RegisterFor FreeDemo

Cisco VXLAN With NDFC Demo!

Starts NOV 1st @10 AM IST | Hands-On Lab Access | By Himadri

Day

Min

Sec

Unable to ping DSW1 or the FTP Server

Lesson 6/18 | Study Time: 60 Min

Course: CCNP Troubleshooting Lab Online Access

Ticket 6 – VLAN filter

Client 1 is getting the correct IP address from DHCP, but Client 1 is not able to ping the server. Unable to ping DSW1 or the FTP Server(Use L2 Diagram).

VLAN Access map is applied on DSW1, blocking the IP address of client 10.2.1.3

Initial Configuration

DSW1#show running-config

Building configuration...

Current configuration : 2693 bytes

! Last configuration change at 18:22:12 IST Thu Oct 25 2018

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

hostname DSW1

boot-start-marker

boot-end-marker

no aaa new-model

clock timezone IST 5 30

ip cef

ipv6 unicast-routing

ipv6 cef

spanning-tree mode rapid-pvst

spanning-tree extend system-id

vlan access-map test1 10

match ip address 10

action drop

vlan access-map test1 20

match ip address 20

action drop

vlan access-map test1 30

match ip address 30

action forward

vlan access-map test1 40

action forward

vlan filter test1 vlan-list 10

vlan internal allocation policy ascending

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

interface Port-channel4

switchport trunk encapsulation dot1q

switchport mode trunk

interface Port-channel12

no switchport

ip address 10.2.4.13 255.255.255.252

ipv6 address 2026::3:1/122

ipv6 rip RIP_ZONE enable

interface Ethernet0/0

no switchport

ip address 10.1.4.6 255.255.255.252

duplex auto

ipv6 address 2026::2:2/122

ipv6 rip RIP_ZONE enable

interface Ethernet0/1

no switchport

no ip address

duplex auto

channel-group 12 mode on

interface Ethernet0/2

no switchport

no ip address

duplex auto

channel-group 12 mode on

interface Ethernet0/3

interface Ethernet1/0

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 4 mode active

interface Ethernet1/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 4 mode active

interface Ethernet1/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode active

interface Ethernet1/3

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode active

interface Vlan10

ip address 10.2.1.1 255.255.255.0

ip helper-address 10.1.4.5

standby 1 ip 10.2.1.254

standby 1 priority 120

standby 1 preempt

interface Vlan20

ip address 10.2.2.2 255.255.255.0

interface Vlan200

ip address 192.168.1.129 255.255.255.224

router eigrp 10

network 10.1.4.4 0.0.0.3

network 10.2.1.0 0.0.0.255

network 10.2.4.12 0.0.0.3

network 192.168.1.128 0.0.0.31

passive-interface Vlan10

passive-interface Vlan20

passive-interface Vlan200

ip forward-protocol nd

no ip http server

no ip http secure-server

access-list 10 permit 10.2.1.3

access-list 20 permit 10.2.1.4

access-list 30 permit 10.2.1.0 0.0.0.255

ipv6 router rip RIP_ZONE

control-plane

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

privilege level 15

no login

end

DSW1#

Configuration on DSW1

vlan access-map test1 10

 action drop

 match ip address 10

vlan access-map test1 20

 action drop

 match ip address 20

vlan access-map test1 30

 action forward

 match ip address 30

vlan access-map test1 40

 action forward

vlan filter test1 vlan-list 10

access-list 10 permit host 10.2.1.3

access-list 20 permit host 10.2.1.4

access-list 30 permit 10.2.1.0 0.0.0.255

interface VLAN10

 ip address 10.2.1.1 255.255.255.0

Answer:

Ans1) DSW1 (but in the exam, maybe you have to choose ASW1)

Ans2) VLAN ACL/Port ACL

Ans3) Under the global configuration mode, enter the no vlan filter test1 vlan-list 10 command.

In this TT, there can be three conditions for troubleshooting :

Remove access- map statement

Remove action drop and make action forward

Remove vlan filter statement.

In the exam, out of three conditions, they can ask anyone condition.

Solution

DSW1#show running-config

Building configuration...

Current configuration : 2662 bytes

! Last configuration change at 18:25:32 IST Thu Oct 25 2018

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

hostname DSW1

boot-start-marker

boot-end-marker

no aaa new-model

clock timezone IST 5 30

ip cef

ipv6 unicast-routing

ipv6 cef

spanning-tree mode rapid-pvst

spanning-tree extend system-id

vlan access-map test1 10

match ip address 10

action drop

vlan access-map test1 20

match ip address 20

action drop

vlan access-map test1 30

match ip address 30

action forward

vlan access-map test1 40

action forward

vlan internal allocation policy ascending

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

interface Port-channel4

switchport trunk encapsulation dot1q

switchport mode trunk

interface Port-channel12

no switchport

ip address 10.2.4.13 255.255.255.252

ipv6 address 2026::3:1/122

ipv6 rip RIP_ZONE enable

interface Ethernet0/0

no switchport

ip address 10.1.4.6 255.255.255.252

duplex auto

ipv6 address 2026::2:2/122

ipv6 rip RIP_ZONE enable

interface Ethernet0/1

no switchport

no ip address

duplex auto

channel-group 12 mode on

interface Ethernet0/2

no switchport

no ip address

duplex auto

channel-group 12 mode on

interface Ethernet0/3

interface Ethernet1/0

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 4 mode active

interface Ethernet1/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 4 mode active

interface Ethernet1/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode active

interface Ethernet1/3

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode active

interface Vlan10

ip address 10.2.1.1 255.255.255.0

ip helper-address 10.1.4.5

standby 1 ip 10.2.1.254

standby 1 priority 120

standby 1 preempt

interface Vlan20

ip address 10.2.2.2 255.255.255.0

interface Vlan200

ip address 192.168.1.129 255.255.255.224

router eigrp 10

network 10.1.4.4 0.0.0.3

network 10.2.1.0 0.0.0.255

network 10.2.4.12 0.0.0.3

network 192.168.1.128 0.0.0.31

passive-interface Vlan10

passive-interface Vlan20

passive-interface Vlan200

ip forward-protocol nd

no ip http server

no ip http secure-server

access-list 10 permit 10.2.1.3

access-list 20 permit 10.2.1.4

access-list 30 permit 10.2.1.0 0.0.0.255

ipv6 router rip RIP_ZONE

control-plane

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

privilege level 15

no login

end

DSW1#

Previous Lesson Next Lesson

Thrilok Thallapelly

Product Designer

★★★★★ 4.98

Profile

Class Sessions

1- Client is unable to ping R1’s serial interface from the client. 2- DSW1 is configured to be active but it does not become active. 3- Client 1 is able to ping 209.65.200.226 but can’t ping the Web Server 209.65.200.241 4- Client 1 & 2 are not able to ping the web server 209.65.200.241 5- Except for R1, no one else can ping the server. 6- Unable to ping DSW1 or the FTP Server 7- Client 1 is unable to ping Client 2 as well as DSW1 8- Client 1 & 2 can’t ping DSW1 or FTP Server 9- Client 1 & 2 can ping each other but they are unable to ping DSW1 or FTP Server 10- DSW1 can ping e0/1 of R4 but can’t ping s1/0.34 11- Client 1 is not able to ping the Webserver 12- DSW1 & R4 can’t ping R2′s loopback interface 13- DHCP Range Misconfiguration 14- Neighborship between R4 and DSW1 wasn’t establised 15- Loopback address on R1 is not able to ping the loopback address on DSW2 16- Loopback address on R1 (2026::111:1) is not able to ping the loopback address on DSW2 17- Problem with Switchport Encapsulation 18- Configurations