Internetworking Troubleshooting Case Study
Internetworking Troubleshooting Case Study
Internetworking Troubleshooting Case Study
Case Study
Nigel Sanou June 2012
Contents
Topology Diagram ....................................................................................................................................................................................................................... 2 Introduction.................................................................................................................................................................................................................................. 0 Troubleshooting Table ................................................................................................................................................................................................................. 0 Ping Test Table ........................................................................................................................................................................................................................... 0 Telnet & SSH Test Table ............................................................................................................................................................................................................. 0 STP Redundancy Test Table ....................................................................................................................................................................................................... 0 NTP Test Table ........................................................................................................................................................................................................................... 1 SSH (Secure Shell) Setup Checklist ............................................................................................................................................................................................ 1 Repaired Configuration Files ....................................................................................................................................................................................................... 1 R1 ............................................................................................................................................................................................................................................ 1 R2 ............................................................................................................................................................................................................................................ 2 R3 ............................................................................................................................................................................................................................................ 4 DLS1 ........................................................................................................................................................................................................................................ 5 DLS2 ...................................................................................................................................................................................................................................... 10 ALS1 ...................................................................................................................................................................................................................................... 14
Topology Diagram
Introduction
This case study is a fault finding exercise for the above topology. This topology presents a troubleshooting environment reasonably complex in nature consisting of mixed protocols and devices. Redundant links exist and failover needs to be tested. Ether channel trunks are used to transport multiples VLANs data between distribution layer devices and the access layer switch, STP load balancing should be operating under normal conditions (non-failover). The routing protocols present in the topology are: OSPF, EIGRP and BGP; these protocols and redistribution between them and static routes all have to be ensured to be working. Furthermore NTP (Network Time Protocol) has to be operational and Secure Shell and Telnet should be usable for remote device administration. The hosts: PC-B and PC-C should be able to resolve DHCP addresses. Connectivity and operation should be verified by Ping, Telnet and SSH connections from a variety of host and infrastructure devices.
Troubleshooting Table
Device Symptom R1 BGP not peering to R2 (no BGP routes in routing table)
Problem Incorrect static route to R2: route to 192.168.2.1 was via 209.156.200.226 should be via 209.165.200.226 Found by: sh ip bgp neighbors sh ip route line vty 0 4 exec-timeout 0 3 Found by: sh run | b line vty
Solution & Verification no ip route 192.168.2.1 255.255.255.255 209.156.200.226 ip route 192.168.2.1 255.255.255.255 209.165.200.226 Verify by: Successful ping to 192.168.2.1 sh ip route sh ip bgp neighbors line vty 0 4 exec-timeout 60 0 Verify by: Telnet connection from host sh run | b line vty router bgp 65502 no neighbor 192.168.1.1 remote-as 64501 no neighbor 192.168.1.1 ebgp-multihop 2 no neighbor 192.168.1.1 update-source Loopback0 neighbor 192.168.1.1 remote-as 65501 neighbor 192.168.1.1 ebgp-multihop 2 neighbor 192.168.1.1 update-source Loopback0
R2
Incorrect BGP Neighbor statements: remote-as 64501 instead of 65501 Found by: sh ip bgp summary sh run | s bgp
Verify by: sh ip bgp neigbors sh run | s bgp NTP not syncing R2 not set as the NTP Master, Found by: sh NTP assoc NTP master 1 NTP source Lo0 NTP update-calendar NTP Server 192.168.2.1 Verify by: sh NTP assoc sh ntp stat (on all switches and routers to ensure sync; note: sync can take a long time if times are far apart, set clock command can be used to get times closer)
R3
Keyword subnets not included in redistribution, Found by: sh ip ospf sh run | s ospf
router ospf 1 no redistribute eigrp 100 metric 100 redistribute eigrp 100 metric 100 subnets Verified by: sh ip ospf sh run | s ospf
DHCP issues
DHCP excluded address range incorrect: Range was: 172.16.8.129 172.16.80.138 Instead of: 172.16.80.129 172.16.80.138 Found by: sh run | s dhcp Incorrect priority and all VLANs with same priority: spanning-tree vlan 10, 20, 30, 50, 100 priority 4096 Found by: sh spanning-tree summary
no ip dhcp excluded-address 172.16.8.129 172.16.80.138 ip dhcp excluded-address 172.16.80.129 172.16.80.138 Verify by: sh run | s dhcp spanning-tree vlan 10,30,100 priority 24576 spanning-tree vlan 20,50 priority 28672 (inverting priority values from DLS2) Verify by: sh spanning-tree summary (Root bridge for: VLAN0010, VLAN0030, VLAN0100)
DLS1
OFFICE pool default-router is 172.16.10.252 instead of 172.16.10.254 Found by: sh run | b ip dhcp pool OFFICE
ip dhcp pool OFFICE no default-router 172.16.10.252 default-router 172.16.10.254 Verify by: sh run | b ip dhcp pool OFFICE
DLS2
Console log message: HSRP-4-DIFFVIP1: Vlan10 Grp 10 active routers virtual IP addr ess 172.16.10.254 is different to the locally configured address
Incorrect IPs on VLAN10 SVI & HSRP: VLAN10 SVI IP 172.168.10.253 instead of 172.16.10.253 Standby IP 172.168.10.254 instead of 172.16.10.254 Found by: sh ip int brief sh standby
int vlan10 ip address 172.16.10.253 255.255.255.0 no standby 10 ip 172.168.10.254 standby 10 ip 172.16.10.254 no shut Verify by: sh ip int brief sh standby brief ping router ospf 1 no passive-interface fa0/5 Verify by: sh ip ospf neighbor int fa0/18 no switchport port-security mac-address 0008.ecac.ecba no switchport port-security maximum 2 switchport port-security mac-address sticky shut no shut Verify by: sh ip int brief fa0/18 (should be up up) sh run | section 0/18
Fa0/5 is set as a passive interface and does not allow R3 adjacency. Found by: sh run | b router ospf Interface fa0/18 down down due to wrong MAC Address in port security. Found by: sh ip int brief fa0/18 sh run | section 0/18
ALS1
Access list only allowing incorrect IPs line vty 0 4 access-class 1 in access-list 1 permit 10.0.0.0 Found by: sh run | b line vty
no access list 1 access list 1 permit 172.16.0.0 0.0.255.255 Allows telnet from all apart from R2 (Internet) Verify by: Telnet from PC-B & R2
sh run (look at access list) Port channel 1 & 2 not DHCP snooping trusted ports: Found by: sh run | b interface
int range port-channel 1-2 ip dhcp snooping trust Verify by: sh run | b interface ipconfig /renew (on PC-B)
ALS1 mgmt vlan 100 DLS1 mgmt (172.16.100.1) (172.16.100.252) ALS1 mgmt vlan 100 DLS2 mgmt (172.16.100.253) ALS1 mgmt vlan 100 R1 Fa0/1 (172.16.2.2) ALS1 mgmt vlan 100 R2 Lo1 (172.30.1.1) ALS1 mgmt vlan 100 R3 Fa0/1 (172.16.2.14)
memory-size iomem 10 dot11 syslog ip source-route ip cef no ip domain lookup ip domain name tshoot.net no ipv6 cef ntp source Loopback0 ntp update-calendar ntp server 192.168.2.1 multilink bundle-name authenticated voice-card 0 file prompt quiet username admin secret 5 $1$808F$wVyK9VSr94NGRwm2pzwPe/ archive log config logging size 50 notify syslog contenttype plaintext hidekeys path tftp://172.16.50.1/$h-archive-config write-memory ip telnet source-interface Loopback0 ip ssh source-interface Loopback0 interface Loopback0 description OSPF router ID ip address 192.168.1.1 255.255.255.255 ip ospf network point-to-point interface FastEthernet0/0 no ip address shutdown duplex auto speed auto interface FastEthernet0/1 description FE to DLS1 ip address 172.16.2.2 255.255.255.252 ip flow ingress duplex full speed 100 interface Serial0/0/0 description WAN link to ISP R2 ip address 209.165.200.225 255.255.255.252
ip flow ingress encapsulation ppp no fair-queue clock rate 128000 interface Serial0/0/1 no ip address shutdown clock rate 2000000 interface wlan-controller1/0 no ip address shutdown router ospf 1 log-adjacency-changes passive-interface default no passive-interface FastEthernet0/1 no passive-interface Loopback0 network 172.16.2.0 0.0.0.3 area 0 network 192.168.1.1 0.0.0.0 area 0 default-information originate always router bgp 65501 no synchronization bgp log-neighbor-changes neighbor 192.168.2.1 remote-as 65502 neighbor 192.168.2.1 ebgp-multihop 2 neighbor 192.168.2.1 update-source Loopback0 no auto-summary ip forward-protocol nd ip route 192.168.2.1 255.255.255.255 209.165.200.226 ip http server no ip http secure-server ip flow-export source Loopback0 ip flow-export version 5 ip flow-export destination 172.16.50.1 9996 logging source-interface Loopback0 logging 172.16.50.1 snmp-server community cisco RO snmp-server community san-fran RW snmp-server trap-source Loopback0 snmp-server location TSHOOT Lab Facility snmp-server contact [email protected] snmp-server enable traps flash insertion removal
snmp-server enable traps config snmp-server enable traps ospf state-change snmp-server enable traps cpu threshold snmp-server host 172.16.50.1 version 2c cisco control-plane mgcp fax t38 ecm mgcp behavior g729-variants static-pt banner motd ^C*** Router R1 SBA s Config ***^C line con 0 exec-timeout 60 0 logging synchronous login authentication CONSOLE line aux 0 line 66 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh line vty 0 4 exec-timeout 60 0 transport input telnet ssh scheduler allocate 20000 1000 end
R2
Current configuration : 2854 bytes Last configuration change at 16:13:45 UTC Tue Jun 5 2012 version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption hostname R2 boot-start-marker boot-end-marker logging message-counter syslog logging buffered 16384 enable secret 5 $1$Gfj4$vYP8z//mQG.LhTlOdEsyG1 aaa new-model aaa authentication login default local aaa authentication login CONSOLE none
aaa authorization exec default local aaa session-id common memory-size iomem 10 dot11 syslog ip source-route ip cef no ip domain lookup ip domain name tshoot.net no ipv6 cef ntp max-associations 20 ntp source Loopback0 ntp master 3 ntp update-calendar ntp server 192.168.2.1 multilink bundle-name authenticated voice-card 0 file prompt quiet username admin secret 5 $1$m6Py$LtyizdWg62ciRHbzhh1W6. archive log config logging size 50 notify syslog contenttype plaintext hidekeys path tftp://172.16.50.1/$h-archive-config write-memory ip telnet source-interface Loopback0 ip ssh source-interface Loopback0 interface Loopback0 description BGP router ID ip address 192.168.2.1 255.255.255.0 interface Loopback1 description Simulated Internet address ip address 172.30.1.1 255.255.255.0 interface FastEthernet0/0 no ip address shutdown duplex auto speed auto interface FastEthernet0/1 no ip address shutdown
duplex auto speed auto interface Serial0/0/0 description WAN link to R1 T1 leased line ip address 209.165.200.226 255.255.255.252 encapsulation ppp no fair-queue interface Serial0/0/1 no ip address shutdown clock rate 2000000 router bgp 65502 no synchronization bgp log-neighbor-changes network 0.0.0.0 neighbor 192.168.1.1 remote-as 65501 neighbor 192.168.1.1 ebgp-multihop 2 neighbor 192.168.1.1 update-source Loopback0 no auto-summary ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Null0 ip route 172.16.0.0 255.255.0.0 209.165.200.225 ip route 192.168.1.1 255.255.255.255 209.165.200.225 ip http server no ip http secure-server logging source-interface Loopback0 logging 172.16.50.1 snmp-server community cisco RO snmp-server community san-fran RW snmp-server trap-source Loopback0 snmp-server location TSHOOT Lab Facility snmp-server contact [email protected] snmp-server enable traps flash insertion removal snmp-server enable traps config snmp-server enable traps cpu threshold snmp-server host 172.16.50.1 version 2c cisco control-plane mgcp fax t38 ecm mgcp behavior g729-variants static-pt banner motd ^C*** Router R2 Harry TT2 Config ***^C line con 0
exec-timeout 60 0 logging synchronous login authentication CONSOLE line aux 0 line vty 0 4 exec-timeout 60 0 transport input telnet ssh scheduler allocate 20000 1000 end
R3
Current configuration : 3828 bytes Last configuration change at 12:52:37 UTC Tue Jun 5 2012 version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption hostname R3 boot-start-marker boot-end-marker logging message-counter syslog logging buffered 16384 enable secret 5 $1$HZ6i$aTvUq4W092zzyoyOHKjFr1 aaa new-model aaa authentication login default local aaa authentication login CONSOLE none aaa authorization exec default local aaa session-id common memory-size iomem 10 dot11 syslog ip source-route ip cef ip dhcp excluded-address 172.16.80.1 172.16.80.10 ip dhcp excluded-address 172.16.80.129 172.16.80.138 ip dhcp pool R3-B1 network 172.16.80.0 255.255.255.128 default-router 172.16.80.1 domain-name tshoot.net ip dhcp pool R3-B2 network 172.16.80.128 255.255.255.128 default-router 172.16.80.129
domain-name tshoot.net no ip domain lookup ip domain name tshoot.net no ipv6 cef ntp source Loopback0 ntp update-calendar ntp server 192.168.2.1 multilink bundle-name authenticated voice-card 0 file prompt quiet username admin secret 5 $1$SDRX$6z7Y71b8gt21zsBBur6X01 archive log config logging size 50 notify syslog contenttype plaintext hidekeys path tftp://172.16.50.1/$h-archive-config write-memory ip telnet source-interface Loopback0 ip ssh source-interface Loopback0 interface Loopback0 description OSPF router ID ip address 172.16.203.1 255.255.255.255 ip ospf network point-to-point interface Loopback1 description simulated R3 Branch 2 LAN ip address 172.16.80.129 255.255.255.128 interface FastEthernet0/0 description FE to R3 Branch 1 LAN ip address 172.16.80.1 255.255.255.128 ip flow ingress duplex full speed 100 interface FastEthernet0/1 description FE to DLS2 ip address 172.16.2.14 255.255.255.252 ip flow ingress duplex full speed 100 interface Serial0/0/0 no ip address
shutdown no fair-queue clock rate 2000000 interface Serial0/0/1 no ip address shutdown clock rate 2000000 interface Serial0/1/0 no ip address shutdown clock rate 2000000 interface Serial0/1/1 no ip address shutdown clock rate 2000000 interface wlan-controller1/0 no ip address shutdown router eigrp 100 redistribute ospf 1 metric 1544 2000 255 1 1500 passive-interface default no passive-interface FastEthernet0/0 no passive-interface Loopback1 network 172.16.80.0 0.0.0.127 network 172.16.80.128 0.0.0.127 no auto-summary router ospf 1 log-adjacency-changes redistribute eigrp 100 metric 100 subnets passive-interface default no passive-interface FastEthernet0/1 network 172.16.2.12 0.0.0.3 area 0 network 172.16.203.1 0.0.0.0 area 0 ip forward-protocol nd ip http server no ip http secure-server ip flow-export source Loopback0 ip flow-export version 5 ip flow-export destination 172.16.50.1 9996 logging source-interface Loopback0 logging 172.16.50.1
snmp-server community cisco RO snmp-server community san-fran RW snmp-server trap-source Loopback0 snmp-server location TSHOOT Lab Facility snmp-server contact [email protected] snmp-server enable traps eigrp snmp-server enable traps flash insertion removal snmp-server enable traps config snmp-server enable traps cpu threshold snmp-server host 172.16.50.1 version 2c cisco control-plane mgcp fax t38 ecm mgcp behavior g729-variants static-pt banner motd ^C*** Router R3 Harry TT2 Config ***^C line con 0 exec-timeout 60 0 login authentication CONSOLE line aux 0 line 66 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh line vty 0 4 exec-timeout 60 0 transport input telnet ssh scheduler allocate 20000 1000 end
DLS1
Current configuration : 10322 bytes Last configuration change at 17:13:30 UTC Tue Jun 5 2012 version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption hostname DLS1 boot-start-marker boot-end-marker
logging buffered 16384 enable secret 5 $1$xO7X$CvhHbL5rJ8853O3wF3pYB. username admin secret 5 $1$YZUD$xkpSSMNbFrh9gE4T6YfDh0 aaa new-model aaa authentication login default local aaa authentication login CONSOLE none aaa authorization exec default local aaa session-id common system mtu routing 1500 vtp domain TSHOOT vtp mode transparent ip subnet-zero ip routing no ip domain-lookup ip domain-name tshoot.net ip dhcp relay information trust-all no ip dhcp use vrf connected ip dhcp excluded-address 172.16.10.252 172.16.10.254 ip dhcp excluded-address 172.16.20.252 172.16.20.254 ip dhcp excluded-address 172.16.30.252 172.16.30.254 ip dhcp pool OFFICE network 172.16.10.0 255.255.255.0 domain-name tshoot.net default-router 172.16.10.254 ip dhcp pool VOICE network 172.16.20.0 255.255.255.0 default-router 172.16.20.254 domain-name tshoot.net ip dhcp pool GUEST network 172.16.30.0 255.255.255.0 default-router 172.16.30.254 domain-name tshoot.net crypto pki trustpoint TP-self-signed-2308237440 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2308237440 revocation-check none rsakeypair TP-self-signed-2308237440 crypto pki certificate chain TP-self-signed-2308237440 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32333038 32333734 3430301E 170D3933 30333031 30303337 34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33303832 33373434 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 810090FB 0F6CD58A B89E3185 4655B0E0 530D0AA7 91795022 8554A108 12965371 74D75597 99DDCF13 8B307C6C D2B3D124 5035FBB5 E7537A92 CB4DAADF 04920D9C D9063FDB E50FE877 B2693F61 737BFC63 EB2C8631 DA9A81D0 4AFBE592 FF4062CC 298892F6 87C92546 D3349416 BDC05D2E F3E9B761 B0CF88BD DA4ADCA6 765523A9 636D0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F444C53 312E7473 686F6F74 2E6E6574 301F0603 551D2304 18301680 14DA1B23 245BCC97 D643E230 0957C1B6 C0A16CC6 43301D06 03551D0E 04160414 DA1B2324 5BCC97D6 43E23009 57C1B6C0 A16CC643 300D0609 2A864886 F70D0101 04050003 81810066 F12702E6 77731B4E A8B5B59F C5FAFE3F C1AE2E26 2E20A4A7 306C674D AB62D213 4CF20FE0 140B427B 337B6D48 49A646D2 6FD91D70 7B9B712B B350C6B7 9E28B0F8 24D77233 4D239DAF 0F66099F 9CC4439A DCFDD2B3 22C1C4DA C78FB1B8 DF6D985D 7C9F9570 3D0B156A C6A4C55A 2DD5E7CA AB9CD437 F77E5EAD 0E47B5BA FEC604 quit errdisable recovery cause bpduguard archive log config logging size 50 notify syslog contenttype plaintext
hidekeys path tftp://172.16.50.1/$h-archive-config write-memory file prompt quiet spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id spanning-tree vlan 10,30,100 priority 24576 spanning-tree vlan 20,50 priority 28672 vlan internal allocation policy ascending vlan 10 name OFFICE vlan 20 name VOICE vlan 30 name GUEST vlan 50 name SERVERS vlan 100 name MGMT vlan 200 name TRANS vlan 900 name NATIVE vlan 999 name UNUSED ip telnet source-interface Vlan100 ip ssh source-interface Vlan100 interface Loopback0 description OSPF router ID ip address 172.16.211.1 255.255.255.255 ip ospf network point-to-point interface Port-channel1 description Channel to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate interface Port-channel10 description Channel to DLS2
switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,50,100,200,900 switchport mode trunk switchport nonegotiate interface FastEthernet0/1 description Channel to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate channel-group 1 mode on interface FastEthernet0/2 description Channel to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate channel-group 1 mode on interface FastEthernet0/3 description Channel to DLS2 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,50,100,200,900 switchport mode trunk switchport nonegotiate channel-group 10 mode on interface FastEthernet0/4 description Channel to DLS2 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,50,100,200,900 switchport mode trunk switchport nonegotiate channel-group 10 mode on interface FastEthernet0/5 description FE to R1 no switchport ip address 172.16.2.1 255.255.255.252
speed 100 duplex full interface FastEthernet0/6 description FE to SRV1 switchport access vlan 50 switchport mode access switchport nonegotiate spanning-tree portfast interface FastEthernet0/7 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/8 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/9 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/10 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/11 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/12 description Unused
switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/13 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/14 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/15 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown FastEthernet0/16 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/17 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/18 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/19
description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/20 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/21 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/22 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/23 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/24 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface GigabitEthernet0/1 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown
interface GigabitEthernet0/2 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface Vlan1 no ip address shutdown interface Vlan10 ip address 172.16.10.252 255.255.255.0 standby 10 ip 172.16.10.254 standby 10 priority 110 standby 10 preempt interface Vlan20 ip address 172.16.20.252 255.255.255.0 standby 20 ip 172.16.20.254 standby 20 preempt interface Vlan30 ip address 172.16.30.252 255.255.255.0 standby 30 ip 172.16.30.254 standby 30 priority 110 standby 30 preempt interface Vlan50 ip address 172.16.50.252 255.255.255.0 standby 50 ip 172.16.50.254 standby 50 preempt interface Vlan100 ip address 172.16.100.252 255.255.255.0 standby 100 ip 172.16.100.254 standby 100 priority 110 standby 100 preempt interface Vlan200 ip address 172.16.200.252 255.255.255.0 router ospf 1 log-adjacency-changes passive-interface default no passive-interface Vlan200 no passive-interface FastEthernet0/5 network 172.16.2.0 0.0.0.3 area 0
network 172.16.10.0 0.0.0.255 area 1 network 172.16.20.0 0.0.0.255 area 1 network 172.16.30.0 0.0.0.255 area 1 network 172.16.50.0 0.0.0.255 area 1 network 172.16.100.0 0.0.0.255 area 1 network 172.16.200.0 0.0.0.255 area 0 network 172.16.211.1 0.0.0.0 area 0 ip classless ip http server ip http secure-server logging source-interface Vlan100 logging 172.16.50.1 snmp-server community cisco RO snmp-server community san-fran RW snmp-server trap-source Vlan100 snmp-server location TSHOOT Lab Facility snmp-server contact [email protected] snmp-server enable traps ospf state-change snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps port-security snmp-server enable traps config snmp-server enable traps hsrp snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 172.16.50.1 version 2c cisco control-plane banner motd ^C*** Switch DLS1 Harry TT2 Config ***^C line con 0 exec-timeout 60 0 logging synchronous login authentication CONSOLE line vty 0 4 exec-timeout 60 0 transport input telnet ssh line vty 5 15 transport input none ntp clock-period 36028342 ntp source Vlan100 ntp server 192.168.2.1
end
DLS2
Current configuration : 9704 bytes Last configuration change at 17:05:41 UTC Tue Jun 5 2012 version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime service password-encryption hostname DLS2 boot-start-marker boot-end-marker logging buffered 16384 enable secret 5 $1$2Qqm$1alKwQxas/VlnAlQSbpUo. username admin secret 5 $1$aU9K$v56OuWokC/ILVgVNx1q0z/ aaa new-model aaa authentication login default local aaa authentication login CONSOLE none aaa authorization exec default local aaa session-id common system mtu routing 1500 vtp domain TSHOOT vtp mode transparent ip subnet-zero ip routing no ip domain-lookup ip domain-name tshoot.net ip dhcp relay information trust-all crypto pki trustpoint TP-self-signed-1427674624 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1427674624 revocation-check none rsakeypair TP-self-signed-1427674624 crypto pki certificate chain TP-self-signed-1427674624 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343237 36373436 3234301E 170D3933 30333031 30303432 30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34323736 37343632 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E35B 90017736 69AE18ED C967E086 5E9B4377 6CF6840D E7977CBE 664E5BD7 2F3E2831 17254B1A 17345F68 3C5282E7 AD186814 F4FFC6FF B3DB40E1 54907556 01E12097 255F06E2 C8C4C1DF 7D77E25E DC5FECAA CBDF6847 338C5A89 CF55EBBA 1041135F A2214028 09627B9D 54A1C5A6 9EE4C1BC A304FF9E 1A9E4B40 E4ED9DEA 49930203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F444C53 322E7473 686F6F74 2E6E6574 301F0603 551D2304 18301680 148F4625 FF1F1601 5F6F509A 61B1652E B6C08354 61301D06 03551D0E 04160414 8F4625FF 1F16015F 6F509A61 B1652EB6 C0835461 300D0609 2A864886 F70D0101 04050003 81810065 49F6987C E6083832 920440B2 4B45FD95 49BB0571 50451003 60B225D1 B0F4A0ED 6F3EDBB8 41AA07B7 7F28D87E C8AE1FC1 7314AA04 662CBF45 5F13228C 658E1C7C 85EE8EEC 7FC086FA 09B1DA1C 7A1E6566 CAE559B0 0A213D87 93CB191B AED0E956 498CE7DA B6B205B6 FECC6F51 B3D5DEFF D0BBB7CA C39448E7 0DB074D0 ADB3F9 quit archive log config logging size 50 notify syslog contenttype plaintext hidekeys path tftp://172.16.50.1/$h-archive-config write-memory
file prompt quiet spanning-tree mode rapid-pvst spanning-tree extend system-id spanning-tree vlan 10,30,100 priority 28672 spanning-tree vlan 20,50 priority 24576 vlan internal allocation policy ascending vlan 10 name OFFICE vlan 20 name VOICE vlan 30 name GUEST vlan 50 name SERVERS vlan 100 name MGMT vlan 200 name TRANS vlan 900 name NATIVE vlan 999 name UNUSED ip telnet source-interface Vlan100 ip ssh source-interface Vlan100 interface Loopback0 description OSPF router ID ip address 172.16.212.1 255.255.255.255 ip ospf network point-to-point interface Port-channel2 description Channel to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate shutdown interface Port-channel10 description Channel to DLS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,50,100,200,900
switchport mode trunk switchport nonegotiate interface FastEthernet0/1 description Channel to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate shutdown channel-group 2 mode on interface FastEthernet0/2 description Channel to ALS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate shutdown channel-group 2 mode on interface FastEthernet0/3 description Channel to DLS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,50,100,200,900 switchport mode trunk switchport nonegotiate channel-group 10 mode on interface FastEthernet0/4 description Channel to DLS1 switchport trunk encapsulation dot1q switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,50,100,200,900 switchport mode trunk switchport nonegotiate channel-group 10 mode on interface FastEthernet0/5 description FE to R3 no switchport ip address 172.16.2.13 255.255.255.252 speed 100
duplex full spanning-tree bpduguard enable interface FastEthernet0/6 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/7 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/8 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/9 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/10 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/11 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/12 description Unused switchport access vlan 999
switchport mode access switchport nonegotiate shutdown interface FastEthernet0/13 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/14 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/15 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/16 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/17 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/18 description FE to PC-C switchport access vlan 30 switchport mode access switchport nonegotiate spanning-tree portfast interface FastEthernet0/19 description Unused
switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/20 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/21 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/22 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/23 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/24 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface GigabitEthernet0/1 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface GigabitEthernet0/2
description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface Vlan1 no ip address shutdown interface Vlan10 ip address 172.16.10.253 255.255.255.0 standby 10 ip 172.168.10.254 standby 10 preempt interface Vlan20 ip address 172.16.20.253 255.255.255.0 standby 20 ip 172.16.20.254 standby 20 priority 110 standby 20 preempt interface Vlan30 ip address 172.16.30.253 255.255.255.0 standby 30 ip 172.16.30.254 standby 30 preempt interface Vlan50 ip address 172.16.50.253 255.255.255.0 standby 50 ip 172.16.50.254 standby 50 priority 110 standby 50 preempt interface Vlan100 ip address 172.16.100.253 255.255.255.0 standby 100 ip 172.16.100.254 standby 100 preempt interface Vlan200 ip address 172.16.200.253 255.255.255.0 router ospf 1 log-adjacency-changes passive-interface default no passive-interface Vlan200 no passive-interface FastEthernet0/5 network 172.16.2.12 0.0.0.3 area 0 network 172.16.10.0 0.0.0.255 area 1 network 172.16.20.0 0.0.0.255 area 1 network 172.16.30.0 0.0.0.255 area 1
network 172.16.50.0 0.0.0.255 area 1 network 172.16.100.0 0.0.0.255 area 1 network 172.16.200.0 0.0.0.255 area 0 network 172.16.212.1 0.0.0.0 area 0 ip classless ip http server ip http secure-server logging source-interface Vlan100 logging 172.16.50.1 snmp-server community cisco RO snmp-server community san-fran RW snmp-server trap-source Vlan100 snmp-server location TSHOOT Lab Facility snmp-server contact [email protected] snmp-server enable traps ospf state-change snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps port-security snmp-server enable traps hsrp snmp-server enable traps vlan-membership snmp-server enable traps errdisable snmp-server host 172.16.50.1 version 2c cisco control-plane banner motd ^C*** Switch DLS2 Harry TT2 Config ***^C line con 0 exec-timeout 60 0 logging synchronous login authentication CONSOLE line vty 0 4 exec-timeout 60 0 transport input telnet ssh line vty 5 15 transport input none ntp clock-period 36028653 ntp source Vlan100 ntp server 192.168.2.1 end
ALS1
Current configuration : 8332 bytes
! Last configuration change at 17:05:59 UTC Tue Jun 5 2012 version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption hostname ALS1 boot-start-marker boot-end-marker logging buffered 16384 enable secret 5 $1$JPei$uCmndV7j/cCFdV2qY3y5y/ username admin secret 5 $1$d31C$bOL6SVHV04MC9JWBQGv9m1 aaa new-model aaa authentication login default local aaa authentication login CONSOLE none aaa authorization exec default local aaa session-id common system mtu routing 1500 vtp domain TSHOOT vtp mode transparent ip subnet-zero ip dhcp snooping vlan 10 ip dhcp snooping no ip domain-lookup ip domain-name tshoot.net crypto pki trustpoint TP-self-signed-3647294080 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3647294080 revocation-check none rsakeypair TP-self-signed-3647294080 crypto pki certificate chain TP-self-signed-3647294080 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33363437 32393430 3830301E 170D3933 30333031 30303037 31335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343732 39343038 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100DFFD 65B90AFC 1DF31639 1C75A015 93C82E2E 5A2D04F6 336F339A 31C1007D AD1B68AE E70A0588 B0EE96E7 65DF7E83 37F54FD1 C13D5CDB CC3ACD07 4DF77671 BBACECD2 A25D5844 081A4FF0 64C8F6C9 DC749087 C3EB522B 1FCE5F84 3611612B CD1E980E 9DF58351 CC3A7C2E 2AF979B4 C1434A39 E228957A 2B8F1A1F 0B58B3FE C7690203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F414C53 312E7473 686F6F74 2E6E6574 301F0603 551D2304 18301680 14DE4293 349DB9D2 323CFF32 5E12244E 0F37ED3D 79301D06 03551D0E 04160414 DE429334 9DB9D232 3CFF325E 12244E0F 37ED3D79 300D0609 2A864886 F70D0101 04050003 8181002D 692BB1C6 B2B6DFFF 6B7B3FB9 EC951DB6 21CC6053 BC6D9B47 DB5B6054 8CB61599 9BC3A52F 171BCAA3 CA8916FE 1FD25C06 4C291534 52C20CB3 EDD2B671 24A66CA3 20CE0429 7F48ADAD FB8A408D C83892B8 02BDF847 2DA71BFC 123387A5 A072DE8E 0A5A8F69 D4B4CDDA A44FB625 29C0399E E4108BEF B8B88B0C BECC6FD1 D54971 quit archive log config logging size 50 notify syslog contenttype plaintext hidekeys path tftp://172.16.50.1/$h-archive-config write-memory file prompt quiet spanning-tree mode rapid-pvst spanning-tree portfast default spanning-tree extend system-id
vlan internal allocation policy ascending vlan 10 name OFFICE vlan 20 name VOICE vlan 30 name GUEST vlan 100 name MGMT vlan 900 name NATIVE vlan 999 name UNUSED ip telnet source-interface Vlan100 ip ssh source-interface Vlan100 interface Port-channel1 description Channel to DLS1 switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate ip dhcp snooping trust interface Port-channel2 description Channel to DLS2 switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate ip dhcp snooping trust interface FastEthernet0/1 description Channel to DLS1 switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate channel-group 1 mode on ip dhcp snooping trust interface FastEthernet0/2 description Channel to DLS1 switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900
switchport mode trunk switchport nonegotiate channel-group 1 mode on ip dhcp snooping trust interface FastEthernet0/3 description Channel to DLS2 switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate channel-group 2 mode on ip dhcp snooping trust interface FastEthernet0/4 description Channel to DLS2 switchport trunk native vlan 900 switchport trunk allowed vlan 10,20,30,100,900 switchport mode trunk switchport nonegotiate channel-group 2 mode on ip dhcp snooping trust interface FastEthernet0/5 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/6 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/7 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/8 description Unused switchport access vlan 999
switchport mode access switchport nonegotiate shutdown interface FastEthernet0/9 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/10 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/11 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/12 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/13 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/14 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/15 description Unused
switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/16 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/17 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/18 description To PC-B switchport access vlan 10 switchport mode access switchport voice vlan 20 switchport port-security switchport port-security mac-address 782b.cbb6.eba0 spanning-tree portfast interface FastEthernet0/19 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/20 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/21 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate
shutdown interface FastEthernet0/22 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/23 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface FastEthernet0/24 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface GigabitEthernet0/1 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface GigabitEthernet0/2 description Unused switchport access vlan 999 switchport mode access switchport nonegotiate shutdown interface Vlan1 no ip address no ip route-cache shutdown interface Vlan100 ip address 172.16.100.1 255.255.255.0 no ip route-cache ip default-gateway 172.16.100.254 ip http server ip http secure-server
logging source-interface Vlan100 logging 172.16.50.1 access-list 1 permit 10.0.0.0 snmp-server community cisco RO snmp-server community san-fran RW snmp-server trap-source Vlan100 snmp-server location TSHOOT Lab Facility snmp-server contact [email protected] snmp-server enable traps vtp snmp-server enable traps vlancreate snmp-server enable traps vlandelete snmp-server enable traps port-security snmp-server enable traps vlan-membership snmp-server host 172.16.50.1 version 2c cisco control-plane banner motd ^C*** Switch ALS1 Harry TT2 Config ***^C line con 0 exec-timeout 60 0 logging synchronous login authentication CONSOLE line vty 0 4 exec-timeout 60 0 transport input telnet ssh line vty 5 15 transport input none ntp clock-period 36028372 ntp source Vlan100 ntp server 192.168.2.1 end