You are on page 1of 42

CCNP TSHOOT

642-832 Exam Guide
No filler. No hype. Exam-focused.
“A portable, comprehensive guide with everything you need to get up to speed and pass the TSHOOT Exam - the first time.”
www.ccnpguide.com
1|Page

The Online

Introduction
I started www.ccnpguide.com as a way for me to capture technical notes as I prepared for the three major CCNP Exams – SWITCH, ROUTE, & TSHOOT. As I began sharing my notes with the world, I immediately started to receive feedback on the three exam’s focus areas and how difficult they had become. What I realized was that the exam prep resources available (read: Cisco Press Books) were not even covering all of the exam topics, including some that you were required to configure in live simulation scenarios. First-time fail rates seemed normal and a big part of that was because the some of the simulation scenarios required you to know some extremely specific protocol configuration details that most network professionals just wouldn’t know off the top of their heads. I began to tailor my notes to include topics that were not being covered in “official” exam guides and trimmed down those that just were not necessary. The feedback was overwhelmingly positive from the online community! The problem is, of course, that the notes were not formatted well for off-line consumption and didn’t include enough lab/scenario-based examples. This guide is an answer to the countless requests to create a portable, comprehensive, and exam-focused TSHOOT prep guide. I’ve refined the online notes even more to focus exclusively on exactly what you Cisco expects you to know on exam day. If you have questions, exam feedback, or want to reach out to me directly - shoot me an email at aaron@ccnpguide.com. I promise you’ll get a response.

Best of luck.

2|Page

Network Maintenance The Art of Troubleshooting Layer 2 Troubleshooting Layer 3 Troubleshooting TSHOOT Exam Methodology

4 12 15 22 31

Shortcuts.
3|Page

Cisco Chapter 1:

Network 642 Maintenance 832
4|Page

Note that ITIL is a large and comprehensive approach that was developed specifically for IT professionals. Good troubleshooting reduces the time an outage lasts. Keep that in mind as you walk through the following topics. A documented maintenance strategy is worth its weight in gold. Many organizations use parts of several instead of adopting one method completely. but it is important as a network engineer to understand what models exist and how they translate into improving your organization.Maintenance is no doubt an important component to network stability and that's why we see it covered on the troubleshooting exam. Maintenance Methodologies Several well known maintenance models have been defined by a number of organizations. This is perfect multiple-choice style content as it is difficult to test your understanding of maintenance concepts and methodologies on a simulation-focused exam like TSHOOT. good maintenance minimizes outages themselves. 5|Page . IT Infrastructure Library (ITIL) ITIL focuses on creating a technology service framework within an organization and aligning it closely with the organization's requirements and processes.

Fault management ■ Preventive maintenance Configuration management ■ Both hardware and software installation and configuration ■ Change control ■ Inventory management Accounting management ■ Capacity planning ■ Cost efficiency Performance management ■ Maximize performance on existing network investments Security management ■ Confidentiality.FCAPS FCAPS is an IT maintenance model created by ISO that categorizes network management into five parts. and Optimize. Design. Operate. Implement. or Prepare. FCAPS is an acronym using the first letters of the five categories it includes. This model is specifically focused on deploying and operating Cisco's product families. integrity. availability (CIA) ■ Authentication. 6|Page . Plan. authorization. sometimes also referred to as PPDIOO. accounting (AAA) ■ Encryption ■ Intrusion detection/prevention ■ Minimizing network downtime Cisco Lifecycle Services Cisco has come up with their own maintenance model.

etc.). tools should be selected to carry out those processes. Once the model has been selected.Telecommunications Management Network (TMN) TMN was developed by ITU-T and is a tailored version of FCAPS specific to the telecommunications industry. manual security audits. After all. After the maintenance model components have defined an organizational processes (ex. automated config backups. its parts should inform an IT organization's processes and standard procedures. there are some functions that should be included every time. a model is meaningless unless it affects how a business operates. FTP could be used for configuration backups for example. Network Maintenance Core Tasks Whatever model an IT organization chooses. and changes ■ Installing and configuring new network devices ■ Replacing failed hardware ■ Software backup ■ Configuration backup ■ Troubleshooting failure scenarios ■ Software upgrades ■ Network performance monitoring ■ Capacity planning ■ Creating/updating network documentation 7|Page . moves. These include: ■ Managing adds.

detecting abnormal traffic behavior becomes very subjective. This is a tremendous help during troubleshooting efforts because without knowing what normal levels are. Different levels of detail are appropriate for different audiences. Here's an example of a router saving it's configuration to a local TFTP server: 8|Page . and port status. clear.Documentation Up-to-date. but some common details that should be documented include: ■ Production configurations ■ Inventory (including serial numbers. Adding the date to the saved configuration can make rolling back changes easier in the future. IOS Tools Configuration Configurations should be backed up periodically or after changes are made. or snapshot. and complete infrastructure documentation is crucial to reduce recovery times and maintain a robust networked environment. One of the simplest methods is to save the configuration as a text file on a remote TFTP or FTP server. open source offerings are widely available. TFTP and FTP servers are available on all modern operating systems and free.) ■ Circuit information ■ Network drawings ■ IP address assignments Another important component to network documentation is a performance baseline. It captures the expected performance of your network systems like link bandwidth. WAN jitter and delay. etc. support info.

Error 4.35 Destination filename [routera-config]? Routera_config_02082012 Syslog Syslog is a tool that collects alerts from network devices and stores them on a common log. Syslog Priority (highest to lowest): 0.RouterA# copy run tftp Address of name of remote host []? 10.10. Alert 2. Debug (lowest) 9|Page . this can be very handy when you need to troubleshoot an issue across many devices. Obviously. Notice 6. Informational 7.1. Warning 5. Emergency (highest) 1. Know that every syslog message contains two parts. The severity level goes from 0 to 7 with 0 being the most severe to 7 being simply informational. Critical 3. a severity level and a facility.

The archive function maintains a copy of the current configuration as well as a set of past configurations. Stratum 1 clocks are synchronized directly with an atomic clock. If a configuration change is made with unpleasant results. HQ time zones. but if the timestamps that are included are off then the alerts are unreliable (and next to useless). NTP stands for Network Time Protocol and is used to keep accurate and consistent time on all network devices. local time zones. which is assigned by stratum.just point the device to the proper time server: Switch(config)# ntp server ip_address_of_ntp_server To verify: Switch# show ntp status One last note for NTP. it is important to consider the time zone that each device is set to. Make sure you have it consistent (ex. etc. Configuring NTP is easy . called archive. stratum 2 clocks get their time from stratum 1 clocks. There are several keywords available inside archive configuration mode. etc) Archive Cisco has developed a built-in configuration backup and restore feature.NTP Alerting is important. NTP works by pulling the current time from a time server. Here is a list of some of the most common: 10 | P a g e . GMT. the switch or router can roll back to a previous configuration relatively easily.

). Time-period Sets the maximum time allowed before another backup is automatically saved. tftp server. etc. Examples: archive path flash://routerc archive path tftp://192. 11 | P a g e .Path Specifies where you want the backup configuration stored (ex. etc. -2.1. then you're backups may be written over too often. a backup of the configuration will be automatically saved every time the configuration is manually saved. to the end of the file name depending on how many have already been saved. it appends a -1. It will count up to 14 (represented as filename-14) and then cycle back to 1. If your time-period is set too frequently. When the archive function backs up a configuration.168. flash.txt Write-memory When the write-memory keyword is configured.22/routerc. -3.

Cisco Chapter 3: 642 832 The Art of Troubleshooting 12 | P a g e .

Follow-the-Path Consider the path a packet would take from source to destination. and understanding of the environment among other things. Structured Troubleshooting What Cisco calls structured troubleshooting simply means you use a system to solve a problem by collecting information about the problem. Move-the-Problem Move a device to see if the problem moves with it. is just as important. forming a hypothesis. It may rule out many more scenarios and likely leads to the next hypothesis to test.There are two elements to good troubleshooting . There are a number of methods to tackle the same problem. To be honest. 13 | P a g e . The important part is that you are consistent and your troubleshooting methodology follows a structured approach. Top-Down Start with the OSI application layer and work your way down. The recovery time for a structured troubleshooting approach is usually much less than randomly changing configurations or settings in a hurry to try and get things working. The second part.preparation and technique. There are several common structured troubleshooting approaches. Cisco doesn't promote a specific approach for the CCNP TSHOOT exam. Spot-the-Difference This is where configurations are compared between what is currently running and what the expected configurations should be. with these being the most common: Bottom-Up Start with the OSI physical layer and work your way up. The structured approach also is helpful when the hypothesis you create fails. change control. checking each node/device/configuration along the way. and then testing it. technique. Preparation comes in the form of documentation.

What's the scope? How many users are affected? What changed? When did it happen? Is it a constant problem or intermittent? Now this is where your tool bag of structured troubleshooting methodologies should come out." or "I can't get to my Facebook account when I should be processing TPS reports". 14 | P a g e . simple tasks . the path. it's time to trim it down.it's your job to determine the problem behind the symptoms..things like "the Internet is down..Use the Scientific Method The first step whenever you encounter a technical problem is to define the problem. Keep in mind that you will need to understand that they are explaining the symptoms ." or "my email is slow. Try one that you think best matches your hypothesis of the root issue and work your way through it.but they are rarely done consistently. You get the idea. When you find a test that is successful and determined that it in fact is the root cause. These are small. continue through the layers. think about your current change control policy and ask if it needs to be updated.... make sure to communicate the problem and recovery to all stakeholders and update any necessary documentation. After you have identifies the problem.. If a configuration change was the culprit. or whatever approach you are using. This will involve collecting input from those experiencing the issue directly . Did your test work? If not.

Cisco Chapter 3: 642 832 Layer 2 Troubleshooting 15 | P a g e .

Single-Col. Undersize.Poor Switch Performance Most performance issues on switches are related to one of three errors: 1. Cabling and port problems (layer 1) 2. Xmit-Err The transmission buffers are full. which can point to a duplex mismatch. Multi-Col. to auto. Physical layer Troubleshooting Commands #show interface # show interface counters # show interface counters errors Look for the following errors: FCS-Err Usually a cabling issue. Duplex mismatches between switch ports and an attached device 3. TCAM issues. Late-Col. switch and server. 16 | P a g e . This is sometimes seen when switching from a fast link to a slower one. Excess-Col All of these are collision types. Cisco recommends setting all interfaces. Giants The transmitting NIC may have problems.

it then compares costs and uses the port with the lowest cost. If a switch receives a BPDU from another switch with a different root. it does a comparison. below is a list of link costs based on interface speed. To quickly review STP costs. Link Speed Ethernet Fast Ethernet Gigabit Ethernet Ten Gigabit Ethernet STP Cost 100 19 4 2 After the whole process. 3. Additionally.Spanning Tree Spanning Tree Protocol is a loop prevention mechanism to allow redundant Ethernet network connections. current root bridge. The port with the higher cost is blocked . The port that received the BPDU is now the root port . Each switch periodically transmits BPDUs that include its bridge ID. and cost to that root bridge. If a switch receives two BPDUs with the same root.all others become designated ports. the switch changes its root to match and recalculates the cost to the new root. Here is an important summary of how each switch determines Spanning Tree port roles: 1. each switch starts by assuming it is the root bridge.also called a non-designated port.with each non-root switch having only one root port. To see the status of spanning tree: # show spanning-tree vlan vlan-id To view sent/received BPDU information for a switch: #show spanning-tree interface interface detail 17 | P a g e . there will be only one root bridge . If the BPDU has a lower advertised root. 2.

Broadcast Storms Broadcasts storms can occur due to Spanning Tree misconfigurations and/or rogue switches being added which closes a loop. Both sides of the EtherChannel must be configured as a bundle directly or be using a link aggregation protocol (LACP or PAgP). 18 | P a g e . becomes unresponsive. If one side is configured as an EtherChannel and the other side is not. Troubleshooting EtherChannels EtherChannel issues usually fall into one of three categories: 1. and all the links light up solid green. If traffic is only flowing over a single link in a bundle. 4. check each port configuration. 2. access or trunk settings. it is likely that the hash algorithm should be adjusted to use different seed values. Regardless. Also note that link bundles should be used in even numbered pairs like 2. a broadcast storm will be obvious when the switch slows way down. The CLI may be very slow to respond if you still have remote access to it. If an EtherChannel isn't forming. 8. etc. so often times to fastest way to fix the problem is to physically begin pulling redundant links. Every port participating in an EtherChannel must have identical speed. duplex. 3. look for error-disabled EtherChannel ports on the EtherChannel-enabled switch.

improper VTP mode. or ARP problems. or bad switch ports. Also. VLAN issues usually come in the form of misconfigured VLANs.things like software bugs. MAC Address Table [MAC-to-port mapping] # show mac-address VLAN Assignments [VLAN-to-port mapping] # show vlan Trunk Assignments # show interface switchport #show interface switchport trunk #show etherchannel 19 | P a g e . Switch Tables It is important that you understand what show commands display information on what switch tables. trunk issues. loops.VLANs When troubleshooting issues that you suspect are related to VLAN logic. you should first make sure you have tested for physical layer issues like bad cabling. and native VLAN mismatches. These will come in handy when you are isolating a switching issue. a power failure. check that you are not dealing with an issue with the switch itself .

20 | P a g e . Keep in mind that routers always use layer 3 information to pass traffic between ports. & GLBP • First hop redundancy protocols allow a layer 2 segment to have two gateway routers for redundancy. • • The three FHRPs Cisco supports are HSRP. routed ports do not run layer 2 protocols like Spanning Tree – that’s very important. SVIs for inter-VLAN routing. Switches can either use MAC address forwarding (for layer 2 forwarding). HSRP. while still only showing a single gateway IP and MAC address. HSRP is extremely popular and you should make sure to understand how it works for the TSHOOT exam.SVIs will only go into down state when all interfaces within that particular VLAN are down. • • VRRP is another gateway redundancy protocol that is an open standard and very similar to HSRP. • Last thing to remember .Troubleshooting Inter-VLAN Routing • • • Routing between VLANs can be done on either a router. The last category. and GLBP. GLBP is Cisco proprietary. its primary advantage is its ability to automatically load balance between gateway routers. or a layer 3 switch but the data plane is different depending on the platform you are using. show ip cef displays the CEF forwarding table and show adjacency will show you the layer 2 headers used in forwarding. VRRP. VRRP. HSRP is one of the original FHRPs that was developed by Cisco and is proprietary. Check out the High-Availability page to learn more. One router is active and another is a backup (using HSRP keepalives to maintain connectivity). or layer 3 routed ports. Either way.

168. highest wins).1.2 Router(config-if)# standby 4 ip 192.168. Each HSRP-enabled router has a default HSRP priority of 100 (remember. If another router joins the group with a higher priority it will still not become the active router unless the preempt command is applied. so let's go through the basics one more time. HSRP is configured using the standby command under interface configuration mode.1. The standby configuration statements define the HSRP group as well as the virtual IP in use. issue: # show standby # show standby brief 21 | P a g e .1 Router(config-if)# standby 4 priority 200 Router(config-if)# standby 4 preempt To show the current HSRP status. Routers in the same HSRP group share a common MAC and virtual IP address. An example HSRP configuration could look something like: Router(config)# interface gig1/1 Router(config-if)# ip address 192.HSRP HSRP is the primary FHRP covered on the TSHOOT exam.

Cisco Chapter 4: 642 832 Layer 3 Troubleshooting 22 | P a g e .

etc. the show ip protocols command gives some very helpful information on the current routing protocols in use (like timers. The routing table pairs network prefixes with the router's preferred next hop address or interface. there are some common troubleshooting steps that can be applied. Three tables are used: the routing table. we first need to make sure we have a basic understanding of how routers and multilayer switches route traffic. The show ip arp command will display the current ARP pairings. use the show ip cef command.). the router then needs to translate that into a layer 2 MAC address. The ARP table is exactly what this is for. and CEF mappings. AS numbers. Lastly. run a traceroute from the source towards the destination to see where the last reachable hop is. CEF is used in layer 3 switches to optimize routing and layer 2 headers. After the router has determined what the next-hop address is.Routing Basics Before we get into the layer 3 troubleshooting methods. 23 | P a g e . The show ip route command displays the contents of the routing table. look at the routing table to make sure a route to the destination exists. Troubleshooting Any Routing Protocol Regardless of what routing protocols are in use. Next. Packets are routed based on the output of the routing table by first matching the longest prefix and then using other IGP-specific metrics. try to ping the destination to determine reachability. ARP table. To view the CEF entries. For further digging. First. Finally.

or BGP. OSPF.Routing Protocol Troubleshooting Methodology There are three key questions that can be extremely helpful when troubleshooting a routing issue . Step 1 Is the route being advertised correctly? Step 2 Is the route being received? Step 3 Is there a more desirable route being used? (longer prefix or lower administrative distance) Let's dissect each of these for the major routing protocols one at a time. and topology table. 24 | P a g e . verify connectivity to the remote networks using pings and by taking a look at the local routing table. neighbor table. As a reminder. EIGRP stores its information in three different tables: the EIGRP interface table.regardless if you are running EIGRP. EIGRP First.

EIGRP only advertises subnets of interfaces that match an EIGRP network statement. Use the show ip eigrp topology command to display its contents.is the route being advertised properly? The first step is to identify the router that is connected to the destination subnet as it should be advertising the route out. EIGRP Topology Table The topology table contains a complete list of EIGRP-learned routes. Use the show ip eigrp neighbors command to display its contents. look at the EIGRP running configuration and make sure the AS numbers match.EIGRP Interface Table The EIGRP interface table displays interfaces participating in the local EIGRP processes. There are two simple ways to check if that router is advertising the routes properly. First. and that any authentication configurations are the same. Is the EIGRP route being advertised properly? Remember those three troubleshooting questions listed above? Let's start with the first one . Another option is to do a show ip protocols. 25 | P a g e . including what networks are being advertised with the network statements. Remember. the timers are close. If all of that looks good. This will display the running EIGRP configuration. To check this. Is the EIGRP route being received? Routers must be EIGRP neighbors for the routing information to be shared. You can also perform a debug ip eigrp packets to make sure hellos are being sent out from each router. Use the show ip eigrp interface command to display its contents. issue a show ip eigrp neighbors on the two routers exchanging hellos. The nice thing about this command is that it displays the EIGRP network statements. EIGRP Neighbor Table The EIGRP neighbor table contains a list of discovered EIGRP neighbors. do a show run | section eigrp. You should see the neighbor listed on each device.

and link-state database. neighbor table. 26 | P a g e . OSPF Interface Table The OSPF interface table displays interfaces participating in the local OSPF processes. that will be used instead. Do a show ip protocols to display any distribute lists. Use the show ip ospf interface command to display its contents. but it is not being used in the routing table. First. OSPF stores its information in three different tables: the OSPF interface table. verify that there is a problem using pings and by taking a look at the routing table. route maps or distribution lists could be blocking routing traffic. Lastly. OSPF Neighbor Table The neighbor table contains a list of discovered OSPF neighbors. Compare the EIGRP topology table to the local routing table. OSPF Link State Database The link state database contains the received LSAs. OSPF These steps for troubleshooting OSPF are very similar to EIGRP. issue a show ip eigrp interface to make sure the interfaces you expect are participating in the EIGRP process. If a more desirable path is known. Use the show ip ospf database command to display its contents.Next. Is there a more desirable route being used? It's possible that EIGRP knows about the route. Use the show ip ospf neighbors command to display its contents.

There are two simple ways to check if that router is advertising the routes properly. You can also perform a debug ip ospf adj to show any issues that would prevent the routers from forming an adjacency. Remember. do a show run | section ospf. Lastly. Do a show ip protocols to display any distribute lists. OSPF only advertises subnets of interfaces that match an OSPF network statement. OSPF is more particular about matching protocol variables than EIGRP. including what networks are being advertised with the network statements. You should see the neighbor listed on each device. Is the OSPF route being received? Routers must be OSPF neighbors for the routing information to be shared. issue a show ip ospf neighbors on the two routers. To check this. This will display the running OSPF configuration. 27 | P a g e . Another option is to do a show ip protocols. OSPF requires that all of the following parameters match between devices: ■ Bidirectional communication ■ AS number ■ Timers ■ Common area type ■ Common subnet prefix ■ Authentication The OSPF protocol values can be seen using the show ip ospf interfaces command. route maps or distribution lists could be blocking routing traffic. First.Is the OSPF route being advertised properly? The first step is to identify the router that is connected to the destination subnet as it should be advertising the route out.

Is there a more desirable route being used? It's possible that OSPF knows about the route. Use the show ip bgp neighbors command to display its contents. If you need to investigate further. that will be used instead. Take the time to check each hop along the expected path and look at the routing tables on each router. BGP Neighbor Table The neighbor tables contains a list of known BGP neighbors. BGP Table This table contains all the received BGP prefixes as well as their associated attributes lists. If the expected BGP peers do not show up in the output. BGP BGP stores its information in two tables: the BGP neighbor table and the BGP table. If the routers are not neighbors. Compare the OSPF topology table to the local routing table. 28 | P a g e . If a more desirable path is known. Start by doing a show ip bgp neighbors. it also shows the BGP best path to each destination. Perhaps most importantly. Use the show ip bgp command to display its contents. but it is not being used in the routing table. make sure they have L3 connectivity using a simple ping test. Are the BGP routers neighbors? BGP neighbors must be administratively assigned on each router running BGP. a debug ip bgp updates should show the BGP hellos and advertisements. BGP routing and network information will not be passed between them.

There are two simple ways to check if that router is advertising the routes properly. Also. consider that route maps or distribution lists could be blocking routing traffic. 1. make sure that the router connected to the destination subnet is advertising the route out. 2. it will not work. 3. Route Redistribution Route redistribution can be a tricky situation to troubleshoot. If the redistributing router does not have a routing table entry for the route being redistributed. Seems simple. When redistributing into OSPF. Do a show ip protocols to display any distribute lists. You should also keep in mind that BGP will only advertise routes when (1) they are defined using neighbor statements and (2) the router knows about the route from another source. When redistributing into EIGRP.Remember that BGP requires bidirectional communication as well as matching AS numbers and authentication. but understanding the following concepts should be helpful. Is the BGP route being advertised? As with the other routing protocols. 29 | P a g e . Routing loops are a common problem with multi-router routing redistribution. The show run or show ip bgp command will display that information. Understand that redistributed routes lose their native metric information. Redistributed routes require an existing entry in the routing table. a default metric MUST be set or no route will be imported. Perform a show run | section bgp to look at the neighbor statements. Use a single router to perform the redistribution if possible. all routes will be imported as classful unless the subnets keyword is appended to the end of the redistribution statement. but it should checked right away.

Also. they published the topology diagrams – complete with IP and interface information to those who are interested in reviewing it before the exam. The Multiple Choice Section Before we go too far into the Trouble Ticket portion of the exam. The topics in those chapters are mostly about maintenance methodologies and troubleshooting methods and Cisco expects you to be familiar with the terms used. Let me warn you though. In fact. 30 | P a g e . Lastly. you need to have a plan of attack when you walk into this exam or it won’t turn out well for you. so it is crucial to go into the test with a troubleshooting methodology that you are comfortable with. While this may seem daunting. To test your troubleshooting. You need to REALLY read those two chapters before heading into the exam.TSHOOT Exam Details The TSHOOT exam consist of a few multiple choice questions and a long list of trouble tickets. This allows Cisco to make sure you understand how to troubleshoot every device and protocol between the client and server. so take the time to understand the material but realize that the majority of your time should be spent going through the trouble ticket methodology I present below. knowing this before you head into the exam allows you to have a strategy and a starting point for every ticket you troubleshoot. Most of the trouble tickets explain the symptoms in terms of a client not being able to ping/access/connect to a server on the other end of the topology. the problem descriptions can be very vague and exactly the same as other tickets. because the testing style is such a huge departure from Cisco’s traditional certification exams. Cisco uses trouble tickets – each with a general description of a problem with a source and destination device. That’s by far the most difficult part of the exam and the section you should focus your time on most. let me just say a few words about the multiple choice section. I’ve done you a favor by including the diagrams for you below. Cisco really focuses on the content that you’ll find here under the Network Maintenance and Art of Troubleshooting chapters. I think the best way to prepare is to go through some practice questions using the actual exam topology to get you comfortable with the layout and question types. Realize that there are only going to be a few multiple choice questions. which require you to identify the source of a network connectivity issue. That’s exactly what we’ll do in just a moment.

Trouble Ticket Methodology Now here’s where we get down to business.x address. then it is not getting a proper IP address from the local DHCP server.2. then back out and do the same for the next ticket. it may not seem obvious when you are taking the test.x. but I highly recommend taking my advice on how to approach the tickets. The IP address of Client 1 will very quickly narrow close to half of the tickets for you. The output will either give you a usable IP address.Solving the Trouble Tickets Each ticket presented to you will have three questions you must answer. Doing that allows you to see the problem.1. It will save you tons of time and frustration because it allows you to very quickly localize the problem. the distribution switch DSW1.x.x. You are welcome to use any troubleshooting methodology you like. the second asks what protocol or technology it is related to. make some notes. but it is incredibly important to understand that at any point when you have a trouble ticket open you can select the abort button on the ticket to back out. open ticket #1 and jump onto the client’s terminal. or a DHCP-related issue on the local router (R4 in this case).x. If the client has a 169. The first asks what device is causing the issue. Here’s the trick: Start each ticket by perform an ipconfig inside client 1’s terminal. 31 | P a g e . Knowing this. Run the command ipconfig. All of the problem descriptions begin with Client X cannot connect to Destination Y. That means that it is likely a layer 2 connectivity issue on the connected access switch ASW1. like 10.x range. Now.4 or give you an unusable IP address in the 169. do some quick testing to see if it is layer 2 or layer 3 issue. and the third question asks what specific configuration should be applied to resolve the issue.

Verify that the PortChannel interfaces in PortChannel are up and participating in the bundle. and is assigned to the proper VLAN. Verify that the interface connected to the client (fa1/0/1) is up. To check that the interface is in up/up status – ASW1#show int fa1/0/1 To check that it configured for access mode – ASW1#show run interface fa1/0/1 To check the port’s VLAN assignment . line protocol is down (err-disabled) will show up in the first line) To resolve this. the port security configuration would need to be removed from ASW1 and fa 1/0/1 would require a shut/no shut. Check for port security applied to the interface connected to the client (fa1/0/1) ASW1#show int fa1/0/1 (FastEthernet1/0/1 is down. 3.x.ASW1#show run interface fa1/0/1 (Look for switchport access vlan 10) 2.x 1. running in access mode (not a trunk).x. ASW1#show etherchannel summary (Look for po13) DSW1#show etherchannel summary (Look for po13) 32 | P a g e .If Client 1 has an IP address of 169.

Take a look at DSW1 for any DHCP server configurations.x. only the 10. physical DHCP server. 5. Doing so requires few devices and keeps DHCP services active at remote sites when the WAN goes down.2.x.2.2 addresses should be included in any excluded-address statements. Some production networks run DHCP servers on their local distribution switches to avoid the headaches of a dedicated. If any other excluded-address range is configured on DSW1 and contains 10. If VLAN 10 is not active based on the output. In the scenario that Cisco provides here. ASW1 and the local distribution switch.x x. ASW1#show ASW1#show ASW1#show ASW1#show DSW1#show DSW1#show DSW1#show DSW1#show int run run run int run run run po13 trunk interface fa1/0/19 interface fa1/0/20 interface po13 po13 trunk interface fa1/0/19 interface fa1/0/20 interface po13 First do a show interface trunk to see what VLANs are “active” on the trunk.1. Both addresses are the VLAN 10 interface IPs. DSW1 to make sure the production VLANs are not being filtered on the trunk interface.1 and 10. so they should not be included in any DHCP leases.2.4 (Client 1’s IP) – it is a problem and will block Client 1 from obtaining an IP address. Check any DHCP-related issues on the distribution switch. 33 | P a g e .x” statement. If one exists.x. Another very important statement to look out for is a “ip dhcp excluded-address x.1. Check the trunk link between the access switch.1. use the following “sh run” commands to pinpoint the configuration error.x.4. the normal “dhcp pool” and network statements should be verified.

255.254 to check L3 connectivity to the distribution switch.x AND can’t ping the gateway Ping the VLAN 10 default gateway address. DSW1 From the client. ping the DSW1’s VLAN 10 address to verify the client has layer three connectivity to the switch.1 255.2. ACL 5 and VLAN 10 access-map EXAMPLE are dropping all traffic from the entire 10.x.2.If Client 1 has an IP address of 10. 10. 34 | P a g e .x/8 subnet.0. Remember those VLAN Access-maps you learned about in the SWITCH exam? Well it may be the case that a VLAN access-map is dropping traffic on DSW1.x. If the ping fails.1.255.0 In this example.2. the solution would be to remove the access-map completely. there is likely IP address filtering going in somewhere on the local segment.255. Access-maps are generally configured like this: vlan access-map EXAMPLE 10 drop match ip address 5 ! vlan filter EXAMPLE vlan-list 10 ! ip access-list standard 5 permit 10.0 0.255 ! interface VLAN10 ip address 10. there is L2 connectivity but something else is blocking (or dropping) the IP traffic from the client.2.0. If you see any VLAN 10 access-maps filtering the same subnet as Client 1. Because the client is getting a valid DHCP IP address from DSW1.1.x.

Make sure the proper network statements are applied and that the correct AS number (10) is configured.x.If Client 1 has an IP address of 10. the redistribution statements need to be looked at. If Client 1 has an IP address of 10. EIGRP hellos will not be sent and routes will not be shared.34 interface of R4 Notice that R4 is the redistribution point between EIGRP and OSPF.x AND can ping the gateway on DSW1 BUT cannot ping the serial0/0/0/0. R4 and DSW1 share routing information via EIGRP Autonomous System 10.x.x AND can ping the gateway on DSW1 BUT cannot ping the fa0/1 interface of R4 The neighbor relationship between DSW1 and R4 needs to be checked.x. Remember that if either device is running an interface as passive. Check for any EIGRP passive interface commands applied to the configurations. Do a show run on both devices and take a peek at the EIGRP configurations.x. If you cannot connect to the other side of R4. 35 | P a g e .

1.255. so we need to verify they are exchanging OSPF route information.1.0 0.255.Make sure a metric is set on the “redistribute ospf x metric” statement and that the subnets keyword id used on the “redistribute eigrp 10” statement. make sure they are applied exactly the same on both R1 and R2! An example interface authentication configuration: ip ospf authentication message-digest ip ospf message-digest-key 1 md5 EXAM 36 | P a g e .12 point-to-point ip address 10.1.1.0.x.1 255. R1’s OSPF configuration should look something similar to: interface Serial0/0/0/0. The OSPF configuration should be looked at carefully on both R1 and R2.1.3 area 12 default-information originate If you see any OSPF authentication-related lines.2] BUT cannot ping R1 [10. then there is an issue between routers R1 and R2. Based on the diagram Cisco has made available.1.252 ip nat inside ! router ospf 1 network 10.x.1.x AND can ping the gateway AND can ping R2 [10. make sure the route map names are configured correctly.1.1] If we can ping all the way from Client 1 to R2 but not to R1. If Client 1 has an IP address of 10.0. R1 and R2 share routes using OSPF. If any route maps are applied to the redistribution configuration.

1.x.x AND can ping the gateway AND can ping R1 [10. R4 and DSW1 and DSW2 can also ping web server.x. Check that the ‘inside’ and ‘outside’ NAT statements are applied to the correct interfaces on R1. Also. This means that the issue is likely a NAT translation misconfiguration on R1. If there are any.x. make sure 10.1. then R1.x is included in the permit statements. check for any ACLs that NAT is using. 37 | P a g e .If Client 1 has an IP address of 10. If Client 1 can ping R1 and R1 can ping the web server.1] Ping the webserver from R1 Successful.2. Fails. R2. R3.

The first item that needs to be verified is R1’s BGP configuration. 38 | P a g e . R1 is using BGP to connect to the web server’s remote network.65. neighbor.0.200. make sure they permit 209. and AS numbers are correct. 1.0.At this point we’ve established that Client 1 has connectivity to R1 BUT R1 does not have connectivity to the web server. R1# show run Make sure the network.224/30 network on R1. If you run into any inbound ACLs on R1.200. 2. Make sure there are no ACLs blocking the remote 209. Comb through the BGP configuration line-by-line. so that is the first protocol to check.3. this means we need to take a closer look at R1’s configuration. Again.224 0.65.

Best of luck. Next run through the list of common issues I noted for that particular situation. trunk VLANs. Here's what I would strongly recommend.x address. Access port VLAN.x. It’s helped many people pass the TSHOOT exam well under the allotted time. etc. Start by opening the first ticket presented to you and perform an ipconfig to determine Client 1’s IP address. As you know by now the remainder of the exam involves solving a long list of trouble tickets.x.x. If Client 1’s IP address is a 10. 39 | P a g e .x address. If it is a 169.x. port security.Final Exam Advice The exam starts with the multiple choice questions. Doing so helps you determine which device is the cause. You’ll likely find the answer with some careful observation fairly fast.). so there’s not a lot of preplanning that will help you there besides reviewing the troubleshooting and methodology chapters at the beginning of this guide. walk through the ping tests I showed you in the previous pages. begin troubleshooting the ticket based on the common issues I have presented above (ex.

40 | P a g e .

41 | P a g e .

42 | P a g e .