0

OSPF 3 Area 0

Extended

Backbone

Global Telecom

Provider (ISP)

VLAN 11 VLAN 12

IPv6Tunnel

OSPFArea0

10.1.1.0/24

10.1.2.0/24

10.(Area#).0.0/30

201.12.34.0/30 202.12.34.0/30

R2

R4

R3

.1 SVI11

Management workstations

PC1 PC2

.1 SVI12

Distribution

Access

eBGP

OSPF MD5 Auth

OSPF MD5 Auth

Default

information

originate

R10

8/12/2019 TS5v2 Qbook

11/12

- 11 -

Q9 MPLS. [3 Points]11 Faults

Client connected to R34 in ACMEs Branch Office(AS65111) has to reach Server R31 in ACME HeadQuarters.

Fix problem so the following ping results in 100% success:

While you are resolving this issue, you are not allowed to create any new interfaces.

Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

R34# ping 192.168.6.100

SW6

SW5

R33

R12

R11

R13R9

R5

R7

R10

R8

R30

R29

SW1 SW2

E0/1

E0/2

E0/0

E1/2

E1/2

E1/3

E1/3

Server

E0/0

User

.10 E0/0 .2 E0/1

.1 E0/2

.2 S2/0

.53 E0/1

.17 E0/2

.1 S0/0 .1 S0/1

.2 S1/0

.29 E0/2

.54 E0/1

.18 E0/0

.33 E0/1

.1 E1/0

.34 E0/1

.30 E0/0

.13 E1/0

.2 E0/1

User

.2 E0/0.10 E0/1

E0/2

.14 E0/0.6 E0/1

R34

RIP v2 BGP AS 65111172.16.11.X/29

OSPFArea 0

192.168.[VLAN].X/24

BGP AS 65001

PE

PE

PE

PE

PE

RR

RR

RR

RR

IGMP Join

232.2.2.2

Internet AS 65535

R1

E0/0

E0/1

R6

PE

vrf ACME

vrf ACMERD=111:111

OSPFArea 1

.49 E0/0

.50 E0/0

.42 E0/2

.10 E0/1

.46 E0/1

.45 E0/0

.1 E1/3

.2 E0/0

.9 E0/2

.100 E0/0

OSPFArea 0

Extended

BackboneGlobal Telecom

Provider (ISP)

VLAN 11 VLAN 12

IPv6Tunnel

OSPFArea0

.100 E0/0R31

E0/2 E0/2

E0/2VLAN 5

VLAN 6

VLAN 56

.100 SVI

10.1.1.0/24

10.1.2.0/24

Remote office

Headquarter

10.(Area#).0.0/30

.1 SVI 6

.6 SVI 56

.6 SVI 205

.6 SVI 235

.100 SVI 5

.5 SVI 56

.5 SVI 206

.5 SVI 236

201.12.34.0/30 202.12.34.0/30

R2

R4

R3

SW3

VLAN 34

DHCPVLAN 33

.1SVI 11

Management workstations

.1SVI 12

VLAN 209

VLAN 230

Distribution

Access

eBGP

eBGP

E0/0E0/1

.9 SVI 33.101 SVI 34

OSPF MD5Auth

OSPF MD5Auth

OSPF MD5Auth

VLAN 236

VLAN 239

VLAN 205

Default

information

originate

vrf ACME

Default

route

Defaultroute

Default

route

eBGP

eBGP

BGP AS 65111

.29

.30

.5

.6

10.(Area#).0.0/30

R32

User User

8/12/2019 TS5v2 Qbook

12/12

- 12 -

Q10 MST. [2 Points]3 Faults

User has to ping a Server in two hops.

Fix problem:

SW5# trace 192.168.6.100

While you are resolving this issue, you are not allowed to modify the configuration of SW6.

Refer to the Troubleshooting guidelines to determine if your solution is appropriate.

SW6

SW5

R30

R29

E0/1

E0/2

E1/2

E1/2

E1/3

E1/3

Server

User

OSPF Area 0

192.168.[VLAN].X/24

E0/1

.100 E0/0R31

E0/2 E0/2

E0/2VLAN 5

VLAN 6

VLAN 56

.100 SVI

Headquarter

.1 SVI 6

.6 SVI 56

.6 SVI 205

.6 SVI 235

.100 SVI 5

.5 SVI 56

.5 SVI 206

.5 SVI 236

OSPF MD5 Auth

VLAN 236

VLAN 239

VLAN 205

BGP AS 65111

.29

.30

.5

.6

Q11 Internet challenge ticket. Not reported.3 Faults

Fix problem to reach Internet from R34 output should match.