Back to Dashboard
Module 57
Comprehensive Lab 2 - Troubleshooting
β Previous Module
Next Module β
# π CCNA 200-301 - Video 57: Comprehensive Lab 2 - Troubleshooting ## Deep Study Notes --- ## π Learning Objectives By the end of this lab, you should be able to: - Identify and resolve common network issues - Troubleshoot physical layer problems - Troubleshoot VLAN and trunk issues - Troubleshoot STP problems - Troubleshoot routing issues - Troubleshoot NAT and DHCP problems - Troubleshoot ACL and security issues - Use systematic troubleshooting methodology --- ## π§ Lab Topology (Same as Video 56 with Issues) ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β NETWORK WITH PRE-CONFIGURED ISSUES β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β Internet β β β β β β β β ββββββββββΌβββββββββ β β β ISP Router β β β β 203.0.113.2 β β β ββββββββββ¬βββββββββ β β β β β β 203.0.113.0/30 β β β β β ββββββββββΌβββββββββ β β β Edge Router β ISSUES: β β β β β’ Missing default route β β β β β’ NAT misconfigured β β ββββββββββ¬βββββββββ β’ OSPF not advertising β β β β β βββββββββββ΄ββββββββββ β β β β β β ββββββββββΌβββββββββ ββββββββββΌβββββββββ β β β Core Switch 1 β β Core Switch 2 β ISSUES: β β β β β β β’ VLANs missing β β β β β β β’ Trunk not allowed β β ββββββββββ¬βββββββββ ββββββββββ¬βββββββββ β’ IP helper missing β β β β β β βββββββββββββββββββββββββΌββββββββββββββββββββΌββββββββββββββββββββββββ β β β β β β β β ββββββββββΌβββββββββ βββββββββββΌββββββββββ βββββββββΌββββββββββ βββββββββββΌββββββββββ β β Distribution β β Distribution β β Distribution β β Distribution ββ β β Switch (Dist1) β β Switch (Dist2) β β Switch (Dist3) β β Switch (Dist4) ββ β β β β β β β β ββ β β ISSUES: β β ISSUES: β β ISSUES: β β ISSUES: ββ β β β’ Trunk down β β β’ Native VLAN β β β’ STP root β β β’ Port security ββ β β β’ VLAN mismatch β β mismatch β β incorrect β β violation ββ β ββββββββββ¬βββββββββ βββββββββββ¬ββββββββββ βββββββββ¬ββββββββββ βββββββββββ¬ββββββββββ β β β β β β β ββββββββββΌβββββββββ βββββββββββΌββββββββββ βββββββββΌββββββββββ βββββββββββΌββββββββββ β β Access Switch β β Access Switch β β Access Switch β β Access Switch ββ β β (Access1) β β (Access2) β β (Access3) β β (Access4) ββ β β β β β β β β ββ β β ISSUES: β β ISSUES: β β ISSUES: β β ISSUES: ββ β β β’ Port security β β β’ DHCP not β β β’ VLAN not β β β’ Wrong VLAN ββ β β violation β β working β β created β β assigned ββ β βββββββββββββββββββ βββββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββββ β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ## π§ Troubleshooting Scenarios ### Scenario 1: Physical Layer Issues (Interface Down) **Symptom:** Users on Access Switch 1 cannot connect to the network. **Initial Investigation:** ```cisco ! Check interface status on Access Switch 1 Access1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset down down GigabitEthernet0/1 unassigned YES unset down down FastEthernet0/1 unassigned YES unset down down ! Problem: Multiple interfaces are down/down ``` **Troubleshooting Steps:** ```cisco ! Step 1: Check physical connections Access1# show interfaces gigabitEthernet 0/0 GigabitEthernet0/0 is down, line protocol is down (notconnect) Hardware is Gigabit Ethernet, address is 001a.2b3c.4d5e (bia 001a.2b3c.4d5e) MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out ! Step 2: Check CDP neighbors Access1# show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID Dist-Switch1 Gig 0/0 0 S WS-C3560 Gig 0/1 ! Holdtime 0 indicates neighbor lost ! Step 3: Check if interface is administratively down Access1# show running-config interface gigabitEthernet 0/0 Building configuration... Current configuration : 62 bytes ! interface GigabitEthernet0/0 shutdown ! Problem found: Interface is shut down ! Step 4: Enable interface Access1(config)# interface gigabitEthernet 0/0 Access1(config-if)# no shutdown ! Step 5: Verify interface is now up Access1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset up up ``` **Root Cause:** Interface was administratively shut down. **Solution:** `no shutdown` on the interface. --- ### Scenario 2: VLAN Mismatch **Symptom:** PC on Access Switch 1 cannot ping PC on Access Switch 2, but both can ping their default gateways. **Initial Investigation:** ```cisco ! Check VLAN assignment on Access Switch 1 Access1# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 10 Engineering active Gi0/0 ! Port Fa0/1 is in VLAN 1, should be in VLAN 10 ! Check interface configuration Access1# show interfaces fastEthernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) ! Port is in VLAN 1, not VLAN 10 ! Check correct VLAN configuration on working port Access1# show interfaces fastEthernet 0/2 switchport Access Mode VLAN: 10 (Engineering) ``` **Root Cause:** Port Fa0/1 was in VLAN 1 instead of VLAN 10. **Solution:** ```cisco Access1(config)# interface fastEthernet 0/1 Access1(config-if)# switchport mode access Access1(config-if)# switchport access vlan 10 ``` --- ### Scenario 3: Trunk Not Forming **Symptom:** Distribution Switch 1 cannot communicate with Core Switch 1. **Initial Investigation:** ```cisco ! Check trunk status on Dist-Switch1 Dist1# show interfaces trunk Port Mode Encapsulation Status Native vlan ! No output - trunk not established ! Check interface status Dist1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset up down ! Interface up, protocol down - Layer 2 issue ! Check interface configuration Dist1# show running-config interface gigabitEthernet 0/0 Building configuration... Current configuration : 85 bytes ! interface GigabitEthernet0/0 switchport mode access switchport access vlan 10 ! Problem: Port is configured as access port, not trunk ! Check correct configuration on other switch Core1# show running-config interface gigabitEthernet 0/1 interface GigabitEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,20,100 ! Core side is trunk, Distribution side is access - mismatch ``` **Root Cause:** Interface was configured as access port instead of trunk. **Solution:** ```cisco Dist1(config)# interface gigabitEthernet 0/0 Dist1(config-if)# switchport mode trunk Dist1(config-if)# switchport trunk allowed vlan 10,20,100 ``` --- ### Scenario 4: Native VLAN Mismatch **Symptom:** CDP errors on Distribution Switch 2 and intermittent connectivity. **Initial Investigation:** ```cisco ! Check CDP logs on Dist-Switch2 Dist2# show logging *Mar 1 00:01:23.456: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/0 (100), with Core-Switch1 GigabitEthernet0/2 (1). ! CDP error indicates native VLAN mismatch ! Check trunk configuration on Dist2 Dist2# show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/0 on 802.1q trunking 100 ! Check trunk configuration on Core1 Core1# show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/2 on 802.1q trunking 1 ! Native VLAN mismatch: Dist2 native=100, Core1 native=1 ``` **Root Cause:** Native VLAN mismatch on trunk link. **Solution:** ```cisco ! Option 1: Match native VLAN on both sides (recommended to change to unused VLAN) Core1(config)# interface gigabitEthernet 0/2 Core1(config-if)# switchport trunk native vlan 100 ! Option 2: Change Dist2 to match Core1 (VLAN 1) Dist2(config)# interface gigabitEthernet 0/0 Dist2(config-if)# switchport trunk native vlan 1 ``` --- ### Scenario 5: STP Root Bridge Incorrect **Symptom:** Suboptimal traffic path; some VLANs have higher latency. **Initial Investigation:** ```cisco ! Check STP root bridge Dist3# show spanning-tree root Root Hello Max Fwd Vlan Root ID Cost Time Age Dly Root Port --------------------- ----------------- ------ ----- --- --- --------------- VLAN0030 32768 001a.2b3c.4d5e 19 2 20 15 Gi0/0 ! Root ID shows Core-Switch1 (001a.2b3c.4d5e) should be Core-Switch2 for VLAN 30 ! Check STP configuration on Core switches Core1# show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol ieee Root ID Priority 32768 Address 001a.2b3c.4d5e This bridge is the root ! Core1 is root for VLAN 30, but should be Core2 Core2# show spanning-tree vlan 30 VLAN0030 Spanning tree enabled protocol ieee Root ID Priority 32768 Address 001a.2b3c.4d5e Cost 19 Port 1 (GigabitEthernet0/1) ! Core2 is not root for its own VLANs ! Check priority configuration Core1# show running-config | include spanning-tree vlan 30 spanning-tree vlan 30 priority 32768 ! Default priority, no root configuration Core2# show running-config | include spanning-tree vlan 30 ! No configuration ``` **Root Cause:** Core Switch 2 not configured as root for VLANs 30 and 40. **Solution:** ```cisco ! Configure Core2 as primary root for VLANs 30 and 40 Core2(config)# spanning-tree vlan 30 root primary Core2(config)# spanning-tree vlan 40 root primary ! Configure Core1 as secondary root for these VLANs Core1(config)# spanning-tree vlan 30 root secondary Core1(config)# spanning-tree vlan 40 root secondary ``` --- ### Scenario 6: Port Security Violation **Symptom:** PC on Access Switch 4 cannot connect; port shows errdisable. **Initial Investigation:** ```cisco ! Check interface status Access4# show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES unset errdisable down ! Port is in errdisable state ! Check port security status Access4# show port-security interface fastEthernet 0/1 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Maximum MAC Addresses : 1 Total MAC Addresses : 2 Configured MAC Addresses : 0 Sticky MAC Addresses : 2 Last Source Address:Vlan : aaaa.bbbb.cccc:30 Security Violation Count : 1 ! 2 MAC addresses detected, but maximum is 1 ! Check security violation cause Access4# show interfaces status | include errdisable Fa0/1 err-disable auto auto 10/100BaseTX ! Port is errdisabled due to security violation ``` **Root Cause:** Port security violation - multiple devices connected to a port configured for single MAC. **Solution:** ```cisco ! Option 1: Clear errdisable and increase maximum MACs Access4(config)# errdisable recovery cause psecure-violation Access4(config)# errdisable recovery interval 300 Access4(config)# interface fastEthernet 0/1 Access4(config-if)# switchport port-security maximum 2 ! Option 2: Clear errdisable manually Access4(config)# interface fastEthernet 0/1 Access4(config-if)# shutdown Access4(config-if)# no shutdown ! Verify Access4# show interfaces fastEthernet 0/1 FastEthernet0/1 is up, line protocol is up (connected) ``` --- ### Scenario 7: DHCP Issues **Symptom:** PCs on Access Switch 2 are getting APIPA addresses (169.254.x.x). **Initial Investigation:** ```cisco ! Check DHCP server connectivity Access2# ping 10.0.100.50 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms ! DHCP server is reachable ! Check IP helper configuration on Core Switch Core1# show running-config interface vlan 20 interface Vlan20 ip address 10.0.20.1 255.255.255.0 ! Missing ip helper-address command ! Check correct configuration on working VLAN Core1# show running-config interface vlan 10 interface Vlan10 ip address 10.0.10.1 255.255.255.0 ip helper-address 10.0.100.50 ! VLAN 10 has helper, VLAN 20 does not ! Check DHCP pool on server DHCP-Server# show ip dhcp pool Pool SALES : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 254 Leased addresses : 0 Pending event : none 1 subnet is currently in the pool : Current index IP address range Leased addresses 10.0.20.100 10.0.20.1 - 10.0.20.254 0 ! DHCP pool exists but no leases ! Check DHCP bindings DHCP-Server# show ip dhcp binding ! No output - no leases ``` **Root Cause:** Missing `ip helper-address` on VLAN 20 SVI. **Solution:** ```cisco Core1(config)# interface vlan 20 Core1(config-if)# ip helper-address 10.0.100.50 ``` --- ### Scenario 8: VLAN Not Created **Symptom:** PCs on Access Switch 3 cannot connect; show vlan shows no VLAN 30. **Initial Investigation:** ```cisco ! Check VLAN configuration on Access3 Access3# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 ! VLAN 30 is missing ! Check trunk allowed VLANs on uplink Access3# show interfaces trunk Port Mode Encapsulation Status Native vlan Gi0/0 on 802.1q trunking 1 Port Vlans allowed on trunk Gi0/0 1-4094 ! Check if VLAN exists on Distribution switch Dist3# show vlan brief | include 30 30 IT active Gi0/0, Gi0/1 ! VLAN exists on Distribution, but not on Access ! Check VTP status Access3# show vtp status VTP Operating Mode : Client Configuration Revision : 0 ! Client mode but not receiving VLANs - possible VTP issue ``` **Root Cause:** VLAN 30 not created on Access Switch (VTP not propagating). **Solution:** ```cisco ! Option 1: Create VLAN manually Access3(config)# vlan 30 Access3(config-vlan)# name IT Access3(config-vlan)# exit ! Option 2: Fix VTP if used Access3(config)# vtp domain LAB Access3(config)# vtp password Cisco123 ``` --- ### Scenario 9: Routing Issues (OSPF) **Symptom:** Edge Router cannot ping Core Switch 2's management IP (10.0.100.3). **Initial Investigation:** ```cisco ! Check OSPF neighbors on Edge Router Edge# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/DR 00:00:35 10.0.100.2 GigabitEthernet0/1 ! Core1 neighbor present, Core2 missing ! Check OSPF on Core2 Core2# show ip ospf neighbor ! No output - no OSPF neighbors ! Check OSPF configuration on Core2 Core2# show running-config | section router ospf router ospf 1 router-id 3.3.3.3 network 10.0.0.0 0.0.255.255 area 0 ! OSPF is configured, but not advertising ! Check if OSPF is enabled on interface Core2# show ip ospf interface gigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up Internet Address 10.0.100.3/24, Area 0 Process ID 1, Router ID 3.3.3.3, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 3.3.3.3, Interface address 10.0.100.3 No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:03 Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) ! OSPF is running but no neighbors - possible passive interface ! Check for passive interface configuration Core2# show running-config | include passive passive-interface default ! All interfaces are passive - OSPF not sending hellos ! Check if any interfaces are not passive Core2# show running-config | include no passive ! No interfaces are exempted ``` **Root Cause:** OSPF passive-interface default is configured, preventing OSPF from sending hellos. **Solution:** ```cisco Core2(config)# router ospf 1 Core2(config-router)# no passive-interface gigabitEthernet 0/0 ``` --- ### Scenario 10: NAT Issues **Symptom:** Internal users cannot access internet; can ping gateway but not 8.8.8.8. **Initial Investigation:** ```cisco ! Check NAT translations on Edge Router Edge# show ip nat translations ! No output - no translations ! Check NAT configuration Edge# show running-config | include nat ip nat inside source list 10 interface GigabitEthernet0/0 overload ! NAT configured but not working ! Check access list for NAT Edge# show access-lists 10 Standard IP access list 10 10 permit 192.168.0.0 0.0.255.255 ! ACL is using wrong network - 192.168.x.x, but internal network is 10.0.x.x ! Check interfaces for NAT Edge# show running-config interface gigabitEthernet 0/0 interface GigabitEthernet0/0 ip address 203.0.113.1 255.255.255.252 ip nat outside ! Outside interface correct Edge# show running-config interface gigabitEthernet 0/1 interface GigabitEthernet0/1 ip address 10.0.100.1 255.255.255.0 ip nat inside ! Inside interface correct ! Check ACL is matching correct network Edge# show access-lists 10 Standard IP access list 10 10 permit 10.0.0.0 0.0.255.255 ! Need to update ACL ``` **Root Cause:** ACL for NAT is using wrong network (192.168.x.x instead of 10.0.x.x). **Solution:** ```cisco Edge(config)# access-list 10 permit 10.0.0.0 0.0.255.255 Edge(config)# no access-list 10 Edge(config)# access-list 10 permit 10.0.0.0 0.0.255.255 ``` --- ### Scenario 11: ACL Blocking Traffic **Symptom:** Engineering users can access internet but cannot access IT servers (10.0.30.0/24). **Initial Investigation:** ```cisco ! Check ACL on Engineering VLAN Core1# show running-config interface vlan 10 interface Vlan10 ip address 10.0.10.1 255.255.255.0 ip access-group 110 in ip helper-address 10.0.100.50 ! Check ACL 110 Core1# show access-lists 110 Extended IP access list 110 10 permit ip 10.0.10.0 0.0.0.255 10.0.30.0 0.0.0.255 20 deny ip any any ! ACL allows Engineering to IT - should work ! Test connectivity from Engineering PC PC> ping 10.0.30.10 Pinging 10.0.30.10 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. ! Check ACL hits Core1# show access-lists 110 Extended IP access list 110 10 permit ip 10.0.10.0 0.0.0.255 10.0.30.0 0.0.0.255 (5 matches) 20 deny ip any any (5 matches) ! Packets are being denied (matches on deny) ! Check ACL direction - traffic from Engineering to IT ! Engineering PC (10.0.10.10) to IT Server (10.0.30.10) ! Packet enters VLAN 10 interface from PC ! ACL applied inbound on VLAN 10 - should match ! Check if return traffic is blocked ! Check ACL on IT VLAN Core2# show running-config interface vlan 30 interface Vlan30 ip address 10.0.30.1 255.255.255.0 ip access-group 120 in ! ACL 120 on IT VLAN might be blocking return traffic Core2# show access-lists 120 Extended IP access list 120 10 permit ip 10.0.30.0 0.0.0.255 10.0.10.0 0.0.0.255 20 deny ip any any ! ACL 120 allows IT to Engineering - should allow return ! Check if ACL is applied on correct interface Core2# show ip interface vlan 30 Vlan30 is up, line protocol is up Internet address is 10.0.30.1/24 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is 10.0.100.50 Directed broadcast forwarding is disabled Outgoing access list is not set Inbound access list is 120 ! ACL is applied inbound ! Check if ACL is blocking correctly - trace packet path ! Engineering PC (10.0.10.10) to IT Server (10.0.30.10) ! Packet: Src=10.0.10.10, Dst=10.0.30.10 ! On Core1 Vlan10 inbound: matches permit (10.0.10.0 to 10.0.30.0) ! On Core2 Vlan30 inbound: Src=10.0.10.10, Dst=10.0.30.10 ! Does it match permit? Permit is for 10.0.30.0 to 10.0.10.0 - NOT match ! Result: Packet is denied by ACL 120 on Vlan30 inbound! ! The issue is that ACL 120 is for traffic coming from 10.0.30.0 to 10.0.10.0 ! Traffic from 10.0.10.0 to 10.0.30.0 does not match, so it's denied ``` **Root Cause:** ACL on destination VLAN is blocking traffic because it's configured for the wrong direction. **Solution:** ```cisco ! Fix ACL on IT VLAN to allow traffic from Engineering Core2(config)# interface vlan 30 Core2(config-if)# no ip access-group 120 in Core2(config-if)# exit Core2(config)# no access-list 120 Core2(config)# access-list 120 permit ip 10.0.10.0 0.0.0.255 10.0.30.0 0.0.0.255 Core2(config)# access-list 120 permit ip 10.0.30.0 0.0.0.255 10.0.10.0 0.0.0.255 Core2(config)# interface vlan 30 Core2(config-if)# ip access-group 120 in ``` --- ### Scenario 12: Wrong VLAN Assignment **Symptom:** PC on Access Switch 4 is in wrong VLAN; cannot access correct resources. **Initial Investigation:** ```cisco ! Check PC connectivity PC> show ip IP Address: 10.0.40.100 Subnet Mask: 255.255.255.0 Default Gateway: 10.0.40.1 ! PC has IP in VLAN 40 range ! Check port VLAN assignment Access4# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 40 HR active Fa0/5, Fa0/6, Fa0/7, Fa0/8 ! PC is on port Fa0/1, which is in VLAN 1 ! Check port configuration Access4# show running-config interface fastEthernet 0/1 interface FastEthernet0/1 switchport mode access switchport access vlan 1 ! Port is in VLAN 1, should be in VLAN 40 ``` **Root Cause:** Port was not assigned to correct VLAN. **Solution:** ```cisco Access4(config)# interface fastEthernet 0/1 Access4(config-if)# switchport access vlan 40 ``` --- ## π Troubleshooting Summary ``` βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β TROUBLESHOOTING SUMMARY β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β β β ISSUE TYPE | COMMON CAUSES | VERIFICATION β β --------------------|----------------------------|-----------------------β β Physical Layer | Cable unplugged, | show ip interface br β β | Interface shutdown | show interfaces β β | | show cdp neighbors β β --------------------|----------------------------|-----------------------β β VLAN Issues | Wrong VLAN assignment, | show vlan brief β β | VLAN not created | show interfaces switchβ β | | β β --------------------|----------------------------|-----------------------β β Trunk Issues | Trunk not configured, | show interfaces trunk β β | Native VLAN mismatch, | show interfaces switchβ β | Allowed VLANs mismatch | show cdp neighbors β β --------------------|----------------------------|-----------------------β β STP Issues | Wrong root bridge, | show spanning-tree β β | Blocked port incorrect | show spanning-tree rootβ β --------------------|----------------------------|-----------------------β β Port Security | MAC address violation, | show port-security β β | Errdisable state | show interfaces statusβ β --------------------|----------------------------|-----------------------β β DHCP Issues | Missing IP helper, | show ip dhcp binding β β | DHCP server down | show ip dhcp conflict β β | | show ip route β β --------------------|----------------------------|-----------------------β β Routing Issues | Missing routes, | show ip route β β | OSPF neighbor issues | show ip ospf neighbor β β | Passive interfaces | show ip protocols β β --------------------|----------------------------|-----------------------β β NAT Issues | Wrong ACL, | show ip nat translationsβ β | Inside/outside misconfig | show access-lists β β | | show running-config β β --------------------|----------------------------|-----------------------β β ACL Issues | Wrong direction, | show access-lists β β | Wrong order, | show ip interface β β | Implicit deny | debug ip packet β β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ ``` --- ## π§ͺ Practice Questions **1. What does a "up/down" interface status indicate?** - A) Interface working normally - B) Physical layer up, data link layer down - C) Interface administratively down - D) Physical layer down <details> <summary>Answer</summary> <b>B) Physical layer up, data link layer down</b> - Layer 1 is good, Layer 2 has issues. </details> **2. What CDP message indicates native VLAN mismatch?** - A) %CDP-4-DUPLEX_MISMATCH - B) %CDP-4-NATIVE_VLAN_MISMATCH - C) %CDP-4-SPEED_MISMATCH - D) %CDP-4-NEIGHBOR_MISMATCH <details> <summary>Answer</summary> <b>B) %CDP-4-NATIVE_VLAN_MISMATCH</b> - CDP reports native VLAN mismatches. </details> **3. What is the most common cause of port security errdisable?** - A) Wrong VLAN assignment - B) MAC address violation - C) Duplex mismatch - D) STP loop <details> <summary>Answer</summary> <b>B) MAC address violation</b> - Too many MAC addresses on a secured port. </details> **4. What command verifies DHCP helper configuration?** - A) `show ip helper` - B) `show running-config interface` - C) `show dhcp` - D) `show ip dhcp relay` <details> <summary>Answer</summary> <b>B) `show running-config interface`</b> - Shows `ip helper-address` configuration. </details> **5. What does an APIPA address (169.254.x.x) indicate?** - A) Static IP configuration - B) DHCP failure - C) DNS failure - D) Routing issue <details> <summary>Answer</summary> <b>B) DHCP failure</b> - Windows assigns APIPA when DHCP fails. </details> --- ## π Next Steps After completing Video 57, you should be ready for: - **Video 58:** Final Exam Preparation **Lab Practice:** 1. Reproduce each scenario in Packet Tracer 2. Practice systematic troubleshooting approach 3. Document findings and solutions 4. Create troubleshooting checklist --- **Ready for Video 58?** Share the link or say "next" and I'll continue with Final Exam Preparation. I'll continue with **Video 58: Final Exam Preparation** based on the standard CCNA 200-301 curriculum. ---