Week 8 uCertify Assessment 9 Quiz – Chapter 8

Week 1, Chapter 1, Introduction to Troubleshooting & Network Maintenance Concepts

Week 2, Chapter 2 Troubleshooting and Maintenance Tools

Simplified troubleshooting:

problem report

problem diagnosis

problem resolution

Structured troubleshooting process:

problem report

collect information

examine collected information

eliminate potential causes

propose a hypothesis

verify hypothesis

problem resolution

Troubleshooting categories:

troubleshooting information collection

baseline information collection

network event information collection

Network documentation Tools: documentation management system examples:

trouble ticket reporting system

Wiki

Basic Tools: CLI (command-line-interface tools) troubleshooting and maintenance tools range of expensive to free

CLI tools: CISCO IOS commands

show command – displays a static snapshot of information, router configuration, learned routes

debug command – real-time router or swith process information

GUI tools: Cisco Configuration Professional (CCP) used to configure and troubleshoot Integrated Services Routers (ISRs)

Recovery tools: backup

write memory command – causes router to archive a copy of the configuration whenever the router’s running configuration is copied to the startup configuration using a write or copy command

copy command –

copy running-config startup-config command – indicates max configurations allowed

show archive –

no shutdown command –

shutdown command –

configure replace command – restore a previously archive configuration

Logging tools: Device logs in Telnet or Secure Shell (SSH)

terminal monitor command – view console messages through TELNET or SSH

logging buffered command – write messages to a router’s buffer

show logging command – view logged messages in a buffer

clear logging command – clear messages in a buffer

logging console severity level command – combined with buffered command, allows logging different severities

logging buffered severity level command –

logging ip_address command – direct router’s log output

Network Time Protocol (NTP)tool: use NTP as common point of reference for time which allows network devices to point to a device acting as an NTP (a time source)

Advanced Tools: Proactive maintenance

SNMP- Simple Network Management Protocol allows a monitored device to run an agent that collects maintenance data

snmp-server community command –

Netflow – monitor network traffic patterns and distinguish between different traffic flows

Netflow collectors – software applications that can take the NetFlow information reported from a Cisco device and convert that raw data info useful graphs, charts, and tables reflecting traffic patterns

flow – series of packets

ip flow ingress command –

ip flow-export source lo command –

ip flwo-export destination command – issued to specify the NetFlow collector’s address

show ip cache flow command –

EEM (embedded event manager): create event definitions and specify custom responses

send an SNMP trap to an NMS

write a log message to a syslog server

execute specific Cisco IOS comands

capture output of specific show commands

send e-mail to an appropriate party

execute a tool command language

clear counters command – clear the routers interface counters

action command – indicate what should be done

Cisco IOS:

ping comand – used to check netwok connectivity, sends ICMP (Internet Control Message Protocol) echo messages to a specific destination. Can create a load on network to test heavy use.

Options useful during troubleshooting:

size – number of bytes per datagram

repeat – number of ICMP echo messages sent

timeout – number of seconds to for a reply

source –

df-bit – set the do not fragment bit in the ICMP echo datagram

Reasons to monitor network traffic:

compliance with an SLA (service level agreement

trend monitoring

performance issues

SNMP and Netflow are two technologies available on most Cisco IOS platforms that can automate the collection statistics.

Notifications for network events: responding to problem reports from users is reactive troubleshooting, but monitoring network devices for significant events is proactive. Syslog and SNMP can report occurrences of specific events on a network device and Netflow can report events related to network traffic flows. None alert a network administrator when an event is logged, therefore, third-party software is necessary. If an interface goes down, the SNMP agent can send a message to NMS and NMS can send email notifications to an administrator.

Traps – messages from the SNMP agent to the NMS

snmp-server host command –

CISCOPRESS –

snmp-server enable traps comand – enables all traps on the router

snmp-server enable traps bgp

show run]includetraps command –

CIS436 Internet Troubleshooting Week 2 Discussion: “Troubleshooting and Baseline Assessment” Please respond to the following:

Imagine that you are a network engineer at a midsized university. Your supervisor has informed you that academic personnel are experiencing problems when they attempt to access the server that contains student information such as grades, attendance, and financial information. You have access to the network devices and the server, but the client devices are located remotely so you will not be able to start from there. Suggest at least two (2) possible troubleshooting approaches to resolve the problems that the academic personnel are experiencing. Explain the primary benefits and drawbacks of each approach. Provide rationales to support your response.

Imagine that you’re a network engineer and you have been tasked with identifying the cause of a network outage. What are the required steps of analyzing a hypothesis? Explain your scenario and describe how you would propose a hypothesis?

Week 2 Discussion Response:

If I were a network engineer at a mid-sized university and my supervisor informed me that academic personnel are experiencing problems, I would employ the structured approach to troubleshooting and examine collected information from the reported problem. When she tells me the issue appears when they attempt to access the server that contains student information such as grades, attendance, and financial information, I would eliminate potential causes and propose a hypothesis. I’ve verified I have access to the network devices and the server, but the client devices are located remotely so I will not be able to start from there. Not being able to start from there suggests I cannot use the bottom-up method of troubleshooting because I don’t have remote access to the client devices at layer 1 the physical layer. The two possible troubleshooting approaches I would choose to resolve the problems that the academic personnel are experiencing are the following the traffic and/or the comparing configuration methods. Since I personally would be a novice network engineer, (new to the job and title) I would use the comparing configuration method because it is often used by less experienced troubleshooters unsure of their knowledge of a network. If I were a seasoned professional network engineer who’d worked within the mid-sized university for years, I would use the following the traffic path method of troubleshooting because I’d either have already diagnosed the problem from network familiarity or trouble familiarity. The primary drawbacks of using each approach is resolution without understanding that fosters problem recurrence and waisted time.

If I were a network engineer and I have been tasked with identifying the cause of a network outage, the required steps of analyzing a hypothesis would be to propose a hypothesis, then verify it. During the verify process, the hypothesis would be tested against problem resolution. If the problem is not resolved, aspects of the structured approach would be revisited. The troubleshooter would either have to reexamine collect information, examine information, and/or propose a hypothesis. A possible scenario would be if the network engineers’ structured approach and choice of traffic path method identified the server as the reason why grades, attendance, and financial information cannot be accessed. If the result of the hypothesis process shows the problem still exists, the engineer must repeat steps of the structured approach to find the solution.

How can PING help you gather facts?

Response: According to our course material, a successful ping confirms that Layer 1, 2, and 3 of the OSI model are functioning. Essentially, a successful ping allows the troubleshooter to focus on higher layers of the OSI model, specifically Layer 4. Alternatively, an unsuccessful ping would suggest the troubleshooter begin troubleshooting at Layer 1. Eliminating Layers 1-3 to begin troubleshooting at Layer 4 simply saves the troubleshooter time and indicates a more specific area of concern.

According to our course material, traceroute provides verified connectivity. A successful traceroute duplicates aspects of the ping command by providing verified Layer 3 connectivity. Traceroute also provides the network path taken to reach connected layers. Essentially, we could use the traceroute command after a failed ping to determine where the ping failed.

Your post helpfully identifies, from obviously an experienced network troubleshooter, that we should obtain two perspectives of the issue from the most technical users. Then you state, “the unfortunate part is that you most likely can’t rely on them for a traceroute as it would be blocked by firewalls and not provide the full path.” An explanation of this statement would improve my novice understanding of network troubleshooting. “Can’t rely on them,” suggests we cannot reply on the users we gathered info from to perform a traceroute. I’m not sure why we would rely on users for a traceroute.

Week 2 Lab Assignment 1 Submission:

To complete each week’s assignment:

1. Open the Boson Simulator environment and load the desired lab. The answers are available for you to check yourself as you progress in the lab. This is a skills-based course. The intent is for you to practice these labs in order to gain proficiency for certification and / or on the job.

2. Complete the lab. Use the “Grade Lab” function within the Boson Network Simulator to check your work. You may redo your work multiple times, as needed.

3. Take a screenshot when you are satisfied with your work; be sure that the lab name and results appear in the background. Refer to below screenshot as an example.Boson Lab Results

4. Click on the Week # Lab # Assignment Submission link for that specific lab. Upload the screenshot that you have taken according to the prompts.

5. Write a short answer (4-5 sentences) in the Comment text box to the following: Summarize the technical experiences in completing this lab. Explain what commands were of greatest benefit to you and provide general comments on the overall lab experience. Note: This is an academic writing assignment. Correct punctuation, grammar, and spelling are necessary. Points will be deducted for poor writing.

6. Submit both elements (screenshot and short answer).

Objective: While completing the Configuring NBAR Supplemental Lab, I experienced no technical issues with the Boson software. All of the commands used in completing the lab were of great benefit to me because I did not recall what commands to use or their purpose from my last routing class in 2014, but enable and exit became the hardest to identify. The overall lab experience was daunting. I initially attempted to complete the lab from memory until I realized I would never complete the lab without accessing the answers. I experienced great stress figuring out how to get into Privilege EXEC mode that provided access to configuration modes through the configure command. Without it, step 2 of the first task seemed impossible. It took a long time to realize (remember) that the (#) represents programing from the privileged exec mode. After more reading, I found all I had to do was type enable. Furthermore, I don’t think the long list of commands necessary to configure NBAR classification with MQC marking to classify inbound traffic on the Serial 0/0/0 interface could be memorized. The next command needed was not obvious; therefore, the commands needed to complete the assignment must be gathered from a documented source.

Command Summary:

class {class-name | class-default}: defines a traffic classification and enters policy map class configuration mode

class-map [match all | match any] class-map-name:creates a class map to be used for matching packets to the specified class

clear ip nbar protocol-discovery: clears the NBAR protocol discovery counters

configure terminal: enters global configuration mode from privileged EXEC mode

enable: enters privileged EXEC mode

end: ends and exits configuration mode

exit: exits one level in the menu structure

[no] fair-queue [congestive-discard-threshold [dynamic-queues [reservable-queues]]]enables weighted fair queuing (WFQ) for an interface; the no form disables WFQ for an interface

interface type numberchanges from global configuration mode to interface configuration mode

ip access-list {standard | extended} access-list-namedefines an IP access list by name

[no] ip nbar protocol-discoveryconfigures NBAR to discover traffic for all protocols known to NBAR on a particular interface; the no form disables the discovery of protocols

match [access-group acl-index | access-group name acl-name | ip dscp dscp-list]defines the match criteria to classify traffic

match protocol protocol-namedefines the match criteria to classify traffic

[sequence-number] permit {protocol} {any | source source-wildcard} {any | destination destination-wildcard} [operator [port]] [log]sets condition to allow packets for a specific protocol to pass a named access list

ping ip-addresssends in Internet Control Message Protocol (ICMP) echo request to the specified address

policy-map policy-map-namecreates or modifies a policy map that can be attached to multiple interfaces

[no] service-policy {input | output} policy-map-nameapplies a policy map defined by the policy-map command to the output of a particular interface; the no form removes the specified policy map from the interface

set dscp dscp-valueconfigures a packet with the specified Differentiated Services Code Point (DSCP) value

show access-lists [access-list-number | access-list-name]displays the contents of current access control lists (ACLs)

show ip nbar protocol-discovery [interface interface-id]displays statistics gathered by the NBAR protocol discovery feature

show policy-map interface interface-id [input | output] [class class-map-name]displays the packet statistics of all classes that are configured for all service policies on the specified interface

show running-configdisplays the active configuration file

Task 1: Discover Protocols with NBAR

This task involves configuring and enabling NBAR protocol discovery on a router. Perform the following steps on Router2.

1. Determine whether an inbound service policy is configured on the Serial 0/0/0 interface. If one is discovered, issue the commands necessary to disable it.

Router2>show policy-map interface serial 0/0/0

Serial0/0/0

Service-policy input: Application-Markings

Class-map: class-default (match-any) 33966 packets, 18384525 bytes 5 minute offered rate 0 bps Match: any

The output from the show policy-map interface serial 0/0/0 command shows that an inbound service policy named Application-Markings is configured on the Serial 0/0/0 interface of Router2. You should issue the following commands to disable the inbound service policy configured on the Serial 0/0/0 interface:

Router2>enable

Router2#config

Router2(config)#

Router2(config)#interface serial 0/0/0

Router2 (config-if)#

Router2(config-if)#no service-policy input Application-Markings

2. Enable NBAR protocol discovery on the Serial 0/0/0 interface.

Router2(config-if)#ip nbar protocol-discovery

3. Clear the NBAR protocol discovery counters.

Router2(config-if)#exit

Router2(config)#exit

Router2#clear ip nbar protocol-discovery

4. Allow the router to accumulate traffic for at least three minutes, and then display the protocols discovered by NBAR. Record the last 10 protocols in the table below:

Router2#show ip nbar protocol-discovery

Protocols Discovered by NBAR

1. bgp

2. bittorent

3. cuseme

4. dhcp

5. dns

6. donkey

7. egp

8. eigrp

9. fasttrack

10. finger

11. ftp-data

12. gnutella

13. gopher

14. h323

15. http

There was not input or output from 15 NBAR discovered protocols

Task 2: Configure NBAR Classification and Marking

This task involves configuring NBAR classification and marking the classified traffic using the Cisco IOS modular QoS command-line interface (MQC). Perform the following steps on Router2.

1. Disable NBAR protocol discovery on the Serial 0/0/0 interface.

Router2#config

Router2(config)#interface serial 0/0/0

Router2(config-if)#no ip nbar protocol-discovery

2. Use a policy map named NBAR-Markings to configure NBAR classification with MQC marking to classify inbound traffic on the Serial 0/0/0 interface. For voice-related protocols on Cisco platforms, use the port information below:

• RTP/RTCP – UDP ports in the range from 16384 through 32767 • Voice Control Signaling – UDP/1719 and TCP/1720; UDP/2427 and TCP/2428; TCP ports in the range from 11000 through 11999 and from 2000 through 2002; and UDP/5060

Traffic Marking Classification

Class Name (class-map name)ProtocolPHB

Real-TimeRTP, RTCPEF

Mission-CriticalSQLNet, voice control (port-specific TCP and UDP)AF31

InteractiveCitrixAF21

BulkFTPAF11

ScavengerKazaa2, NapsterCS1

class-defaultdefault

Router2(config)#exit

Router2(config)#ip access-list extended VoIP-RTCP

Router2(config-ext-nacl)#permit udp any any range 16384 32767

Router2(config-ext-nacl)#ip access-list extended Voice-Control

Router2(config-ext-nacl)#permit tcp any any eq 1720

Router2(config-ext-nacl)#permit tcp any any range 11000 11999

Router2(config-ext-nacl)#permit tcp any any eq 2428

Router2(config-ext-nacl)#permit tcp any any range 2000 2002

Router2(config-ext-nacl)#permit udp any any eq 1719

Router2(config-ext-nacl)#permit udp any any eq 5060

Router2(config-ext-nacl)#permit udp any any eq 2427

Router2(config-ext-nacl)#class-map match-any Real-Time

Router2(config-cmap)#match protocol rtp

Router2(config-cmap)#match protocol rtcp

Router2(config-cmap)#match access-group name VoIP-RTCP

Router2(config-cmap)#class-map match-any Mission-Critical

Router2(config-cmap)#match protocol sqlnet

Router2(config-cmap)#match access-group name Voice-Control

Router2(config-cmap)#class-map match-all Interactive

Router2(config-cmap)#match protocol citrix

Router2(config-cmap)#class-map match-all Bulk

Router2(config-cmap)#match protocol ftp

Router2(config-cmap)#class-map match-any Scavenger

Router2(config-cmap)#match protocol kazaa2

Router2(config-cmap)#match protocol napster

Router2(config-cmap)#policy-map NBAR-Markings

Router2(config-pmap)#class Real-Time

Router2(config-pmap-c)#set dscp ef

Router2(config-pmap-c)#class Mission-Critical

Router2(config-pmap-c)#set dscp af31

Router2(config-pmap-c)#class Interactive

Router2(config-pmap-c)#set dscp af21

Router2(config-pmap-c)#class Bulk

Router2(config-pmap-c)#set dscp af11

Router2(config-pmap-c)#class Scavenger

Router2(config-pmap-c)#set dscp cs1

Router2(config-pmap-c)#class class-default

Router2(config-pmap-c)#set dscp default

Router2(config-pmap-c)#interface serial 0/0/0

Router2(config-if)#no fair-queue

Router2(config-if)#service-policy input NBAR-Markings

3. Verify that the low latency queuing (LLQ) policy meets the task requirement.

Router2(config)#exit

Router2#exit

Router2#show access-lists

Extended IP access list Voice-Control

10 permit tcp any any eq 1720 (0 matches) 20 permit tcp any any range 11000 11999 (0 matches) 30 permit tcp any any eq 2428 (0 matches) 40 permit tcp any any range 2000 2002 (0 matches) 50 permit udp any any eq 1719 (0 matches) 60 permit udp any any eq 5060 (0 matches)

70 permit udp any any eq 2427 (0 matches)

Extended IP access list VoIP-RTCP

10 permit udp any any range 16384 32767 (0 matches)

Router2#show class-map

Class Map match-any Real-Time (id 1)

Match protocol rtp

Match protocol rtcp

Match access-list VoIP-RTCP

Class Map match-all Mission-Critical (id 2)

Match protocol sqlnet

Match access-list Voice-Control

Class Map match-all Interactive (id 3)

Match protocol citrix

Class Map match-all Bulk (id 4)

Match protocol ftp

Class Map match-any Scavenger (id 5)

Match protocol kazaa2

Match protocol napster

Class Map match-any class-default (id 0)

Match any

Router2#show policy-map NBAR-Markings

Policy Map NBAR-Markings

Class Real-Time

set dscp ef

Class Mission-Critical

set dscp af31

Class Interactive

set dscp af21

Class Bulk

set dscp af11

Class Scavenger

set dscp cs1

Class class-default

set dscp default

4. Display the statistics of the policy map attached to the Serial 0/0/0 interface, and record the number of packets that have been marked.

Router2#show policy-map interface serial 0/0/0 Serial0/0/0

Class real-time: 1,810 real-time packets

Class mission-critical : 18,690 mission-critical packets

Class interactive: 20,559 interactive packets

Class bulk: 37,380 bulk packets

Class scavenger: 18,670 scavenger packets

Class class-default: 1,570,163 class-default packets

Week 2, Quiz 2, uCertify Assessment 3 Submission:

http://strayer.ucertify.com/social/PUfM5raT_social/index.html

I had a little difficulty identifying some of the features of ping, Telnet, and Traceroute. After reading the course material, my understanding of those options was very different than the answers provided on the quiz. I also failed to acknowledge that Netflow uses a push model.

archive – Cisco IOS feature used to create automatic archives of device configurations

Cisco Discovery Protocol (CDP) – proprietary protocol used to advertise and discover directly connected devices automatically

Cisco TAC – technical assistance center (by contract) to assist troubleshooting Cisco products

CLI (command-line interface) – primary method of interacting with the Cisco IOS on routers and switches using commands

configure replace – allows a running configuration to be completely replaced with an archived configuration to prevent a merge

Embedded Event Manager (EEM) – used to create custom event definitions on a router and specify actions the router can take in response

FTP – File Transfer Protocol used to copy files (config or IOS) from a router or switch to an FTP server

GUI (graphical user interface) – means of interacting with the Cisco IOS (web page)

HTTP (hypertext transfer protocol) – used to transfer files (config or IOS) from a router or switch to an HTTP server using hypertext

merge – combining of configurations; occurs when copying configurations to the running configuration

NetFlow – collects detailed information about traffic flows on routers and high-end switches. Collected information can be optionally sent to a Netflow collector, which can produce reports about traffic flows

Network Time Protocol (NTP) – used to synchronize time among network devices

NTP (Network Time Protocol) – A protocol used to synchronize time among network devices.

ping – tool used to test Ipv4/IPv6 connectivity between two devices

RSPAN – Remote Switched Report Analyzer, where and SPAN session is split across two independent switches and mirrored data is transported over a special purpose VLAN between them

running config – Contains the current configuration that is running in RAM on the router or switch.

SNMP (Simple Network Management Protocol) – A network management protocol that can allow a network management system (NMS) to query a managed device (that is, an SNMP client) for information found in the device’s Management Information Base (MIB), and can also allow a managed device to proactively send notifications (called traps) to an NMS in response to specific events.

SPAN – Also known as Switched Port Analyzer, where a switch mirrors traffic from a source interface or VLAN onto a different interface for monitoring or analysis purposes.

Syslog – System message logs that are generated by a switch and can be collected locally or sent to and collected on a remote server.

Telnet – An unsecure protocol that sends data in clear-text which can be used to remotely manage a Cisco IOS device.

TFTP (Trivial File Transfer Protocol) – A protocol that can be used to copy files (such as configuration files or the IOS) from a router or switch to a TFTP server.

Traceroute – A tool that can be used on Cisco IOS devices to identify the path a packet is taking through the network.

Wiki – A wiki (which is the Hawaiian word for fast) can act as a web-based collaborative documentation platform.

1. Collect information – Because a typical problem report lacks sufficient information to give a troubleshooter insight into a problem’s underlying cause, the troubleshooter should collect additional information, perhaps using network maintenance tools or by interviewing impacted users.

2. Examine collected information -After collecting sufficient information about a problem, the troubleshooter then examines that information, perhaps comparing the information against previously collected baseline information.

3. Eliminate potential causes – Based on the troubleshooter’s knowledge of the network and his interrogation of collected information, he can begin to eliminate potential causes for the problem.

4. Propose an hypothesis – After the troubleshooter eliminates multiple potential causes for the problem, he is left with one or more causes that are more likely to have resulted in the problem. The troubleshooter hypothesizes what he considers to be the most likely cause of the problem.

5. Verify hypothesis – The troubleshooter then tests his hypothesis to confirm or refute his theory about the problem’s underlying cause.

Fault management – Use network management software to collect information from routers and switches. Send an e-mail alert when processor utilization or bandwidth utilization exceeds a threshold of 80 percent. Respond to incoming trouble tickets from the help desk.

Configuration management -Require logging of any changes made to network hardware or software configurations. Implement a change management system to alert relevant personnel of planned network changes.

Accounting management -Invoice IP telephony users for their long-distance and international calls. Keeping track of what is being done on the network and when it is being done.

Performance management – Monitor network performance metrics for both LAN and WAN links. Deploy appropriate quality of service (QoS) solutions to make the most efficient use of relatively limited WAN bandwidth, while prioritizing mission-critical traffic.

Security management- Deploy firewall, virtual private network (VPN), and intrusion prevention system (IPS) technologies to defend against malicious traffic. Create a security policy dictating rules of acceptable network use. Use an authorization, authentication, and accounting (AAA) server to validate user credentials, assign appropriate user privileges, and log user activity.

0Emergencies

1Alerts

2Critical

3Errors

4Warnings

5Notifications

6Informational

7Debugging

SNMP- Collects device statistics (for example, platform resource utilization, traffic counts, and error counts). Uses a pull model (that is, statistics pulled from monitored device by a network management station [NMS]). Available on nearly all enterprise network devices

NetFlow – Collects detailed information about traffic flows. Uses a push model (that is, statistics pushed from the monitored device to a NetFlow collector). Available on routers and high-end switches

show processes cpu – Provides 5-second, 1-minute, and 5-minute CPU utilization statistics, in addition to a listing of processes running on a platform along with each process’s utilization statistics

show memory- Displays summary information about processor and I/O memory, followed by a more comprehensive report of memory utilization

show interfaces – Shows Layer 1 and Layer 2 interface status, interface load information, and error statistics including the following:

input queue drops: Indicates a router received information faster than the information could be processed by the router

output queue drops: Indicates a router is not able to send information out the outgoing interface because of congestion (perhaps because of an input/output speed mismatch)

input errors: Indicates frames were not received correctly (for example, a cyclic redundancy check (CRC) error occurred), perhaps indicating a cabling problem or a duplex mismatch

output errors: Indicates frames were not transmitted correctly, perhaps due to a duplex mismatch

Note:

Prior to collecting statistics, interface counters can be reset using the clear counters command.

show controllers – Displays statistical information about an interface (for example, error statistics), where the information varies for different interface types (for example, the type of connected cable might be displayed for a serial interface and whether it is the DCE side or DTE side of the cable)

show platformProvides detailed information about a router or switch hardware platform

Which of the following is the ping response to a transmitted ICMP echo datagram that needed to be fragmented when fragmentation was not permitted?

M

Which of the following commands displays a router’s running configuration, starting where the routing protocol configuration begins?

show running-config | begin router

What IOS command enables you to discover the Cisco devices that are directly connected to other Cisco devices?

show cdp neighbor

Which command enables you to view archival copies of a router’s startup configuration?

show archive

Which of the following would be appropriate for a collaborative web-based documentation solution?

Wiki

Which of the following is a Cisco IOS technology that uses a collector to take data from monitored devices and present graphs, charts, and tables to describe network traffic patterns?

NetFlow

Which command enables you to determine whether a routing loop exists?

Traceroute

What feature available on Cisco Catalyst switches enables you to connect a network monitor to a port on one switch to monitor traffic flowing through a port on a different switch?

RSPAN

Which command can be used to determine whether transport layer connectivity is functioning?

Telnet

The types of information collection used in troubleshooting fall into which three broad categories?

Network event information collection, Troubleshooting information collection, Baseline information collection

Which two of the following are characteristics of the NetFlow feature? (Choose the two best answers.)

Collects detailed information about traffic flows, Uses a push model

Which three of the following are components that would be most useful when recovering from a network equipment outage?

Duplicate hardware, Backup of device configuration information, Operating system and application software (along with any applicable licensing) for the device

Week 3, Chapter 3, Troubleshooting Device Performance

Week 3 Discussion: “Network Failure and Tools” Please respond to the following:

According to the text, a key element of a proactive network management strategy is fault notification. As a network engineer, determine the key individuals whom you should notify in the occurrence of a network event. Next, analyze the manner in which syslog and Simple Network Management Protocol (SNMP) can assist in the notification process. Determine when you would suggest using one protocol over the other. Include one (1) example or scenario that demonstrates the use of such protocol to support your response.

Analyze the tools used to conduct a baseline assessment (e.g., SNMP, RMON, NBAR, and the IP SLA). Select the tool that you believe is the most useful in creating a baseline assessment. Provide one (1) example of using the tool that you selected to support your response.

Week 3 Discussion Response:

“Network Failure and Tools”: As a network engineer, who understands a key element of a proactive network management strategy is fault notification, the key individuals whom you should notify in the occurrence of a network event are the support group, but not through user reports or complaints. Since syslog is a simple protocol used by an IP device (syslog client) to send text-based log messages to another IP device (syslog server), syslog assists in the notification process by allowing messages to be forwarded across the network to a central log server that collects and stores the message from all the devices. Since, Simple Network Management Protocol (SNMP) allows an agent running on a network device to be queried by an SNMP manager for various matters, including configuration settings, counters, and statistics, SNMP assists in the notification process by configuring the agent to send messages to the SNMP manager based on the occurrence of events, such as an interface going down or device configuration change. Syslog is a simple protocol with a basic form of event notification and collection that forces the network support team to be notified of significant events although advanced mechanisms are available to notify network support of significant events. Syslog messages can be seen when logged into a switch interface (console) and an event occurs, for example.

*Apr 12 08:45:55.278: %LINK-5-CHANGED: Interface FastEthernet1/0/1, changed state to administratively down

SNMP messages (traps) must always be processed by a network management system that can interpret the information contained in the trap and therefore are a reactive process most often used to monitor specific statuses such as verifying the status of fastethernet1/0/0. Both syslog messages and SNMP traps use predefined messages that are in Cisco IOS software that allow most organizations fault-notification needs to be fulfilled. When an organizations fault-notification needs fall outside the standard Cisco IOS message capabilities of syslog or SNMP, Embedded Event Manager (EEM) can be utilized to define custom events.

By setting a network performance baseline, network administrators can define what is normal for enterprise networks and identify patterns that indicate signs of trouble down the road. Network performance baselines also enable network managers to plan for growth. SNMP uses a pull model to collect device statistics. NetFlow uses a push model to collect detailed information about traffic flows (statistics). RMON (Remote Network Monitoring) is an extension of SNMP. The current version, RMON2, was developed to monitor all OSI layers and has more data collection responsibilities, reduced SNMP traffic load, and information is only transmitted to the management application instead of continuous polling. RMON was designed for flow-based monitoring, where SNMP is device-based, making RMON traffic statistics based like NetFlow and SFlow. SFlow can be configured at the global level or for specific ports and VLANs and is designed to enable the precise monitoring of interfaces at higher speeds. One disadvantage of RMON is it requires more resources because it handles more management responsibilities. NBAR (Network Based Application Recognition) performs deep packet inspection. NBARis useful dealing with malicious software by dedicating known ports as fake; therefore, it is often used for quality of service and security. IP SLA (Service Level Agreements) is an active monitoring method that reports network performance in real time. IP SLA will generate and actively monitor traffic continuously across the network and provide the ability to monitor a traffic path to a destination while also confirming that a particular web server is accepting connections, but you need an SNMP agent to poll the IP SLA router to perform the function. Since the purpose of a baseline assessment is to identify patterns that indicate signs of network trouble, I do not believe one of these tools is more useful than another in creating a baseline assessment. Each tool has a specific purpose that makes it more or less useful in squiring specific information.

Principal component analysis (PCA) is a statistical procedure that uses an orthogonal transformation to convert a set of observations of possibly correlated variables into a set of values of linearly uncorrelated variables called principal components (or sometimes, principal modes of variation). PCA is mostly used as a tool in exploratory data analysis and for making predictive models. It’s often used to visualize genetic distance and relatedness between populations. PCA can be done by eigenvalue decomposition of a data covariance (or correlation) matrix or singular value decomposition of a data matrix, usually after mean centering (and normalizing or using Z-scores) the data matrix for each attribute.[4] The results of a PCA are usually discussed in terms of component scores, sometimes called factor scores (the transformed variable values corresponding to a particular data point), and loadings (the weight by which each standardized original variable should be multiplied to get the component score).[5]

PCA is the simplest of the true eigenvector-based multivariate analyses. Often, its operation can be thought of as revealing the internal structure of the data in a way that best explains the variance in the data. If a multivariate dataset is visualised as a set of coordinates in a high-dimensional data space (1 axis per variable), PCA can supply the user with a lower-dimensional picture, a projection of this object when viewed from its most informative viewpoint. This is done by using only the first few principal components so that the dimensionality of the transformed data is reduced.

PCA is closely related to factor analysis. Factor analysis typically incorporates more domain specific assumptions about the underlying structure and solves eigenvectors of a slightly different matrix.

PCA is also related to canonical correlation analysis (CCA). CCA defines coordinate systems that optimally describe the cross-covariance between two datasets while PCA defines a new orthogonal coordinate system that optimally describes variance in a single dataset

A key element of proactive network management strategy is fault notification. When a significant event such as a failure or intrusion happens on a network, the support group should not be notified of it through use reports or complaints. It is best if network devices report that event to a central system and the support group becomes aware of the issue before problems associated with the event are noticed and reported by users. In addition to learning about the event earlier, the support group will also have the advantage of getting a report of the underlying event rather than a mere description of symptoms. Two popular protocols that are used for this purpose are syslog and SNMP. In addition, the EEM feature in Cisco IOS provides an advanced method to create custom events and define actions to be taken in response to those events.

Syslog is a simple protocol used by an IP device (syslog client) to send text-based log messages to another IP device (syslog server). The syslog protocol allows these messages to be forwarded across the network to a central log server that collects and stores the message from all the devices. By itself, this constitutes only a very basic form of event notification and collection, but the network support team must be notified of significant events. Fortunately, syslog capabilities are included as a component of many network management systems, and these systems often include advanced mechanisms to notify network support engineers of significant events.

SNMP allows an agent running on a network device to be queried by an SNMP manager for various matters, including configuration settings, counters, and statistics. In addition to responding to polling, the agent can be configured to send messages to the SNMP manager based on the occurrence of events, such as an interface going down or device configuration change. The messages, called traps, do not contain user-readable text, but instead include SNMP MIB objects and the associated variables; therefore, traps must always be processed by an SNMP-based network management system that can interupt and process the MIB object information contained in the trap.

Week 3 Lecture:

Typical tasks:

Responsibilities:

minimize disruption of network service

optimal performance (regular updates, backup redundancy)

Tasks:

device installation & maintenance (devices/software properly installed, create/maintain backups)

failure response (limit user exposure to network issues through troubleshooting & device replacement)

network performance (capacity, performance, & utilization optimization)

business procedures (documentation for compliance & service level agreements)

security (safe network, auditing for weakness)

Interrupt-driven network maintenance vs structured network maintenance:

Interrupt-diven maintenance disadvantages:

reduces long-term health of network (security)

slow execution of priority or urgency of tasks since executed upon request

extended network downtime due to limited preventative measure (minimized through proactive network monitoring)

Network maintenance tasks:

adds, moves, changes

installation & configuration of new devices (implementation handled by group with organization, external party or internal staff

replacement of failed devices

backup of device configuration & software (2nd step of replacement)

troubleshooting link & device failure

software upgrading or patching

network monitoring (collection of router & firewall logs or sophisticated network monitoring applications)

Network maintenance planning:

scheduling maintenance (assign priority to tasks)

formalizing change-control procedures (changes can be applied without disruption)

establishment of network documentation procedures (

establishment of effective communication (

properly defining templates, procedures, and/or conventions (

planning for disaster recovery (

uCertify Assessment 4: Quiz – Chapter 3

ARP input process – A process in charge of sending ARP requests on a router.

backplane – Physically interconnects a switch’s ports. Therefore, depending on the specific switch architecture, frames flowing through a switch enter via a port (that is, an ingress port), flow across the switch’s backplane, and are forwarded out of another port (that is, an egress port).

buffer leak – A buffer leak occurs when a process does not return a buffer to the router when the process has finished using the buffer.

Cisco Express Forwarding (CEF) – An optimized Layer 3 forwarding path through a router or switch. CEF optimizes routing table lookup by creating a special, easily searched tree structure based on the contents of the IP routing table. The forwarding information is called the Forwarding Information Base (FIB), and the cached adjacency information is called the adjacency table.

control plane – The control plane of operation encompasses protocols used between routers and switches. These protocols include, for example, routing protocols and Spanning Tree Protocol (STP). Also, a router or switch’s processor and memory reside in the control plane.

egress port – The port a frame will be sent out.

fast switching – A router and multilayer switch packet switching mode that makes use of a route cache maintained in a router’s data plane. The route cache contains information about how traffic from different data flows should be forwarded. The first packet in a data flow is process switched by a router’s CPU. Once the router determines how to forward the first frame of a data flow, that forwarding information is then stored in the route cache. Subsequent packets in that same data flow are then forwarded based on information in the route cache, as opposed to being process switched. As a result, fast switching reduces a router’s CPU utilization, as compared to process switching.

forwarding logic – The process of determining how the Cisco IOS device will handle the traffic received.

Full-duplex – This duplex mode is used when only two devices share the collision domain, as a result, both devices can transmit simultaneously.

Half-duplex – This duplex mode only allows one device to transmit at a time, as multiple devices exist in the same collision domain.

ingress port – The port a frame is received on.

IP Background process – When an interface changes its state, the IP Background process handles that state change.

memory allocation failure – A memory allocation failure (which produces a MALLOCFAIL error message) occurs when a process attempts to allocate a block of memory and fails to do so.

memory leak – When a router starts a process, that process can allocate a block of memory. When the process completes, the process should return its allocated memory to the router’s pool of memory. If not all the allocated memory is returned to the router’s main memory pool, a memory leak occurs.

net background process – An interface has a certain number of buffers available to store packets. These buffers are sometimes referred to as an interface’s queue. If an interface needs to store a packet in a buffer but all the interface’s buffers are in use, the interface can pull from a main pool of buffers that its router maintains. The process that allows an interface to allocate one of these globally available buffers is the net background process.

process switching – A method of switching packets from an ingress interface to an egress interface on a router or multilayer switch that requires the CPU to evaluate every packet. This is the least-efficient switching method.

TCAM – Ternary content-addressable memory; a switching table found in Catalyst switches that is used to evaluate packet forwarding decisions based on policies or access lists. TCAM evaluation is performed simultaneously with the Layer 2 or Layer 3 forwarding decisions.

TCP Timer process – The TCP Timer process runs for each of the TCP connections for a router. Therefore, a router with many simultaneous TCP connections could have a high CPU utilization due to the resources being consumed by the TCP Timer.

Which router process is in charge of handling interface state changes?

IP Background process

What are good indications that you have a duplex mismatch? (Choose two.)

The full-duplex side of the connection has a high number of FCS errors.

The half-duplex side of the connection has a high number of late collisions.

Which of the following are situations when a switch’s TCAM would punt a packet to the switch’s CPU? (Choose the three best answers.)

A switch’s TCAM has reached capacity.

OSPF sends a multicast routing update.

An administrator telnets to a switch.

Based on the output, what percent of the switch’s CPU is being consumed with interrupts?

7 percent

What command is used to display the contents of a router’s FIB?

show ip cef

Identify common reasons that a router displays a MALLOCFAIL error. (Choose the two best answers.)

Cisco IOS bug, Security issue

Which of the following is the least efficient (that is, the most CPU intensive) of a router’s packet-switching modes?

Process switching

What are the components of a switch’s control plane? (Choose two.)

CPU, Memory

Week 3 Lab Assignment 2 Submission – Complete Lab 2: ICND2 – Stand-Alone Labs:

Objective: While completing Lab 2: ICND2 – Stand-Alone Labs: Reviewing Switch Configurations, I experienced no technical issues with the Boson software. Last lab I had difficulty with accessing the privileged EXEC mode due to enable. This week it was configuration mode because “configure” changed to “configure terminal” accessing switches.

Week 3 Lab Assignment 3 Submission – Complete Lab 3: ICND1 – Sequential Labs: Basic Debugging:

Objective: While completing Lab 3: ICND1 – Sequential Labs: Basic Debugging, I experienced no technical issues with the Boson software. This was the easiest lab so far. No command issues. Debug was the most important command.

Week 4: Read Chapters 4 Troubleshooting Layer 2 Trunks, VTP and VLANs and Chapter 5 Troubleshooting STP and Layer 2 EthernetChannel

Week 4 Lecture: Campus Routing and Switching

Basic Layer 2 Switching process:

Essential Componet of VLAN-based infrastructure:

Troubleshooting affects network connectivity

Layer 2 switching problems:

physical problems

bad, missing or miswired cables

bad ports

power failure

device problems

software bugs

Steps to configure MAC address table:

config t

mac address-table static mac address vlan vlan-id {[drop I interface {type number II port-channel number]}

show mac address-table static

copy running-config startup-config

Utilizing separate Ethernet collision domains will result in better bandwidth because each LAN port connects to a separate Ethernet collision domain.

Basic Layer 3 Switching process:

Available Protocols:

(BGP) Border Gateway Protocol

(EIGRP) Enhanced Interior Gateway Routing Protocol

(OSPF) Open Shortest Path First

Selective Information gathering using IOS:

Verification of IP Packet Forwarding:

Show IP route:

ip-address

network mask

network mask longer-prefixes

Show IP cef:

ip-address

network mask

exact-route source destination

uCertify Video:

Week 4 Discussion: “Switching and the Spanning Tree Protocol” Please respond to the following:

Describe the key processes that take place when two (2) IP hosts communicate over a switched LAN. Propose at least one (1) common issue that may occur in a switched LAN environment and suggest one (1) strategy to resolve the issue in question. Provide a rationale for your suggestion.

Speculate on the consequences of not maintaining successful operation of the Spanning Tree Protocol (STP). Analyze the manner in which the Root Bridge, Root Port, and designated ports could be involved in the troubleshooting process. Determine when you would suggest using one (1) STP technology over the other for a specific network. Include at least one (1) example or scenario of using such technology to support your response.

Response:

Switched LANs (Networking) is a recent trend in tying together network resources to interconnect the various network segments using switches rather than hubs or routers. The easiest way to improve the performance of shared LANs is to add port or segment switching in which LAN segments are assigned to new ports instantly, allowing bottlenecks to be eliminated through the reassignment of very active LAN nodes. For example, several dozen workstations running network bandwidth-intensive applications such as imaging, video editing, and computer-aided design on the same Ethernet segment can produce a serious bottleneck. LAN switching can segment an overcrowded, shared-bandwidth workgroup into multiple virtual LANs in which each user or group of users can access 10-Mbps Ethernet or 16-Mbps token-ring bandwidth. The solution is cost-effective and improves network performance for each user. The key processes that takes place when two (2) IP hosts communicate over a switched LAN are first, the two hosts must be speaking the same network layer protocol to communicate, then both hosts must acquire an IP address.

The consequences of not maintaining successful operation of the Spanning Tree Protocol (STP) is Layer 2 frames can endlessly circulate through a network because of the loop created, which can lead to issues such as MAC address table corruption and broadcast storms. Root Bridge could be used in the troubleshooting process to build the STP topology by acting as a reference point for a spanning tree topology. Root bridge functions only for the spanning tree protocol. The other switches/bridges refer to the root bridge to find redundant paths to ensure no Layer 2 Loops exists. Root Port could be used in the troubleshooting process to determine why a port has a specific role. Designated ports could be involved in the troubleshooting process to determine the designated port. A designated port should never be an access port. It is a port that is a down-link to another switch. When observing the switch that is acting as the root bridge for the VLAN it will show all the ports as designated ports because they are the down-links to the rest of the network. If you are in a switch further down the spanning tree it will have a root port, which is the pathway to the root bridge. So if you have a port in the root port state, it is understood that it is connected to a port that is in a designated port state. This is the case because the root port is the up-link towards the root, and the designated port is the down-link to a lower portion of the spanning tree.

Week 4 uCertify Glossary

1. 802.1 – A method of passing frames and their VLAN associations over a trunk link, based on the IEEE 802.1Q standard.

2. access port – Ports on a switch that typically connect to end stations that will never form a trunk.

3. destination MAC address – The MAC address of the recipient of a frame.

4. dynamic auto – An automatic trunking method that uses DTP to negotiate the formation of a trunk. This method will wait for DTP messages to arrive requesting to form a trunk.

5. dynamic desirable – An automatic trunking method that uses DTP to negotiate the formation of a trunk. This method will attempt to form a trunk by sending DTP messages and will respond to DTP messages sent from other devices.

6. encapsulation – The process of adding header information and possibly trailer information at different layers of the OSI model depending on the protocol.

7. frame – The result of encapsulating a Layer 3 packet with Layer 2 header and trailer information.

8. Inter-Switch Link (ISL) – The Cisco proprietary VLAN trunking protocol that predated 802.1Q by many years. ISL encapsulates the original Ethernet frame with 30-bytes of additional information and defines which VLAN the frame belongs to.

9. MAC address table – A table used by switches to efficiently forward frames out the ports needed to reach devices based on their MAC address.

10. native VLAN – The one VLAN on an 802.1Q trunk for which the endpoints do not add the 4-Byte 802.1Q tag when transmitting frames in that VLAN.

11. source MAC address (source MAC) – The MAC address of the sender of a frame.

12. trunk (VLAN) – A physical link that can carry traffic for multiple VLANs.

13. VLAN – Virtual LAN; a logical network existing on one or more Layer 2 switches, forming a single broadcast domain.

14. VTP – VLAN Trunking Protocol; used to communicate VLAN configuration information among a group of switches.

15. VTP domain name – The name used to identify each unique VTP domain.

SW1

Dy AutoDy DesirableTrunkTrunk NonegotiateAccess

Dynamic AutoAccessTrunkTrunkLimited connectivityAccess

Dynamic DesirableTrunkTrunkTrunkLimited connectivityAccess

SW2TrunkTrunkTrunkTrunkTrunkLimited

Trunk NonegotiateLimitedLimited TrunkTrunkLimited

AccessAccessAccessLimited Limited Access

Week 4, Assessment 5, Chapter 4. Troubleshooting Layer 2 Trunks, VTP, and VLANs

1. What does a switch do with an unknown unicast frame?

Flood it out all ports except the port it was received on

2. Which command enables you to verify which port a MAC address is being learned on?

show mac address-table dynamic

3. Which command enables you to verify VTP configurations?

show vtp status

4. What can we confirm when examining the MAC address table of a switch?

The VLAN the MAC address is associated with

The port a MAC address was learned on

5. Which header information is used by switches to to learn which MAC address is reachable out a specific interface?

Source MAC address

6. Which two of the trunk mode examples will successfully form a trunk?

Trunk – Trunk nonegotiate

Trunk – Dynamic auto

7. Which header information is used by switches to forward frames?

Destination MAC address

8. Which two commands enable you to verify which VLAN a port is assigned to?

show vlan brief

show interfaces interface_type interface_number switchport

9. Which two are examples of issues that could prevent a trunk from forming?

Encapsulation mismatch

Incompatible trunking modes

10. Which command enables you to verify the administrative mode and operational mode of an interface?

show interfaces interface_type interface_number switchport

Week 4 Lab Assignment 4 TSHOOT – TSHOOT Labs: Troubleshooting Multilayer Switched Networks Part 1:

Configure virtual LANs (VLANs), assign switchports to VLANs, and troubleshoot and solve various configuration issues in a switched network. All devices will be configured upon the initial loading of the lab. In this lab, VLAN 99 is used as the management VLAN. You should use cisco when prompted for a password.

CommandDescription

configure terminalenters global configuration mode from privileged EXEC mode

enableenters privileged EXEC mode

endends and exits configuration mode

exitexits one level in the menu structure

interface type numberchanges from global configuration mode to interface configuration mode

ip address ip-address subnet-maskassigns an IP address to an interface

ping ip-addresssends an Internet Control Message Protocol (ICMP) echo request to the specified address

show interfaces statusdisplays the line status of all interfaces

show ip interface briefdisplays a brief summary of interface status and configuration

show running-configdisplays the active configuration file

show vlandisplays VLAN information

switchport access vlan vlan-idassigns the default VLAN for a port

[no] vlan vlan-id creates a VLAN; the no form removes a VLAN

Task 1:

A. Document the Network You have been asked to solve a problem on a network with incomplete documentation. Refer to the Lab Topology diagram. Before you attempt to correct the problem, your first step should be to document the current state of the network. Using the supplied network diagram, fill in the missing information, including interface names and IP addresses. As you examine the current configuration, record any additional information that might be useful as you begin to identify, isolate, and correct problems.

– You can learn the network by issuing the show running-config command and the show ip interface brief command, among others. The following is a completed network diagram that contains the IP addresses, interface names, and other information that will assist you with troubleshooting the simulated network in this lab:

B. Analyze the Network

1. From P1PC1, try to ping P2PC2. Is the ping successful? Is a ping from P2PC2 to P1PC1 successful?

2. Can you ping the management VLANs on P1ASW1, P1DSW1, P2ASW2, and P2DSW2 from P1PC1 and P2PC2?

– A ping from P1PC1 to P2PC2 (172.16.1.2) fails. A ping from P2PC2 to P1PC1 (172.16.1.1) also fails.

– A ping from P1PC1 to P1ASW1 (172.16.1.10) succeeds. All other pings from P1PC1 fail. A ping from P2PC2 to P1ASW1 (172.16.1.10) fails. Pings from P2PC2 to all other switches succeed.

C. Isolate the Problem

1. How should you check to make sure that all cables are connected and that the Ethernet ports are active? – To verify that all cables are connected and that the Ethernet ports are active, you should issue the show interfaces status command or the show interfaces command to check the status of each port, as shown in the following sample output from P1ASW1:

2. Are any interfaces down? – The interfaces are not down; all interfaces are connected and up and up.

3. Is the network divided into VLANs? – Yes, the network is divided into VLANs.

4. Which VLANs exist? How do you know? – The output of the show vlan command issued on the ASW switches shows that VLAN 1, VLAN 9, and VLAN 99 exist.

D. Correct the Error

1. What condition could prevent a host plugged into one switchport from communicating with another host in a different switchport? One condition that could prevent a host plugged into one switchport from communicating with another host plugged into a different switchport is that the ports could be in different VLANs.

2. Do you see a configuration error? If so, what error do you see? Yes, you should see a configuration error on P1ASW1. The FastEthernet 0/5 port on access switch P1ASW1 is in VLAN 9, and the FastEthernet 0/5 port on access switch P2ASW2 is in VLAN 99.

3. Why is this a problem? The workstations are unable to ping each other because the two switchports that connect the two workstations to the access switches are in different VLANs; P1PC1 and P2PC2 are effectively isolated from each other.

4. What configuration change should you make? What commands should you use to implement this change? You should issue the following commands to change the configuration on P1ASW1 to correct the VLAN assignment error. FastEthernet 0/5 on P1ASW1 needs to be moved back into VLAN 99 so that P1PC1 and P2PC2 are part of the same network.

P1ASW1#configure terminal

P1ASW1(config)#no vlan 9

P1ASW1(config)#vlan 99

VLAN 99 added:

Name:VLAN0099

P1ASW1(config-vlan)#exit

P1ASW1(config)#interface fastethernet 0/5

P1ASW1(config-if)#switchport access vlan 99

P1ASW1(config-if)#no interface vlan 9

P1ASW1(config)#interface vlan 99

P1ASW1(config-if)#ip address 172.16.1.10 255.255.255.0

Task 2: Verify the Configuration

1. From each switch, make sure that you can ping all devices in Pod 1 and Pod 2. From P1PC1, make sure that you can ping P2PC2. Also, from P2PC2, make sure that you can ping P1PC1. You have completed this lab successfully if you are able to successfully ping P2PC2 (172.16.1.2) from P1PC1.

Week 4 Lab Assignment 4 Submission:

While completing Week 4 Lab Assignment 4 TSHOOT – TSHOOT Labs: Troubleshooting Multilayer Switched Networks Part 1, there were no technical experiences in completing this lab. The commands that were of greatest benefit were enable, ping, and show. The general overall lab experience was straight forward. I did initially have issues trying to ping the two workstations. I do hope my network comprehension will improve because without the answers, I would not have successfully completed the assignment.

Week 4 Assignment 1: VLAN Troubleshooting

XYZ Company is a very large retail chain in the Midwest United States. This company operates with a single corporate campus location and 25 regional distribution centers that support 3,000 retail locations. XYZ Company recently deployed a new switching environment using Virtual Local Area Network (VLAN) and Spanning Tree technology. The new switching environment includes redundant connections between each switch and includes the HR and Finance VLANs as shown below. Devices plugged into the HR VLAN on any switch require access to the HR VLANs across all switches. Devices plugged into the Finance VLAN require access to the Finance VLANs across all switches.

There have been multiple problems reported with the VLAN and Spanning Tree switching environment.

The new switching environment has exhibited the following problems:

Switch 1 HR VLAN communication cannot take place with Switch 2 HR VLAN

Switch 2 Finance VLAN cannot communicate with Switch 4 Finance VLAN

Switch 4 has both trunk ports to switch 3 continuously going from blocking to forwarding

Root bridge election is occurring every minute

You were brought in based on your troubleshooting knowledge to address the issues.

Write a two to four (2-4) page paper in which you:

Decide the troubleshooting methodology that you would use for each issue. Provide a rationale to support your response.

Provide the main steps that you would use to troubleshoot each of these issues and determine the tools that you would require to complete your troubleshooting. Provide a rationale to support your response.

Speculate on the main cause(s) of each of the (4) four problems. Provide a rationale to support your response.

Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

Describe and develop maintenance methods and processes and procedures through the use of networking tools, resources, and techniques.

Summarize and develop troubleshooting processes for enterprise networks.

Use technology and information resources to research issues in internetworking troubleshooting.

Write clearly and concisely about internetworking troubleshooting using proper writing mechanics.

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using this rubric.

Week 5 Read Chapter 6: Troubleshooting Inter-VLAN Routing and Layer 3 EtherChannels

Review Lecture 1

uCertify Video(s)Lab 3: EIGRP Troubleshooting (44 min 37 sec)

Lab 5: TSHOOT – TSHOOT Labs: Troubleshooting Routing Protocols Part II (25 Points)

TSHOOT Lab: Troubleshooting Routing Protocols Part II

Objective: Isolate, identify, and correct problems with the Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and Intermediate System-to-Intermediate System (IS-IS) routing protocols.

configure terminal – enters global configuration mode from privileged EXEC mode

enable – enters privileged EXEC mode

end – ends and exits configuration mode

exit – exits one level in the menu structure

interface type number – changes from global configuration mode to interface configuration mode

ip router isis – enables IS-IS on an interface

network network-address – enables a routing protocol to route for an attached network

network network-address wildcard-mask area area-id – activates OSPF on the specified network and places the matching interface in the specified area

ping ip-address – sends an Internet Control Message Protocol (ICMP) echo request to the specified address

redistribute protocol metric metric subnets – configures redistribution into OSPF

redistribute protocol metric bandwidth delay reliability load MTU- configures redistribution into EIGRP

router eigrp autonomous-system-number- enters router configuration mode for EIGRP

router ospf process-id – enters router configuration mode for an OSPF process

show cdp neighbors – displays information about directly connected neighbors

show cdp neighbors detail – displays directly connected neighbor devices and their device types, interface names, and IP addresses

show ip interface brief – displays a brief summary of interface status and configuration

show ip protocols – displays information about active routing protocols

show ip route – displays the IP routing table

show running-config – displays the active configuration file

traceroute ip-address – displays the network path to a given destination; used on Cisco workstations

Lab Tasks

Task 1

A. Document the Network 1. You have been asked to solve a problem on a network with incomplete documentation. Before you attempt to correct the problems, your first step should be to document the current state of the network. Fill in the missing interface types and IP addresses on the Lab Topology diagram. As you examine the current configuration, record any additional information that might be useful as you begin to identify, isolate, and correct problems.

Note: Since multiple routing protocols and route redistribution are involved, you might want to include routing topology information in your diagram.

B. Analyze the Network

1. Begin at P1R1, and examine the state of the network from this point. What information does P1R1 have about the other networks? None

2. How did you gather this information? ping, traceroute, show cdp neighbors,

3. Based on what you see, what might be causing this situation? show ip route shows P1R1 is not receiving routes from directly connected neighbors. routing table is not receiving dynamic updates from other network routers. A possible reason is that a routing protocol such as EIGRP or OSPF is misconfigured.

Isolate the Problem

1. Are you able to move traffic across the backbone to Pod 2 (P2R1, P2R2, and P2R3) from P1R1? Attempted pings from P1R1 across the backbone to any of the interfaces on P2R2 and P2R3 fail. Pings to the directly connected backbone router, P2R1, are successful.

2. What neighbor routers should be sending updates to P1R1? What command did you use to determine this? The output of the show cdp neighbors detail command issued on P1R1 shows that P1R2 and P2R1 are directly connected and should be sending updates to P1R1

3. Are dynamic routing protocols running on the routers that connect the backbone? Which ones? How did you determine this? Yes, dynamic routing protocols are running on the routers that connect the backbone. The output of the show ip protocols command shows that IS-IS and OSPF are running on P1R1 and P2R1, as shown in the following sample output from P1R1:

4. Does P1R1 have connectivity to neighboring routers? How did you test this? What does this tell you? Yes, P1R1 has connectivity to neighboring routers. Successful pings of the interfaces learned via show cdp neighbors detail demonstrate that Layer 3 is working properly. Traffic will pass between P1R1 and P2R1. Pings between P1R1 and P2R1 are successful; however, P1R1 and P2R1 are not receiving dynamic routing updates from their neighbors.

5. How should you proceed from here? issue the show running-config command to examine the configuration of the dynamic routing protocols running on P1R1 and its neighbors, P2R1 and P1R2

D. Correct the Error

1. Since updates are not being received from Pod 2, what routing protocol are backbone routers P1R1 and P2R1 using to update each other’s routing tables? IS-IS

2. Is IS-IS configured and running on both backbone routers? How do you know? Yes, the IS-IS routing protocol is configured and running on both backbone routers. The output of the show running-config and show ip protocols commands can be used to determine what routing protocol is configured and running on both backbone routers.

Do you see a problem with the way IS-IS is configured on either backbone router? If so, what configuration change do you propose? Yes, by viewing the output from the show running-config command issued on P1R1, you should see a problem with the way IS-IS is configured. IS-IS is running on P1R1, but it is not bound to any interface. You should issue the following commands to add ip router isis to the FastEthernet 0/0 interface on P1R1 to correct the configuration:

P1R1(config)#interface fastethernet 0/0

P1R1(config-if)#ip router isis

4. What change in the state of the network do you see after changing the configuration? After changing the configuration and allowing the network 60 seconds to converge, you should see that P1R1 is now receiving routing table updates across the backbone from P2R1 with show ip route

Task 2

A. Analyze the Network

1. How has the routing table on P1R1 changed? The routing table on P1R1 has changed because updates are now being received from P2R1 across the backbone.

2. Examine the network from the other routers. What areas of the network are unreachable by other routers? By examining the network from the other routers, you should be able to determine that the routers in Pod 2 are not receiving routes to any of the 192.168.1.0 subnets in Pod 1.

3. What parts of the network are unreachable as a result of this? The directly connected networks of P1R2 and P2R2 are the parts of the network that are unreachable from the Pod 2 routers.

B. Isolate the Problem

1. Which routers and routing protocols are responsible for delivering the missing routes? The OSPF routing protocol on P1R2 and P2R2 is responsible for delivering the missing routes.

2. How did you determine this? show cdp neighbors and show ip protocols on P1R2 and P2R2

3. What step should you take next? examine the OSPF configuration on P1R2 and P2R2 as the next step in your troubleshooting efforts by issuing the show ip protocols and the show running-config commands on P1R2 and P2R2

C. Correct the Error

1. Is the correct routing protocol running on the routers you identified in Task 3, section B, step 1? Y

2. Are the correct networks being advertised? N

3. What commands should you issue to correct the configuration? to correct the OSPF configuration on P1R2 and P2R2:

P1R2(config)#router ospf 1

P1R2(config-router)#no network 0.0.0.0 0.0.0.3 area 0

P1R2(config-router)#network 192.168.1.16 0.0.0.15 area 0

P1R2(config-router)#network 192.168.1.32 0.0.0.3 area 0

P2R2(config)#router ospf 1

P2R2(config-router)#no network 0.0.0.0 0.0.0.3 area 0

P2R2(config-router)#network 192.168.2.16 0.0.0.15 area 0

P2R2(config-router)#network 192.168.2.32 0.0.0.3 area 0

4. Change the configuration by using the network commands you wrote above. What is the state of the network now? After you correct the configuration on P1R2 and P2R2 and the network has converged, networks directly connected to P1R2 and P2R2 are now shown in the routing table of P1R1 with output from show ip route

Task 3

A. Analyze the Network

1. Do all routers in both pods have full connectivity to one another? N

2. What problems remain? One of the remaining problems is that P2R1 does not have routes to all of the 192.168.1.0 subnets in Pod 1.

3. Can you give a specific example of a lack of reachability? A specific example of an interface that is not reachable is that a ping from P2R2 to FastEthernet 0/0 on P1R2 (192.168.1.49) fails because no routes exist to the 192.168.1.48/28 subnet.

B. Isolate the Problem

1. What two routers are most responsible for providing information on Pod 1 subnets to Pod 2? P1R2 and P1R1

2. Explain how the two routers that you just identified can communicate routing table updates to Pod 2. P1R2 runs both EIGRP and OSPF. This router advertises its own routes via OSPF and by using route redistribution; it advertises EIGRP routes learned from its neighbors. P1R1 runs OSPF and IS-IS. It injects its OSPF-learned routes into IS-IS through redistribution. IS-IS runs on core routers P1R1 and P2R1; thus, all Pod 1 subnets are advertised to Pod 2.

C. Correct the Error

1. Based on your analysis of the network, what configuration error is preventing updates from being sent to Pod 2? P1R1 is not redistributing its OSPF-learned routes into IS-IS, which is the configuration error that is preventing updates from being sent to Pod 2.

2. What configuration changes should you make to correct this problem? issue the following commands to add redistribute ospf 1 to the IS-IS configuration on P1R1 to correct the problem:

P1R1(config)#router isis

P1R1(config-router)#redistribute ospf 1

3. After making your proposed configuration change, what is the state of the network? Routes to Pod 1 subnets are now being distributed to Pod 2, as evidenced by the following sample output from the show ip route command on P2R1:

Task 4

A. Analyze the Network

1. Check to make sure you have complete connectivity throughout the network. Can all routers in Pod 1 ping all subnets in Pod 2? Can P1R3 ping the Loopback 0 interface on P2R3 (192.168.2.65)? No

2. Can all routers in Pod 2 ping all subnets in Pod 1? Can P2R3 ping the Loopback 0 interface on P1R3 (192.168.1.65)? No

B. Isolate the Problem

1. Which subnets in Pod 2 are not reachable from P1R1? All

2. Which subnets in Pod 1 are not reachable from P2R1? 192.168.1.48/28 and 192.168.1.64/28. Pings from P2R1 to the FastEthernet 0/0 interface (192.168.1.50) and Loopback 0 interface (192.168.1.65) on P1R3 are not successful.

3. Does P2R1 have a route to all Pod 1 networks? Y

4. Considering your findings from the previous step, what would cause P2R1 to be unable to reach the networks on P1R3? If P2R1 has a route to all Pod 1 networks but is unable to ping all Pod 1 interfaces, the device that P2R1 is attempting to ping might not have a route back to P2R1. In this lab, P2R1 is capable of reaching every interface in Pod 1 except the interfaces on P1R3. You should conclude that P1R3 does not have a route back P2R1.

5. Which router(s) and routing protocol(s) are responsible for advertising the missing subnet(s)? P1R2 and the OSPF routing protocol are the router and routing protocol that are responsible for advertising the missing subnets on P1R3

C. Correct the Error

1. Examine the configuration of P1R2. Do you see anything that would prevent it from advertising all the networks it knows about? P1R2 is not configured to redistribute its EIGRP-learned routes into OSPF, which would prevent it from advertising all the networks it knows about.

2. If you see a configuration error, what configuration changes would you propose? enable the EIGRP configuration on P1R2 to redistribute OSPF routes:

P1R2(config)#router eigrp 100

P1R2(config-router)#redistribute ospf 1 metric 10000 100 255 1 1500

3. What is the state of the network after the configuration change is made? After the network converges,

P2R1 in Pod 2 still cannot ping all devices in Pod 2 and P1R1 in Pod 1 still cannot ping all devices in Pod 1. Pings originating from P2R1 destined to Pod 1 use the 10.100.100.2 source address because the next hop is out the FastEthernet0/0 interface. Likewise, pings originating from P1R1 destined to Pod 2 use the 10.100.100.1 source address. In order for the ping to succeed, R2 and R3 devices in both pods must have a route to the 10.100.100.0/24 network. You should issue the following commands on P1R1 and P2R1 to redistribute the connected 10.100.100.0 route.

P1R1(config)#router ospf 1

P1R1(config-router)#redistribute connected subnets

P2R1(config)#router ospf 1

P2R1(config-router)#redistribute connected subnets

Lab 6: TSHOOT – TSHOOT Labs: Troubleshooting EIGRP Routing (25 Points)

Objective: Analyze, locate, and fix Enhanced Interior Gateway Routing Protocol (EIGRP) operation problems in the network.

uCertify Assessment 6: Quiz 5 – Chapter 5 (10 Points)

What are two common issues that could result from an STP failure?

Broadcast storms, MAC address table corruption

What determines the switch that will be the STP root bridge for a VLAN?

Lowest bridge ID

Which switch feature allows multiple physical links to be bonded into a logical link?

EtherChannel

What must match on physical switchports to successfully form an EtherChannel bundle? (Choose three.)

Interface speed, Interface mode (access/trunk), Native VLAN

What is the maximum age for an STP BPDU in seconds?

20

Which two of the following commands are most helpful in determining STP information for a Layer 2 switch?

show spanning-tree vlan, show spanning-tree interface

What is the STP port type for all ports on a root bridge?

Designated port

What combination will successfully form a Cisco proprietary Layer 2 EtherChannel bundle?

Desirable – Auto

When determining the root port of a nonroot bridge, if cost is tied, what is referenced next to break the tie?

Upstream bridge ID

Which STP feature ensures that certain ports in the STP topology never become root ports, and if the port receives a superior BPDU it places it in the root inconsistent state?

Root Guard

Sorry Professor for such a late submission. In summary, this was a fairly easy test. Even if it was not easy, we had the option of retaking the test to improve our score. I have to admit, I took this test several times because I am obviously weak when remembering or understanding issues related to Chapter 6 specifically EtherChannel.

Week 5 Discussion: “Open Shortest Path First (OSPF) and EIGRP“ Please respond to the following:

Suggest the troubleshooting preparations that you believe are necessary to diagnose and resolve problems related to EIGRP. Suggest what you believe to be the most effective and the least effective tool(s) available to both monitor and debug EIGRP. Provide a rationale for your response.

Imagine that you have been tasked with gathering information from the OSPF data structures, observing the transmission and reception of packets, and observing the exchange of routing information. Suggest the commands that you would use to accomplish these tasks and explain the strategies that you would employ to ensure that these commands do not affect router performance. Provide a rationale for your response.

Response:

After configuring EIGRP, we first test connectivity to the remote network, using ping. If the ping fails, check that the router has EIGRP neighbors and troubleshoot on a link-by-link basis. Neighbor adjacency might not be running for a number of reasons. EIGRP is an advanced distance vector routing protocol that has to establish a neighbor relationship before updates are sent; therefore, we next check if the neighbor adjacency is working properly. If so, we can continue by checking if networks are being advertised or not. Issues that affect EIGRP neighbor adjacencies are uncommon subnets, K value mismatches, AS mismatches, layer 2 issues, access-list issues and NBMA (Non Broadcast Multi Access). Uncommon subnets are EIGRP neighbors with IP addresses that are not in the same subnet. By default bandwidth and delay are enabled for the metric calculation. We can enable load and reliability but we have to do it on all EIGRP routers to prevent AS mismatch: The autonomous system number has to match on both EIGRP routers in order to form a neighbor adjacency to avoid K value mismatches. EIGRP works on layer 3 of the OSI-model. If layer 1 and 2 are not working properly we’ll have issues with forming a neighbor adjacency that creates layer 2 issues. Access-list issues arise from the possibility that someone created an access-list that filters out multicast traffic. EIGRP by default uses 224.0.0.10 to communicate with other EIGRP neighbors. NBMA networks like frame-relay will not allow broadcast or multicast traffic by default. This can prevent EIGRP from forming EIGRP neighbor adjacencies. The debug eigrp commands are the best tools to used to troubleshoot or monitor live EIGRP processes.

There are many debug commands effective against troubleshooting EIGRP. You can use the debug eigrp packets command to troubleshoot when hello packet information does not match. The debug ip routing command output verifies whether a route is being installed. This debug shows all the routes that the routing table takes out and installs, although the output of the debug might be overwhelming to the routers. You can also use an access list to the debug so that the output shows only the routes in question.

Week 6:

Read Chapter 9: Troubleshooting IPv4 Addressing and Addressing Technologies

Read Chapter 10: Troubleshooting IPv6 Addressing and Addressing Technologies

Review Lecture 1:

Solving Network Connectivity Issues – Verify PC1 connectivity

Correcting VLAN Configuration

Trunk Configuration errors:

Trunk type (ISL vs 802.1Q) mismatches

Switchport mode mismatches

Native VLAN mismatches (applicable to 802.1Q)

Allowed VLANs mismatch or error

NAT configuration issues – Troubleshooting NAT configurations

Inside and outside interface’s not being configured properly

The ACL used for NAT not being configured correctly

The NAT IP address pool not being configured correctly

The inside global address is not advertised, causing routing and reachability problems from outside

NAT virtual interface (NVI) –

Watch uCertify Videos:

Lab 7: IPv6 and OSPFv3 (42 min 19 sec)

Lab 8: IPv6 and RIPng (33 min 16 sec)

Lab 10: DHCP Troubleshooting (19 min 27 sec)

Lab 11: NAT Troubleshooting (21 min 33 sec)

Assessment Items :

Discussion (20 Points): “Dynamic Host Configuration Protocol (DHCP) and IPv6” Please respond to the following:

Per the text, DHCP is a widely used technique for configuring the IP address and other parameters of IP devices. Identify what you believe to be the single most common configuration error and explain the reasons to support your position. Discuss the strategy you would use to fix the error that you have identified. Provide a rationale for your response.

There are a number of Cisco IOS tools and commands available for troubleshooting an OSPFv3 or Stateless IP Autoconfiguration problem. Select the tool that you would use to troubleshoot such a problem and provide a rationale for your response.

Response:

Per the text, Dynamic Host Configuration Protocol (DHCP) is identified as one of the most common ways of allocating Ipv4 addresses. DHCP provides its client a way to secure multiple pieces of IP address data from a DHCP server. Since it is the most common way to deploy Ipv4, we need to understand the DHCP process to recognize DHCP issues. The text shows us in a configuration where the service dhcp command turns on the routers DHCP service. Then suggests that even though the service should be turned on by default, when troubleshooting DHCP the router should be checked to verify if the service is turned on. Therefore, if I have to identify what I believe to be the single most common configuration error, I would suggest it would be forgetting to ensure DHCP was enabled on the router. I doubt I need reasons to support my conclusion unless there is a more common or simple DHCP configuration error. If the router’s DHCP service is not enabled, there can be no DHCP services. Period! Clearly, to fix this error you simply enable the router’s DHCP services with the service dhcp command.

Since there are a number of Cisco IOS tools and commands available for troubleshooting an OSPFv3 or Stateless IP Autoconfiguration problem, I would use several ipv6 and interface gigabitethernet0/0 commands as the tools to troubleshoot such a problem. According to the text, a trouble was presented on a network that uses stateless autoconfiguration. They used the show ipv6 interface gigabitethernet0/0 command to identify what was suppressed on the network. They used the show run interface gigabitethernet0/0 command to verify the configuration commnads on the interface. Then used the ipv6 ra suppress all command to stop sending suppressed data. Finally, the no ipv6 nd ra suppress all command was issued to generate an address and resolve the issue.

Lab 7: ICND1 – Stand-Alone Labs: DHCP (25 Points)

Objective:

In this lab, you will configure a Dynamic Host Configuration Protocol (DHCP) server and two clients. A DHCP server is used to automatically provide IP addresses to clients.

Lab 8: ICND2 – Stand-Alone Labs: Troubleshooting OSPFv3 (25 Points)

Objective:

In this lab, you will analyze a multi-area Open Shortest Path First version 3 (OSPFv3) IP version 6 (IPv6) network and implement the necessary changes to enable a fully operational network.

In Lab 8: ICND2 – Stand-Alone Labs: Troubleshooting OSPFv3 I was asked to analyze a multi-area Open Shortest Path First version 3 (OSPFv3) IP version 6 (IPv6) network and implement the necessary changes to enable a fully operational network. There were no technical experiences in completing this lab. The commands that were of greatest benefit to me were enable, configuration, and end. The overall lab experience was just as confusing as lab 7.

Lab 9: ICND2 – Stand-Alone Labs: EIGRPv6 Troubleshooting (25 Points)

Objective:

In this lab, you will analyze a multi-area Open Shortest Path First version 3 (OSPFv3) IP version 6 (IPv6) network and implement the necessary changes to enable a fully operational network.

In Lab 9: ICND2 – Stand-Alone Labs: EIGRPv6 Troubleshooting I was asked to analyze a multi-area Open Shortest Path First version 3 (OSPFv3) IP version 6 (IPv6) network and implement the necessary changes to enable a fully operational network. There were no technical experiences in completing this lab. The commands that were of greatest benefit to me were enable, configuration, and end. The overall lab experience was fairly confusing.

uCertify Assessment 7: Quiz – Chapter 6 (10 Points)

Layer 3 EtherChannel –

Layer 3 switch – A Layer 3 switch can act as a Layer 2 switch (that is, making forwarding decisions based on MAC addresses), or it can make forwarding decisions based on Layer 3 information (for example, IP address information).

routed port – A Layer 3 port on a multilayer switch that behaves similar to an interface on a router and is not associated with a particular VLAN.

router-on-a-trunk/router-on-a-stick – A router with subinterfaces that is used to route traffic between multiple VLANs.

SVI – Switched virtual interface; a logical interface used to assign a Layer 3 address to an entire VLAN.

1. Which show command enables you to verify whether interface Gigabit Ethernet 1/0/10 is a Layer 2 switchport or a routed port? show interfaces gigabitethernet 1/0/10 switchport

2. Which EtherChannel flag indicates that the port is bundled in the EtherChannel bundle? P

3. Which show command enables you to verify the VLAN that has been associated with a router subinterface? show vlans

4. What flags in the show etherchannel summary output indicate that the EtherChannel is Layer 3 and in use? RU

5. Which command enables IPv4 unicast routing on a Layer 3 switch? ip routing

6. What must be true for an SVI to be up/up? (Choose two answers.) The VLAN associated with the SVI must exist on the switch. & There must be at least one interface on the switch associated with the VLAN in the spanning-tree forwarding state.

7. Which show command enables you to verify the status of the SVI for VLAN 10 and the MAC address associated with it? show interfaces vlan 10

8. Which command enables you to associate a VLAN with a router subinterface? encapsulation

9. Which EtherChannel modes will successfully form an LACP EtherChannel? Active-passive

10. Which command enables you to convert a Layer 2 switchport to a routed port? no switchport

In summary of the week 6 uCertify Assessment 7: Chapter 6 Quiz, it is even more apparent during this test that my understanding of Etherchannels is weak. The optional certification readiness was not very helpful.

Optional Certification Readiness (optional and not graded)

uCertify flashcards, and exercise(s)- Chapter 9 and Chapter 10

Comprehensive Certification Discussion, located here in the course shell

Week 7: Read Chapter 19: Troubleshooting Management Protocols and Tools

Week 7 Review Lecture 1:

Week 7 Discussion (20 Points): “Resource Allocation and Failures” Please respond to the following:

Imagine that you have been contracted as a network consultant for a mid-sized company. You have observed a router that is slow to respond to commands issued on the console; in addition, it is not sending routing protocol packets to other routers. Analyze the potential causes of these symptoms and suggest one (1) way in which you would troubleshoot the router in order to restore baseline operations.

Discuss the most common causes for router memory failure and recommend both preventative strategies and early actions that your organization can take in order to prevent router memory failure from occurring. Provide a rationale to support your response.

Response:

If I were contracted as a network consultant for a mid-sized company and I observed a router that needed troubleshooting, to analyze potential causes of the symptoms and restore baseline operations I would first verify the problem. If the router was slow to respond to commands issued or “hang” on the console, I would first verify cable connectivity and then verify that the power supply is plugged in or on. I would then verify the router LED status by examining the routers lights. If all LEDs are down, it is most likely an issue with the power supply of the router. A quick solution would be to simply replace the power supply, but further analysis would suggest I test the questionable power supply on a known good unit, otherwise simply rebooting the router may resolve the immediate issue. If traffic still flows through the router I would disconnect all network interfaces and see if the router responds. If the router’s lights don’t indicate an issue I would examine another possible cause of the hang which would be memory allocation failure. Either the router has used all available memory, or the memory has been fragmented into such small pieces that the router cannot find a usable available block. If the console does not respond because the router CPU utilization is high, it is important to find and correct the cause of the high CPU utilization. In most cases it is important to collect the output from show interfaces, show interfaces stat, and possibly show processes to further diagnose the problem. To fix the problem, I would reduce the amount of switched IP traffic. If the router was not sending routing protocol packets to other routers I would troubleshoot for misconfigurations, lack of system resources, or physical connectivity problems. Networks directly connected to a router are automatically installed into the routing table and are marked as connected, once the IP addresses are configured under the interfaces. Routers can route packets between these connected networks without a routing protocol or static routes. Routers can route packets between these connected networks; therefore, configuring a routing protocol is not required. To verify basic IP connectivity to a network, I would issue the ping command in the user EXEC or privileged EXEC mode. Basic IP connectivity can also be tested, and the path to the destination determined by issuing the traceroute command in the user EXEC or privileged EXEC mode. If these tests fail, I would verify that the destination device is assigned an IP address and that it is correct. I would also, check the connectivity to the local gateway, and confirm that subnet and mask information matches. I would then examine the possibility of duplicate IP addresses. If the problem is not resolved, I would examine Layer 1 and Layer 2 while making sure cables are properly connected and verify hardware is operational. If the physical layer is found to be in order, I would check if sufficient router resources are available and verify that memory and CPU utilization are not overstretched. I would also check that an Access Control List (ACL) is not dropping packets and that Network Address Translation (NAT) is configured properly. The last resort would be to verify if the upper layer protocols need to be examined for issues such as authentication problems, version mismatches and software incompatibility.

The most common causes for router memory failure are memory leak and running out of memory. Memory leak is caused by a Cisco IOS bug where the bug causes one process to consume an excessive amount of memory until all memory is utilized. Routers can run out of memory due to the processes and configurations on the device that are not associated with a bug. Border Gateway Protocol (BGP) holding a large amount of memory because of the number of routes that it takes would be an example. This issue of the router running out of memory can be corrected by altering the router’s configuration to achieve optimal routing and reduce memory consumption. A feasible preventative strategy and early action that an organization can take to possibly prevent router memory failure from occurring would be to identify how much memory should be allocated and how much free memory is available early and on a routine basis.

Respnse3:

Based on my understanding, MALLOCFAIL errors are not common causes for router memory failure. Unless mistaken MALLOCFAIL errors are simply how errors show up in router or switch logs. Since they appear to be simply how errors are seen on a device, they cannot be the cause of a failure. I read that errors generally appear as MALLOCFAIL which in my opinion suggests all identified errors may not appear in the logs. Therefore I view using a MALLOCFAIL error to resolve an issue as a post problem correction. This suggests MALLOCFAIL errors provide no preventative action. I would suggest it is more effective/efficient to attempt to prevent a potential issue than react to one.

Week 7 Lab 10: TSHOOT – Supplemental Labs: Configuring QoS with Cisco AutoQoS (25 Points)

Complete the lab. Use the “Grade Lab” function within the Boson Network Simulator to check your work. You may redo your work multiple times, as needed. Take a screenshot when you are satisfied with your work; be sure that the lab name and results appear in the background. Write a short answer (4-5 sentences) in the Comment text box to the following: Summarize the technical experiences in completing this lab. Explain what commands were of greatest benefit to you and provide general comments on the overall lab experience.

Objective: Configure and monitor Cisco AutoQoS Discovery and Cisco AutoQoS for the Enterprise on a low-bandwidth Point-to-Point (PPP) serial interface.

Answer:

In summary of the Week 7 Lab 10: TSHOOT – Supplemental Labs: Configuring QoS with Cisco AutoQoS lab, there were no technical experiences in completing this lab. The commands that were of greatest benefit to me were the enable, configuration, and end commands. General comments on the overall lab experience included acknowledging I had a limited understanding of why a traffic generator was needed in the configuration to learn how to configure and monitor Cisco AutoQoS Discovery and Cisco AutoQoS. Cisco AutoQoS Discovery is simply a technology that minimizes the complexity, time, and operating cost of Quality of Service (QoS) deployment. Why was the traffic generator needed?

Week 7 uCertify Assessment 8: Quiz 7 – Chapter 7 (10 Points)

Complete the assessment; your results will be displayed. Select “Share your result” from the results page menu items.

Copy the URL and paste it into the assignment submission area in the Blackboard online course shell. Summarize, in two to three (2-3) sentences, both your strengths and weaknesses with respect to the topics you covered in the assessment.

Response:

In summary of both my strengths and weaknesses with respect to the topic covered in the assessment Quiz 7 covering Troubleshooting Switch Security Features, I found that I had a limited understanding of Port Security. I did not acknowledge the specific purpose of Port Security is to secure the network by preventing unknown devices from forwarding packets. I clearly did not understand the range of control an administrator has securing the network through Port Security.

Which two of the following port security violation modes will generate a log message when a violation occurs?

Restrict & Shutdown

Which two commands identify the ports that are in the err-disabled state if the err-disable recovery feature has not been enabled for port security?

show interfaces & show interfaces status

Which command enables you to verify the IP address that has been given to each client from the DHCP server along with the interface they are connected to and the VLAN the interface is a member of?

show ip dhcp snooping binding

How does IP Source Guard learn where valid source IPs are in the network?

DHCP snooping database

What must be true for dynamic ARP inspection to operate successfully?

DHCP snooping must be enabled globally. & DHCP snooping must be enabled for specific VLANs.

Which of the following has the ability to deny only FTP traffic between two devices in the same VLAN?

VLAN ACL

Which two of the following statements are true about PVLANs?

Isolated ports cannot communicate with other isolated ports. & Community ports cannot communicate with isolated ports and vice versa.

Which command enables you to verify the port status of a port security-enabled port?

show port-security interface interface_type interface_number

What must be true for DHCP snooping to operate successfully? (Choose two.)

It must be enabled globally. & It must be enabled for specific VLANs.

Which command enables you to verify which interfaces have been configured with IP Source Guard?

show ip verify source

uCertify flashcards, and exercise(s)- Chapter-19

Comprehensive Certification Discussion, located here in the course shell

Week 8 Course Learning Outcomes: Upon completion of this lesson, you will be able to:

Review and plan the troubleshooting in converged networks, namely, WLAN, Unified Communication, and Video.

Week 8 Checklist:

Preparation Items:

Read Chapter 11: Troubleshooting IPv4 and IPv6 ACLs and Prefix Lists

Review Week 8 Lecture 1:

Assessment Items :

Week 8 Discussion (20 Points): “Wireless Troubleshooting and Security” Please respond to the following:

Imagine that the wireless operations team has identified an issue related to the reliability and performance of the wireless network. After careful observation, you have noted that the AP interface pointing to the wired network is performing inconsistently and there is a significant slowdown on Voice over WLAN when the port is operational. Propose the main steps that you would take in the troubleshooting process and discuss the tools that would help you achieve a solution. Choose the tool you believe to be the most useful in this troubleshooting process and justify your choice.

From Part 1 of this discussion, suggest the main steps that you would take to ensure that Wireless LAN components are not compromised in the troubleshooting process as a result of this security issue. Provide a rationale to support your response.

Week 8 Response:

The wireless operations team has identified an issue related to the reliability and performance of the wireless network. After careful observation, I noted that the AP interface pointing to the wired network is performing inconsistently and there is a significant slowdown on Voice over WLAN when the port is operational. In this scenario, I would implement quality of service (QoS) features on the integrated services router or access point (AP). Wired networks enforce QoS while wireless networks manage QoS for traffic to clients; therefore, an examination of the flow of traffic wirelessly and wired is necessary. To implement QoS in the wireless network, ensure VLANs (if used) are configured on the access point before configuring QoS. Then ensure full awareness of wireless traffic. While configuring QoS on the AP, I would select specific network traffic to prioritize and use congestion-management and congestion-avoidance techniques to prioritized traffic. This will ensure the network performs more predictably and ensure bandwidth utilization is more effective. Then I would create QoS policies and apply the policies to the VLANs configured on your access point. If you do not use VLANs on your network, you can apply your QoS policies to the access point’s Ethernet and radio ports.

To address the slowdown on Voice over WLAN, I would check AP for loopback interface configurations. A loopback interface configuration can generate an Inter-AP Protocol General Information (IAPP GENINFO) storm on the network, which can result in high CPU utilization on the AP. This can slow down the performance of the AP drastically and, in some cases, disrupt network traffic completely. Loopback interface configurations can also cause memory allocation failures.

The main steps I would take to ensure that Wireless LAN components are not compromised in the troubleshooting process as a result of the security issue would be to ensure proper implementation of QoS.

Response2:

One step that could be taken to ensure that Wireless LAN components are not compromised is to ensure you don’t have poorly configured Access Points. Access points that are improperly configured could broadcast Service Set Identifiers (SSIDs) of authorized users and allow intruders to steal information in order to access a corporation’s network. SSID resembles an identity where wireless devices need to communicate within the wireless LAN. So, in order for a wireless client to connect to an access point, the SSID needs to match.

Response3:

One step that could be taken to ensure that Wireless LAN components are not compromised is to ensure you don’t have unauthorized rogue Access Points. WLAN’s are sometimes too easy to implement. It only requires an employee to deploy a rogue access within an organization’s network. It does not require any form of security measures and can be installed without the knowledge of the IT staff. This opens a wide window of opportunity for hackers to exploit

Vulnerabilities.

Week 8 Lab 11: TSHOOT – TSHOOT Labs: Troubleshooting VoIP and Converged Networks (25 Points)

The objective of the week 8 Lab 11 TSHOOT Labs: Troubleshooting VoIP and Converged Networks lab was to troubleshoot a Voice over IP (VoIP) and converged network to bring it back to full functionality. There were no technical issues experienced while completing the lab. The commands that were of greatest benefit me where enable, configuration, and end. A general impression of the overall lab experience was confusing. First, all of the work to troubleshoot the problem was only on the first two of five routers. Second, the resolution was to re-establish connectivity between Router1 and Router2 when the problem had not been identified as a connectivity issue between the two routers.

Week 8 uCertify Assessment 9: Quiz – Chapter 8 (10 Points)

1.What is the name for the router in a VRRP virtual router group that is actively forwarding traffic on behalf of the virtual router group? Virtual router master

2.Which of the following is the default GLBP method for load balancing? Round-robin

3.How many active forwarders can be in an HSRP group? 1

4.What is the default priority for an HSRP interface? 100

5.What command enables you to verify the virtual MAC address of an HSRP group? show standby

6.Which of the following are Cisco proprietary FHRPs? (Choose two answers.) HSRP & GLBP

7.Which of the following statements is true concerning GLBP? GLBP allows multiple routers to simultaneously forward traffic.

8.Which two of the following are true about VRRP? (Choose two answers.) The virtual router IP address can be an unused IP in the LAN or an IP associated with a router’s LAN interface. & Preemption is on by default.

9.Which show commands enable you to verify the virtual MAC addresses that an AVF is responsible for? (Choose two answers.) show glbp brief & show glbp

10.Which two of the following are true about HSRP? The virtual router IP address has to be an unused IP in the LAN. & Preemption is off by default.

A summary of both my strengths and weaknesses with respect to the topics covered in the week 8 assessment 9 quiz covering Chapter 8 would suggest that I should re-read Chapter 8. I failed to properly comprehend the difference between VRRP and HSRP.

Optional Certification Readiness (optional and not graded):

uCertify flashcards, and exercise(s)- Chapter-11

Comprehensive Certification Discussion, located here in the course shell

Week 9 Read Chapter 7: Troubleshooting Switch Security Features

Week 9 Lecture 1:

Week 9 Discussion: “Troubleshooting Management Access” Please respond to the following:

Determine the greatest security challenge that a network administrator might encounter when troubleshooting issues in secured networks. Suggest one (1) way to mitigate such a challenge. Provide a rationale to support your response.

Per the text, Cisco security focuses on three (3) functional planes called the management, control, and data. Give your opinion on whether or not you believe it is logical to divide the security functions into the three (3) areas in the same manner as Cisco security does within a single device. Justify your response.

Response:

There have been major changes in information security attack strategies, known as vectors, and an increase in their public visibility over the years. Advanced persistent threats (APTs) became more common and mobile and wireless security came into the forefront. DDoS attacks became cloud-based, leveraging virtual servers to generate ultra-high bandwidth attacks. Therefore, the greatest security challenge that a network administrator might encounter when troubleshooting issues in secured networks might be state-sponsored espionage. This challenge highlights the need to protect critical data from politically or financially motivated threats. Critical data includes the information needed to run network attached infrastructure as well as the intellectual property used to manage business and drive innovative solutions. One way to mitigate such a challenge is for businesses to bolster their security significantly by implementing dual-factor authentication and monitoring remote access. Reducing the number of privileged accounts, and requiring the use of unique local administrator passwords can also help. And while these basic efforts at cyber-hygiene can go a long way towards securing an environment, it’s also important to use a flexible security architecture, and technology that can identify malware without using signatures.

Response2:

Another security challenge high on the list of security challenges that a network administrator might encounter when troubleshooting issues in secured networks, according to security professionals in the financial services industry, is Distributed denial of Service (DDoS) attacks. Professionals expect to see a higher risk of business impacting threats with the shift from computer-based attacks, generating large numbers of lower bandwidth events, to virtual server or cloud-based attacks, generating ultra-high bandwidth events. With these new attack vectors, it becomes even more beneficial to identify and mitigate large DDoS events while traffic is in the network cloud.

Response3:

Surprisingly, another security challenge high on the list of security challenges that a network administrator might encounter when troubleshooting issues in secured networks is password management. The challenge is putting in place and enforcing stronger user-controlled passwords that are less likely to be broken. This educational and administrative challenge requires creative solutions and enforced policies. We can look at alternatives to traditional passwords, such as the use of a federated ID, which is a way of linking a person’s electronic identity and attributes, stored across multiple distinct identity management systems.

Response4:

If I relate security to the three planes called management, control, and data that we are focusing on in our discussion, I would have to suggest DDOS relates to all three planes because data must be managed and controlled. Software-defined networking (SDN) is an emerging network architecture that has gained much attention from academia and industry. The core idea of SDN is to decouple the network’s control and data planes, interconnecting them with a standard protocol like OpenFlow. The centralized control plane makes network management simple and efficient, while the decoupled architecture allows the two planes to evolve separately, enabling rapid innovations in network management. Despite these advantages, the SDN control plane fails to provide sufficient throughput. This vulnerability could be exploited by malicious agents to initiate distributed denial-of-service (DDoS) attack. The zombies can congest the control plane by sending a large number of forged flow arrivals, causing network performance degradation and interruption. Traditional DDoS defense approaches focus on protecting the data plane, and are therefore ineffective in the cases of SDN control plane DDoS attacks. Recently proposed schemes only partially solve the problems by scaling up the control planes using software-based switches, but do not ultimately solve the problems caused by SDN control plane DDoS attacks. The solution is to protect the management, control, and data planes simultaneously.

In my opinion, I believe it is logical to divide the security functions into the three areas in the same manner as Cisco security does within a single device. Networks are essentially already divided into three parts: network, subnet, and host. I would suggest how one deals with security is a matter of perspective. As stated in my earlier post, it is beneficial to identify and mitigate large DDoS events while traffic is in the network cloud. Since the network cloud is a compilation of networked devices, it only makes since to me to use the same or similar processes of management, control, and data used on devices for the entire cloud.

Every single network device or distributed system like QFabric has to perform at least three distinct activities. Network devices process the transit traffic in the data plane, which is why they are purchased. Network devices figure out what’s going on around them using control plane protocols. And, network devices interact with its owner or network management system (NMS) through the management plane. Routers are used as a typical example in every text describing the three planes of operation. Interfaces, IP subnets and routing protocols are configured through management plane protocols, ranging from CLI to NETCONF and most recently northbound RESTful API. Routers run control plane routing protocols (OSPF, EIGRP, BGP …) to discover adjacent devices and the overall network topology or reachability information in case of distance/path vector protocols. Routers insert the results of the control-plane protocols into Routing Information Base (RIB) and Forwarding Information Base (FIB). Data plane software or ASICs uses FIB structures to forward the transit traffic. Management plane protocols like SNMP can be used to monitor the device operation, its performance, interface counters and so on. Control plane protocols usually refer to routing protocols but often include interface state management (PPP, LACP), connectivity management (BFD, CFM), adjacent device discovery (hello mechanisms present in most routing protocols, ES-IS, ARP, IPv6 ND, uPNP SSDP), topology or reachability information exchange (IP/IPv6 routing protocols, IS-IS in TRILL/SPB, STP), and service provisioning (RSVP for IntServ or MPLS/TE, uPNP SOAP calls).The data plane should be focused on forwarding packets but is commonly burdened by other activities like NAT session creation and NAT table maintenance, neighbor address gleaning (example: dynamic MAC address learning in bridging, IPv6 SAVI), Netflow Accounting (sFlow is cheap compared to Netflow), ACL logging, and error signaling (ICMP). Data plane forwarding is hopefully performed in dedicated hardware or in high-speed code (within the interrupt handler on low-end Cisco IOS routers), while the overhead activities usually happen on the device CPU (sometimes even in user space processes where the switch from high-speed forwarding to user-mode processing is commonly called punting).

Watch Lab 9: Cisco IOS Security (38 min 37 sec)

Week 9 Lab 12: SWITCH – SWITCH Labs: Configuring IOS Security Part I VLAN ACLs (25 Points)

SWITCH Lab: Configuring IOS Security Part I: VLAN ACLs objective was to apply virtual LAN (VLAN) access control lists (ACLs). We were to configure two of four routers P1ASW1 and P1DSW1. The other two routers P2ASW2 and P2DSW2 were configured upon the initial loading of the lab. I experienced issues on the first step which was to ping P1ASW1 (172.16.1.10) from P1PC1. My attempt to ping P1ASW1 failed with the response “unrecognized host or address, or protocol not running. The ping functioned on the second attempt. The commands of greatest benefit were enable, configure terminal and end.

Command Summary:

action [drop | forward]defines the action for matched traffic in a VLAN map

configure terminalenters global configuration mode from privileged EXEC mode

enableenters privileged EXEC mode

endends and exits configuration mode

exitexits one level in the menu structure

ip access-list {standard | extended} access-list-namedefines an IP access list by name

line vty 0 15enters configuration mode for virtual terminal (vty) lines

loginenables password checking

match ip address access-listmatches an IP address permitted in the ACL

password passwordspecifies the password that is required for a user to log in

[sequence-number] permit {protocol} {any | source source-wildcard} {any | destination destination-wildcard} [operator [port]] [log]sets condition to allow packets from the specified protocol to pass a named access list

ping ip-addresssends an Internet Control Message Protocol (ICMP) echo request to the specified address

show access-lists [access-list-number | access-list-name]displays the contents of current ACLs

show running-configdisplays the active confguration file

show vlan access-mapverifies access map configuration

show vlan filter [access-map name | vlan vlan-id]displays information about all VLAN filters or about a particular VLAN or VLAN access map

telnet ip-addressstarts the terminal emulation program from a PC, router, or switch; permits you to access devices remotely over the network

vlan filter map-name {vlan-list vlan-list | interface interface-number}applies a VLAN access map to a list of VLANs

Week 9 Lab 13: SWITCH – SWITCH Labs: Configuring IOS Security Part II TACACS (25 Points)

SWITCH Lab: Configuring IOS Security Part II: TACACS+ objective was an attempt to configure ASWs to authenticate to a Terminal Access Controller Access Control System Plus (TACACS+) server. We were responsible for configuring only one router P1ASW1. I experienced no technical issues attempting to complete this lab. The commands that were of greatest use were enable, configure terminal, end and exit. The overall experience resulted in a somewhat confusing attempt to change passwords.

Command Summary

CommandDescription

aaa authentication login {default | list-name} method1 [method2…]enables Authentication, Authorization, and Accounting (AAA) login

aaa new-modelenables the AAA model

configure terminalenters global configuration mode from privileged EXEC mode

enableenters privileged EXEC mode

endends and exits configuration mode

exitexits one level in the menu structure

line vty 0 15enters configuration mode for virtual terminal (vty) lines

loginenables password checking

password passwordspecifies the password that is required for a user to log in

ping ip-addresssends an Internet Control Message Protocol (ICMP) echo request to the specified address

show running-configdisplays the active configuration file

shutdown; no shutdowndisables an interface; enables an interface

tacacs-server host ip-address single-connectionconfigures a TACACS+ server to communicate with the specified host

tacacs-server key keysets the authentication encryption key used for all TACACS+ communications between the access server and the TACACS+ daemon

tacacs user name password passwordis used in NetSim to create a user name and password pair on a workstation configured as a TACACS server

tacacs key case-sensitive-key-phraseis used in NetSim to add a TACACS key to a workstation configured as a TACACS server

telnet ip-addressstarts the terminal emulation program from a PC, router, or switch; permits the user to access devices remotely over the network

username name password passwordcreates a local user name and password pair

login authentication {default

Week 9 uCertify Assessment 10: Quiz – Chapter 9 (10 Points)

A summary of both my strengths and weaknesses with respect to the topics covered in the assessment would reveal that after completing the uCertify Assessment 10 Quiz for Chapter 9, I have not mastered addressing technologies. I’ve failed to properly comprehend IPv4 addressing.

1. Which column in the output of show ip nat translations displays the address that source IPs have been translated to?

Inside Global

2. Which parameter is necessary in the ip nat inside source command to enable PAT?

Overload

3. Which command enables you to verify the IP address configured on a Windows PC interface?

Ipconfig

4. What will occur when a PC with the IP address 10.1.1.27/29 needs to communicate with a PC that has an IP address of 10.1.1.18? (Choose two answers.)

It will ARP for the MAC address of the default gateway.

It will send the frame to its default gateway.

5. Which command enables you to verify the interfaces that are configured for NAT?

show ip nat statistics

6. Which command will enable a router interface to obtain an IP address from a DHCP server?

ip address dhcp

7. What will occur when a PC with the IP address 10.1.1.27/28 needs to communicate with a PC that has an IP address of 10.1.1.18? (Choose two answers.)

It will send the frame directly to the destination PC.

It will ARP for the MAC address of the destination PC.

8. Which command is needed on a router interface to forward DHCP Discover messages to a DHCP server on a different subnet?

ip helper-address

9. What is the correct order of operations for the DHCP for IPv4 process?

Discover, Offer, Request, Ack

10. Which command enables you to verify the IP address configured on a router’s interface?

show ip interface

Optional Certification Readiness (optional and not graded)

uCertify flashcards, and exercise(s)- Chapter 7

Comprehensive Certification Discussion, located here in the course shell

Week 10: Read Chapter 12: Troubleshooting Basic IPv4/IPv6 Routing and GRE Tunnels

Review Lecture 1:

RADULKO Transport Network Overview

Cisco BPDU Guard

One way to prevent users from connecting unauthorized or rogue switches to the network is by enabling the Cisco BPDU guard on the access ports of the access switches

Enable Spanning-tree portfast edge

Spanning-tree bodyguard enable

Spanning-tree bdufilter enable

Cisco’s Per-VLAN Spanning Tree Plus

Spanning Tree Protocol (STP) Troubleshooting

Show spanning-tree – check status of spanning-tree & VLAN

Show spanning-tree summary

Show spanning-tree mst configuration

STP knowledge allows an organization to isolate and possibly find the cause of a particular switch failure

Stability mechanisms can be used to secure the network against forwarding loops

Portfast – causes switchport to enter spanning tree forwarding state immediately bypassing the listening and learning states

Portfast BDU guard – prevents loops by moving a non-trunking port to an error disabled state when a BPDU is received on that port

BPDUfilter – feature enabled globally or per interface that prevents commands from sending or receiving BPDUs

Loop Guard – causes alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link

Root Guard – feature that enables any switch with the lowest bridge ID to become the root bridge in a switch network

uCertify Video(s)Lab 3: EIGRP Troubleshooting (44 min 37 sec)

Discussion (20 Points):

“Complex Integrated Networks” Please respond to the following:

Per the text, in complex integrated networks, a combination of many different protocols and technologies deliver network services that support the enterprise applications. Identify the network elements that are interrelated, dependent, or independent of one another. Next, analyze the overall manner in which a failure in each area will affect other network elements. Provide one (1) example or scenario of such failure to support your response.

Isolate one (1) of the difficulties of communicating in the troubleshooting process and recommend one (1) way that the network troubleshooting engineer can do to overcome it. In your response, be sure to indicate the importance of communication at the reporting, data collection, analysis, testing, and solutions steps of the troubleshooting process. Provide a rationale to support your recommendation.

Response:

“Complex Integrated Networks”. Per the text, in complex integrated networks, a combination of many different protocols and technologies deliver network services that support the enterprise applications. The network elements that are interrelated, dependent, or independent of one another are varied. With respect to the OSI model, I believe no network elements are independent of one another. I would suggest that all network elements are interrelated, or dependent on each other, or run in parallel. The interrelated (related or connected to one another) network elements of an OSI model are would be seen as network performance through the physical and session layers as well as network security through all seven layers. All layers of an OSI model are dependent because each layer serves the upper layer and also depends upon the services from the lower layer. The parallel (side by side) elements of an OSI model are layers 1 through 7 stacked upon each other like 7 layer sandwich. The Application layer rests upon the Presentation layer and so on.

The overall manner in which a failure in each area will affect other network elements could be the loss of transmitted data. One (1) simple example or scenario of such a failure would be a malfunctioning or disconnected ethernet cable.

An isolation of one (1) of the difficulties of communicating in the network troubleshooting process is documentation. One (1) recommended approach that the network troubleshooting engineer can perform to overcome the difficulty is to document customers’ networks. Documenting can make the troubleshooting process much more efficient when problems arise. These same network documents can also help an engineer spot areas of a customers’ network that may need to be upgraded which could provide extra revenue. A good network documentation proves that an engineer has adhered to industry best practices, and could their best defense should a customer ever file litigation against the engineer for something network-related.

Response2:

Although viruses, worms, and hackers monopolize the headlines about information security, risk management is the most important aspect of security architecture for administrators. A less exciting and glamorous area, risk management is based on specific principles and concepts that are related to asset protection and security management. To optimally allocate resources and secure assets, it is essential that some form of data classification exists. By identifying which data has the most worth, administrators can put their greatest effort toward securing that data. Without classification, data custodians find it almost impossible to adequately secure the data, and IT management finds it equally difficult to optimally allocate resources.

Response3:

Basic elements of a computer network include hardware, software, and protocols. The interrelationship of these basic elements constitutes the infrastructure of the network. A network infrastructure is the topology in which the nodes of a local area network (LAN) or a wide area network (WAN) are connected to each other. These connections involve equipment like routers, switches, bridges and hubs using cables (copper, fiber, and so on) or wireless technologies (Wi-Fi).

If we think of a network as roads, highways, rails, and other means of transport, the network protocols are the “traffic rules.” The network protocols define how two devices in the network communicate. The specification of the network protocols starts with the electrical specifications of how a networking device is connected to the infrastructure. For example, line voltage levels, carrier signals and the designation of which line might be used for what types of signals must all be specified. Building up from there, network protocols include such specifications as the methods that can be used to control congestion in the network and how application programs will communicate and exchange data.

A popular method of documenting network protocols is to use a layered network architecture model. Network architecture models separate specific functions into layers, which collectively form a network stack. While a protocol consists of rules that define characteristics for transporting data between network nodes, the layered model separates the end-to-end communication into specific functions performed within each layer.

Ideally, the layers are isolated from each other: each layer does not need to know how the layer below it functions. All a layer needs to know is how to interact with the layers adjacent to it. You can learn more about network layers in the topic on network layers and protocols.

Today, TCP/IP is by far the most dominant suite of networking protocols. Prior to TCP/IP, SNA was arguably the dominant protocol suite. There is some irony here, because TCP/IP is the older of the two protocols. Many networks in larger organizations are using both of these protocol suites. As with most networking protocols, both SNA and TCP/IP are layered protocol stacks.

Week10 Lab 14: TSHOOT – TSHOOT Labs: Troubleshooting Basic BGP (25 Points):

The Lab 14 TSHOOT Lab: Troubleshooting Basic BGP objective was to isolate, identify, and correct problems with Border Gateway Protocol (BGP). There were no technical experiences in completing this lab. The commands that were of greatest benefit were enable, configure terminal, end, and exit. The overall lab experience simple.

configure terminalenters global configuration mode from privileged EXEC mode

enableenters privileged EXEC mode

endends and exits configuration mode

exitexits one level in the menu structure

[no] neighbor ip-address remote-as autonomous-system-numberestablishes a BGP neighbor relationship; the no form terminates the neighbor relationship

[no] network network-address {mask mask}specifies networks to be advertised by BGP; the no form specifies that a network should no longer be advertised by BGP

ping ip-addresssends an Internet Control Message Protocol (ICMP) echo request to the specified address

router bgp autonomous-system-numberchanges to router configuration mode for BGP

show ip bgp neighborsdisplays detailed BGP neighbor status

show ip bgp summarydisplays summary BGP neighbor status

show ip protocolsdisplays information about active routing protocols

show ip routedisplays the IP routing table

show running-configdisplays the active configuration file

Week 10 Lab 15: TSHOOT – TSHOOT Labs: Troubleshooting EIGRP Routing (25 Points)

The Week 10 Lab 15: TSHOOT – TSHOOT Labs: Troubleshooting EIGRP Routing objective was to analyze, locate, and fix Enhanced Interior Gateway Routing Protocol (EIGRP) operation problems in the network. There were no technical experiences in completing this lab. The commands that were of greatest benefit were enable, configure terminal, end, and exit. The overall lab experience was interesting.

configure terminalenters global configuration mode from privileged EXEC mode

[no] debug eigrp packets [terse | hello]displays debugging information about EIGRP packets; the hello option limits the output to display only information about hello packets, and the terse option displays information about all EIGRP packets except hello packets; the no form turns off debugging

enableenters privileged EXEC mode

endends and exits configuration mode

exitexits one level in the menu structure

key chain key-chain-namecreates or modifies a key chain

key key-idcreates or modifies a key chain key

key-string key-string-textspecifies the authentication string for the key

[no] metric weights tos k1 k2 k3 k4 k5tunes EIGRP metric calculations; the no form resets the metric calculations to their defaults

ping ip-addresssends an Internet Control Message Protocol (ICMP) echo request to the specified address

router eigrp autonomous-system-numberenters router configuration mode for EIGRP

show ip eigrp interfaces [type number] [as-number] detaildisplays information about interfaces configured for EIGRP

show ip eigrp neighborsdisplays information about EIGRP neighbors

show ip interface briefdisplays a brief summary of interface status and configuration

show key chaindisplays authentication key information

show running-configdisplays the active configuration file

Week 10 Lab 16: TSHOOT – TSHOOT Labs: Troubleshooting OSPF Routing Part I (25 Points)

The Week 10 Lab 16: TSHOOT – TSHOOT Labs: Troubleshooting OSPF Routing Part I objective was to analyze, locate, and correct Open Shortest Path First (OSPF) operation problems in the network. There were no technical experiences in completing this lab. The commands that were of greatest benefit were enable, configure terminal, end, and exit. The overall lab experience was interesting because it’s the first time I really comprehended what happens during a ping…or maybe not.

configure terminalenters global configuration mode from privileged EXEC mode

[no] debug ip ospf [[adjacency] [database-timer] [events] [flooding] [hello]]displays information on OSPF-related events, such as adjacencies, flooding information, designated router selection, and shortest path first (SPF) calculation; the no form turns off OSPF events debugging

enableenters privileged EXEC mode

endends and exits configuration mode

exitexits one level in the menu structure

[no] network network-address wildcard-mask area area-idactivates OSPF on the specified network and places the matching interface in the specified area; the no form deactivates OSPF on the specified network and removes the matching interface from the specified area

ping ip-addresssends an Internet Control Message Protocol (ICMP) echo request to the specified address

router ospf process-identers router configuration mode for an OSPF process

show ip interface briefdisplays a brief summary of interface status and configuration

show ip ospf databasedisplays the OSPF link state database

show ip ospf interface [type number] [brief]displays OSPF interface information

show ip ospf [process-id [area-id]] neighbordisplays OSPF neighbor information

show ip protocolsdisplays information about active routing protocols

show ip routedisplays the IP routing table

show running-configdisplays the active configuration file

Assignment 2: XYZ Company Troubleshooting and Maintenance Plan (170 Points): Due Week 10 and worth 170 points

Use the same scenario from Assignment 1. In addition, XYZ Company is heavily invested in e-Commerce with all retail locations’ Point of Sale systems connected so that it maintains a dynamic inventory and automatically generates restock orders. The XYZ Company engineers have configured the WAN-based Intranet using IPSec to support all of these locations via encrypted VPN links connected to the nearest regional distribution center.

XYZ Company has an enterprise network consisting of a core backbone, corporate campus, two (2) data centers, regional distribution centers, and Internet Edge with a DMZ. For better security, the retail Point of Sale systems does not have direct Internet access. At the corporate campus, the seven (7) departments in the company include Finance, Operations, Human Resources, Sales, Marketing, Technology, and the Corporate Executive Office. The company provides appropriate computing equipment to all of its employees. It also provides remote access for the system and network administrators using company-provided encrypted laptops and two (2) factor authentication to access the XYZ Company network in order to provide off-hours support.

Due to recent major security concerns in its campus network, XYZ Company redesigned the infrastructure so that it:

Implements VLAN segments segregating servers, workstations, and printers on separate VLANs.

Implements Port Security to protect against MAC layer attacks.

Implements firewalls between VLANs to protect against VLAN attacks.

Protects against spoofing attacks.

Secures the network switches.

Based on your prior success in other networking endeavors, your supervisor has asked you to write a detailed troubleshooting and maintenance plan for your fellow network engineers for when they are on call. Additionally, this plan will be the template for the other system administrators to write troubleshooting and maintenance plans for their areas of expertise.

Write a six to ten (6-10) page paper in which you:

Describe the routing and switching infrastructure and the routing protocols used in the environment.

Illustrate the secure routing and switching infrastructure topology through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Include a depiction of all core elements of the routing and infrastructure topology using color-keyed symbols to indicate the functionality of each item. Note: The graphically depicted solution is not included in the required page length.

Suggest one (1) overall troubleshooting methodology that you would use for your troubleshooting and maintenance plan. Provide a rationale to support your suggestion.

Create the daily, weekly, and monthly maintenance processes that your fellow network engineers must follow in order to maintain the health of the network. Provide a rationale to support of your suggestion(s).

Analyze whether or not other system administrators can use the template of your plan to write troubleshooting and maintenance plans for their areas of expertise. Justify your response.

Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

Describe and develop maintenance methods, and processes and procedures through the use of networking tools, resources, and techniques.

Summarize and develop troubleshooting processes for enterprise networks.

Explain and plan the troubleshooting related to network performance.

Describe, maintain, and troubleshoot network security issues for branch and remote office locations.

Use technology and information resources to research issues in internetworking troubleshooting.

Write clearly and concisely about internetworking troubleshooting using proper writing mechanics.

uCertify Assessment 11: Quiz – Chapter 10 (10 Points)

Complete the assessment; your results will be displayed. Select “Share your result” from the results page menu items.

Copy the URL and paste it into the assignment submission area in the Blackboard online course shell. Summarize, in two to three (2-3) sentences, both your strengths and weaknesses with respect to the topics you covered in the assessment.

1. What type of message is used to determine the MAC address of a known IPv6 address? Neighbor Solicitation

2. Which DHCPv6 message type is sent from the client as it is searching for a DHCPv6 server? SOLICIT

3. Which command is used on a Cisco IOS router to verify the IPv6 addresses that have been deployed to clients?

show ipv6 dhcp binding

4. Which command is used to enable a router to inform clients that they need to get additional configuration information from a DHCPv6 server? ipv6 nd other-config-flag

5. What is needed when a DHCPv6 server resides in a different network than the clients it is providing IPv6 addresses to?

Relay agent

6. What command is used on a Cisco IOS router to enable SLAAC on an interface? ipv6 address autoconfig

7. Which of the following are true when using EUI-64? (Choose two answers.)

The interface MAC address is used with FFFE added to the middle.

The seventh bit from the left in the MAC address is flipped.

8. What command enables you to configure a router interface as a DHCPv6 relay agent? ipv6 dhcp relay destination

9. What protocol is used with IPv6 to determine the MAC address of a device in the same local-area network?

Neighbor Discovery Protocol

10. What are requirements for stateless autoconfiguration to function? (Choose three answers.)

The prefix must be a /64.

The router must be sending and not suppressing RA messages.

The router must be enabled for IPv6 unicast routing.

A summary of both my strengths and weaknesses with respect to the topics I covered in the assessment were that I might need to re-read Chapter 10 Troubleshooting IPv6 Addressing and Addressing Technologies. During the assessment it was obvious I’d failed to comprehend the distinction between different types of messages, commands identified in the chapter, and stateless requirements.

Optional Certification Readiness (optional and not graded):

uCertify flashcards, and exercise(s)- Chapter 12

Comprehensive Certification Discussion, located here in the course shell