Chapter 3 Lab A - Securing Administrative Access Using AAA and ...

More documents

Recommendations

Info

CCNPv6 TSHOOT*Mar 1 09:10:36.921: DHCPSNOOP(hlfm_set_if_input): Setting if_input to Po1 forpak. Was not set*Mar 1 09:10:36.921: DHCP_SNOOPING: received new DHCP packet from input interface (Port-channel1)*Mar 1 09:10:36.921: DHCP_SNOOPING: process new DHCP packet, message type: DHCPACK, input interface: Po1, MAC da: ffff.ffff.ffff, MAC sa: 0017.5a5b.b443, IP da: 255.255.255.255, IP sa: 10.1.10.252, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 10.1.10.1, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr:ALS1# 000b.db04.a5cd*Mar 1 09:10:36.921: DHCP_SNOOPING: binary dump of option 82, length: 20 data:0x52 0x12 0x1 0x6 0x0 0x4 0x0 0xA 0x1 0x12 0x2 0x8 0x0 0x6 0x0 0x1B 0xC 0x6D 0x8F 0x0*Mar 1 09:10:36.921: DHCP_SNOOPING: binary dump of extracted circuit id, length: 8 data:0x1 0x6 0x0 0x4 0x0 0xA 0x1 0x12*Mar 1 09:10:36.921: DHCP_SNOOPING: binary dump of extracted remote id, length:10 data:0x2 0x8 0x0 0x6 0x0 0x1B 0xC 0x6D 0x8F 0x0*Mar 1 09:10:36.921: DHCP_SNOOPING_SW: opt82 data indicates loALS1#cal packet*Mar 1 09:10:36.921: DHCP_SNOOPING_SW: opt82 data indicates local packet*Mar 1 09:10:36.921: DHCP_SNOOPING: remove relay information option.*Mar 1 09:10:36.921: DHCP_SNOOPING: direct forward dhcp reply to output port: FastEthernet0/18.ALS1#u allAll possible debugging has been turned offALS1#In the above example, the ip dhcp relay information trust-all command was issued on DLS1. TheDHCP DISCOVER message received on ALS1 interface Fa0/18 (from PC-B) and was forwarded to DLS1 tocomplete the DHCP exchange between PC-B and DLS1.DLS1#debug ip dhcp server packetDHCP server packet debugging is on.Dec 11 14:14:25.024: DHCPD: Reload workspace interface Vlan10 tableid 0.Dec 11 14:14:25.024: DHCPD: tableid for 10.1.10.252 on Vlan10 is 0Dec 11 14:14:25.024: DHCPD: client's VPN is .Dec 11 14:14:25.024: DHCPD: inconsistent relay information.Dec 11 14:14:25.024: DHCPD: relay information option exists, but giaddr is zeroIn the above example, with dhcp relay information from ALS1 and a GIADDR of 0.0.0.0, the relay information isinconsistent and DLS1 rejects the DHCP DISCOVER message from PC-B.DLS1#debug ip dhcp server packetDHCP server packet debugging is on.Dec 11 14:28:13.118: DHCPD: Reload workspace interface Vlan10 tableid 0.Dec 11 14:28:13.118: DHCPD: tableid for 10.1.10.252 on Vlan10 is 0Dec 11 14:28:13.118: DHCPD: client's VPN is .Dec 11 14:28:13.118: DHCPD: DHCPRELEASE message received from client 0100.0bdb.04a5.cd (10.1.10.1).Dec 11 14:28:15.542: DHCPD: Reload workspace interface Vlan10 tableid 0.Dec 11 14:28:15.542: DHCPD: tableid for 10.1.10.252 on Vlan10 is 0Dec 11 14:28:15.542: DHCPD: client's VPN is .Dec 11 14:28:15.542: DHCPD: using received relay info.Dec 11 14:28:15.542: DHCPD: DHCPDISCOVER received from client 0100.0bdb.04a5.cdon interface Vlan10.All contents are Copyright © 1992–2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 12 of 17
CCNPv6 TSHOOTDec 11 14:28:15.542: DHCPD: using received relay info.Dec 11 14:28:17.556: DHCPD: Sending DHCPOFFER to client 0100.0bdb.04a5.cd (10.1.10.1).Dec 11 14:28:17.556: DHCPD: Check for IPe on Vlan10Dec 11 14:28:17.556: DHCPD: creating ARP entry (10.1.10.1, 000b.db04.a5cd).Dec 11 14:28:17.556: DHCPD: unicasting BOOTREPLY to client 000b.db04.a5cd (10.1.10.1).Dec 11 14:28:17.556: DHCPD: Reload workspace interface Vlan10 tableid 0.Dec 11 14:28:17.556: DHCPD: tableid for 10.1.10.252 on Vlan10 is 0Dec 11 14:28:17.556: DHCPD: client's VPN is .Dec 11 14:28:17.556: DHCPD: DHCPREQUEST received from client 0100.0bdb.04a5.cd.Dec 11 14:28:17.556: DHCPD: Sending DHCPACK to client 0100.0bdb.04a5.cd (10.1.10.1).Dec 11 14:28:17.556: DHCPD: Check for IPe on Vlan10Dec 11 14:28:17.556: DHCPD: creating ARP entry (10.1.10.1, 000b.db04.a5cd).Dec 11 14:28:17.556: DHCPD: unicasting BOOTREPLY to client 000b.db04.a5cd (10.1.10.1).In the above example, with the ip dhcp relay information trust-all command issued on DLS1, theentire DHCP conversation between PC-B and the DLS1 server takes place, and PC-B is provided with an IPaddress.EIGRP Authentication-related CommandsDLS2#show ip eigrp neighborsEIGRP-IPv4:(1) neighbors for process 1H Address Interface Hold Uptime SRTT RTO Q Seq(sec) (ms) Cnt Num1 10.1.2.14 Fa0/5 13 00:20:59 1 200 0 290 10.1.200.252 Vl200 14 05:31:25 2 200 0 45In the above example, DLS2 has two EIGRP neighbors, R3 (10.1.2.14) via Fa0/5 and DLS1 (10.1.200.252) viaVLAN 200.DLS2#show ip eigrp interfacesEIGRP-IPv4:(1) interfaces for process 1Xmit Queue Mean Pacing Time Multicast PendingInterface Peers Un/Reliable SRTT Un/Reliable Flow Timer RoutesVl200 1 0/0 2 0/1 50 0Fa0/5 1 0/0 1 0/1 50 0In the above example, DLS2 has two interfaces participating in the EIGRP process, VLAN 200 and Fa0/5. Bothinterfaces have a peer attached.DLS2#show ip eigrp interfaces detailEIGRP-IPv4:(1) interfaces for process 1Xmit Queue Mean Pacing Time Multicast PendingInterface Peers Un/Reliable SRTT Un/Reliable Flow Timer RoutesVl200 1 0/0 1 0/1 50 0Hello interval is 5 secNext xmit serial Un/reliable mcasts: 0/18 Un/reliable ucasts: 22/9Mcast exceptions: 1 CR packets: 1 ACKs suppressed: 1All contents are Copyright © 1992–2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 13 of 17
Page 7 and 8: CCNPv6 TSHOOTDeviceActions and Resu
Page 9 and 10: CCNPv6 TSHOOTSample Troubleshooting
Page 15: CCNPv6 TSHOOTrouteia - IS-IS inter

Chapter 3 Lab A - Securing Administrative Access Using AAA and ...

Create successful ePaper yourself

Delete template?

Save as template?