11.4.3.5 Lab – Troubleshooting Connectivity Issues (Instructor Version – Recommend Lab)
Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
Topology
Addressing Table
| Device | Interface | IP Address | Subnet Mask | Default Gateway |
|---|---|---|---|---|
| R1 | G0/1 | 192.168.1.1 | 255.255.255.0 | N/A |
| S0/0/0 | 10.1.1.1 | 255.255.255.252 | N/A | |
| ISP | S0/0/0 | 10.1.1.2 | 255.255.255.252 | N/A |
| Lo0 | 209.165.200.226 | 255.255.255.255 | N/A | |
| S1 | VLAN 1 | 192.168.1.2 | 255.255.255.0 | 192.168.1.1 |
| PC-A | NIC | 192.168.1.10 | 255.255.255.0 | 192.168.1.1 |
Objectives
- Part 1: Identify the Problem
- Part 2: Implement Network Changes
- Part 3: Verify Full Functionality
- Part 4: Document Findings and Configuration Changes
Background / Scenario
In this lab, the company that you work for is experiencing problems with their Local Area Network (LAN). You have been asked to troubleshoot and resolve the network issues. In Part 1, you will connect to devices on the LAN and use troubleshooting tools to identify the network issues, establish a theory of probable cause, and test that theory. In Part 2, you will establish a plan of action to resolve and implement a solution. In Part 3, you will verify full functionality has been restored. Part 4 provides space for you to document your troubleshooting findings along with the configuration changes that you made to the LAN devices.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions may be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the correct interface identifiers.
Required Resources
- 2 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
- 1 Switch (Cisco 2960 with Cisco IOS Release 15.0(2) lanbasek9 image or comparable)
- 1 PC (Windows 7 or 8 with terminal emulation program, such as Tera Term)
- Ethernet and Serial cables as shown in the topology
Troubleshooting Configurations
The following settings must be configured on the devices shown in the topology. Paste the configurations onto the specified devices prior to starting the lab.
PC:
IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0
Default Gateway: (leave blank)
Instructor: You may choose to configure the PC settings; otherwise, student will know that the missing default gateway setting is a problem.
S1:
no ip domain-lookup hostname S1 ip domain-name ccna-lab.com username admin01 privilege 15 secret 9 $9$lJgfiLCHj.Xp/q$hA2w.oyQPTMhBGPeR.FZo3NZRJ9T1FdqvgRCFyBYnNs interface FastEthernet0/1 shutdown interface FastEthernet0/2 shutdown interface FastEthernet0/3 shutdown interface FastEthernet0/4 shutdown interface FastEthernet0/5 duplex full interface Vlan1 ip address 192.168.1.2 255.255.255.0 line vty 0 4 login local transport input ssh line vty 5 15 login local transport input ssh crypto key generate rsa general-keys modulus 1024 end
R1:
hostname R1 no ip domain-lookup ip domain-name ccna-lab.com username admin01 privilege 15 secret 9 $9$8a4jGjbPPpeeoE$WyPsIiOaYT4ATlJzrR6T9E6vIdESOGF.NYX53arPmtA interface GigabitEthernet0/0 shutdown interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 duplex half speed auto no shutdown interface Serial0/0/0 ip address 10.1.2.1 255.255.255.252 no shutdown interface Serial0/0/1 no ip address shutdown line vty 0 4 login local transport input ssh crypto key generate rsa general-keys modulus 1024 end
ISP:
hostname ISP no ip domain-lookup interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 no shut interface Lo0 ip address 209.165.200.226 255.255.255.255 ip route 0.0.0.0 0.0.0.0 10.1.1.1 end
Part 1: Identify the Problem.
The only available information about the network problem is that the users are experiencing slow response times and that they are not able to reach an external device on the Internet at IP address 209.165.200.226. To determine probable cause(s) for these network issues, you will need to utilize network commands and tools on the LAN equipment shown in the topology.
Note: The user name admin01 with a password of cisco12345 will be required to log into the network equipment.
Step 1: Troubleshoot from the PC.
a. From the PC command prompt, ping the external server IP Address 209.165.200.226.
b. Use the ipconfig command to determine the network settings on the PC.
Step 2: Troubleshoot from S1 using a SSH client session.
Note: Any SSH client software can be used. Tera Term is used in the examples in this lab.
a. SSH to S1 using its IP Address of 192.168.1.2 and log into the switch using admin01 for the user name and cisco12345 for the password.
b. Issue the terminal monitor command on S1 to allow log messages to be sent to the VTY line of your SSH session. After a few seconds you notice the following error message being displayed in your SSH window.
S1# terminal monitor S1# *Mar 1 02:08:11.338: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex), with R1.ccna-lab.com GigabitEthernet0/1 (half duplex). S1#
c. On S1, issue the show interface f0/5 command to view the duplex setting of the interface.
S1# show interface f0/5 FastEthernet0/5 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0cd9.96e8.8a05 (bia 0cd9.96e8.8a05) MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:35, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 849 packets input, 104642 bytes, 0 no buffer Received 123 broadcasts (122 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 122 multicast, 0 pause input 0 input packets with dribble condition detected 4489 packets output, 361270 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out S1#
Step 3: Troubleshoot on R1 using an SSH client.
a. SSH to R1’s LAN interface and log in using admin01 for the user name and cisco12345 as the password.
b. Issue the terminal monitor command on R1 to allow log messages to be sent to the VTY line of your SSH session for R1. After a few seconds the duplex mismatch message appears on R1’s SSH session.
R1# terminal monitor R1# *Nov 23 16:12:36.623: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on GigabitEthernet0/1 (not full duplex), with S1.ccna-lab.com FastEthernet0/5 (full duplex). R1#
c. Issue the show interface G0/1 command on R1 to display the duplex setting.
R1# show interfaces g0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is CN Gigabit Ethernet, address is d48c.b5ce.a0c1 (bia d48c.b5ce.a0c1) Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half Duplex, 100Mbps, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:15, output 00:00:05, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 641 packets input, 101892 bytes, 0 no buffer Received 453 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 361 multicast, 0 pause input 1043 packets output, 123698 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 235 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out R1#
d. Issue the ping 209.165.200.226 command on R1 to test connectivity to the external server.
R1# ping 209.165.200.226 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 209.165.200.226, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1#e. Issue the show ip interface brief command on R1 to verify interface IP Address settings.
R1# show ip interface brief Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES unset administratively down down GigabitEthernet0/0 unassigned YES unset administratively down down GigabitEthernet0/1 192.168.1.1 YES manual up up Serial0/0/0 10.1.2.1 YES manual up up Serial0/0/1 unassigned YES unset administratively down down R1#f. Issue the show ip route command on R1 to verify the router’s default gateway setting.
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.2.0/30 is directly connected, Serial0/0/0
L 10.1.2.1/32 is directly connected, Serial0/0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1
R1#
List the probable causes for the network problems that employees are experiencing. ________________
- The Default Gateway is not set on the PC.
- Interface G0/1 is set to Half-Duplex on R1.
- An incorrect IP Address is set on S0/0/0 on R1.
- The Gateway of last resort is not set on R1.
Part 2: Implement Network Changes
You have communicated the problems that you discovered in Part 1 to your supervisor. She has approved these changes and has requested that you implement them.
Step 1: Set the Default Gateway on the PC to 192.168.1.1.
Step 2: Set the duplex setting for interface G0/1 on R1 to full duplex.
R1# conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# *Nov 23 17:23:36.879: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on GigabitEthernet0/1 (not full duplex), with S1.ccna-lab.com FastEthernet0/5 (full duplex). R1(config)# R1(config)# interface g0/1 R1(config-if)# duplex full R1(config-if)# exit *Nov 23 17:24:08.039: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down R1(config)# *Nov 23 17:24:10.363: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up *Nov 23 17:24:10.459: %SYS-5-CONFIG_I: Configured from console by console R1(config)#
Step 3: Reconfigure the IP address for S0/0/0 to IP Address 10.1.1.1/30 on R1.
R1(config)# interface s0/0/0 R1(config-if)# ip address 10.1.1.1 255.255.255.252 R1(config-if)# exit
Step 4: Configure the Gateway of last resort on R1 with a 10.1.1.2 default route.
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2 R1(config)# end
Part 3: Verify Full Functionality
Verify that full functionality has been restored.
Step 1: Verify that all interfaces and routes have been set correctly and that routing has been restored on R1.
a. Issue the show ip route command to verify that the default gateway has been set correctly.
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 10.1.1.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.1.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/30 is directly connected, Serial0/0/0
L 10.1.1.1/32 is directly connected, Serial0/0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1
R1#
b. Issue the show ip interface s0/0/0 command to verify that the IP Address on S0/0/0 is set correctly.
R1# show ip interface s0/0/0 Serial0/0/0 is up, line protocol is up Internet address is 10.1.1.1/30 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes <output omitted> IPv4 WCCP Redirect exclude is disabled R1#
c. Issue the ping 209.165.200.226 command to verify that the external server is reachable now.
R1# ping 209.165.200.226 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 209.165.200.226, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms R1#
d. Issue the show interface g0/1 command to verify that the duplex setting is full duplex.
R1# show interface g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is d48c.b5ce.a0c1 (bia d48c.b5ce.a0c1)
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 100Mbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:04, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
559 packets input, 74066 bytes, 0 no buffer
Received 279 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 208 multicast, 0 pause input
742 packets output, 81462 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
133 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
R1#
Step 2: Verify End-to-End connectivity from the LAN PC.
a. Issue the ipconfig command from the command prompt on the PC.
b. Issue the ping 209.165.200.226 command from the CMD window on the PC.
Part 4: Document Findings and Configuration Changes
Use the space provided below to document the issues found during your troubleshooting and the configurations changes made to resolve those issues. ________________
Documentation will vary but should include the date when troubleshooting was conducted, devices that were tested, commands used along with the output generated by those commands, issues found, and configuration changes made to resolve those issues.
Reflection
This lab had you troubleshoot all devices before making any changes. Is there another way to apply the troubleshooting methodology? ________________
Answers may vary. Another way the troubleshooting methodology could be applied would be to complete all 6 steps on a device before moving on to another device. e.g. After you determined that the default gateway was not set on the PC, you would add the default gateway setting and verify functionality. If network issues still exist, you would then move on to the next device, S1 in this example. When the troubleshooting process had been completed on S1 and issues still exist, you would then move on to R1. This process would continue until full network functionality was achieved.
Router Interface Summary Table
| Router Interface Summary | ||||
|---|---|---|---|---|
| Router Model | Ethernet Interface #1 | Ethernet Interface #2 | Serial Interface #1 | Serial Interface #2 |
| 1800 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
| 1900 | Gigabit Ethernet 0/0 (G0/0) | Gigabit Ethernet 0/1 (G0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
| 2801 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/1/0 (S0/1/0) | Serial 0/1/1 (S0/1/1) |
| 2811 | Fast Ethernet 0/0 (F0/0) | Fast Ethernet 0/1 (F0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
| 2900 | Gigabit Ethernet 0/0 (G0/0) | Gigabit Ethernet 0/1 (G0/1) | Serial 0/0/0 (S0/0/0) | Serial 0/0/1 (S0/0/1) |
| Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface. | ||||
Device Configs – Final
R1# show run Building configuration... Current configuration : 1531 bytes version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! no aaa new-model memory-size iomem 15 ! no ip domain lookup ip domain name ccna-lab.com ip cef no ipv6 cef ! multilink bundle-name authenticated ! cts logging verbose ! username admin01 privilege 15 secret 9 $9$8a4jGjbPPpeeoE$WyPsIiOaYT4ATlJzrR6T9E6vIdESOGF.NYX53arPmtA ! redundancy ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 duplex full speed auto ! interface Serial0/0/0 ip address 10.1.1.1 255.255.255.252 clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.1.1.2 ! control-plane ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 login local transport input ssh ! scheduler allocate 20000 1000 ! end
S1# show run Building configuration... Current configuration : 1585 bytes ! version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname S1 ! boot-start-marker boot-end-marker ! username admin01 privilege 15 secret 9 $9$lJgfiLCHj.Xp/q$hA2w.oyQPTMhBGPeR.FZo3NZRJ9T1FdqvgRCFyBYnNs no aaa new-model system mtu routing 1500 ! no ip domain-lookup ip domain-name ccna-lab.com ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 shutdown ! interface FastEthernet0/2 shutdown ! interface FastEthernet0/3 shutdown ! interface FastEthernet0/4 shutdown ! interface FastEthernet0/5 duplex full ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.1.2 255.255.255.0 ! ip http server ip http secure-server ! line con 0 line vty 0 4 login local transport input ssh line vty 5 15 login local transport input ssh ! end
ISP# show run Building configuration... Current configuration : 1390 bytes ! version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! no aaa new-model memory-size iomem 15 ! no ip domain lookup ip cef no ipv6 cef ! multilink bundle-name authenticated ! cts logging verbose ! redundancy ! interface Loopback0 ip address 209.165.200.226 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 ip address 10.1.1.2 255.255.255.252 ! interface Serial0/0/1 no ip address shutdown clock rate 125000 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.1.1.1 ! control-plane ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 login transport input none ! scheduler allocate 20000 1000 ! end
