pdfcoffee.com-ccnp-enterprise-advanced-routing-enarsi-lab-manual-instructorx27s-answer-key
advertisement
CCNP Enterprise: Advanced
Routing (ENARSI) Lab Manual,
Version 8
Instructor’s Answer Key
Cisco Networking Academy
Cisco Press
221 River St
Hoboken, NJ 07030
ii
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
CCNP Enterprise: Advanced Routing
(ENARSI) Lab Manual
Version 8
Instructor’s Answer Key
Cisco Networking Academy
Copyright© 2021 Cisco Systems, Inc.
Published by:
Cisco Press
221 River St
Hoboken, NJ 07030
All rights reserved. No part of this book may be reproduced or transmitted
in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief
quotations in a review.
ScoutAutomatedPrintCode
Editor-in-Chief
Mark Taub
Alliances Manager, Cisco
Press
Arezou Gol
Director, ITP Product
Management
Brett Bartow
Senior Editor
James Manly
Managing Editor
Sandra Schroeder
Project Editor
Mandie Frank
Editorial Assistant
Cindy Teeters
Designer
Chuti Prasertsith
Composition
Bronkella Publishing, Inc.
Library of Congress Control Number: 2020908350
ISBN-13: 978-0-13-687093-7
ISBN-10: 0-13-687093-7
Instructor Answer Key
ISBN-13: 978-0-13-687092-0
ISBN-10: 0-13-687092-9
Warning and Disclaimer
This book is designed to provide information about networking. Every effort
has been made to make this book as complete and as accurate as possible,
but no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press,
and Cisco Systems, Inc. shall have neither liability nor responsibility to
any person or entity with respect to any loss or damages arising from the
information contained in this book or from the use of the discs or programs
that may accompany it.
The opinions expressed in this book belong to the author and are not
necessarily those of Cisco Systems, Inc.
Proofreader
Debbie Williams
iii
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been
appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of
this information. Use of a term in this book should not be regarded as affecting the validity of
any trademark or service mark.
This book is part of the Cisco Networking Academy series from Cisco Press. The products
in this series support and complement the Cisco Networking Academy curriculum. If you are
using this book outside the Networking Academy, then you are not preparing with a Cisco
trained and authorized Networking Academy provider. For more information on the Cisco
Networking Academy or to locate a Networking Academy, please visit www.cisco.com/edu.
Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities
(which may include electronic versions; custom cover designs; and content particular to your
business, training goals, marketing focus, or branding interests), please contact our corporate
sales department at corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact intlcs@pearson.com.
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value.
Each book is crafted with care and precision, undergoing rigorous development that involves
the unique expertise of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments
regarding how we could improve the quality of this book, or otherwise alter it to better suit
your needs, you can contact us through email at feedback@ciscopress.com. Please make sure
to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Americas Headquarters
Cisco Systems, Inc.
San Jose, CA
Asia Pacific Headquarters
Cisco Systems (USA) Pte. Ltd.
Singapore
Europe Headquarters
Cisco Systems International BV Amsterdam,
The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go
to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (1110R)
Contents
Chapter 1
IPv4/IPv6 Addressing and Routing Review
1
1.1.2 Lab - Troubleshoot IPv4 and IPv6 Addressing Issues (Instructor
Version) 1
Topology
1
Addressing Table
Objectives
1
1
Background/Scenario
Required Resources
Instructions
2
2
2
Part 1: Trouble Ticket 1.1.2.1
2
Part 2: Trouble Ticket 1.1.2.2
3
Part 3: Trouble Ticket 1.1.2.3
4
Router Interface Summary Table 4
Uploading Configuration Files 5
R1 Configuration File Scripts
6
R2 Configuration File Scripts
9
R3 Configuration File Scripts - Not Used in This Lab
D1 Configuration File Scripts
11
11
D2 Configuration File Scripts - Not Used in This Lab
13
A1 Confgiuration File Scripts - Not Used in This Lab 13
1.1.3 Lab - Troubleshoot IPv4 and IPv6 Static Routing (Instructor
Version) 14
Topology
14
Addressing Table
Objectives
14
15
Background/Scenario
15
Required Resources
15
Instructions
16
Part 1: Trouble Ticket 1.1.3.1
16
Part 2: Trouble Ticket 1.1.3.2
16
Router Interface Summary Table 17
Uploading Configuration Files 18
R1 Configuration File Scripts
19
R2 Configuration File Scripts
20
R3 Configuration File Scripts
21
D1 Configuration File Scripts
22
D2 Configuration File Scripts
24
A1 Configuration File Scripts - Not Used In This Lab 25
vi
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Chapter 2
EIGRP 27
2.1.2 Lab - Implement EIGRP for IPv4 (Instructor Version) 27
Topology
27
Addressing Table
Objectives
27
28
Background/Scenario
28
Required Resources
28
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and Verify EIGRP for IPv4
Part 3: Tune EIGRP for IPv4
36
Router Interface Summary Table
42
Device Configs – Final
Router R1
42
Router R2
45
Router R3
47
28
32
42
Switch D1 49
Switch D2 54
Chapter 3
Advanced EIGRP
61
3.1.2 Lab - Implement Advanced EIGRP for IPv4 Features (Instructor
Version) 61
Topology
61
Addressing Table
Objectives
61
62
Background/Scenario
62
Required Resources
62
Instructions
62
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Implement EIGRP for IPv4
65
Part 3: Implement Advanced Features 67
Router Interface Summary Table 73
Device Configs – Final
74
Router R1 74
Router R2 75
Router R3 77
Switch D1 79
Chapter 4
Troubleshooting EIGRP for IPv4 85
4.1.2 Lab - Troubleshoot EIGRP for IPv4 (Instructor Version)
Topology
85
Addressing Table
Objectives
85
85
Background/Scenario
86
Required Resources
86
85
62
vii
Instructions
86
Part 1: Trouble Ticket 4.1.2.1
86
Part 2: Trouble Ticket 4.1.2.2
87
Part 3: Trouble Ticket 4.1.2.3
88
Topology Update:
88
Addressing Table Update: 88
Router Interface Summary Table 90
Uploading Configuration Files 90
Reset Scripts
91
R1 Configuration File Scripts
92
R2 Configuration File Scripts
95
R3 Configuration File Scripts
97
D1 Configuration File Scripts
100
D2 Configuration File Scripts
102
A1 Configuration File Scripts - Not Used In This Lab 104
Chapter 5
EIGRPv6 105
5.1.2 Lab - Implement EIGRP for IPv6 (Instructor Version) 105
Topology
105
Addressing Table
Objectives
105
106
Background/Scenario
106
Required Resources
106
Instructions
107
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Implement EIGRP for IPv6 and Named EIGRP
Part 3: Tune and Optimize EIGRP for IPv6
111
116
Router Interface Summary Table 124
Device Configs - Final 125
Router R1
125
Router R2
127
Router R3
130
Switch D1
133
Switch D2
138
5.1.3 Lab - Troubleshoot EIGRP for IPv6 (Instructor Version) 144
Topology
144
Addressing Table
Objectives
144
145
Background/Scenario
145
Required Resources
145
Instructions
146
Part 1: Trouble Ticket 5.1.3.1
146
107
viii
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Router Interface Summary Table
147
Uploading Configuration Files
148
R1 Configuration File Scripts
149
R2 Configuration File Scripts
150
R3 Configuration File Scripts
151
D1 Configuration File Scripts
152
D2 Configuration File Scripts
153
A1 Configuration File Scripts - Not Used In This Lab
Chapter 6
154
OSPF 155
6.1.2 Lab - Implement Single-Area OSPFv2 (Instructor Version) 155
Topology
155
Addressing Table
Objectives
155
156
Background/Scenario
156
Required Resources
156
Instructions
157
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 157
Part 2: Configure Single-Area OSPFv2 159
Part 3: Configure and Verify the Advertising of a Default Route
166
Part 4: Implement OSPF Network Optimizing Features 167
Part 5: DR and BDR Placement
173
Router Interface Summary Table 175
Device Configs - Final 176
Router R1
176
Switch D1 178
Switch D2 182
Chapter 7
Advanced OSPF 187
7.1.2 Lab - Implement Multiarea OSPFv2 (Instructor Version)
Topology
Addressing Table
Objectives
187
188
Background/Scenario
188
Required Resources
188
Instructions
187
187
189
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 189
Part 2: Configure Multiarea OSPFv2 191
Part 3: Exploring Link-State Announcements 205
Router Interface Summary Table 213
Device Configs - Final 213
Router R1
213
Contents ix
Router R2
215
Router R3
217
Switch D1 218
Switch D2 223
7.1.3 Lab - OSPFv2 Route Summarization and Filtering (Instructor Version) 228
Topology
228
Addressing Table
Objectives
228
229
Background/Scenario
229
Required Resources
230
Instructions
230
Part 1: Build the Network, Configure Basic Device Settings and Routing
Part 2: OSPFv2 Route Summarization
Part 3: OSPFv2 Route Filtering
238
242
Router Interface Summary Table 245
Device Configs – Final 245
Router R1
245
Router R2
247
Router R3
249
Switch D1 251
Switch D2 255
Chapter 8
Troubleshooting OSPFv2 261
8.1.2 Lab - Troubleshoot OSPFv2 (Instructor Version) 261
Topology
261
Addressing Table
Objectives
261
262
Background/Scenario
262
Required Resources
263
Instructions
263
Part 1: Trouble Ticket 8.1.2.1 263
Part 2: Trouble Ticket 8.1.2.2 264
Part 3: Trouble Ticket 8.1.2.3 265
Topology Update
265
Addressing Table Update 266
Router Interface Summary Table 267
Uploading Configuration Files 268
R1 Configuration File Scripts
269
R2 Configuration File Scripts
271
R3 Configuration File Scripts
272
D1 Configuration File Scripts
274
D2 Configuration File Scripts
278
A1 Configuration File Scripts - Not Used In This Lab
281
230
x
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Chapter 9
OSPFv3 283
9.1.2 Lab - Implement Multiarea OSPFv3 (Instructor Version) 283
Topology
283
Addressing Table
Objectives
283
284
Background/Scenario
284
Required Resources
284
Instructions
285
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 285
Part 2: Configure Traditional OSPFv3 for IPv6 on D1
Part 3: Configure OSPFv3 for AF IPv4 and AF IPv6
Part 4: Verify OSPFv3
293
Part 5: Tune OSPFv3
299
287
289
Router Interface Summary Table 302
Device Configs - Final 302
Router R1
302
Router R2
304
Router R3
306
Switch D1 308
Switch D2 312
Chapter 10
Troubleshooting OSPFv3 319
10.1.2 Lab - Troubleshoot OSPFv3 (Instructor Version) 319
Topology
319
Addressing Table
Objectives
319
320
Background/Scenario
320
Required Resources
321
Instructions
321
Part 1: Trouble Ticket 10.1.2.1
321
Part 2: Trouble Ticket 10.1.2.2
322
Part 3: Trouble Ticket 10.1.2.3
323
Uploading Configuration Files 324
Reset Scripts
324
R1 Configuration File Scripts
325
R2 Configuration File Scripts
327
R3 Configuration File Scripts
329
D1 Configuration File Scripts
330
D2 Configuration File Scripts
335
A1 Configuration File Scripts - Not Used In This Lab
338
Contents xi
Chapter 11
BGP
339
11.1.2 Lab - Implement eBGP for IPv4 (Instructor Version) 339
Topology
339
Addressing Table
Objectives
339
340
Background/Scenario
340
Required Resources
340
Instructions
340
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 340
Part 2: Configure and Verify eBGP for IPv4 on all Routers
342
Part 3: Configure and Verify Route Summarization and Atomic
Aggregate 349
Part 4: Configure and Verify Route Summarization with Atomic
Aggregate and AS-Set 352
Part 5: Configure and Verify the Advertising of a Default Route
354
Router Interface Summary Table 355
Device Configs - Final 355
Router R1
355
Router R2
357
Router R3
359
11.1.3 Lab - Implement MP-BGP (Instructor Version)
Topology
362
Addressing Table
Objectives
362
363
Background/Scenario
363
Required Resources
363
Instructions
362
363
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 363
Part 2: Configure MP-BGP on all Routers 366
Part 3: Verify MP-BGP
368
Part 4: Configure and Verify IPv6 Route Summarization
375
Router Interface Summary Table 376
Device Configs - Final 377
Chapter 12
Router R1
377
Router R2
379
Router R3
382
Advanced BGP 385
12.1.2 Lab - Implement BGP Path Manipulation (Instructor Version) 385
Topology
385
Addressing Table
Objectives
386
385
xii
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Background/Scenario
386
Required Resources
386
Instructions
386
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 386
Part 2: Configure and Verify Multi-Protocol BGP on all Routers
389
Part 3: Configure and Verify BGP Path Manipulation Settings on all
Routers 393
Router Interface Summary Table
Device Configs - Final
Chapter 13
Router R1
399
Router R2
402
Router R3
404
BGP Path Selection
399
399
409
13.1.2 Lab - Implement BGP Communities (Instructor Version) 409
Topology
409
Addressing Table
Objectives
409
410
Background/Scenario
410
Required Resources
410
Instructions
410
Part 1: Build the Network and Configure Basic Device Settings and
Interface Addressing 410
Part 2: Configure and Verify Multi-Protocol BGP on all Routers
Part 3: Configure and Verify BGP Communities on all Routers
Reflection Questions 424
Router Interface Summary Table 424
Device Configs - Final 425
Chapter 14
Router R1
425
Router R2
428
Router R3
430
Troubleshooting BGP 435
14.1.2 Lab - Troubleshoot BGP (Instructor Version) 435
Topology
435
Addressing Table
Objectives
436
437
Background/Scenario
437
Required Resources
438
Part 1: Trouble Ticket 14.1.2.1
438
Part 2: Trouble Ticket 14.1.2.2
440
413
418
Contents xiii
Router Interface Summary Table
441
Uploading Configuration Files
441
R1 Configuration File Scripts
442
R2 Configuration File Scripts
446
R3 Configuration File Scripts
449
D1 Configuration File Scripts
452
D2 Configuration File Scripts
455
A1 Configuration File Scripts - Not Used In This Lab
Chapter 15
Route Maps and Conditional Forwarding
457
459
15.1.2 Lab - Control Routing Updates (Instructor Version)
Topology
459
Addressing Table
Objectives
459
460
Background/Scenario
460
Required Resources
461
Instructions
459
461
Part 1: Build the Network and Configure Basic Device Settings
461
Part 2: Configure Routing and Redistribution 463
Part 3: Filter Redistributed Routes using a Distribute List and
ACL 468
Part 4: Filter Redistributed Routes using a Distribute List and Prefix
List 469
Part 5: Filter Redistributed Routes using a Route Map
471
Router Interface Summary Table 474
Device Configs – Final 474
Router R1
474
Router R2
476
Router R3
479
15.1.3 Lab - Path Control Using PBR (Instructor Version)
Topology
Addressing Table
Objectives
482
483
Background/Scenario
483
Required Resources
483
Instructions
482
482
484
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and Verify Routing
486
Part 3: Configure PBR to Provide Path Control
491
Part 4: Configure Local PBR to Provide Path Control
Router Interface Summary Table 495
Device Configs – Final 495
Router R1 495
493
484
xiv
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Router R2
497
Router R3
499
Switch D1
501
Switch D2 505
15.1.4 Lab - Troubleshoot Route Maps and PBR (Instructor Version) 510
Topology
510
Addressing Table
Objectives
510
511
Background/Scenario
511
Required Resources
511
Instructions
512
Part 1: Trouble Ticket 15.1.4.1
512
Part 2: Trouble Ticket 15.1.4.2
513
Part 3: Trouble Ticket 15.1.4.3
515
Router Interface Summary Table 516
Uploading Configuration Files 516
R1 Configuration File Scripts
517
R2 Configuration File Scripts
520
R3 Configuration File Scripts
522
D1 Configuration File Scripts
524
D2 Configuration File Scripts
527
A1 Configuration File Scripts - Not Used In This Lab
Chapter 16
529
Route Redistribution 531
16.1.2 Lab - Configure Route Redistribution Between EIGRP and OSPF
(Instructor Version) 531
Topology
531
Addressing Table
Objectives
531
532
Background/Scenario
532
Required Resources
532
Instructions
533
Part 1: Build the Network and Configure Basic Device Settings
533
Part 2: Verify OSPFv3 AF Neighborships and Routing for IPv4 and
IPv6 538
Part 3: Verify EIGRP Neighborships and Routing for IPv4 and
IPv6 540
Part 4: Configure Redistribution from OSPFv3 to EIGRP
Part 5: Configure Redistribution from EIGRP for IPv4 into
OSPFv3 543
Reflection Questions
545
Router Interface Summary Table
Device Configs – Final
Router R1
546
546
546
541
Contents xv
Router R2
548
Router R3
551
Switch D1 554
Switch D2 559
16.1.3 Lab - Configure Route Redistribution Within the Same Interior Gateway
Protocol (Instructor Version) 565
Topology
565
Addressing Table
Objectives
565
566
Background/Scenario
566
Required Resources
566
Instructions
566
Part 1: Build the Network and Configure Basic Device Settings
566
Part 2: Configure Two-Way Redistribution on R1 571
Part 3: Configure Two-Way Redistribution on R3 572
Part 4: Filter and Verify Redistribution using a Distribute List and
Prefix List 574
Reflection Questions 575
Router Interface Summary Table 576
Device Configs – Final 576
Router R1
576
Router R2
578
Router R3
580
Switch D1 582
Switch D2
587
16.1.4 Lab - Implement Route Redistribution Between Multiple Protocols
(Instructor Version) 592
Topology
592
Addressing Table
Objectives
592
593
Background/Scenario
593
Required Resources
593
Instructions
594
Part 1: Build the Network and Configure Basic Device Settings
594
Part 2: Configure Two-Way Redistribution on R1 598
Part 3: Configure Two-Way Redistribution on R3 599
Part 4: Filter and Verify Redistribution using a Prefix List and Route
Map 602
Reflection Questions
603
Router Interface Summary Table
Device Configs – Final
Router R1
604
Router R2
606
604
604
xvi
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Router R3
608
Switch D1
610
Switch D2 615
Chapter 17
Troubleshooting Redistribution
621
17.1.2 Lab - Troubleshoot Redistribution (Instructor Version) 621
Objectives
621
Background/Scenario
621
Required Resources
621
Instructions
622
Part 1: Trouble Ticket 17.1.2.1
Topology
622
Addressing Table
Scenario
622
622
623
Part 2: Trouble Ticket 17.1.2.2
Topology
624
Addressing Table
Scenario
624
624
625
Part 3: Trouble Ticket 17.1.2.3
Topology
626
Addressing Table
Scenario
626
626
627
Router Interface Summary Table
627
Uploading Configuration Files
628
R1 Configuration File Scripts
629
R2 Configuration File Scripts
631
R3 Configuration File Scripts
633
D1 Configuration File Scripts
635
D2 Configuration File Scripts - Not Used In Trouble Ticket 1
A1 Configuration File Scripts - Not Used In This Lab
Chapter 18
VRF, MPLS, and MPLS Layer 3 VPNs
639
639
Addressing Table
Objectives
638
639
18.1.2 Lab - Implement VRF-Lite (Instructor Version)
Topology
637
639
640
Background/Scenario
640
Required Resources
640
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and Verify VRF and Interface Addressing
641
645
Part 3: Configure and Verify Static Routing for Reachability Inside
Each VRF 647
Router Interface Summary Table
650
Contents xvii
Device Configs - Final
Router R1
651
Router R2
654
Router R3
655
651
Switch D1 657
Switch D2 662
Switch A1 668
Chapter 19
DMVPN Tunnels 671
19.1.2 Lab - Implement a GRE Tunnel (Instructor Version) 671
Topology
671
Addressing Table
Objectives
671
671
Background/Scenario
672
Required Resources
672
Instructions
672
Part 1: Build the Network and Configure Basic Device Settings
672
Part 2: Configure and Verify GRE Tunnels with Static Routing
675
Part 3: Configure and Verify GRE Tunnels with Dynamic Routing
678
Router Interface Summary Table 683
Device Configs - Final 683
Router R1
683
Router R2
686
Router R3
687
19.1.3 Lab - Implement a DMVPN Phase 1 Hub-to-Spoke Topology (Instructor
Version) 691
Topology
691
Addressing Table
Objectives
691
691
Background/Scenario
692
Required Resources
693
Instructions
693
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Configure and Verify DMVPN Phase 1
Part 3: Configure EIGRP Routing for the Tunnel Networks
Router Interface Summary Table 703
Device Configs – Final 704
Router R1
704
Router R2
705
Router R3
706
Layer 3 Switch DMVPN 707
693
696
700
xviii
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
19.1.4 Lab - Implement a DMVPN Phase 3 Spoke-to-Spoke Topology
(Instructor Version) 709
Topology
709
Addressing Table
Objectives
709
709
Background/Scenario
710
Required Resources
711
Initial Configurations
711
Instructions
715
Part 1: Build the Network and Configure Basic Device Settings
715
Part 2: Configure DMVPN Phase 3 716
Part 3: Verify DMVPN Phase 3
717
Router Interface Summary Table 721
Device Configs – Final 721
Router R1
721
Router R2
722
Router R3
724
19.1.5 Lab - Implement an IPv6 DMVPN Phase 3 Spoke-to-Spoke Topology
(Instructor Version) 726
Topology
726
Addressing Table
Objectives
726
726
Background/Scenario
727
Required Resources
727
Instructions
728
Part 1: Build the Network and Configure Basic Device Settings
Part 2: Implement IPv6 DMVPN Phase 3
Part 3: Configure EIGRP for IPv6
728
731
736
Router Interface Summary Table 739
Device Configs – Final (Use Lab Section and Lab Section Gray) 740
Router R1
740
Router R2
741
Router R3
742
Layer 3 Switch DMVPN 744
Chapter 20
Securing DMVPN Tunnels 747
20.1.2 Lab - Configure Secure DMVPN Tunnels (Instructor Version)
Topology
747
Addressing Table
Objectives
747
747
Background/Scenario
748
Required Resources
748
Initial Configurations
748
747
Contents xix
Instructions
752
Part 1: Build the Network and Verify DMVPN Phase 3 Operation
Part 2: Secure DMVPN Phase 3 Tunnels
753
Router Interface Summary Table 761
Device Configs – Final 761
Routers R1, R2, and R3
Chapter 21
761
Troubleshooting ACLs and Prefix Lists 763
21.1.2 Lab - Troubleshoot IPv4 ACLs (Instructor Version)
Topology
Addressing Table
Objectives
763
763
763
764
Background/Scenario
764
Required Resources
764
Instructions
764
Part 1: Trouble Ticket 21.1.2.1
764
Part 2: Trouble Ticket 21.1.2.2
765
Part 3: Trouble Ticket 21.1.2.3
766
Router Interface Summary Table 768
Uploading Configuration Files 768
Reset Scripts 768
R1 Configuration File Scripts
769
R2 Configuration File Scripts - Not Used In This Lab
R3 Configuration File Scripts
774
D1 Configuration File Scripts
779
D2 Configuration File Scripts
783
774
A1 Configuration File Scripts - Not Used In This Lab
786
21.1.3 Lab - Troubleshoot IPv6 ACLs (Instructor Version)
787
Topology
787
Addressing Table
Objectives
787
787
Background/Scenario
788
Required Resources
788
Part 1: Trouble Ticket 21.1.3.1
788
Part 2: Trouble Ticket 21.1.3.2
789
Part 3: Trouble Ticket 21.1.3.3
790
Router Interface Summary Table
791
Uploading Configuration Files
Reset Scripts
791
792
R1 Configuration File Scripts
793
R2 Configuration File Scripts - Not Used In This Lab
R3 Configuration File Scripts
797
D1 Configuration File Scripts
802
797
752
xx
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
D2 Configuration File Scripts
807
A1 Configuration File Scripts - Not Used In This Lab
810
21.1.4 Lab - Troubleshoot Prefix Lists (Instructor Version)
811
Topology
811
Addressing Table
Objectives
811
811
Background/Scenario
811
Required Resources
812
Part 1: Trouble Ticket 21.1.4.1
812
Part 2: Trouble Ticket 21.1.4.2
813
Router Interface Summary Table
814
Uploading Configuration Files
814
R1 Configuration File Scripts
816
R2 Configuration File Scripts - Not Used In This Lab
R3 Configuration File Scripts
819
D1 Configuration File Scripts
823
D2 Configuration File Scripts
827
A1 Configuration File Scripts - Not Used In This Lab
Chapter 22
Infrastructure Security
819
831
833
22.1.2 Lab - Troubleshoot IOS AAA Authentication (Instructor Version)
Topology
833
Addressing Table
Objectives
833
833
Background/Scenario
834
Required Resources
834
Instructions
834
Part 1: Trouble Ticket 22.1.2.1
834
Part 2: Trouble Ticket 22.1.2.2
835
Router Interface Summary Table 837
Uploading Configuration Files 837
Reset Scripts 837
R1 Configuration File Scripts
838
D1 Configuration File Scripts
839
A1 Configuration File Scripts
841
22.1.3 Lab - Troubleshoot uRPF (Instructor Version)
Topology
843
Addressing Table
Objectives
843
843
Background/Scenario
843
Required Resources
844
843
833
Contents xxi
Instructions
844
Part 1: Trouble Ticket 22.1.3.1
844
Router Interface Summary Table 845
Uploading Configuration Files 846
Reset Scripts 846
R1 Configuration File Scripts
846
R2 Configuration File Scripts
847
R3 Configuration File Scripts
847
22.1.4 Lab - Troubleshoot Control Plane Policing (CoPP) (Instructor
Version) 849
Topology
849
Addressing Table
Objectives
849
849
Background/Scenario
849
Required Resources
850
Instructions
850
Part 1: Trouble Ticket 22.1.4.1
850
Part 2: Trouble Ticket 22.1.4.2
852
Router Interface Summary Table 853
Uploading Configuration Files 853
Reset Scripts 854
Router R1 Configuration File Scripts 854
Router R2 Configuration File Scripts 859
Switch A1 Configurationi File Scripts 860
Chapter 23
Device Management and Management Tools Troubleshooting 865
23.1.2 Lab - Troubleshoot Device Access and File Transfer (Instructor
Version) 865
Topology
865
Addressing Table
Objectives
865
865
Background/Scenario
866
Required Resources
866
Instructions
866
Part 1: Trouble Ticket 23.1.2.1
866
Part 2: Trouble Ticket 23.1.2.2
867
Part 3: Trouble Ticket 23.1.2.3
868
Router Interface Summary Table 869
Uploading Configuration Files 869
Reset Scripts 870
R1 Configuration File Scripts
870
R2 Configuration File Scripts
873
D1 Configuration File Scripts
876
xxii
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
23.1.3 Lab - Troubleshoot SNMP and Logging Issues (Instructor
Version) 881
Topology
881
Addressing Table
Objectives
881
881
Background/Scenario
881
Required Resources
882
Part 1: Trouble Ticket 23.1.3.1
882
Part 2: Trouble Ticket 23.1.3.2
883
Router Interface Summary Table
884
Uploading Configuration Files
885
Reset Scripts 885
R1 Configuration File Scripts
885
R2 Configuration File Scripts
888
D1 Configuration File Scripts
889
23.1.4 Lab - Troubleshoot IP SLA and Netflow (Instructor Version) 893
Topology
893
Addressing Table
Objectives
893
894
Background/Scenario
894
Required Resources
895
Instructions
895
Part 1: Trouble Ticket 23.1.4.1
895
Part 2: Trouble Ticket 23.1.4.2
896
Part 3: Trouble Ticket 23.1.4.3
897
Router Interface Summary Table 898
Uploading Configuration Files 899
Reset Scripts 899
R1 Configuration File Scripts
900
R2 Configuration File Scripts
904
R3 Configuration File Scripts
908
D1 Configuration File Scripts
912
D2 Configuration File Scripts
921
A1 Configuration File Scripts
930
xxiii
About This Lab Manual
This is the only authorized Lab Manual for the Cisco Networking Academy CCNP Enterprise:
Advanced Routing (ENARSI) v8 Course.
The two courses in this CCNP Enterprise version 8.0 curriculum provide students with
knowledge and skills needed to configure, operate, and troubleshoot large scale enterprise
networks. The courses cover a broad range of routing, switching, and wireless topics along
with security best practices used in software-driven digital networks. CCNP Enterprise
certification requires candidates to pass two 120-minute exams: CCNP and CCIE Enterprise
Core ENCOR 350-401 and CCNP Enterprise Advanced Routing ENARSI 300-410.
By the end of the CCNP course series, students gain practical, hands-on lab experience
preparing them for the CCNP Enterprise certification exams and career-ready skills for
professional-level roles in the Information & Communication Technologies (ICT) industry.
CCNP Enterprise: Advanced Routing
This second of the 2-course CCNP Enterprise series focuses on implementation and
troubleshooting of advanced routing and redistribution for OSPF, EIGRP, and BGP along with
VPN technologies, infrastructure security, and management tools used in Enterprise networks.
Comprehensive labs emphasize hands-on learning and practice to reinforce configuration and
troubleshooting skills.
This course directly prepares for the Cisco Enterprise Advanced Routing and Services
concentration exam (300-410) to earn the Enterprise Advanced Infrastructure Implementation
Specialist certification.
By also passing the core exam (350-401 ENCOR), you will earn the CCNP Enterprise
certification.
The 40 comprehensive labs in this manual emphasize hands-on learning and practice to
reinforce configuration skills.
CHAPTER 1
IPv4/IPv6 Addressing and Routing Review
1.1.2 Lab - Troubleshoot IPv4 and IPv6 Addressing
Issues (Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy
only.
Topology
Addressing Table
Device
Interface
IPv4 Address/Mask
IPv6 Address/Prefix
IPv6 Link Local
R1
G0/0/0
10.10.20.1/24
2001:db8:a:b::1/64
fe80::1:1
G0/0/1
10.10.10.1/24
2001:db8:a:a::1/64
fe80::1:2
Lo0
209.165.200.225/29
2001:db8:a:c::1/64
fe80::1:3
R2
G0/0/0
10.10.20.254/24
2001:db8:a:b::1/64
fe80::2:1
D1
VLAN 10
10.10.10.2/24
2001:db8:a:a::2/64
fe80::d1:1
PC1
NIC
DHCP
SLAAC
EUI-64
PC2
NIC
DHCP
SLAAC
EUI-64
Objectives
Troubleshoot network issues related to IPv4 and IPv6 addressing.
2
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Background/Scenario
In this topology, router R1 provides connectivity to a simulated internet for VLAN 10. R2 serves as a
DHCP server. Switch D1 provides connectivity for VLAN 10. You will be loading configurations with
intentional errors onto the network. Your tasks are to FIND the error(s), document your findings and
the command(s) or method(s) used to fix them, FIX the issue(s) presented here and then test the network to ensure both of the following conditions are met:
1.
the complaint received in the ticket is resolved
2.
full reachability is restored
Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9
image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release 16.9.4 (universalk9
image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the
Router Interface Summary Table at the end of the lab for the correct interface identifiers.
Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure, contact
your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
■
2 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
■
1 Switch (Cisco 3560 with Cisco IOS XE Release 16.9.4 universal image or comparable)
■
2 PCs (Choice of operating system with terminal emulation program installed)
■
Console cables to configure the Cisco IOS devices via the console ports
■
Ethernet cables as shown in the topology
Instructions
Part 1: Trouble Ticket 1.1.2.1
Scenario:
PC1 is unable to access resources on web server 209.165.200.225.
Use the commands listed below to load the configuration files for this trouble ticket:
Instructor Note: Commands for uploading the configuration are provided at the end of this document.
Device
Command
R1
copy flash:/enarsi/1.1.2.1-r1-config.txt run
R2
copy flash:/enarsi/1.1.2.1-r2-config.txt run
D1
copy flash:/enarsi/1.1.2.1-d1-config.txt run
■
PC1 and PC2 should be configured for and receive an address from an IPv4 DHCP server.
■
Passwords on all devices are cisco12345. If a username is required, use admin.
Chapter 1: IPv4/IPv6 Addressing and Routing Review
■
When you have fixed the ticket, change the MOTD on EACH DEVICE using the following
command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
■
Then save the configuration by issuing the wri command (on each device).
■
Inform your instructor that you are ready for the next ticket.
■
After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC
command. This script will clear your configurations and reload the devices.
Instructor Notes: This trouble ticket contains 1 intentional error. The default-router command on the
DHCP server is assigning the wrong default-gateway address.
The commands used to fix these errors should be:
R2(config)# ip dhcp pool LAN4_10
R2(config-router)# no default-router 10.10.20.254
R2(config-router)# default-router 10.10.10.1
R2(config-router)# end
Part 2: Trouble Ticket 1.1.2.2
Scenario:
PC1 and PC2 are unable to lease IPv4 addresses from the DHCP server.
Use the commands listed below to load the configuration files for this trouble ticket:
Instructor Note: Commands for creating these files are at the end of this document.
Device
Command
R1
copy flash:/enarsi/1.1.2.2-r1-config.txt run
R2
copy flash:/enarsi/1.1.2.2-r2-config.txt run
D1
copy flash:/enarsi/1.1.2.2-d1-config.txt run
■
PC1 and PC2 should be configured for and receive an address from an IPv4 DHCP server.
■
Passwords on all devices are cisco12345. If a username is required, use admin.
■
When you have fixed the ticket, change the MOTD on EACH DEVICE using the following
command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
■
Then save the configuration by issuing the wri command (on each device).
■
Inform your instructor that you are ready for the next ticket.
■
After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC
command. This script will clear your configurations and reload the devices.
Instructor Notes: This trouble ticket contains 1 intentional error. The ip helper-address command has
been configured on the wrong interface on R1.
The commands used to fix these errors should be:
R1(config)# interface g0/0/0
R1(config-if)# no ip helper-address 10.10.20.254
R1(config-if)# exit
3
4
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
R1(config)# interface g0/0/1
R1(config-if)# ip helper-address 10.10.20.254
R1(config-if)# end
Part 3: Trouble Ticket 1.1.2.3
Scenario:
PC1 and PC2 are unable to resolve IPv6 addresses to hostnames. Upon investigation, it appears that
they are not receiving DNS server information from the DHCPv6 server.
Use the commands listed below to load the configuration files for this trouble ticket:
Instructor Note: Commands for creating these files are at the end of this document.
Device
Command
R1
copy flash:/enarsi/1.1.2.3-r1-config.txt run
R2
copy flash:/enarsi/1.1.2.3-r2-config.txt run
D1
copy flash:/enarsi/1.1.2.3-d1-config.txt run
■
PC1 and PC2 should be configured to assign an address via SLAAC.
■
Passwords on all devices are cisco12345. If a username is required, use admin.
■
When you have fixed the ticket, change the MOTD on EACH DEVICE using the following
command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
■
Then save the configuration by issuing the wri command (on each device).
■
Inform your instructor that you are ready for the next ticket.
■
After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC
command. This script will clear your configurations and reload the devices.
Instructor Notes: This trouble ticket contains 1 intentional error. The ipv6 nd other-config-flag command is not present in the R1 configuration.
R1(config)# interface g0/0/1
R1(config-if)# ipv6 nd other-config-flag
R1(config-if)# end
Router Interface Summary Table
Router Ethernet Interface #1
Model
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
1900
Gigabit Ethernet 0/0
(G0/0)
2801
Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
2811
Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2900
Gigabit Ethernet 0/0
(G0/0)
Gigabit Ethernet 0/1
(G0/1)
Gigabit Ethernet 0/1
(G0/1)
Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Chapter 1: IPv4/IPv6 Addressing and Routing Review
Router Ethernet Interface #1
Model
Ethernet Interface #2
Serial Interface #1
4221
Gigabit Ethernet 0/0/0
(G0/0/0)
Gigabit Ethernet 0/0/1
(G0/0/1)
Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
4300
Gigabit Ethernet 0/0/0
(G0/0/0)
Gigabit Ethernet 0/0/1
(G0/0/1)
Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
5
Serial Interface #2
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An example
of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco
IOS commands to represent the interface.
Uploading Configuration Files
Use the commands below to create the configuration files on the lab devices for each trouble ticket in
this lab. The TCL script commands help create and copy the configurations. However, the configuration
commands could also be copied and pasted directly into global config mode on each device. Simply
remove the TCL script commands, enter the enable and configure t commands on the device, and copy
and paste the configuration commands.
Important: The device requires a folder in flash named enarsi. Use the dir command to verify. If the
folder is missing, then create it using the mkdir flash:/enarsi privileged EXEC command. For all switches, make sure the vlan.dat file is set to the default. Use the delete vlan.dat privileged EXEC command,
if necessary.
Reset scripts
These TCL scripts will completely clear and reload the device in preparation for the next ticket. Copy
and paste the appropriate script to the appropriate device.
Router Reset Script
tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
puts "Reloading the router"
typeahead "\n"
reload
}
tclquit
D1/D2 (Cisco 3650) Reset Script - The default 3650 SDM template supports IPv6, so it is not set by
this script.
tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
6
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
erase startup-config
delete /force vlan.dat
puts "Reloading the switch"
typeahead "\n"
reload
}
tclquit
A1 (Cisco 2960 Script) - The default 2960 SDM template does not support IPv6, so this script
includes that setting.
tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
delete /force vlan.dat
delete /force multiple-fs
ios_config "sdm prefer lanbase-routing"
typeahead "\n"
puts "Reloading the switch"
typeahead "\n"
reload
}
tclquit
R1 Configuration File Scripts
!R1 - Trouble Ticket # 1
tclsh
puts [ open "flash:/enarsi/1.1.2.1-r1-config.txt" w+ ] {
hostname R1
banner motd # This is R1, Trouble Ticket 1.1.2.1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
ipv6 unicast-routing
interface g0/0/0
ip address 10.10.20.1 255.255.255.0
ipv6 address fe80::1:1 link-local
ipv6 address 2001:db8:a:b::1/64
no shutdown
exit
interface g0/0/1
ip address 10.10.10.1 255.255.255.0
ipv6 address fe80::1:2 link-local
ipv6 address 2001:db8:a:a::1/64
ipv6 nd other-config-flag
ip helper-address 10.10.20.254
ipv6 dhcp relay destination 2001:db8:a:b::2
no shutdown
exit
interface loopback0
ip address 209.165.200.225 255.255.255.248
ipv6 address fe80::1:3 link-local
Chapter 1: IPv4/IPv6 Addressing and Routing Review
ipv6 address 2001:db8:a:c::1/64
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 loopback0
ipv6 route ::/0 loopback0
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
!R1 - Trouble Ticket # 2
tclsh
puts [ open "flash:/enarsi/1.1.2.2-r1-config.txt" w+ ] {
hostname R1
banner motd # This is R1, Trouble Ticket 1.1.2.2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
ipv6 unicast-routing
interface g0/0/0
ip address 10.10.20.1 255.255.255.0
ipv6 address fe80::1:1 link-local
ipv6 address 2001:db8:a:b::1/64
ip helper-address 10.10.20.254
no shutdown
exit
interface g0/0/1
ip address 10.10.10.1 255.255.255.0
ipv6 address fe80::1:2 link-local
ipv6 address 2001:db8:a:a::1/64
ipv6 nd other-config-flag
ipv6 dhcp relay destination 2001:db8:a:b::2
no shutdown
exit
interface loopback0
ip address 209.165.200.225 255.255.255.248
ipv6 address fe80::1:3 link-local
ipv6 address 2001:db8:a:c::1/64
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 loopback0
ipv6 route ::/0 loopback0
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
7
8
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
!R1 - Trouble Ticket # 3
tclsh
puts [ open "flash:/enarsi/1.1.2.3-r1-config.txt" w+ ] {
hostname R1
banner motd # This is R1, Trouble Ticket 1.1.2.3 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
ipv6 unicast-routing
interface g0/0/0
ip address 10.10.20.1 255.255.255.0
ipv6 address fe80::1:1 link-local
ipv6 address 2001:db8:a:b::1/64
no shutdown
exit
interface g0/0/1
ip address 10.10.10.1 255.255.255.0
ip helper-address 10.10.20.254
ipv6 address fe80::1:2 link-local
ipv6 address 2001:db8:a:a::1/64
ipv6 dhcp relay destination 2001:db8:a:b::2
no shutdown
exit
interface loopback0
ip address 209.165.200.225 255.255.255.248
ipv6 address fe80::1:3 link-local
ipv6 address 2001:db8:a:c::1/64
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 loopback0
ipv6 route ::/0 loopback0
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
Chapter 1: IPv4/IPv6 Addressing and Routing Review
R2 Configuration File Scripts
!R2 - Trouble Ticket # 1
tclsh
puts [ open "flash:/enarsi/1.1.2.1-r2-config.txt" w+ ] {
hostname R2
banner motd # This is R2, Trouble Ticket 1.1.2.1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
ipv6 unicast-routing
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp pool LAN4_10
network 10.10.10.0 255.255.255.0
default-router 10.10.10.254
domain-name ccnp4lab.com
dns-server 10.10.20.254
exit
ipv6 dhcp pool LAN6_A
dns-server 2001:db8:a:b::1
domain-name ccnp6lab.om
exit
interface g0/0/0
ip address 10.10.20.254 255.255.255.0
ipv6 address fe80::2:1 link-local
ipv6 address 2001:db8:a:b::2/64
ipv6 dhcp server LAN6_A
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 10.10.20.1
ipv6 route ::/0 2001:db8:a:b::1
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
!R2 - Trouble Ticket # 2
tclsh
puts [ open "flash:/enarsi/1.1.2.2-r2-config.txt" w+ ] {
hostname R2
banner motd # This is R2, Trouble Ticket 1.1.2.2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
ipv6 unicast-routing
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp pool LAN4_10
network 10.10.10.0 255.255.255.0
9
10
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
default-router 10.10.10.1
domain-name ccnp4lab.com
dns-server 10.10.20.1
exit
ipv6 dhcp pool LAN6_A
dns-server 2001:db8:a:b::1
domain-name ccnp6lab.om
exit
interface g0/0/0
ip address 10.10.20.254 255.255.255.0
ipv6 address fe80::2:1 link-local
ipv6 address 2001:db8:a:b::2/64
ipv6 dhcp server LAN6_A
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 10.10.20.1
ipv6 route ::/0 2001:db8:a:b::1
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
!R2 - Trouble Ticket # 3
tclsh
puts [ open "flash:/enarsi/1.1.2.3-r2-config.txt" w+ ] {
hostname R2
banner motd # This is R2, Trouble Ticket 1.1.2.3 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
ipv6 unicast-routing
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp pool LAN4_10
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
domain-name ccnp4lab.com
dns-server 10.10.20.1
exit
ipv6 dhcp pool LAN6_A
dns-server 2001:db8:a:b::1
domain-name ccnp6lab.om
exit
interface g0/0/0
ip address 10.10.20.254 255.255.255.0
ipv6 address fe80::2:1 link-local
ipv6 address 2001:db8:a:b::2/64
ipv6 dhcp server LAN6_A
Chapter 1: IPv4/IPv6 Addressing and Routing Review
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 10.10.20.1
ipv6 route ::/0 2001:db8:a:b::1
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
R3 Configuration File Scripts - Not Used in This Lab
D1 Configuration File Scripts
!D1 - Trouble Ticket # 1
tclsh
puts [ open "flash:/enarsi/1.1.2.1-d1-config.txt" w+ ] {
hostname D1
banner motd # This is D1, Trouble Ticket 1.1.2.1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface range g1/0/1 - 24
switchport mode access
shutdown
exit
interface g1/0/11
switchport mode access
switchport access vlan 10
no shutdown
exit
interface range g1/0/23-24
switchport mode access
switchport access vlan 10
no shutdown
exit
interface vlan 10
ip address 10.10.10.2 255.255.255.0
no shutdown
exit
ip default-gateway 10.10.10.1
line con 0
exec-timeout 0 0
logging synchronous
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
11
12
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
}
tclquit
!D1 - Trouble Ticket # 2
tclsh
puts [ open "flash:/enarsi/1.1.2.2-d1-config.txt" w+ ] {
hostname D1
banner motd # This is D1, Trouble Ticket 1.1.2.2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface range g1/0/1 - 24
switchport mode access
shutdown
exit
interface g1/0/11
switchport mode access
switchport access vlan 10
no shutdown
exit
interface range g1/0/23-24
switchport mode access
switchport access vlan 10
no shutdown
exit
interface vlan 10
ip address 10.10.10.2 255.255.255.0
no shutdown
exit
ip default-gateway 10.10.10.1
line con 0
exec-timeout 0 0
logging synchronous
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
!D1 - Trouble Ticket # 3
tclsh
puts [ open "flash:/enarsi/1.1.2.3-d1-config.txt" w+ ] {
hostname D1
banner motd # This is D1, Trouble Ticket 1.1.2.3 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface range g1/0/1 - 24
switchport mode access
shutdown
exit
interface g1/0/11
switchport mode access
switchport access vlan 10
no shutdown
exit
interface range g1/0/23-24
Chapter 1: IPv4/IPv6 Addressing and Routing Review
switchport mode access
switchport access vlan 10
no shutdown
exit
interface vlan 10
ip address 10.10.10.2 255.255.255.0
no shutdown
exit
ip default-gateway 10.10.10.1
line con 0
exec-timeout 0 0
logging synchronous
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
D2 Configuration File Scripts - Not Used in This Lab
A1 Confgiuration File Scripts - Not Used in This Lab
13
14
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
1.1.3 Lab - Troubleshoot IPv4 and IPv6 Static Routing
(Instructor Version)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
Device
Interface
IPv4 Address/Mask
IPv6 Address/Prefix
IPv6 Link Local
Default Gateway
R1
G0/0/0
10.10.12.1/24
2001:db8:0:12::1/64
fe80::1:1
N/A
G0/0/1
10.10.1.1/24
2001:db8:0:1::1/64
fe80::1:2
S0/1/0
N/A
2001:db8:0:13::1/64
fe80::1:3
G0/0/0
10.10.12.2/24
2001:db8:0:12::2/64
fe80::2:1
G0/0/1
10.10.23.1/24
2001:db8:0:23::1/64
fe80::2:2
G0/0/0
10.10.23.2/24
2001:db8:0:23::2/64
fe80::3:1
G0/0/1
10.10.3.1/24
2001:db8:0:3::1/64
fe80::3:2
R2
R3
N/A
N/A
S0/1/0
2001:db8:0:13::2/64
fe80::3:3
D1
VLAN 10 10.10.1.2/24
N/A
N/A
10.10.1.1
D2
VLAN 10 10.10.3.2/24
N/A
N/A
10.10.3.1
PC1
NIC
2001:db8:0:1::10/64
EUI-64/CGA
10.10.1.1
10.10.1.10/24
2001:db8:0:1::1
Chapter 1: IPv4/IPv6 Addressing and Routing Review
15
Device
Interface
IPv4 Address/Mask
IPv6 Address/Prefix
IPv6 Link Local
Default Gateway
PC2
NIC
10.10.1.20/24
2001:db8:0:1::20/64
EUI-64/CGA
10.10.1.1
2001:db8:0:1::1
Web
Server
NIC
FTP
Server
NIC
10.10.3.5/24
2001:db8:0:3::5/64
EUI-64/CGA
10.10.3.1
2001:db8:0:3::1
10.10.3.20/24
2001:db8:0:3::20/64
EUI-64/CGA
10.10.3.1
2001:db8:0:3::1
Objectives
Troubleshoot network issues related to IPv4 and IPv6 static routing.
Background/Scenario
In this topology, routers R1, R2, and R3 are configured for static routing. Switches D1 and D2 provide
LAN connectivity for VLAN 10 for the respective locations. You will be loading configurations with
intentional errors onto the network. Your tasks are to FIND the error(s), document your findings and
the command(s) or method(s) used to fix them, FIX the issue(s) presented here and then test the network to ensure both of the following conditions are met:
1. the complaint received in the ticket is resolved
2. full reachability is restored
Note: The routers used with CCNA hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9
image). The switches used in the labs are Cisco Catalyst 3560 with Cisco IOS XE Release 16.9.4 (universalk9
image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the
Router Interface Summary Table at the end of the lab for the correct interface identifiers.
Note: Make sure that the switches have been erased and have no startup configurations. If you are unsure, contact
your instructor.
Instructor Note: Refer to the Instructor Lab Manual for the procedures to initialize and reload devices.
Required Resources
■
3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
■
2 Switches (Cisco 3650 with Cisco IOS XE Release 16.9.4 universalk9 image or comparable)
■
4 PCs (Choice of operating system with terminal emulation program installed)
■
Console cables to configure the Cisco IOS devices via the console ports
■
Ethernet cables as shown in the topology
16
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Instructions
Part 1: Trouble Ticket 1.1.3.1
Scenario:
An FTP Server was recently added to the HQ network. The FTP Server is accessible from all devices
in the HQ network. Branch network hosts PC1 and PC2 are able to connect to the Web Server but are
unable to connect to the FTP Server using IPv4.
Note: Web or FTP services are not required on the PCs.
Use the commands listed below to load the configuration files for both trouble tickets:
Instructor Note: Commands for uploading the configuration are provided at the end of this document.
Device
Command
R1
copy flash:/enarsi/1.1.3.1-r1-config.txt run
R2
copy flash:/enarsi/1.1.3.1-r2-config.txt run
R3
copy flash:/enarsi/1.1.3.1-r3-config.txt run
D1
copy flash:/enarsi/1.1.3.1-d1-config.txt run
D2
copy flash:/enarsi/1.1.3.1-d2-config.txt run
■
PC 1, PC 2, FTP Server, and Web Server should be configured with the addressing listed in the
Addressing Table.
■
Passwords on all devices are cisco12345. If a username is required, use admin.
■
After you have fixed the ticket, change the MOTD on EACH DEVICE using the following
command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
■
Then save the configuration by issuing the wri command (on each device).
■
Inform your instructor that you are ready for the next ticket.
■
After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC
command. This script will clear your configurations and reload the devices.
Instructor Notes: This trouble ticket contains 1 intentional error. R1 has an incorrect netmask on the
IPv4 static route.
The commands used to fix these errors should be:
R1(config)# no ip route 10.10.3.0 255.255.255.240 10.10.12.2
R1(config)# ip route 10.10.3.0 255.255.255.0 10.10.12.2
R1(config-router)# end
Part 2: Trouble Ticket 1.1.3.2
Scenario:
A WAN connection through R2 was recently added to increase the bandwidth that is available between
the branch and HQ. It was decided to keep the dedicated T1 connection from R1 to R3 as a backup link
for IPv6 traffic. Users at the branch have been complaining that data transfer speeds to PCs at HQ seem
to be slow; however, downloads seem to be fine.
Chapter 1: IPv4/IPv6 Addressing and Routing Review
17
Use the commands listed below to load the configuration files for both trouble tickets:
Instructor Note: Commands for uploading the configuration are provided at the end of this document.
Device
Command
R1
copy flash:/enarsi/1.1.3.2-r1-config.txt run
R2
copy flash:/enarsi/1.1.3.2-r2-config.txt run
R3
copy flash:/enarsi/1.1.3.2-r3-config.txt run
D1
copy flash:/enarsi/1.1.3.2-d1-config.txt run
D2
copy flash:/enarsi/1.1.3.2-d2-config.txt run
■
PC 1, PC 2, FTPServer, and WebServer should be configured with the IPv6 addressing listed in
the Addressing Table. It is not necessary to configure the IPv4 addresses.
■
Passwords on all devices are cisco12345. If a username is required, use admin.
■
After you have fixed the ticket, change the MOTD on EACH DEVICE using the following
command:
banner motd # This is $(hostname) FIXED from ticket <ticket number> #
■
Then save the configuration by issuing the wri command (on each device).
■
Inform your instructor that you are ready for the next ticket.
■
After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC
command. This script will clear your configurations and reload the devices.
Instructor Notes: This trouble ticket contains 1 intentional error. R1 has an incorrect administrative distance assigned to the primary and backup routes.
The commands used to fix these errors should be:
R1(config)# no ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:13::2 10
R1(config)# ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:13::2 15
R1(config)# end
Router Interface Summary Table
Router Ethernet Interface #1
Model
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
1900
Gigabit Ethernet 0/0
(G0/0)
2801
Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
2811
Fast Ethernet 0/0 (F0/0) Fast Ethernet 0/1 (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
2900
Gigabit Ethernet 0/0
(G0/0)
Gigabit Ethernet 0/1
(G0/1)
Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
4221
Gigabit Ethernet 0/0/0
(G0/0/0)
Gigabit Ethernet 0/0/1
(G0/0/1)
Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
4300
Gigabit Ethernet 0/0/0
(G0/0/0)
Gigabit Ethernet 0/0/1
(G0/0/1)
Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
Gigabit Ethernet 0/1
(G0/1)
Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
18
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An example
of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco
IOS commands to represent the interface.
Uploading Configuration Files
Use the commands below to create the configuration files on the lab devices for each trouble ticket in
this lab. The TCL script commands help create and copy the configurations. However, the configuration
commands could also be copied and pasted directly into global config mode on each device. Simply
remove the TCL script commands, enter the enable and configure t commands on the device, and copy
and paste the configuration commands.
Important: The device requires a folder in flash named enarsi. Use the dir command to verify. If the
folder is missing, then create it using the mkdir flash:/enarsi privileged EXEC command. For all switches, make sure the vlan.dat file is set to the default. Use the delete vlan.dat privileged EXEC command,
if necessary.
Reset scripts
These TCL scripts will completely clear and reload the device in preparation for the next ticket. Copy
and paste the appropriate script to the appropriate device.
Router Reset Script
tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
puts "Reloading the router"
typeahead "\n"
reload
}
tclquit
D1/D2 (Cisco 3650) Reset Script - The default 3650 SDM template supports IPv6, so it is not set by
this script.
tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
delete /force vlan.dat
puts "Reloading the switch"
typeahead "\n"
reload
}
tclquit
Chapter 1: IPv4/IPv6 Addressing and Routing Review
A1 (Cisco 2960 Script) - The default 2960 SDM template does not support IPv6, so this script
includes that setting.
tclsh
puts [ open "flash:/enarsi/reset.tcl" w+ ] {
typeahead "\n"
copy running-config startup-config
typeahead "\n"
erase startup-config
delete /force vlan.dat
delete /force multiple-fs
ios_config "sdm prefer lanbase-routing"
typeahead "\n"
puts "Reloading the switch"
typeahead "\n"
reload
}
tclquit
R1 Configuration File Scripts
!R1 - Trouble Ticket # 1
tclsh
puts [ open "flash:/enarsi/1.1.3.1-r1-config.txt" w+ ] {
hostname R1
banner motd # This is R1, Trouble Ticket 1.1.3.1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface GigabitEthernet0/0/0
ip address 10.10.12.1 255.255.255.0
no shutdown
interface GigabitEthernet0/0/1
ip address 10.10.1.1 255.255.255.0
no shutdown
ip route 10.10.23.0 255.255.255.252 10.10.12.2
ip route 10.10.3.0 255.255.255.240 10.10.12.2
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
!R1 - Trouble Ticket # 2
tclsh
puts [ open "flash:/enarsi/1.1.3.2-r1-config.txt" w+ ] {
hostname R1
banner motd # This is R1, Trouble Ticket 1.1.3.2 #
enable secret cisco12345
19
20
CCNP Enterprise: Advanced Routing (ENARSI) Lab Manual, Version 8
username admin privilege 15 algorithm-type scrypt secret cisco12345
ipv6 unicast-routing
interface GigabitEthernet0/0/0
ipv6 address FE80::1:1 link-local
ipv6 address 2001:DB8:0:12::1/64
no shutdown
interface GigabitEthernet0/0/1
ipv6 address FE80::1:2 link-local
ipv6 address 2001:DB8:0:1::1/64
no shutdown
interface Serial0/1/0
ipv6 address FE80::1:3 link-local
ipv6 address 2001:DB8:0:13::1/64
no shutdown
ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:13::2 10
ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:12::2 12
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
R2 Configuration File Scripts
!R2 - Trouble Ticket # 1
tclsh
puts [ open "flash:/enarsi/1.1.3.1-r2-config.txt" w+ ] {
hostname R2
banner motd # This is R2, Trouble Ticket 1.1.3.1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface GigabitEthernet0/0/0
ip address 10.10.12.2 255.255.255.252
no shutdown
interface GigabitEthernet0/0/1
ip address 10.10.23.1 255.255.255.252
no shutdown
ip route 10.10.1.0 255.255.255.0 10.10.12.1
ip route 10.10.3.0 255.255.255.0 10.10.23.2
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
Chapter 1: IPv4/IPv6 Addressing and Routing Review
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
!R2 - Trouble Ticket #2
tclsh
puts [ open "flash:/enarsi/1.1.3.2-r2-config.txt" w+ ] {
hostname R2
banner motd # This is R2, Trouble Ticket 1.1.3.2 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
ipv6 unicast-routing
interface GigabitEthernet0/0/0
ipv6 address FE80::2:1 link-local
ipv6 address 2001:DB8:0:12::2/64
no shutdown
interface GigabitEthernet0/0/1
ipv6 address FE80::2:2 link-local
ipv6 address 2001:DB8:0:23::1/64
no shutdown
ipv6 route 2001:DB8:0:1::/64 2001:DB8:0:12::1
ipv6 route 2001:DB8:0:3::/64 2001:DB8:0:23::2
line con 0
exec-timeout 0 0
logging synchronous
exit
line vty 0 4
login local
transport input telnet
exit
alias exec reset.now tclsh flash:/enarsi/reset.tcl
end
}
tclquit
R3 Configuration File Scripts
!R3 - Trouble Ticket #1
tclsh
puts [ open "flash:/enarsi/1.1.3.1-r3-config.txt" w+ ] {
hostname R3
banner motd # This is R3, Trouble Ticket 1.1.3.1 #
enable secret cisco12345
username admin privilege 15 algorithm-type scrypt secret cisco12345
interface GigabitEthernet0/0/0
ip address 10.10.23.2 255.255.255.252
no shutdown
interface GigabitEthernet0/0/1
ip address 10.10.3.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.10.23.1
line con 0
exec-timeout 0 0
21
