Here are some things you need to look out for when performing the troubleshooting section of the CCIE R&S Lab.

General Rack Troubleshooting

  1. Check interface/loopback ip addresses on routers and switches
  2. Check duplex and speed on routers and switches
  3. Check to make sure console logging is enabled
  4. Check Frame-relay DLCIs and maps
  5. Check proper VLAN configuration
  6. Check proper access/trunk mode

BGP Issues

  1. Unable to receive specific updates from peer router. Perform “debug ip bgp updates in” and “clear ip bgp process”. Receiving error: DENIED due to: reflected from the same cluster. This error shows a typo on the peer using the same cluster-id. The cluster-id is taken from the router-id so change the router-id or cluster-id to fix the problem.
  2. Unable to establish peer connectivity. Directly connected peer has setting of Minimum incoming TTL of 254 and outgoing TTL of 255 and reporting External neighbor may be 1 hop away. Add the “ttl-security hops 1″ option for the neighbor.
  3. Not receiving routes from iBGP peer. Check to see if “route-reflector-client” is needed.

DHCP Issues

  1. Unable to receive IP address. “debug ip dhcp packet” presents ERROR: DHCPD: relay information option exists, but giaddr is zero. This indicates that the relay agent sets option 82 but does not set the giaddr field for whatever reason. The solution is to trust the dhcp server interface by using “ip dhcp relay information trust-all”.
  2. IP-helper address is configured on required interface but DHCP packets are not getting forwarded. Check to make sure “ip forward-protocol udp bootpc” is not disabled.

Link Connectivity

  1. Port constantly gets error disabled. Port-security is enabled with default settings. Router connects to port and uses HSRP. With the default port-security setting, you are allowed 1 mac address and since HSRP uses its own mac by default, there will be 2 mac addresses and the port will error-disable. You can fix this by allowing 2 mac addresses in the port security configuration or configure to use the BIA, burned in address, on the HSRP router interface.
  2. Running PAGP Etherchannel over dot1q tunnel. Etherchannel not coming up. Make sure “l2protocol-tunnel point-to-point pagp” is enabled on each link and make sure each link is in different vlan.
  3. Layer 2 Port-channel goes down over dot1q tunnel. Check to make sure “l2protocol stp” is enabled to allow participation in spanning-tree. Also, set check to see if “vlan dot1q tag native” and “l2protocol vtp” is enabled.
  4. Check to make sure span is not configured for etherchannel ports.

IPv6 Routing Issues

  1. Receiving routes but cannot reach specific network over frame relay. Check the IPv6 routing table and make sure you have all frame-relay ipv6 maps configured, mainly link-local address maps.

IPv4 Routing Issues

  1. Unable to establish OSPF adjacency. Check to make sure both links have equal MTU.
  2. Unable to establish adjacency because missing authentication password. Pass is clear-text. Create acl for specific host and then run a debug dump. “debug ip packet detail [acl] dump” This works like sniffer and you can see the password the other host is using.
  3. There can be BGP advertisement problems when synchronization is enabled and router-id for ospf and bgp are different. Make sure they match.
  4. You are receiving undesirable load-balancing in your OSPF domain. Fix the “auto-cost reference-bandwidth” to make sure OSPF calculates routes properly.

OSPF Connection issues

  • OSPF neighbor list is empty:
  1. OSPF not enabled properly on appropriate interfaces.
  2. Layer 1 or 2 not functional.
  3. Passive interface configured.
  4. Access list(s) blocking OSPF packets in multiple directions.
  5. Error in IP address or subnet mask configuration.
  6. Hello or dead interval mismatch.
  7. Authentication configuration error.
  8. Area ID mismatch.
  9. Stub flag mismatch.
  10. OSPF adjacency exists with secondary IP addressing or asynchronous
  11. interface.
  12. Incorrect configuration type for NBMA environment.
  • OSPF neighbor stuck in Attempt State:
  1. Misconfigured neighbor statement.
  2. Unicast nonfunctional in NBMA environment.
  • OSPF neighbor stuck in Init State:
  1. Access list or Layer 2 problem blocking hellos in one direction
  2. Multicast nonfunctional on one side.
  3. Authentication configured on only one side.
  4. Broadcast keyword missing from the map command.
  • OSPF neighbor stuck in Two-Way State:
  1. Priority 0 configured on all routers
  2. OSPF neighbor stuck in Exstart/Exchange.
  3. Mismatched interface maximum transmission unit (MTU).
  4. Duplicate router IDs on routers.
  5. Broken unicast connectivity.
  6. Network type of point-to-point between Primary Rate Interface (PRI) and Basic Rate Interface (BRI)/dialer.
  • OSPF neighbor stuck in Loading State:
  1. Mismatched MTU.
  2. Corrupted link-state request packet.

Multicast Issues

  1. Unable to receive feed from certain parts of the network.
  • Make sure “ip multicast-routing” is enabled on each participating router.
  • If using sparse-mode with Auto-RP, then make sure “ip pim autorp listener” is enabled one each participating router.
  • Perform traceroute and make sure the proper mode is enabled on these interfaces otherwise RPF will fail or modify routing if permitted.
  • If using Auto-RP, “show ip pim rp mapping” should indicate the available RP.
  • If “show ip pim rp” shows 0.0.0.0 as RP, then RP is not being learned. Either manually set RP or fix Auto-RP problem.