23.1.4 Lab – Troubleshoot IP SLA and Netflow Answers

• Recommend

Lab -Troubleshoot IP SLA and Netflow (Answers Version)

Answers Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Objectives

Troubleshoot network issues related to the configuration and operation of IP SLAs and Netflow.

Background / Scenario

In this topology, R1 and R3 are boundary routers for BGP AS 138. They are both connected to R2. R2 is a boundary router for BGP AS 77. R1 and R3 are adjacent with D1 and D2 via OSPFv3 Address Families for both IPv4 and IPv6. R1 and R3 are both providing default routes to the OSPF network. The default routes are configured to be OSPF External Type 1 routes. Switches D1 and D2 are performing inter-VLAN routing for VLANs 3, 8, and 13. Switches D1 and D2 are providing gateway redundancy using HSRP version 2. The virtual router for each VLAN uses the host address .254. Switches D1 and D2 are also providing DHCP services for IPv4 clients. IPv6 clients use SLAAC. You will be loading configurations with intentional errors onto the network. Your tasks are to FIND the error(s), document your findings and the command(s) or method(s) used to fix them, FIX the issue(s) presented here and then test the network to ensure both of the following conditions are met:

1)      the complaint received in the ticket is resolved

2)      full reachability is restored

Note: The routers used with CCNP hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst 3650 with Cisco IOS XE Release 16.9.4 (universalk9 image) and Cisco Catalyst 2960 with Cisco IOS Release 15.2(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary Table at the end of the lab for the correct interface identifiers.

Note: Make sure that the devices have been erased and have no startup configurations. If you are unsure, contact your instructor.

Note: The default Switch Database Manager (SDM) template on a Catalyst 2960 does not support IPv6. You must change the default SDM template to the dual-ipv4-and-ipv6 default template using the sdm prefer dual-ipv4-and-ipv6 default global configuration command. Changing the template will require a reboot.

Answers Note: Refer to the Answers Lab Manual for the procedures to initialize and reload devices.

Required Resources

• 3 Routers (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 2 Switches (Cisco 3560 with Cisco IOS XE Release 16.9.4 universal image or comparable)
• 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
• 3 PCs (Choice of operating system with terminal emulation program and a packet capturing utility installed)
• Console cables to configure the Cisco IOS devices via the console ports
• Ethernet cables as shown in the topology

Instructions

Part 1:  Trouble Ticket 23.1.4.1

Scenario:

You tasked the junior network administrators working over the weekend to deploy and test IP SLAs on switches D1 and D2 so that they would relinquish the HSRP Active Role if an upstream interface were to go down. The reports you receive on Monday morning state that the SLAs are in place, but HSRP is not behaving as expected. They need your expertise to figure out what is wrong.

Use the commands listed below to load the configuration files for this trouble ticket:

Answers Note: Commands for uploading the configuration are provided at the end of this document.

• PC1 must have the addresses shown in the topology diagram statically assigned. PC2 and PC3 will receive their addresses dynamically.
• Passwords on all devices are cisco12345. If a username is required, use admin.
• When you have fixed the ticket, change the MOTD on EACH DEVICE using the following command:

banner motd # This is $(hostname) FIXED from ticket <ticket number> #

• Save the configuration by issuing the wri command (on each device).
• Inform your instructor that you are ready for the next ticket.
• After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices.

Answers Notes:

This trouble ticket contains 1 intentional error repeated for the IPv4 SLA and the IPv6 SLA. This one error is repeated on D1 and D2. The junior administrator concentrated so much on building and assigning the tracking mechanism, he forgot to actually start the SLAs.

The commands used to fix these errors should be:

D1(config)# ip sla schedule 14 life forever start-time now

D1(config)# ip sla schedule 16 life forever start-time now

 

D2(config)# ip sla schedule 14 life forever start-time now

D2(config)# ip sla schedule 16 life forever start-time now

Part 2:  Trouble Ticket 23.1.4.2

Note: This ticket only works on 4000-series routers. If the routers in use are ISR G2 series (29/39xx series), use trouble ticket 23.1.4.3 instead.

Scenario:

Management is asking for detailed information on traffic flowing in and out of the network. They want this information to help shape updates to the organizational security policy, as well as get an idea about bandwidth utilization. Your intention is to configure Flexible Netflow to gather information on traffic entering and exiting the OSPF interfaces on R1 and R3. After a lot of work sorting out how to configure the technology, you thought you had it configured, but the collector at PC1 is still not receiving any data.

Use the commands listed below to load the configuration files for this trouble ticket:

Answers Note: Commands for uploading the configuration are provided at the end of this document

• PC1 must have the addresses shown in the topology diagram statically assigned. PC2 and PC3 will receive their addresses dynamically.
• Passwords on all devices are cisco12345. If a username is required, use admin.
• When you have fixed the ticket, change the MOTD on EACH DEVICE using the following command:

banner motd # This is $(hostname) FIXED from ticket <ticket number> #

• Save the configuration by issuing the wri command (on each device).
• Inform your instructor that you are ready for the next ticket.
• After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices.

Answers Notes:

This trouble ticket contains 1 intentional error repeated on R1 and R3. The administrator concentrated so much on crafting the capture information so that it contained useful statistics, he forgot to configure the interface to actually collect the data.

The commands used to fix this error should be:

R1(config)# interface g0/0/1

R1(config-if)# ip flow monitor 2314-INBOUND-MON input

R1(config-if)# ip flow monitor 2314-OUTBOUND-MON output

R1(config-if)# end

 

R3(config)# interface g0/0/1

R3(config-if)# ip flow monitor 2314-INBOUND-MON input

R3(config-if)# ip flow monitor 2314-OUTBOUND-MON output

R3(config-if)# end

To prove the fix, run Wireshark on PC1 and set the filter to udp.dstport == 9999. Packets from 172.16.0.1 and 172.16.1.1 will be displayed.

Part 3:  Trouble Ticket 23.1.4.3

Note: This ticket only works on ISR G2 series (29/39xx series) routers. If the routers in use are from the 4000-series, use trouble ticket 23.1.4.2 instead.

Scenario:

Management is asking for detailed information on traffic flowing out of the network. They want this information to help shape updates to the organizational security policy, as well as get an idea about bandwidth utilization. Your job is to configure Netflow to gather information on traffic entering and exiting the OSPF interfaces on R1 and R3. This is a new technology for you, but you think you have worked out how to configure it, unfortunately the collector at PC1 is still not receiving any data.

Use the commands listed below to load the configuration files for this trouble ticket:

Answers Note: Commands for uploading the configuration are provided at the end of this document.

• PC1 must have the addresses shown in the topology diagram statically assigned. PC2 and PC3 will receive their addresses dynamically.
• Passwords on all devices are cisco12345. If a username is required, use admin.
• When you have fixed the ticket, change the MOTD on EACH DEVICE using the following command:

banner motd # This is $(hostname) FIXED from ticket <ticket number> #

• Then save the configuration by issuing the wri command (on each device).
• Inform your instructor that you are ready for the next ticket.
• After the instructor approves your solution for this ticket, issue the reset.now privileged EXEC command. This script will clear your configurations and reload the devices.

Answers Notes:

This trouble ticket contains 1 intentional error repeated on R1 and R3. The administrator concentrated so much on crafting the capture information so that it contained useful statistics, he forgot to configure the interface to actually collect the data.

The commands used to fix this error should be:

R1(config)# interface g0/1

R1(config-if)# ip flow ingress

R1(config-if)# ip flow egress

R1(config-if)# end

 

R3(config)# interface g0/1

R3(config-if)# ip flow ingress

R3(config-if)# ip flow egress

R3(config-if)# end

To prove the fix, run Wireshark on PC1 and set the filter to udp.dstport == 9999. Packets from 172.16.0.1 and 172.16.1.1 will be displayed.

Router Interface Summary Table

Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces the router has. There is no way to effectively list all the combinations of configurations for each router class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the interface.

End of document

Uploading Configuration Files

Use the commands below to create the configuration files on the lab devices for each trouble ticket in this lab. The TCL script commands help create and copy the configurations. However, the configuration commands could also be copied and pasted directly into global config mode on each device. Simply remove the TCL script commands, enter the enable and configure t commands on the device, and copy and paste the configuration commands.

Important: The device requires a folder in flash named enarsi. Use the dir command to verify. If the folder is missing, then create it using the mkdir flash:/enarsi privileged EXEC command. For all switches, make sure the vlan.dat file is set to the default. Use the delete vlan.dat privileged EXEC command, if necessary.

Reset scripts

These TCL scripts will completely clear and reload the device in preparation for the next ticket. Copy and paste the appropriate script to the appropriate device.

Router Reset Script

tclsh

puts [ open “flash:/enarsi/reset.tcl” w+ ] {

typeahead “\n”

copy running-config startup-config

typeahead “\n”

erase startup-config

puts “Reloading the router”

typeahead “\n”

reload

}

tclquit

D1/D2 (Cisco 3650) Reset Script – The default 3650 SDM template supports IPv6, so it is not set by this script.

tclsh

puts [ open “flash:/enarsi/reset.tcl” w+ ] {

typeahead “\n”

copy running-config startup-config

typeahead “\n”

erase startup-config

delete /force vlan.dat

puts “Reloading the switch”

typeahead “\n”

reload

}

tclquit

A1 (Cisco 2960 Script) – The default 2960 SDM template does not support IPv6, so this script includes that setting.

tclsh

puts [ open “flash:/enarsi/reset.tcl” w+ ] {

typeahead “\n”

copy running-config startup-config

typeahead “\n”

erase startup-config

delete /force vlan.dat

delete /force multiple-fs

ios_config “sdm prefer lanbase-routing”

typeahead “\n”

puts “Reloading the switch in 1 minute, type reload cancel to halt”

typeahead “\n”

reload

}

tclquit

R1 Configuration File Scripts

! R1 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/23.1.4.1-r1-config.txt” w+ ] {

hostname R1

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R1, Trouble Ticket 23.1.4.1 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface g0/0/0

 ip address 209.165.200.1 255.255.255.0

 ipv6 address fe80::1:1 link-local

 ipv6 address 2001:db8:200::1/64

 no shutdown

interface g0/0/1

 ip address 172.16.0.1 255.255.255.0

 ipv6 address fe80::1:2 link-local

 ipv6 address 2001:db8:acad::1/64

 no shutdown

 exit

ip route 172.16.0.0 255.255.0.0 null0

ipv6 route 2001:db8:acad::/48 null0

ip route 0.0.0.0 0.0.0.0 209.165.200.2

ipv6 route ::/0 2001:db8:200::2

router ospfv3 1

 router-id 0.0.138.1

 address-family ipv4 unicast

  default-information originate metric-type 1

  exit

 address-family ipv6 unicast

  default-information originate metric-type 1

  exit

interface g0/0/1

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

router bgp 138

 bgp router-id 4.6.138.1

 no bgp default ipv4-unicast

 neighbor 209.165.200.2 remote-as 77

 neighbor 2001:db8:200::2 remote-as 77

 address-family ipv4 unicast

  network 172.16.0.0 mask 255.255.0.0

  neighbor 209.165.200.2 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:acad::/48

  neighbor 2001:db8:200::2 activate

  exit

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! R1 – Trouble Ticket # 2 – ONLY FOR ISR 4000 SERIES ROUTERS (4xxx)

tclsh

puts [ open “flash:/enarsi/23.1.4.2-r1-config.txt” w+ ] {

hostname R1

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R1, Trouble Ticket 23.1.4.2 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface g0/0/0

 ip address 209.165.200.1 255.255.255.0

 ipv6 address fe80::1:1 link-local

 ipv6 address 2001:db8:200::1/64

 no shutdown

interface g0/0/1

 ip address 172.16.0.1 255.255.255.0

 ipv6 address fe80::1:2 link-local

 ipv6 address 2001:db8:acad::1/64

 no shutdown

 exit

ip route 172.16.0.0 255.255.0.0 null0

ipv6 route 2001:db8:acad::/48 null0

ip route 0.0.0.0 0.0.0.0 209.165.200.2

ipv6 route ::/0 2001:db8:200::2

router ospfv3 1

 router-id 0.0.138.1

 address-family ipv4 unicast

  default-information originate metric-type 1

  exit

 address-family ipv6 unicast

  default-information originate metric-type 1

  exit

interface g0/0/1

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

router bgp 138

 bgp router-id 4.6.138.1

 no bgp default ipv4-unicast

 neighbor 209.165.200.2 remote-as 77

 neighbor 2001:db8:200::2 remote-as 77

 address-family ipv4 unicast

  network 172.16.0.0 mask 255.255.0.0

  neighbor 209.165.200.2 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:acad::/48

  neighbor 2001:db8:200::2 activate

  exit

 exit

flow record 2314-OUT

 description Custom Flow Record for outbound traffic

 match ipv4 destination address

 match transport destination

 collect counter bytes

 collect counter packets

 exit

flow exporter 2314-COLLECTOR

 destination 172.16.3.10

 export-protocol netflow-v9

 transport UDP 9999

 exit

flow monitor 2314-INBOUND-MON

 record netflow ipv4 original-input

 cache timeout active 30

 exporter 2314-COLLECTOR

 exit

flow monitor 2314-OUTBOUND-MON

 record 2314-OUT

 cache timeout active 30

 exporter 2314-COLLECTOR

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! R1 – Trouble Ticket # 3 – ONLY FOR ISR G2 SERIES ROUTERS (29/39xx)

tclsh

puts [ open “flash:/enarsi/23.1.4.3-r1-config.txt” w+ ] {

hostname R1

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R1, Trouble Ticket 23.1.4.3 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface g0/0

 ip address 209.165.200.1 255.255.255.0

 ipv6 address fe80::1:1 link-local

 ipv6 address 2001:db8:200::1/64

 no shutdown

interface g0/1

 ip address 172.16.0.1 255.255.255.0

 ipv6 address fe80::1:2 link-local

 ipv6 address 2001:db8:acad::1/64

 no shutdown

 exit

ip route 172.16.0.0 255.255.0.0 null0

ipv6 route 2001:db8:acad::/48 null0

ip route 0.0.0.0 0.0.0.0 209.165.200.2

ipv6 route ::/0 2001:db8:200::2

router ospfv3 1

 router-id 0.0.138.1

 address-family ipv4 unicast

  default-information originate metric-type 1

  exit

 address-family ipv6 unicast

  default-information originate metric-type 1

  exit

interface g0/0

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

router bgp 138

 bgp router-id 4.6.138.1

 no bgp default ipv4-unicast

 neighbor 209.165.200.2 remote-as 77

 neighbor 2001:db8:200::2 remote-as 77

 address-family ipv4 unicast

  network 172.16.0.0 mask 255.255.0.0

  neighbor 209.165.200.2 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:acad::/48

  neighbor 2001:db8:200::2 activate

  exit

 exit

ip flow-export version 9

ip flow-export destination 172.16.3.10 9999

interface g0/1

 ip flow ingress

 ip flow egress

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

R2 Configuration File Scripts

! R2 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/23.1.4.1-r2-config.txt” w+ ] {

hostname R2

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R2, Trouble Ticket 23.1.4.1 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

interface g0/0/0

 ip address 209.165.200.2 255.255.255.0

 ipv6 address fe80::2:1 link-local

 ipv6 address 2001:db8:200::2/64

 no shutdown

 exit

interface g0/0/1

 ip address 209.165.201.2 255.255.255.0

 ipv6 address fe80::2:1 link-local

 ipv6 address 2001:db8:201::2/64

 no shutdown

 exit

interface loopback 0

 ip address 209.165.224.1 255.255.255.255

 ipv6 address fe80::2:3 link-local

 ipv6 address 2001:db8:224::1/64

 no shutdown

 exit

router bgp 77

 bgp router-id 4.6.77.2

 no bgp default ipv4-unicast

 neighbor 209.165.200.1 remote-as 138

 neighbor 209.165.201.1 remote-as 138

 neighbor 2001:db8:200::1 remote-as 138

 neighbor 2001:db8:201::1 remote-as 138

 address-family ipv4 unicast

  network 209.165.224.1 mask 255.255.255.255

  neighbor 209.165.200.1 activate

  neighbor 209.165.201.1 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:224::/64

  neighbor 2001:db8:200::1 activate

  neighbor 2001:db8:201::1 activate

  exit

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! R2 – Trouble Ticket # 2 – ONLY FOR ISR 4000 SERIES ROUTERS (4xxx)

tclsh

puts [ open “flash:/enarsi/23.1.4.2-r2-config.txt” w+ ] {

hostname R2

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R2, Trouble Ticket 23.1.4.2 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

interface g0/0/0

 ip address 209.165.200.2 255.255.255.0

 ipv6 address fe80::2:1 link-local

 ipv6 address 2001:db8:200::2/64

 no shutdown

 exit

interface g0/0/1

 ip address 209.165.201.2 255.255.255.0

 ipv6 address fe80::2:1 link-local

 ipv6 address 2001:db8:201::2/64

 no shutdown

 exit

interface loopback 0

 ip address 209.165.224.1 255.255.255.255

 ipv6 address fe80::2:3 link-local

 ipv6 address 2001:db8:224::1/64

 no shutdown

 exit

router bgp 77

 bgp router-id 4.6.77.2

 no bgp default ipv4-unicast

 neighbor 209.165.200.1 remote-as 138

 neighbor 209.165.201.1 remote-as 138

 neighbor 2001:db8:200::1 remote-as 138

 neighbor 2001:db8:201::1 remote-as 138

 address-family ipv4 unicast

  network 209.165.224.1 mask 255.255.255.255

  neighbor 209.165.200.1 activate

  neighbor 209.165.201.1 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:224::/64

  neighbor 2001:db8:200::1 activate

  neighbor 2001:db8:201::1 activate

  exit

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! R2 – Trouble Ticket # 3 – ONLY FOR ISR G2 SERIES ROUTERS (29/39xx)

tclsh

puts [ open “flash:/enarsi/23.1.4.3-r2-config.txt” w+ ] {

hostname R2

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R2, Trouble Ticket 23.1.4.3 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

interface g0/0

 ip address 209.165.200.2 255.255.255.0

 ipv6 address fe80::2:1 link-local

 ipv6 address 2001:db8:200::2/64

 no shutdown

 exit

interface g0/1

 ip address 209.165.201.2 255.255.255.0

 ipv6 address fe80::2:1 link-local

 ipv6 address 2001:db8:201::2/64

 no shutdown

 exit

interface loopback 0

 ip address 209.165.224.1 255.255.255.255

 ipv6 address fe80::2:3 link-local

 ipv6 address 2001:db8:224::1/64

 no shutdown

 exit

router bgp 77

 bgp router-id 4.6.77.2

 no bgp default ipv4-unicast

 neighbor 209.165.200.1 remote-as 138

 neighbor 209.165.201.1 remote-as 138

 neighbor 2001:db8:200::1 remote-as 138

 neighbor 2001:db8:201::1 remote-as 138

 address-family ipv4 unicast

  network 209.165.224.1 mask 255.255.255.255

  neighbor 209.165.200.1 activate

  neighbor 209.165.201.1 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:224::/64

  neighbor 2001:db8:200::1 activate

  neighbor 2001:db8:201::1 activate

  exit

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

R3 Configuration File Scripts

! R3 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/23.1.4.1-r3-config.txt” w+ ] {

hostname R3

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R3, Trouble Ticket 23.1.4.1 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface g0/0/0

 ip address 209.165.201.1 255.255.255.0

 ipv6 address fe80::3:1 link-local

 ipv6 address 2001:db8:201::1/64

 no shutdown

interface g0/0/1

 ip address 172.16.1.1 255.255.255.0

 ipv6 address fe80::3:2 link-local

 ipv6 address 2001:db8:acad:1::1/64

 no shutdown

 exit

ip route 172.16.0.0 255.255.0.0 null0

ipv6 route 2001:db8:acad::/48 null0

ip route 0.0.0.0 0.0.0.0 209.165.201.2

ipv6 route ::/0 2001:db8:201::2

router ospfv3 1

 router-id 0.0.138.3

 address-family ipv4 unicast

  default-information originate metric-type 1

  exit

 address-family ipv6 unicast

  default-information originate metric-type 1

  exit

interface g0/0/1

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

router bgp 138

 bgp router-id 4.6.138.3

 no bgp default ipv4-unicast

 neighbor 209.165.201.2 remote-as 77

 neighbor 2001:db8:201::2 remote-as 77

 address-family ipv4 unicast

  network 172.16.0.0 mask 255.255.0.0

  neighbor 209.165.201.2 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:acad::/48

  neighbor 2001:db8:201::2 activate

  exit

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! R3 – Trouble Ticket # 2 – ONLY FOR ISR 4000 SERIES ROUTERS (4xxx)

tclsh

puts [ open “flash:/enarsi/23.1.4.2-r3-config.txt” w+ ] {

hostname R3

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R3, Trouble Ticket 23.1.4.2 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface g0/0/0

 ip address 209.165.201.1 255.255.255.0

 ipv6 address fe80::3:1 link-local

 ipv6 address 2001:db8:201::1/64

 no shutdown

interface g0/0/1

 ip address 172.16.1.1 255.255.255.0

 ipv6 address fe80::3:2 link-local

 ipv6 address 2001:db8:acad:1::1/64

 no shutdown

 exit

ip route 172.16.0.0 255.255.0.0 null0

ipv6 route 2001:db8:acad::/48 null0

ip route 0.0.0.0 0.0.0.0 209.165.201.2

ipv6 route ::/0 2001:db8:201::2

router ospfv3 1

 router-id 0.0.138.3

 address-family ipv4 unicast

  default-information originate metric-type 1

  exit

 address-family ipv6 unicast

  default-information originate metric-type 1

  exit

interface g0/0/1

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

router bgp 138

 bgp router-id 4.6.138.3

 no bgp default ipv4-unicast

 neighbor 209.165.201.2 remote-as 77

 neighbor 2001:db8:201::2 remote-as 77

 address-family ipv4 unicast

  network 172.16.0.0 mask 255.255.0.0

  neighbor 209.165.201.2 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:acad::/48

  neighbor 2001:db8:201::2 activate

  exit

 exit

flow record 2314-OUT

 description Custom Flow Record for outbound traffic

 match ipv4 destination address

 match transport destination

 collect counter bytes

 collect counter packets

 exit

flow exporter 2314-COLLECTOR

 destination 172.16.3.10

 export-protocol netflow-v9

 transport UDP 9999

 exit

flow monitor 2314-INBOUND-MON

 record netflow ipv4 original-input

 cache timeout active 30

 exporter 2314-COLLECTOR

 exit

flow monitor 2314-OUTBOUND-MON

 record 2314-OUT

 cache timeout active 30

 exporter 2314-COLLECTOR

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! R3 – Trouble Ticket # 3 – ONLY FOR ISR G2 SERIES ROUTERS (29/39xx)

tclsh

puts [ open “flash:/enarsi/23.1.4.3-r3-config.txt” w+ ] {

hostname R3

no ip domain lookup

ipv6 unicast-routing

banner motd # This is R3, Trouble Ticket 23.1.4.3 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface g0/0

 ip address 209.165.201.1 255.255.255.0

 ipv6 address fe80::3:1 link-local

 ipv6 address 2001:db8:201::1/64

 no shutdown

interface g0/1

 ip address 172.16.1.1 255.255.255.0

 ipv6 address fe80::3:2 link-local

 ipv6 address 2001:db8:acad:1::1/64

 no shutdown

 exit

ip route 172.16.0.0 255.255.0.0 null0

ipv6 route 2001:db8:acad::/48 null0

ip route 0.0.0.0 0.0.0.0 209.165.201.2

ipv6 route ::/0 2001:db8:201::2

router ospfv3 1

 router-id 0.0.138.3

 address-family ipv4 unicast

  default-information originate metric-type 1

  exit

 address-family ipv6 unicast

  default-information originate metric-type 1

  exit

interface g0/1

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

router bgp 138

 bgp router-id 4.6.138.3

 no bgp default ipv4-unicast

 neighbor 209.165.201.2 remote-as 77

 neighbor 2001:db8:201::2 remote-as 77

 address-family ipv4 unicast

  network 172.16.0.0 mask 255.255.0.0

  neighbor 209.165.201.2 activate

  exit

 address-family ipv6 unicast

  network 2001:db8:acad::/48

  neighbor 2001:db8:201::2 activate

  exit

 exit

ip flow-export version 9

ip flow-export destination 172.16.3.10 9999

interface g0/0

 ip flow ingress

 ip flow egress

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

D1 Configuration File Scripts

! D1 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/23.1.4.1-d1-config.txt” w+ ] {

hostname D1

no ip domain lookup

ip routing

ipv6 unicast-routing

banner motd # This is D1, Trouble Ticket 23.1.4.1 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range g1/0/1-24

 switchport mode access

 shutdown

 exit

interface g1/0/22

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 shutdown

interface g1/0/23

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 no shutdown

interface g1/0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 shutdown

 exit

interface range g1/0/1-4

 switchport mode trunk

 channel-group 12 mode active

 no shutdown

 exit

interface range g1/0/5-6

 switchport mode trunk

 channel-group 1 mode active

 no shutdown

 exit

interface g1/0/11

 no switchport

 ip address 172.16.0.2 255.255.255.0

 ipv6 address fe80::d1:1 link-local

 ipv6 address 2001:db8:acad::2/64

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.1 255.255.255.0

 ipv6 address fe80::d1:2 link-local

 ipv6 address 2001:db8:acad:3::1/64

 standby version 2

 standby 34 ip 172.16.3.254

 standby 34 priority 110

 standby 34 preempt

 standby 36 ipv6 autoconfig

 standby 36 priority 110

 standby 36 preempt

 no shutdown

 exit

interface vlan 8

 ip address 172.16.8.1 255.255.255.0

 ipv6 address fe80::d1:3 link-local

 ipv6 address 2001:db8:acad:8::1/64

 standby version 2

 standby 84 ip 172.16.8.254

 standby 84 preempt

 standby 86 ipv6 autoconfig

 standby 86 preempt

 no shutdown

 exit

interface vlan 13

 ip address 172.16.13.1 255.255.255.0

 ipv6 address 2001:db8:acad:13::1/64

standby version 2

 standby 134 ip 172.16.13.254

 standby 134 priority 110

 standby 134 preempt

 standby 136 ipv6 autoconfig

 standby 136 priority 110

 standby 136 preempt

 no shutdown

 exit

router ospfv3 1

 router-id 0.0.138.131

  exit

interface g1/0/11

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 3

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 8

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 13

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

ip dhcp excluded-address 172.16.8.1 172.16.8.5

ip dhcp excluded-address 172.16.8.11 172.16.8.254

ip dhcp excluded-address 172.16.13.1 172.16.13.5

ip dhcp excluded-address 172.16.13.11 172.16.13.254

ip dhcp pool VLAN8DHCP

 network 172.16.8.0 255.255.255.0

 default-router 172.16.8.254

 exit

ip dhcp pool VLAN13DHCP

 network 172.16.13.0 255.255.255.0

 default-router 172.16.13.254

 exit

ip sla 14

 icmp-echo 209.165.200.2

  frequency 10

  exit

ip sla 16

 icmp-echo 2001:db8:200::2

  frequency 10

  exit

track 14 ip sla 14

 exit

track 16 ip sla 16

 exit

interface vlan 3

 standby 34 track 14 decrement 20

 standby 36 track 16 decrement 20

 exit

interface vlan 8

 standby 84 track 14 decrement 20

 standby 86 track 16 decrement 20

 exit

interface vlan 13

 standby 134 track 14 decrement 20

 standby 136 track 16 decrement 20

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! D1 – Trouble Ticket # 2 – ONLY FOR ISR 4000 SERIES ROUTERS

tclsh

puts [ open “flash:/enarsi/23.1.4.2-d1-config.txt” w+ ] {

hostname D1

no ip domain lookup

ip routing

ipv6 unicast-routing

banner motd # This is D1, Trouble Ticket 23.1.4.2 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range g1/0/1-24

 switchport mode access

 shutdown

 exit

interface g1/0/22

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 shutdown

interface g1/0/23

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 no shutdown

interface g1/0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 shutdown

 exit

interface range g1/0/1-4

 switchport mode trunk

 channel-group 12 mode active

 no shutdown

 exit

interface range g1/0/5-6

 switchport mode trunk

 channel-group 1 mode active

 no shutdown

 exit

interface g1/0/11

 no switchport

 ip address 172.16.0.2 255.255.255.0

 ipv6 address fe80::d1:1 link-local

 ipv6 address 2001:db8:acad::2/64

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.1 255.255.255.0

 ipv6 address fe80::d1:2 link-local

 ipv6 address 2001:db8:acad:3::1/64

 standby version 2

 standby 34 ip 172.16.3.254

 standby 34 priority 110

 standby 34 preempt

 standby 36 ipv6 autoconfig

 standby 36 priority 110

 standby 36 preempt

 no shutdown

 exit

interface vlan 8

 ip address 172.16.8.1 255.255.255.0

 ipv6 address fe80::d1:3 link-local

 ipv6 address 2001:db8:acad:8::1/64

 standby version 2

 standby 84 ip 172.16.8.254

 standby 84 preempt

 standby 86 ipv6 autoconfig

 standby 86 preempt

 no shutdown

 exit

interface vlan 13

 ip address 172.16.13.1 255.255.255.0

 ipv6 address 2001:db8:acad:13::1/64

standby version 2

 standby 134 ip 172.16.13.254

 standby 134 priority 110

 standby 134 preempt

 standby 136 ipv6 autoconfig

 standby 136 priority 110

 standby 136 preempt

 no shutdown

 exit

router ospfv3 1

 router-id 0.0.138.131

  exit

interface g1/0/11

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 3

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 8

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 13

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

ip dhcp excluded-address 172.16.8.1 172.16.8.5

ip dhcp excluded-address 172.16.8.11 172.16.8.254

ip dhcp excluded-address 172.16.13.1 172.16.13.5

ip dhcp excluded-address 172.16.13.11 172.16.13.254

ip dhcp pool VLAN8DHCP

 network 172.16.8.0 255.255.255.0

 default-router 172.16.8.254

 exit

ip dhcp pool VLAN13DHCP

 network 172.16.13.0 255.255.255.0

 default-router 172.16.13.254

 exit

ip sla 14

 icmp-echo 209.165.200.2

  frequency 10

  exit

ip sla 16

 icmp-echo 2001:db8:200::2

  frequency 10

  exit

ip sla schedule 14 life forever start-time now

ip sla schedule 16 life forever start-time now

track 14 ip sla 14

 exit

track 16 ip sla 16

 exit

interface vlan 3

 standby 34 track 14 decrement 20

 standby 36 track 16 decrement 20

 exit

interface vlan 8

 standby 84 track 14 decrement 20

 standby 86 track 16 decrement 20

 exit

interface vlan 13

 standby 134 track 14 decrement 20

 standby 136 track 16 decrement 20

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! D1 – Trouble Ticket # 3 – ONLY FOR ISR G2 SERIES ROUTERS 29/39xx

tclsh

puts [ open “flash:/enarsi/23.1.4.1-d1-config.txt” w+ ] {

hostname D1

no ip domain lookup

ip routing

ipv6 unicast-routing

banner motd # This is D1, Trouble Ticket 23.1.4.3 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range g1/0/1-24

 switchport mode access

 shutdown

 exit

interface g1/0/22

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 shutdown

interface g1/0/23

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 no shutdown

interface g1/0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 shutdown

 exit

interface range g1/0/1-4

 switchport mode trunk

 channel-group 12 mode active

 no shutdown

 exit

interface range g1/0/5-6

 switchport mode trunk

 channel-group 1 mode active

 no shutdown

 exit

interface g1/0/11

 no switchport

 ip address 172.16.0.2 255.255.255.0

 ipv6 address fe80::d1:1 link-local

 ipv6 address 2001:db8:acad::2/64

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.1 255.255.255.0

 ipv6 address fe80::d1:2 link-local

 ipv6 address 2001:db8:acad:3::1/64

 standby version 2

 standby 34 ip 172.16.3.254

 standby 34 priority 110

 standby 34 preempt

 standby 36 ipv6 autoconfig

 standby 36 priority 110

 standby 36 preempt

 no shutdown

 exit

interface vlan 8

 ip address 172.16.8.1 255.255.255.0

 ipv6 address fe80::d1:3 link-local

 ipv6 address 2001:db8:acad:8::1/64

 standby version 2

 standby 84 ip 172.16.8.254

 standby 84 preempt

 standby 86 ipv6 autoconfig

 standby 86 preempt

 no shutdown

 exit

interface vlan 13

 ip address 172.16.13.1 255.255.255.0

 ipv6 address 2001:db8:acad:13::1/64

standby version 2

 standby 134 ip 172.16.13.254

 standby 134 priority 110

 standby 134 preempt

 standby 136 ipv6 autoconfig

 standby 136 priority 110

 standby 136 preempt

 no shutdown

 exit

router ospfv3 1

 router-id 0.0.138.131

  exit

interface g1/0/11

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 3

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 8

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 13

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

ip dhcp excluded-address 172.16.8.1 172.16.8.5

ip dhcp excluded-address 172.16.8.11 172.16.8.254

ip dhcp excluded-address 172.16.13.1 172.16.13.5

ip dhcp excluded-address 172.16.13.11 172.16.13.254

ip dhcp pool VLAN8DHCP

 network 172.16.8.0 255.255.255.0

 default-router 172.16.8.254

 exit

ip dhcp pool VLAN13DHCP

 network 172.16.13.0 255.255.255.0

 default-router 172.16.13.254

 exit

ip sla 14

 icmp-echo 209.165.200.2

  frequency 10

  exit

ip sla 16

 icmp-echo 2001:db8:200::2

  frequency 10

  exit

ip sla schedule 14 life forever start-time now

ip sla schedule 16 life forever start-time now

track 14 ip sla 14

 exit

track 16 ip sla 16

 exit

interface vlan 3

 standby 34 track 14 decrement 20

 standby 36 track 16 decrement 20

 exit

interface vlan 8

 standby 84 track 14 decrement 20

 standby 86 track 16 decrement 20

 exit

interface vlan 13

 standby 134 track 14 decrement 20

 standby 136 track 16 decrement 20

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

D2 Configuration File Scripts

! D2 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/23.1.4.1-d2-config.txt” w+ ] {

hostname D2

no ip domain lookup

ip routing

ipv6 unicast-routing

banner motd # This is D2, Trouble Ticket 23.1.4.1 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range g1/0/1-24

 switchport mode access

 shutdown

 exit

interface range g1/0/1-4

 switchport mode trunk

 channel-group 12 mode active

 no shutdown

 exit

interface range g1/0/5-6

 switchport mode trunk

 channel-group 2 mode active

 no shutdown

 exit

interface range g1/0/5-6

 switchport mode trunk

 no shutdown

 exit

interface g1/0/22

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 shutdown

interface g1/0/23

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 shutdown

interface g1/0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 shutdown

 exit

interface g1/0/11

 no switchport

 ip address 172.16.1.2 255.255.255.0

 ipv6 address fe80::d1:1 link-local

 ipv6 address 2001:db8:acad:1::2/64

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.2 255.255.255.0

 ipv6 address fe80::d2:2 link-local

 ipv6 address 2001:db8:acad:3::2/64

 standby version 2

 standby 34 ip 172.16.3.254

 standby 34 preempt

 standby 36 ipv6 autoconfig

 standby 36 preempt

 no shutdown

 exit

interface vlan 8

 ip address 172.16.8.2 255.255.255.0

 ipv6 address fe80::d2:3 link-local

 ipv6 address 2001:db8:acad:8::2/64

 standby version 2

 standby 84 ip 172.16.8.254

 standby 84 priority 110

 standby 84 preempt

 standby 86 ipv6 autoconfig

 standby 86 priority 110

 standby 86 preempt

 no shutdown

 exit

interface vlan 13

 ip address 172.16.13.2 255.255.255.0

 ipv6 address 2001:db8:acad:13::2/64

standby version 2

 standby 134 ip 172.16.13.254

 standby 134 preempt

 standby 136 ipv6 autoconfig

 standby 136 preempt

 no shutdown

 exit

router ospfv3 1

 router-id 0.0.138.132

  exit

interface g1/0/11

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 3

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 8

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 13

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

ip dhcp excluded-address 172.16.8.1 172.16.8.20

ip dhcp excluded-address 172.16.8.31 172.16.8.254

ip dhcp excluded-address 172.16.13.1 172.16.13.20

ip dhcp excluded-address 172.16.13.31 172.16.13.254

ip dhcp pool VLAN8DHCP

 network 172.16.8.0 255.255.255.0

 default-router 172.16.8.254

 exit

ip dhcp pool VLAN13DHCP

 network 172.16.13.0 255.255.255.0

 default-router 172.16.13.254

 exit

ip sla 14

 icmp-echo 209.165.201.2

  frequency 10

  exit

ip sla 16

 icmp-echo 2001:db8:201::2

  frequency 10

  exit

track 14 ip sla 14

 exit

track 16 ip sla 16

 exit

interface vlan 3

 standby 34 track 14 decrement 20

 standby 36 track 16 decrement 20

 exit

interface vlan 8

 standby 84 track 14 decrement 20

 standby 86 track 16 decrement 20

 exit

interface vlan 13

 standby 134 track 14 decrement 20

 standby 136 track 16 decrement 20

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! D2 – Trouble Ticket # 2 – ONLY FOR ISR 4000 SERIES ROUTERS

tclsh

puts [ open “flash:/enarsi/23.1.4.2-d2-config.txt” w+ ] {

hostname D2

no ip domain lookup

ip routing

ipv6 unicast-routing

banner motd # This is D2, Trouble Ticket 23.1.4.2 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range g1/0/1-24

 switchport mode access

 shutdown

 exit

interface range g1/0/1-4

 switchport mode trunk

 channel-group 12 mode active

 no shutdown

 exit

interface range g1/0/5-6

 switchport mode trunk

 channel-group 2 mode active

 no shutdown

 exit

interface g1/0/22

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 shutdown

interface g1/0/23

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 shutdown

interface g1/0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 shutdown

 exit

interface g1/0/11

 no switchport

 ip address 172.16.1.2 255.255.255.0

 ipv6 address fe80::d1:1 link-local

 ipv6 address 2001:db8:acad:1::2/64

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.2 255.255.255.0

 ipv6 address fe80::d2:2 link-local

 ipv6 address 2001:db8:acad:3::2/64

 standby version 2

 standby 34 ip 172.16.3.254

 standby 34 preempt

 standby 36 ipv6 autoconfig

 standby 36 preempt

 no shutdown

 exit

interface vlan 8

 ip address 172.16.8.2 255.255.255.0

 ipv6 address fe80::d2:3 link-local

 ipv6 address 2001:db8:acad:8::2/64

 standby version 2

 standby 84 ip 172.16.8.254

 standby 84 priority 110

 standby 84 preempt

 standby 86 ipv6 autoconfig

 standby 86 priority 110

 standby 86 preempt

 no shutdown

 exit

interface vlan 13

 ip address 172.16.13.2 255.255.255.0

 ipv6 address 2001:db8:acad:13::2/64

standby version 2

 standby 134 ip 172.16.13.254

 standby 134 preempt

 standby 136 ipv6 autoconfig

 standby 136 preempt

 no shutdown

 exit

router ospfv3 1

 router-id 0.0.138.132

  exit

interface g1/0/11

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 3

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 8

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 13

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

ip dhcp excluded-address 172.16.8.1 172.16.8.20

ip dhcp excluded-address 172.16.8.31 172.16.8.254

ip dhcp excluded-address 172.16.13.1 172.16.13.20

ip dhcp excluded-address 172.16.13.31 172.16.13.254

ip dhcp pool VLAN8DHCP

 network 172.16.8.0 255.255.255.0

 default-router 172.16.8.254

 exit

ip dhcp pool VLAN13DHCP

 network 172.16.13.0 255.255.255.0

 default-router 172.16.13.254

 exit

ip sla 14

 icmp-echo 209.165.201.2

  frequency 10

  exit

ip sla 16

 icmp-echo 2001:db8:201::2

  frequency 10

  exit

ip sla schedule 14 life forever start-time now

ip sla schedule 16 life forever start-time now

track 14 ip sla 14

exit

track 16 ip sla 16

exit

interface vlan 3

 standby 34 track 14 decrement 20

 standby 36 track 16 decrement 20

 exit

interface vlan 8

 standby 84 track 14 decrement 20

 standby 86 track 16 decrement 20

 exit

interface vlan 13

 standby 134 track 14 decrement 20

 standby 136 track 16 decrement 20

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! D2 – Trouble Ticket # 3 – ONLY FOR ISR G2 SERIES ROUTERS 29/39xx

tclsh

puts [ open “flash:/enarsi/23.1.4.1-d2-config.txt” w+ ] {

hostname D2

no ip domain lookup

ip routing

ipv6 unicast-routing

banner motd # This is D2, Trouble Ticket 23.1.4.3 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range g1/0/1-24

 switchport mode access

 shutdown

 exit

interface range g1/0/1-4

 switchport mode trunk

 channel-group 12 mode active

 no shutdown

 exit

interface range g1/0/5-6

 switchport mode trunk

 channel-group 2 mode active

 no shutdown

 exit

interface g1/0/22

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 shutdown

interface g1/0/23

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 shutdown

interface g1/0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 shutdown

 exit

interface g1/0/11

 no switchport

 ip address 172.16.1.2 255.255.255.0

 ipv6 address fe80::d1:1 link-local

 ipv6 address 2001:db8:acad:1::2/64

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.2 255.255.255.0

 ipv6 address fe80::d2:2 link-local

 ipv6 address 2001:db8:acad:3::2/64

 standby version 2

 standby 34 ip 172.16.3.254

 standby 34 preempt

 standby 36 ipv6 autoconfig

 standby 36 preempt

 no shutdown

 exit

interface vlan 8

 ip address 172.16.8.2 255.255.255.0

 ipv6 address fe80::d2:3 link-local

 ipv6 address 2001:db8:acad:8::2/64

 standby version 2

 standby 84 ip 172.16.8.254

 standby 84 priority 110

 standby 84 preempt

 standby 86 ipv6 autoconfig

 standby 86 priority 110

 standby 86 preempt

 no shutdown

 exit

interface vlan 13

 ip address 172.16.13.2 255.255.255.0

 ipv6 address 2001:db8:acad:13::2/64

standby version 2

 standby 134 ip 172.16.13.254

 standby 134 preempt

 standby 136 ipv6 autoconfig

 standby 136 preempt

 no shutdown

 exit

router ospfv3 1

 router-id 0.0.138.132

  exit

interface g1/0/11

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 3

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 8

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

interface vlan 13

 ospfv3 1 ipv4 area 0

 ospfv3 1 ipv6 area 0

 exit

ip dhcp excluded-address 172.16.8.1 172.16.8.20

ip dhcp excluded-address 172.16.8.31 172.16.8.254

ip dhcp excluded-address 172.16.13.1 172.16.13.20

ip dhcp excluded-address 172.16.13.31 172.16.13.254

ip dhcp pool VLAN8DHCP

 network 172.16.8.0 255.255.255.0

 default-router 172.16.8.254

 exit

ip dhcp pool VLAN13DHCP

 network 172.16.13.0 255.255.255.0

 default-router 172.16.13.254

 exit

ip sla 14

 icmp-echo 209.165.201.2

  frequency 10

  exit

ip sla 16

 icmp-echo 2001:db8:201::2

  frequency 10

  exit

ip sla schedule 14 life forever start-time now

ip sla schedule 16 life forever start-time now

track 14 ip sla 14

 exit

track 16 ip sla 16

 exit

interface vlan 3

 standby 34 track 14 decrement 20

 standby 36 track 16 decrement 20

 exit

interface vlan 8

 standby 84 track 14 decrement 20

 standby 86 track 16 decrement 20

 exit

interface vlan 13

 standby 134 track 14 decrement 20

 standby 136 track 16 decrement 20

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

A1 Configuration File Scripts

! A1 – Trouble Ticket # 1

tclsh

puts [ open “flash:/enarsi/23.1.4.1-a1-config.txt” w+ ] {

hostname A1

no ip domain lookup

banner motd # This is A1, Trouble Ticket 23.1.4.1 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range f0/1-24

 switchport mode access

 shutdown

 exit

interface range f0/1-2

 switchport mode trunk

 channel-group 1 mode active

 no shutdown

 exit

interface range f0/3-4

 switchport mode trunk

 channel-group 2 mode active

 no shutdown

 exit

interface f0/22

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 shutdown

interface f0/23

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 no shutdown

interface f0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.3 255.255.255.0

 ipv6 address fe80::a1:1 link-local

 ipv6 address 2001:db8:acad:3::3/64

 exit

ip default-gateway 172.16.3.254

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! A1 – Trouble Ticket # 2 – ONLY FOR ISR 4000 SERIES ROUTERS

tclsh

puts [ open “flash:/enarsi/23.1.4.2-a1-config.txt” w+ ] {

hostname A1

no ip domain lookup

banner motd # This is A1, Trouble Ticket 23.1.4.2 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range f0/1-24

 switchport mode access

 shutdown

 exit

interface range f0/1-2

 switchport mode trunk

 channel-group 1 mode active

 no shutdown

 exit

interface range f0/3-4

 switchport mode trunk

 channel-group 2 mode active

 no shutdown

 exit

interface f0/22

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 shutdown

interface f0/23

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 no shutdown

interface f0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.3 255.255.255.0

 ipv6 address fe80::a1:1 link-local

 ipv6 address 2001:db8:acad:3::3/64

 exit

ip default-gateway 172.16.3.254

interface f0/22

 shutdown

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit

! A1 – Trouble Ticket # 3 – ONLY FOR ISR G2 SERIES ROUTERS 29/39xx

tclsh

puts [ open “flash:/enarsi/23.1.4.1-a1-config.txt” w+ ] {

hostname A1

no ip domain lookup

banner motd # This is A1, Trouble Ticket 23.1.4.3 #

ip domain name ENCOR.23

enable algorithm-type scrypt secret cisco12345

username admin privilege 15 algorithm-type scrypt secret cisco12345

ip access-list standard VTY-CONTROL

 permit 172.16.0.0 0.0.255.255

 deny any log

 exit

interface range f0/1-24

 switchport mode access

 shutdown

 exit

interface range f0/1-2

 switchport mode trunk

 channel-group 1 mode active

 no shutdown

 exit

interface range f0/3-4

 switchport mode trunk

 channel-group 2 mode active

 no shutdown

 exit

interface f0/22

 switchport mode access

 switchport access vlan 3

 spanning-tree portfast

 shutdown

interface f0/23

 switchport mode access

 switchport access vlan 8

 spanning-tree portfast

 no shutdown

interface f0/24

 switchport mode access

 switchport access vlan 13

 spanning-tree portfast

 no shutdown

 exit

interface vlan 3

 ip address 172.16.3.3 255.255.255.0

 ipv6 address fe80::a1:1 link-local

 ipv6 address 2001:db8:acad:3::3/64

 exit

ip default-gateway 172.16.3.254

interface f0/22

 shutdown

 exit

line con 0

 login local

 logging synchronous

 exec-timeout 0 0

 exit

line vty 0 4

 login local

 transport input telnet

 access-class VTY-CONTROL in

 exec-timeout 0 0

 exit

alias exec reset.now tclsh flash:/enarsi/reset.tcl

end

}

tclquit