TSHOOTメモ ●トラブルチケット

トラブルチケット問題対策。
間違っているかもしれないがとりあえず。

トポロジとコンフィグについてはコチラを参照。




====


1.OSPF認証

<事象>
Client 1 -> 10.1.1.2 or 1 ping失敗

<設定>

- R1

interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
!
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12
default-information originate always

- R2

interface Serial0/0/0/0.12 point-to-point
ip address 10.1.1.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TSHOOT
!
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.3 area 12

<答え>
A1: R1
A2: OSPF
A3: s0/0/0/0.12 に "ip ospf authentication message-digest" を設定する




====

2.HSRP Track

<事象>
DSW1 , DSW2 でHSRPを組んでおり、
DSW1 をアクティブになるように設計したいのですが、アクティブになりません。

<設定>

- DSW1

track 1 ip route 10.1.21.128 255.255.0.0 metric threshold
threshold metric up 1 down 2
!
track 10 ip route 10.2.21.128 255.255.255.0 metric threshold
threshold metric up 63 down 64
!
interface Vlan10
ip address 10.2.1.1 255.255.255.0
standby 10 ip 10.2.1.254
standby 10 priority 200
standby 10 preempt
standby 10 track 1 decrement 60

<答え>
A1: DSW1
A2: HSRP
A3: "standby 10 track 1 decrement 60"を削除し、"standby 10 track 10 decrement 60" を設定する
※ 10.1.21.129 が R4のloopbackアドレス




====

3.BGP Neighbor

<事象>

Client 1 -> 209.65.200.241 ping失敗

<設定>

- R1

router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.56.200.226 remote-as 65002
no auto-summary

<答え>
A1: R1
A2: BGP
A3: "neighbor 209.56.200.226 remote-as 65002"を削除し、"neighbor 209.65.200.226 remote-as 65002"を設定する





====

4.NAT ACL

<事象>

Client 1,2 -> 209.65.200.241 ping失敗
その他のルータ -> 209.65.200.241 ping成功

<設定>

- R1

ip nat inside source list nat_pool interface s0/0/0/1 overload
ip access-list standard nat_pool
permit 10.1.0.0
!
interface serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
!
interface Serial0/0/0/0.12
ip address 10.1.1.1 255.255.255.252
ip nat inside
ip ospf message-digest-key 1 md5 TSHOOT
ip ospf authentication message-digest

<答え>
A1: R1
A2: NAT
A3: access-list nat_poolに "permit 10.2.0.0"を追加する





====

5.R1 ACL

<事象>

Client 1 -> 209.65.200.241

<設定>

- R1

router bgp 65001
no synchronization
bgp log-neighbor-changes
network 209.65.200.224 mask 255.255.255.252
neighbor 209.65.200.226 remote-as 65002
no auto-summary
!
interface Serial0/0/0/1
ip address 209.65.200.224 255.255.255.252
ip nat outside
ip access-group edge_security in
!
ip access-list extended edge_security
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny 127.0.0.0 0.255.255.255 any
permit ip host 209.65.200.241 any

<答え>
A1: R1
A2: IP AccessList
A3: "ip access-list extended edge-security"に"permit ip 209.65.200.224 0.0.0.3 any"を追加する




====

6.VLAN filter

<事象>

Client 1 -> 10.2.1.1 ping失敗

<設定>

- DSW1

vlan access-map test1 10
action drop
match ip address 10
vlan access-map test1 20
action drop
match ip address 20
vlan access-map test1 30
action forward
match ip address 30
vlan access-map test1 40
action forward
!
vlan filter test1 vlan-list 10
!
access-list 10 permit 10.2.1.3
access-list 20 permit 10.2.1.4
access-list 30 permit 10.2.1.0 0.0.0.255
!
interface VLAN10
ip address 10.2.1.1 255.255.255.0

<答え>
A1: DSW1
A2: Vlan access map
A3: "vlan filter test1 vlan-list 10"を削除する





====

7.Port Security

<事象>

Client 1 のアドレスが 169.254.x.x でIPが取得できていない
ASW1 で show int status (もしくは show interface fa1/0/1)の結果が
FastEthernet1/0/1 is down, line protocol is down (err-disabled)
と表示されている

<設定>

- ASW1

interface fa1/0/1
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security mac-address 0000.0000.0001


<答え>
A1: ASW1
A2: Port security
A3: interface fa1/0/1 内で "no switchport port-security mac-address 0000.0000.0001" を実行後 "shutdown" をしてから "no shutdown" を行う






====

8.Switchport VLAN 10

<事象>

Client 1,2 のアドレスが 169.254.x.x でIPが取得できていない

<設定>

- ASW1
interface FastEthernet1/0/1
switchport mode access
!
interface FastEthernet1/0/2
switchport mode access

<答え>
A1: ASW1
A2: Vlan
A3: "interface range fa1/0/1-/2" の後に "switchport access vlan 10" を設定する






====

9.Switchport trunk

<事象>

Client 1 のアドレスが 169.254.x.x でIPが取得できていない

<設定>

- ASW1

interface PortChannel13
switchport mode trunk
switchport trunk allowed vlan 1-9
!
interface PortChannel23
switchport mode trunk
switchport trunk allowed vlan 1-9
!
interface FastEthernet1/0/1
switchport mode access
switchport access vlan 10
!
interface FastEthernet1/0/2
switchport mode access
switchport access vlan 10

<答え>
A1: ASW1
A2: switch connectivity
A3: "interface range portchannel13,portchannel23" の後に "switchport trunk allowed vlan none" "switchport trunk allowed vlan 10,200"を設定する





====

10.EIGRP AS

<事象>

Client 1 -> 10.1.1.10 or 9 ping失敗

<設定>

- R4

router eigrp 1
redistribute ospf 1 route-map OSPF->EIGRP
network 10.1.4.4 0.0.0.3
network 10.1.4.8 0.0.0.3
no auto-summary

<答え>
A1: R4
A2: EIGRP
A3: EIGPRのAS番号を1から10に変更する





====

11.EIGRP to OSPF

<事象>

Client 1 -> 10.1.1.10 ping失敗

<設定>

- R4

router eigrp 10
network 10.1.4.5 0.0.0.0
no auto-summary
redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF
!
router ospf 1
network 10.1.1.8 0.0.0.0 area 34
redistribute eigrp 10 subnets
!
route-map EIGRP->OSPF
match ip address 1

<答え>
A1: R4
A2: redistribution
A3: router eigrp 10 の "redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP_to_OSPF"を削除して "redistribute ospf 1 metric 100 10 255 1 1500 route-map EIGRP->OSPF" を設定する





====

12.IPv6 OSPF

<事象>

DSW2から 2026::1:1 へ pingが飛ばない
R2とR3でOSPFv3がネイバー状態になっていない


<設定>

- R2
ipv6 router ospf 6
router-id 2.2.2.2
!
interface s0/0/0/0.23
ipv6 address 2026::1:1/122

- R3
ipv6 router ospf 6
router-id 3.3.3.3
!
interface s0/0/0/0.23
ipv6 address 2026::1:2/122
ipv6 ospf 6 area 0

<答え>
A1: R2
A2: OSPFv3
A3: interface s0/0/0/0.23 内に "ipv6 ospf 6 area 0" を設定する






======


13.DHCP Range

<事象>

Client 1 のアドレスが 169.254.x.x でIPが取得できていない

<設定>

- R4
ip dhcp excluded-address 10.2.1.1 10.2.1.253
ip dhcp excluded-address 10.2.1.254


<答え>

A1: R4
A2: DHCP
A3: “no ip dhcp excluded-address 10.2.1.1 10.2.1.253” の後に “ip dhcp excluded-address 10.2.1.1 10.2.1.2”を設定する






=====

14.EIGRP Passive Interface

<事象>
Client 1 -> 10.1.1.10 ping失敗

<設定>

- R4
router eigrp 10
passive-interface default
redistribute ospf 1 route-map OSPF->EIGRP
network 10.1.4.4 0.0.0.3
network 10.1.4.8 0.0.0.3
network 10.1.21.128 0.0.0.3
default-metric 10000 100 255 1 10000
no auto-summary

<答え>

A1: R4
A2: EIGRP
A3: “router eigrp 10”内で “no passive-interface default” を設定する
もしくは interface fa0/0,fa0/1で”no passive interface”を設定する





=====

15.IPv6 GRE Tunnel

<事象>
R1のloopback (2026::111:1) -> DSW2のloopback(2026::102:1) ping失敗


<設定>

-R3
interface Tunnel34
no ip address
ipv6 address 2026::34:1/122
ipv6 enable
ipv6 ospf 6 area 34
tunnel source Serial0/0/0.34
tunnel destination 10.1.1.10
tunnel mode ipv6

-R4
interface Tunnel34
no ip address
ipv6 address 2026::34:2/122
ipv6 enable
ipv6 ospf 6 area 34
tunnel source Serial0/0/0
tunnel destination 10.1.1.9

<答え>

A1: R3
A2: IPv4,IPv6間相互接続
A3: ”interface Tunnel34”内で“no tunnel mode ipv6”を設定する






=====


16. IPv6 RIPng OSPFv3 Redistribution

<事象>
R1のloopback (2026::111:1) -> DSW2のloopback(2026::102:1) ping失敗

<設定>

-R4
ipv6 router ospf 6
log-adjacency-changes
!
ipv6 router rip RIP_ZONE
redistribute ospf 6 metric 2 include-connected

<答え>
A1: R4
A2: RIPngからOSPFv3への再配送
A3: “ipv6 router ospf 6”内へ”redistribute rip RIP_Zone include-connected”を設定する


by akkikkikki | 2016-07-10 22:34 | CCNA/CCNP | Comments(0)