Scribd
Upload
162 views4 pages

21.1.2 Lab Troubleshoot Ipv4 Acls

Uploaded by

hassa nestor thera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
162 views4 pages

21.1.2 Lab Troubleshoot Ipv4 Acls

Uploaded by

hassa nestor thera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Lab - Troubleshoot IPv4 ACLs

Topology

Addressing Table
Device Interface IP Address Subnet Mask

R1 G0/0/1 192.0.0.1 255.255.255.0

R1
S0/1/0 209.165.200.1 255.255.255.0

R1
S0/1/1 209.165.201.1 255.255.255.0

R1
Loopback0 209.165.226.1 255.255.255.0
R3 G0/0/1.16 10.0.16.1 255.255.255.0

R3
G0/0/1.27 10.0.27.1 255.255.255.0

R3
S0/1/0 209.165.200.2 255.255.255.0

R3
S0/1/1 209.165.201.2 255.255.255.0

R3
Loopback0 209.165.227.1 255.255.255.0

R3
Loopback1 209.165.228.1 255.255.255.0
D1 G1/0/11 192.0.0.2 255.255.255.0

D1
VLAN 11 209.165.224.1 255.255.255.0

D1
VLAN 12 209.165.225.1 255.255.255.0
PC1 NIC DHCP

PC2 NIC DHCP

PC3 NIC DHCP

PC4 NIC DHCP

Objectives
Troubleshoot network issues related to the conf iguration and operation of ACLs f or IPv4.

© 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 4 www.netacad.com
Lab - Troubleshoot IPv4 ACLs

Background / Scenario
In this topology, R1 and D1 are OSPF neighbors, while R1 and R3 are BGP neighbors. Switch D1 provides
inter-VLAN routing f or two subnets. R3 provides inter-VLAN routing f or two subnets, and switch D2 provides
connectivity f or the two VLANs supporting those subnets. The BGP relationship between R1 and R3 is
established using EBGP multihop between the router’s respective Loopback 0 interf aces. You will be loading
conf igurations with intentional errors onto the network. Your tasks are to FIND the error(s), document your
f indings and the command(s) or method(s) used to f ix them, FIX the issue(s) presented here and then test the
network to ensure both of the f ollowing conditions are met:
1) the complaint received in the ticket is resolved
2) f ull reachability is restored
Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4
(universalk9 image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release
16.9.4 (universalk9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the
model and Cisco IOS version, the commands available and the output produced might vary f rom what is
shown in the labs. Ref er to the Router Interf ace Summary Table at the end of the lab f or the correct interf ace
identif iers.
Note: Make sure that the devices have been erased and have no startup conf igurations. If you are unsure,
contact your instructor.

Required Resources
• 2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 2 Switches (Cisco 3560 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 4 PCs (Choice of operating system with terminal emulation program installed)
• Console cables to conf igure the Cisco IOS devices via the console ports
• Ethernet and serial cables as shown in the topology

Instructions

Part 1: Trouble Ticket 21.1.2.1


Scenario:
A security consultant worked overnight making R1 and R3 compliant with RFC 1918. Af ter the consultant
f inished the task, a business-critical connection between PC1 and PC3 is no longer operational. The task of
f inding and f ixing the error(s) is now your job.
Use the commands listed below to load the conf iguration f iles f or this trouble ticket:

Device Command

R1 copy flash:/enarsi/21.1.2.1-r1-config.txt run

R3 copy flash:/enarsi/21.1.2.1-r3-config.txt run


D1 copy flash:/enarsi/21.1.2.1-d1-config.txt run

D2 copy flash:/enarsi/21.1.2.1-d2-config.txt run

• PCs 1, 2, 3, and 4 receive their addressing via DHCP f or IPv4.


• Passwords on all devices are cisco12345. If a username is required, use admin.

© 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 4 www.netacad.com
Lab - Troubleshoot IPv4 ACLs

• When you have f ixed the ticket, change the MOTD on EACH DEVICE using the f ollowing command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
• Then save the conf iguration by issuing the wri command (on each device).
• Inf orm your instructor that you are ready f or the next ticket.
• Af ter the instructor approves your solution f or this ticket, issue the reset.now privileged EXEC
command. This script will clear your conf igurations and reload the devices.

Part 2: Trouble Ticket 21.1.2.2


Scenario:
A junior network administrator has attempted to tune access control lists to improve security. Af ter doing so,
PC2 is no longer able to communicate with devices with the IPv4 addresses 209.165.227.1 or 209.165.228.1.
This problem needs to be solved to allow f or business operations to continue.
Use the commands listed below to load the conf iguration f iles f or this trouble ticket:

Device Command

R1 copy flash:/enarsi/21.1.2.2-r1-config.txt run

R3 copy flash:/enarsi/21.1.2.2-r3-config.txt run


D1 copy flash:/enarsi/21.1.2.2-d1-config.txt run

D2 copy flash:/enarsi/21.1.2.2-d2-config.txt run

• PCs 1, 2, 3, and 4 receive their addressing via DHCP f or IPv4.


• Passwords on all devices are cisco12345. If a username is required, use admin.
• When you have f ixed the ticket, change the MOTD on EACH DEVICE using the f ollowing command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
• Then save the conf iguration by issuing the wri command (on each device).
• Inf orm your instructor that you are ready f or the next ticket.
• Af ter the instructor approves your solution f or this ticket, issue the reset.now privileged EXEC
command. This script will clear your conf iguratio ns and reload the devices.

Part 3: Trouble Ticket 21.1.2.3


Scenario:
Security is an important consideration in your network. Over t he weekend, a junior network administrator was
working to improve remote access security with BGP AS 181035. It is 8:00 Monday morning, and router R1
and switch D1 are ref using Telnet connections. You need to f ind and f ix this error as soon as possibl e.
Use the commands listed below to load the conf iguration f iles f or this trouble ticket:

Device Command

R1 copy flash:/enarsi/21.1.2.3-r1-config.txt run


R3 copy flash:/enarsi/21.1.2.3-r3-config.txt run

D1 copy flash:/enarsi/21.1.2.3-d1-config.txt run

© 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 3 of 4 www.netacad.com
Lab - Troubleshoot IPv4 ACLs

Device Command

D2 copy flash:/enarsi/21.1.2.3-d2-config.txt run

• PCs 1, 2, 3, and 4 receive their addressing via DHCP f or IPv4.


• Passwords on all devices are cisco12345. If a username is required, use admin.
• When you have f ixed the ticket, change the MOTD on EACH DEVICE using the f ollowing command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
• Then save the conf iguration by issuing the wri command (on each device).
• Inf orm your instructor that you are ready f or the next ticket.
• Af ter the instructor approves your solution f or this ticket, issue the reset.now privileged EXEC
command. This script will clear your conf igurations and reload the devices.

Router Interface Summary Table

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2

Fast Ethernet 0/0 Fast Ethernet 0/1


1800 (F0/0) (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0 Gigabit Ethernet 0/1
1900 (G0/0) (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Fast Ethernet 0/0 Fast Ethernet 0/1
2801 (F0/0) (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
Fast Ethernet 0/0 Fast Ethernet 0/1
2811 (F0/0) (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0 Gigabit Ethernet 0/1
2900 (G0/0) (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0/0 Gigabit Ethernet 0/0/1
4221 (G0/0/0) (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
Gigabit Ethernet 0/0/0 Gigabit Ethernet 0/0/1
4300 (G0/0/0) (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)

Note: To f ind out how the router is conf igured, look at the interf aces to identif y the type of router and how many
interf aces the router has. There is no way to ef f ectively list all the combinations of conf igurations f or each router
class. This table includes identif iers f or the possible combinations of Ethernet and Serial interf aces in the device.
The table does not include any other type of interf ace, even though a specif ic router may contain one. An
example of this might be an ISDN BRI interf ace. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interf ace.
End of document

© 2020 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 4 of 4 www.netacad.com

You might also like