Final práctico CCNA4 año 2012

Fecha: 1 de Diciembre 2012

 

Escenario

 

Este escenario tenía una sola falla: el gateway estaba conectado al SW mediante Fa0/0 en lugar de Fa0/1, no existía

otra falla, esto fué para evaluar el procedimiento de resolución de problemas tipo "primero lo cerca, luego lo lejos",

o "capa 7 a capa 1" (método descendente) ó "capa 1 a capa 7" (método ascendente).

 

La mayoría de los alumnos, acostumbrados a resolver problemas de escenarios que no funcionan o escenarios complejos,

comenzaron por lo mas difícil (ACL, OSPF, PPP) ignorando el problema local de capa 1.

Tenían 10 minutos para lograrlo, el layout muestra la ACL del router sólo a modo distracción, ya que temía que el ejercicio

fuera demasiado fácil (y en absoluto, no lo fue).

La misma ACL tenía permitido navegar, pero bloqueado el ping, herramienta a la cual todos recurrimos inconsientemente.

 

Este escenario está disponible en ftp://ftp.vilarrasa.com.ar/ user/pass: ccna

 

 

 

Solución estimada:

 

Verificamos en SW arriba:

 

Switch#sh vtp status

VTP Version                     : 2

Configuration Revision          : 5

Maximum VLANs supported locally : 255

Number of existing VLANs        : 10

VTP Operating Mode              : Server

VTP Domain Name                 : CCNA4

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0xBD 0xEC 0x2D 0x49 0xC1 0x70 0x0A 0xD2

Configuration last modified by 0.0.0.0 at 3-1-93 00:02:33

Local updater ID is 0.0.0.0 (no valid interface found)

 

Switch#sh vlan

 

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Gig1/2

100  VLAN0100                         active   

200  VLAN0200                         active   

300  VLAN0300                         active   

400  VLAN0400                         active   

500  VLAN0500                         active

---resumido---

 

Verificamos en SW abajo:

 

Switch#sh vtp status

VTP Version                     : 2

Configuration Revision          : 5 (descartado VTP)

Maximum VLANs supported locally : 255

Number of existing VLANs        : 10

VTP Operating Mode              : Server

VTP Domain Name                 : CCNA4

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

VTP Traps Generation            : Disabled

MD5 digest                      : 0xBD 0xEC 0x2D 0x49 0xC1 0x70 0x0A 0xD2

Configuration last modified by 0.0.0.0 at 3-1-93 00:02:33

Local updater ID is 0.0.0.0 (no valid interface found)

 

Switch#sh vlan (descartado VLANs mal asignadas)

 

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12

                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16

                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20

                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Gig1/2

100  VLAN0100                         active   

200  VLAN0200                         active   

300  VLAN0300                         active   

400  VLAN0400                         active   

500  VLAN0500                         active   

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

 

Switch#

 

Rosario>sh ip int bri

Interface              IP-Address      OK? Method Status                Protocol

 

FastEthernet0/0        unassigned      YES unset  up                    up (...?)

 

FastEthernet0/1        192.168.0.1     YES manual up                    down (detalle)

 

Serial0/0/0            10.0.0.177      YES manual up                    up

 

Serial0/0/1            unassigned      YES unset  administratively down down

 

Vlan1                  unassigned      YES unset  administratively down down

Rosario>

 

PC>ipconfig

 

IP Address......................: 0.0.0.0

Subnet Mask.....................: 0.0.0.0

Default Gateway.................: 0.0.0.0

 

PC>ipconfig /renew

DHCP request failed.

 

PC>ipconfig (luego de configurada una IP manualmente)

 

IP Address......................: 192.168.0.10

Subnet Mask.....................: 255.255.255.0

Default Gateway.................: 192.168.0.1

 

PC>ping 192.168.0.1 (según el detalle de arriba, tenemos un problema de acceder al GW)

 

Pinging 192.168.0.1 with 32 bytes of data:

 

Request timed out.

Request timed out.

Request timed out.

Request timed out.

 

Ping statistics for 192.168.0.1:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

PC>

 

Conectamos Fa0/1

 

 

Rosario>sh ip int bri

Interface              IP-Address      OK? Method Status                Protocol

 

FastEthernet0/0        unassigned      YES unset  up                    up

 

FastEthernet0/1        192.168.0.1     YES manual up                    up

 

Serial0/0/0            10.0.0.177      YES manual up                    up

 

Serial0/0/1            unassigned      YES unset  administratively down down

 

Vlan1                  unassigned      YES unset  administratively down down

Rosario>

 

Rosario>sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  192.168.0.1             -   0000.0CB8.1202  ARPA   FastEthernet0/1

Internet  192.168.0.2             0   0001.C770.34A3  ARPA   FastEthernet0/1 (el PC)

Rosario>

 

PC>arp -a

  Internet Address      Physical Address      Type

  192.168.0.1           0000.0cb8.1202        dynamic

 

PC>

 

PC>ping 192.168.0.1 (verificamos, ahora con el problema resuelto)

 

Pinging 192.168.0.1 with 32 bytes of data:

 

Request timed out.

Request timed out.

Request timed out.

Request timed out.

 

Ping statistics for 192.168.0.1:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

PC>

 

Pero si verificamos navegar....

 

 

Rosario#sh runn (buscamos otro problema)

Building configuration...

 

Current configuration : 1771 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Rosario

!

!

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

!

!

!

!

!

!

username Cordoba password 0 Pa$$W0rDdePpPch4P

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

interface FastEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 192.168.0.1 255.255.255.0

 ip helper-address 10.0.0.178

 ip access-group 100 in

 duplex auto

 speed auto

!

Ctrl-C

 

Rosario#

Rosario(config)#int fa0/1

Rosario(config-if)#no ip access-group 100 in (la consigna era navegar)

Rosario(config-if)#^Z

Rosario#

%SYS-5-CONFIG_I: Configured from console by console

 

Rosario#

 

PC>ping 192.168.0.1

 

Pinging 192.168.0.1 with 32 bytes of data:

 

Reply from 192.168.0.1: bytes=32 time=94ms TTL=255

Reply from 192.168.0.1: bytes=32 time=63ms TTL=255

Reply from 192.168.0.1: bytes=32 time=63ms TTL=255

Reply from 192.168.0.1: bytes=32 time=62ms TTL=255

 

Ping statistics for 192.168.0.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 62ms, Maximum = 94ms, Average = 70ms

 

PC>

 

Análisis de la ACL:

 

Rosario#sh access-lists

Extended IP access list 100

    permit udp any any eq bootpc (para distracción)

    permit udp any any eq bootps (11 match(es))

    deny ospf host 224.0.0.5 any (para distracción)

    deny tcp 0.0.0.0 255.255.255.0 any eq www (para distracción)

    permit tcp any any eq www (6 match(es))

    permit tcp any any eq ftp (para distracción)

    permit tcp 192.168.0.0 0.0.0.255 any eq ftp (para distracción)

    permit udp any host 10.0.0.168 eq bootpc (para distracción)

    permit udp any host 10.0.0.168 eq bootps (para distracción)

    permit tcp 192.168.0.0 0.0.0.255 any eq smtp (para distracción)

    permit udp 192.168.0.0 0.0.0.255 any eq domain (para distracción)

    deny icmp any any (44 match(es)) (por eso fallaban los pings)

    permit icmp 192.168.0.0 0.0.0.255 any (para distracción)

    permit ip 192.168.1.0 0.0.0.255 any (para distracción)

    deny ip any any (12 match(es)) (para buenas practicas de ACL)

Rosario#

 

Análisis de enrutamiento:

 

Rosario#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route

 

Gateway of last resort is 10.0.0.178 to network 0.0.0.0

 

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C       10.0.0.176/30 is directly connected, Serial0/0/0

C       10.0.0.178/32 is directly connected, Serial0/0/0

C    192.168.0.0/24 is directly connected, FastEthernet0/1

O*E2 0.0.0.0/0 [110/1] via 10.0.0.178, 00:09:15, Serial0/0/0 (OSPF funciona, por lo tanto PPP también)

Rosario#

Rosario#sh ip ospf nei

 

Neighbor ID     Pri   State           Dead Time   Address         Interface

200.0.0.1         0   FULL/  -        00:00:34    10.0.0.178      Serial0/0/0

Rosario#

 

Análisis del PPP:

 

Rosario#sh int s0/0/0

Serial0/0/0 is up, line protocol is up (connected)

  Hardware is HD64570

  Description: Enlace WAN

  Internet address is 10.0.0.177/30

  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation PPP, loopback not set, keepalive set (10 sec)

  LCP Open

  Open: IPCP, CDPCP

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0 (size/max/drops); Total output drops: 0

  ---resumido---

 

Análisis del NAT/PAT:

 

Cordoba#sh ip nat translations

Pro  Inside global     Inside local       Outside local      Outside global

tcp 200.0.0.1:1025     192.168.0.3:1025   200.0.0.2:80       200.0.0.2:80 (OK)

 

Cordoba#

 

Análisis del server

 

SERVER>ipconfig

 

IP Address......................: 200.0.0.2

Subnet Mask.....................: 255.255.255.252

Default Gateway.................: 0.0.0.0 (no tiene gateway, pero como la dirección del

                                       escenario se "natea" a 200.0.0.1, no hace falta)

SERVER>

 

(2012) Networking wants kill your mind

Rosario, Argentina