Tshoot 300-135 (Infrastructure service) First Hope Redundancy Protocols

Ticket #1
PC1 is not getting an IP address from SW5.
Ensure PC1 receives an IP address between 192.168.100.100-249

Use the command ifconfig eth1 to view its IP address.
Use the command sudo reboot to request an ip address

#### Check if SW5 is giving IP
SW5#show ip dhcp binding
SW5#show ip dhcp pool
SW5 unable to issue out IP to client as 254 Excluded
0 address available for lease
#### Check dhcp configuration
SW5#show run | sec dhcp pool
SW5#show run | sec dhcp pool VLAN100

#### Check excluded-address
SW5#show run | i excluded
#### Remove the wrong entry
SW5(config)#no ip dhcp excluded-address 192.168.100.1 192.168.200.254

#### Verify fix
SW5#show ip dhcp pool
#### Problem is not resolved yet as the client still got IP address when SW5 was not issuing any. There is rogue dhcp server somewhere.

#### Locate the rogue dhcp server
#### Start investigating the SW nearest to client
SW3#debug ip dhcp server packet

#### Force client to restart for new PC
PC1#sudo reboot

#### Discovered DHCP relay on SW3
#### Two possible solution.
#### 1) Reconfigure the rogue dhcp server
#### 2) Disable the DHCP relay on SW3
#### ip helper-address also forwards broadcasts for other UDP-based applications like DNS and TFTP.

#### Removing DHCP relay on SW3 may have unintended consequences.
#### Other SW may also have DHCP relay so disabling on this device may not fix
#### Going straight to rogue device to de-configure DHCP server 
SW7#show ip dhcp binding
SW7#show ip dhcp pool
#### Remove the test pool on the rogue dhcp server
SW7(config)#no ip dhcp pool testpool

#### Verify fix
PC1#sudo reboot

#### Client still unable to get IP
SW3#show int status
SW3#show int description
SW3#show spanning-tree vlan 100
SW3#show run int vlan100
#### No problem on SW3

#### Check directly connected neighbor SW
SW5#show run int vlan100

#### SW5 virtual interface was shutdown
SW5(config)#int vlan 100
SW5(config-if)#no shutdown
#### Verify fix
PC1#sudo reboot
SW5#show ip dhcp binding
SW5#show ip dhcp binding 192.168.100.100

Ticket #2
PC1 and PC2 can’t ping each other.
Diagnose and resolve.

Ensure each PC’s default gateway is set to the highest host address of its respective subnet.
Use the command ifconfig eth1 to view each PC’s IP address.
Use route -n to view its default gateway

#### Understand the setup
SW4#show int gix/x switchport
#### Ensure int where PC is connected, is on FWD State
SW4#show spanning-tree vlan 200
#### No interface running vlan 200 present
SW5#show spanning-tree vlan 200
#### Check out the trunk port on SW5
SW5#show int trunk
SW5#show int gi2/3 trunk
vlan 200 is not allowed on the trunk Gi2/3
#### Allow vlan 200 on the trunk
SW5(config)#int gi2/3
SW5(config-if)#switchport trunk allowed vlan add 200

#### Verify trunk fix and check spanning tree
SW5#show spanning-tree vlan 200

#### Verify fix 
PC2#ifconfig eth1
PC2#route -n

#### Discovered PC2 still unable to ping PC1
#### PC2 has no default route
#### Ensure SW5 provides default-route
SW5#show run | sec dhcp pool
#### Add default-router to the pool VLAN200
SW5(config)#ip dhcp pool VLAN200
SW5(dhcp-config)#default-router 192.168.200.254

#### Verify fix after PC2 restart
PC2#ping 192.168.200.254
PC2#ping 192.168.100.100
#### Discovered able to ping gateway but not PC1.
#### Locate default-router
SW4#show arp 192.168.200.254
#### Locate the Int connected to default-router
SW4#show mac address 0007.b400.c801
#### No result. Switch's own MAC address will not show up in MAC address table. This concludes that SW4 is the default-router.
SW4#show ip int vlan200
#### 224.0.0.5 OSPF
#### 224.0.0.6 OSPF
#### 224.0.0.102 (HSRP and GLBP)
#### Find out if SW4 is participating in HSRP or GLBP
### Process of elimination 
SW4#show standby
SW4#show glbp
gateway-router IP (virtual IP)
MAC address of the gateway-router IP (virtual)
Same MAC address from arp table
#### Check if SW4 can reach PC1
SW4#ping 192.168.100.100
SW4#traceroute 192.168.100.100
SW4#show ip cef 192.168.100.100
SW4#show ip route 192.168.100.100

#### Note####
*A single dhcp exclusion can effectively disable multiple pools*

Ticket #3
SW1 and SW3 are in an HSRP standby group.
Ensure SW3 is the active router unless R7 goes down.
Do not modify SW1.

#### Understand the setup
SW3#show standby
#### Check out track object 7
SW3#show track 7
SW3#show ip sla summary
#### Check out the current config
SW3#show run int vlan 100
#### Check out SLA config
SW3#show ip sla configuration

#### Discovered that Source interface is Loopback0
#### The return traffic must be able to reach Loopback0 in order to meet the SLA condition
#### Check out Loopback 0 int
SW3#show ip int br loopback 0
If R7 doesn’t have route back to 33.33.33.33, ping reply will fail
#### Check if there is return path
SW3#ping 10.123.7.7 source loopback 0

#### Ping time out so IP SLA fails and decrements 156
#### Tracking is sourcing from wrong interface
#### Fix by changing the source interface
SW3#show run | sec ip sla 7

#### Once IP SLA is running, we can't modify. Must recreate
SW3(config)#no ip sla 7
SW3(config)#ip sla 7
SW3(config-ip-sla)#icmp-echo 10.135.7.7
SW3(config-ip-sla-echo)#frequency 5
SW3(config-ip-sla-echo)#exit

#### Schedule IP SLA
SW3(config)#ip sla schedule 7 life forever start-time now

#### Verify fix
SW3#show standby
#### Enable Preemption
SW3(config)#int vlan 100
SW3(config-if)#standby 100 preempt

#### Verify fix
SW3#show standby

Ticket #4
PC1 and PC2 can’t ping each other again.
Diagnose and resolve.
Use the command tracepath -n [IP] to run a traceroute.

#### Check the situation
PC1#ping 192.168.200.100
SW3#show ip cef 192.168.200.100
SW3#show ip route 192.168.200.100

#### Discovered static route going to Null0
#### Verify fix
SW3#show ip cef 192.168.200.100
PC1#ping 192.168.200.100

Ticket #5
Ensure SW2 and SW4 are in the same GLBP group.
Ensure SW4 is the active virtual gateway.

#### Understand the setup
SW4#show glbp

#### Discovered that only 1 member in the GLBP group
There is only 1 memeber
#### Go to the other member not in the group
SW2#show glbp
SW2#show int vlan 200
#### Fix by bring up the down interface
#### SVI will be down if there are no access or trunk ports in vlan200
SW2#show vlan br
SW2#show int switchport | i 200
SW2#show int trunk

#### Vlan 200 is not allowed on trunk
SW2(config)#int range gi0/1, gi0/3
SW2(config-if-range)#switchport trunk allowed vlan add 200

#### Check SVI vlan 200
SW2#show run int vlan 200
#### Check out the GLBP authentication key-chain
SW2#show key chain KC_GLBP
SW4#show key chain KC_GLBP
#### Key chain is not yet valid
#### Fix the key chain
SW4#show run | sec KC_GLBP
SW4(config-keychain)#key 1
SW4(config-keychain-key)#no accept-lifetime
#### Give SW4 higher priority
SW4(config)#int vlan 200
SW4(config-if)#glbp 200 priority 255

#### Verify fix
SW4#show glbp

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top