CCNP Enterprise Advanced

Routing ENARSI 300-410

Official Cert Guide Special Offers
Enhance Your Exam Preparation
Save 70% on Complete Video Course
The CCNP Enterprise Advanced Routing ENARSI 300-410
Complete Video Course, available for both streaming and
download, provides you with hours of expert-level instruction
mapped directly to exam objectives. Put your knowledge to
the test with full practice exams powered by the Pearson
Test Prep practice test software, module quizzes, and more.

Save 80% on Premium Edition eBook

and Practice Test
The CCNP Enterprise Advanced Routing ENARSI 300-410
Premium Edition eBook and Practice Test provides three
eBook files (PDF, EPUB, and MOBI/Kindle) to read on your
preferred device and an enhanced edition of the Pearson Test
Prep practice test software. You also receive two additional
practice exams with links for every question mapped to the
PDF eBook.

See the card insert in the back of the book for your Pearson
Test Prep activation code and special offers.
CCNP Enterprise
Advanced Routing
ENARSI 300-410
Official Cert Guide

RAYMOND LACOSTE
BRAD EDGEWORTH, CCIE No. 31574

Cisco Press
221 River Street
Hoboken, NJ 07030 USA
ii CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

CCNP Enterprise Advanced Routing

ENARSI 300-410 Official Cert Guide
Raymond Lacoste, Brad Edgeworth

Copyright© 2020 Cisco Systems, Inc.

Published by:
Cisco Press
221 River Street
Hoboken, NJ 07030 USA

All rights reserved. This publication is protected by copyright, and permission must be obtained from the
publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form
or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding
permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights &
Permissions Department, please visit [Link]/permissions.

No patent liability is assumed with respect to the use of the information contained herein. Although
every precaution has been taken in the preparation of this book, the publisher and author assume no
responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of
the information contained herein.
ScoutAutomatedPrintCode
Library of Congress Control Number: 2019919828

ISBN-13: 978-1-58714-525-4

ISBN-10: 1-58714-525-1

Warning and Disclaimer

This book is designed to provide information about the Implementing Cisco Enterprise Advanced Routing
and Services (ENARSI) exam. Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied.

The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall
have neither liability nor responsibility to any person or entity with respect to any loss or damages
arising from the information contained in this book or from the use of the discs or programs that may
accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of
Cisco Systems, Inc.

Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been
appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this
information. Use of a term in this book should not be regarded as affecting the validity of any trademark
or service mark.
 iii

Special Sales
For information about buying this title in bulk quantities, or for special sales opportunities (which may
include electronic versions; custom cover designs; and content particular to your business, training goals,
marketing focus, or branding interests), please contact our corporate sales department at corpsales@
[Link] or (800) 382-3419.

For government sales inquiries, please contact governmentsales@[Link].

For questions about sales outside the U.S., please contact intlcs@[Link].

Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book
is crafted with care and precision, undergoing rigorous development that involves the unique expertise of
members from the professional technical community.

Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us
through email at feedback@[Link]. Please make sure to include the book title and ISBN in your
message.

We greatly appreciate your assistance.

Editor-in-Chief: Mark Taub Technical Editors: Hector Mendoza, Jr, Russ Long

Alliances Manager, Cisco Press: Arezou Gol Editorial Assistant: Cindy Teeters

Director, Product Manager: Brett Bartow Designer: Chuti Prasertsith

Managing Editor: Sandra Schroeder Composition: codeMantra

Development Editor: Marianne Bartow Indexer: Cheryl Ann Lenser

Project Editor: Mandie Frank Proofreader: Abigail Bass

Copy Editor: Kitty Wilson

Americas Headquarters Asia Pacific Headquarters Europe Headquarters

Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at [Link]/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks,
go to this URL: [Link]/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does
not imply a partnership relationship between Cisco and any other company. (1110R)
iv CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Credits
Figure 7-1 Screenshot of wireshark ©2019 wireshark
 v

Contents at a Glance
Introduction xxxi

Chapter 1 IPv4/IPv6 Addressing and Routing Review 2

Chapter 2 EIGRP 70

Chapter 3 Advanced EIGRP 106

Chapter 4 Troubleshooting EIGRP for IPv4 138

Chapter 5 EIGRPv6 188

Chapter 6 OSPF 222

Chapter 7 Advanced OSPF 258

Chapter 8 Troubleshooting OSPFv2 310

Chapter 9 OSPFv3 364

Chapter 10 Troubleshooting OSPFv3 386

Chapter 11 BGP 420

Chapter 12 Advanced BGP 474

Chapter 13 BGP Path Selection 514

Chapter 14 Troubleshooting BGP 546

Chapter 15 Route Maps and Conditional Forwarding 610

Chapter 16 Route Redistribution 640

Chapter 17 Troubleshooting Redistribution 668

Chapter 18 VRF, MPLS, and MPLS Layer 3 VPNs 718

Chapter 19 DMVPN Tunnels 748

Chapter 20 Securing DMVPN Tunnels 802

Chapter 21 Troubleshooting ACLs and Prefix Lists 824

Chapter 22 Infrastructure Security 846

vi CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Chapter 23 Device Management and Management Tools Troubleshooting 868

Chapter 24 Final Preparation 912

Appendix A Answers to the “Do I Know This Already?” Quiz Questions 922

Appendix B CCNP Enterprise Advanced Routing ENARSI 300-410 Official

Certification Guide Exam Updates 932

Glossary 934

Index 952

Online Elements
Glossary

Appendix C Command Reference Exercises

Appendix D Command Reference Exercises Answer Key

Appendix E Study Planner

 Contents vii

Contents
Introduction xxxi

Chapter 1 IPv4/IPv6 Addressing and Routing Review 2

“Do I Know This Already?” Quiz 3
Foundation Topics 7
IPv4 Addressing 7
IPv4 Addressing Issues 7
Determining IP Addresses Within a Subnet 10
DHCP for IPv4 11
Reviewing DHCP Operations 11
Potential DHCP Troubleshooting Issues 16
DHCP Troubleshooting Commands 17
IPv6 Addressing 18
IPv6 Addressing Review 19
EUI-64 20
IPv6 SLAAC, Stateful DHCPv6, and Stateless DHCPv6 22
SLAAC 22
Stateful DHCPv6 26
Stateless DHCPv6 28
DHCPv6 Operation 29
DHCPv6 Relay Agents 29
Packet-Forwarding Process 30
Reviewing the Layer 3 Packet-Forwarding Process 30
Troubleshooting the Packet-Forwarding Process 34
Routing Information Sources 38
Data Structures and the Routing Table 38
Sources of Routing Information 39
Static Routes 41
IPv4 Static Routes 41
IPv6 Static Routes 45
Trouble Tickets 47
IPv4 Addressing and Addressing Technologies Trouble Tickets 47
Trouble Ticket 1-1 48
Trouble Ticket 1-2 49
IPv6 Addressing Trouble Tickets 53
Trouble Ticket 1-3 53
Trouble Ticket 1-4 56
viii CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Static Routing Trouble Tickets 60

Trouble Ticket 1-5 60
Trouble Ticket 1-6 63
Exam Preparation Tasks 65
Review All Key Topics 65
Define Key Terms 66
Command Reference to Check Your Memory 67

Chapter 2 EIGRP 70
“Do I Know This Already?” Quiz 70
Foundation Topics 73
EIGRP Fundamentals 73
Autonomous Systems 73
EIGRP Terminology 74
Topology Table 75
EIGRP Neighbors 76
Inter-Router Communication 76
Forming EIGRP Neighbors 77
EIGRP Configuration Modes 78
Classic Configuration Mode 78
EIGRP Named Mode 79
EIGRP Network Statement 80
Sample Topology and Configuration 81
Confirming Interfaces 83
Verifying EIGRP Neighbor Adjacencies 84
Displaying Installed EIGRP Routes 85
Router ID 86
Passive Interfaces 87
Authentication 91
Keychain Configuration 91
Enabling Authentication on the Interface 91
Path Metric Calculation 93
Wide Metrics 96
Metric Backward Compatibility 98
Interface Delay Settings 98
Custom K Values 99
Load Balancing 99
References in This Chapter 102
Exam Preparation Tasks 102
 Contents ix

Review All Key Topics 102

Complete Tables and Lists from Memory 103
Define Key Terms 103
Use the Command Reference to Check Your Memory 103

Chapter 3 Advanced EIGRP 106

“Do I Know This Already?” Quiz 106
Foundation Topics 108
Failure Detection and Timers 108
Convergence 109
Stuck in Active 112
Route Summarization 113
Interface-Specific Summarization 114
Summary Discard Routes 116
Summarization Metrics 116
Automatic Summarization 117
WAN Considerations 118
EIGRP Stub Router 118
Stub Site Functions 121
IP Bandwidth Percentage 125
Split Horizon 126
Route Manipulation 128
Route Filtering 129
Traffic Steering with EIGRP Offset Lists 132
References in This Chapter 134
Exam Preparation Tasks 135
Review All Key Topics 135
Complete Tables and Lists from Memory 135
Define Key Terms 135
Use the Command Reference to Check Your Memory 135

Chapter 4 Troubleshooting EIGRP for IPv4 138

“Do I Know This Already?” Quiz 138
Foundation Topics 141
Troubleshooting EIGRP for IPv4 Neighbor Adjacencies 141
Interface Is Down 142
Mismatched Autonomous System Numbers 142
Incorrect Network Statement 144
Mismatched K Values 145
Passive Interface 146
x CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Different Subnets 148

Authentication 148
ACLs 150
Timers 151
Troubleshooting EIGRP for IPv4 Routes 151
Bad or Missing network Command 152
Better Source of Information 154
Route Filtering 157
Stub Configuration 158
Interface Is Shut Down 160
Split Horizon 160
Troubleshooting Miscellaneous EIGRP for IPv4 Issues 162
Feasible Successors 162
Discontiguous Networks and Autosummarization 165
Route Summarization 167
Load Balancing 168
EIGRP for IPv4 Trouble Tickets 169
Trouble Ticket 4-1 169
Trouble Ticket 4-2 177
Trouble Ticket 4-3 180
Exam Preparation Tasks 184
Review All Key Topics 184
Define Key Terms 185
Use the Command Reference to Check Your Memory 185

Chapter 5 EIGRPv6 188

“Do I Know This Already?” Quiz 188
Foundation Topics 190
EIGRPv6 Fundamentals 190
EIGRPv6 Inter-Router Communication 191
EIGRPv6 Configuration 191
EIGRPv6 Classic Mode Configuration 191
EIGRPv6 Named Mode Configuration 192
EIGRPv6 Verification 192
IPv6 Route Summarization 195
Default Route Advertising 196
Route Filtering 196
Troubleshooting EIGRPv6 Neighbor Issues 197
Interface Is Down 198
 Contents xi

Mismatched Autonomous System Numbers 198

Mismatched K Values 198
Passive Interfaces 198
Mismatched Authentication 199
Timers 200
Interface Not Participating in Routing Process 200
ACLs 201
Troubleshooting EIGRPv6 Routes 201
Interface Not Participating in the Routing Process 201
Better Source of Information 201
Route Filtering 201
Stub Configuration 202
Split Horizon 203
Troubleshooting Named EIGRP 204
EIGRPv6 and Named EIGRP Trouble Tickets 208
Trouble Ticket 5-1 209
Trouble Ticket 5-2 213
Exam Preparation Tasks 218
Review All Key Topics 218
Define Key Terms 219
Use the Command Reference to Check Your Memory 219

Chapter 6 OSPF 222

“Do I Know This Already?” Quiz 223
Foundation Topics 225
OSPF Fundamentals 225
Areas 226
Inter-Router Communication 228
Router ID 229
OSPF Hello Packets 229
Neighbors 230
Requirements for Neighbor Adjacency 230
OSPF Configuration 232
OSPF Network Statement 232
Interface-Specific Configuration 233
Passive Interfaces 233
Sample Topology and Configuration 233
Confirmation of Interfaces 235
Verification of OSPF Neighbor Adjacencies 237
xii CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Viewing OSPF Installed Routes 238

External OSPF Routes 239
Default Route Advertisement 241
The Designated Router and Backup Designated Router 242
Designated Router Elections 243
DR and BDR Placement 244
OSPF Network Types 245
Broadcast 245
Nonbroadcast 246
Point-to-Point Networks 247
Point-to-Multipoint Networks 248
Loopback Networks 251
Failure Detection 252
Hello Timer 252
Dead Interval Timer 252
Verifying OSPF Timers 253
Authentication 253
References in This Chapter 255
Exam Preparation Tasks 255
Review All Key Topics 255
Define Key Terms 256
Use the Command Reference to Check Your Memory 256

Chapter 7 Advanced OSPF 258

“Do I Know This Already?” Quiz 258
Foundation Topics 261
Link-State Advertisements 261
LSA Sequences 262
LSA Age and Flooding 262
LSA Types 263
LSA Type 1: Router Link 263
LSA Type 2: Network Link 269
LSA Type 3: Summary Link 271
LSA Type 5: External Routes 274
LSA Type 4: ASBR Summary 276
LSA Type 7: NSSA External Summary 278
LSA Type Summary 280
OSPF Stubby Areas 281
Stub Areas 282
 Contents xiii

Totally Stubby Areas 284

Not-So-Stubby Areas 286
Totally NSSAs 289
OSPF Path Selection 292
Link Costs 292
Intra-Area Routes 292
Interarea Routes 293
External Route Selection 294
E1 and N1 External Routes 294
E2 and N2 External Routes 294
Equal-Cost Multipathing 295
Summarization of Routes 295
Summarization Fundamentals 296
Interarea Summarization 297
Configuration of Interarea Summarization 298
External Summarization 300
Discontiguous Network 302
Virtual Links 303
References in This Chapter 306
Exam Preparation Tasks 306
Review All Key Topics 307
Define Key Terms 308
Use the Command Reference to Check Your Memory 308

Chapter 8 Troubleshooting OSPFv2 310

“Do I Know This Already?” Quiz 310
Foundation Topics 312
Troubleshooting OSPFv2 Neighbor Adjacencies 312
Interface Is Down 315
Interface Not Running the OSPF Process 315
Mismatched Timers 316
Mismatched Area Numbers 317
Mismatched Area Type 319
Different Subnets 320
Passive Interface 320
Mismatched Authentication Information 321
ACLs 323
MTU Mismatch 323
xiv CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Duplicate Router IDs 325

Mismatched Network Types 326
Troubleshooting OSPFv2 Routes 327
Interface Not Running the OSPF Process 328
Better Source of Information 329
Route Filtering 332
Stub Area Configuration 335
Interface Is Shut Down 336
Wrong Designated Router Elected 336
Duplicate Router IDs 340
Troubleshooting Miscellaneous OSPFv2 Issues 341
Tracking OSPF Advertisements Through a Network 341
Route Summarization 343
Discontiguous Areas 345
Load Balancing 347
Default Route 348
OSPFv2 Trouble Tickets 348
Trouble Ticket 8-1 349
Trouble Ticket 8-2 356
Trouble Ticket 8-3 359
Exam Preparation Tasks 361
Review All Key Topics 361
Define Key Terms 362
Use the Command Reference to Check Your Memory 362

Chapter 9 OSPFv3 364

“Do I Know This Already?” Quiz 364
Foundation Topics 365
OSPFv3 Fundamentals 365
OSPFv3 Link-State Advertisement 366
OSPFv3 Communication 367
OSPFv3 Configuration 368
OSPFv3 Verification 371
The Passive Interface 372
IPv6 Route Summarization 373
Network Type 374
OSPFv3 Authentication 375
OSPFv3 Link-Local Forwarding 377
OSPFv3 LSA Flooding Scope 378
 Contents xv

References in This Chapter 384

Exam Preparation Tasks 384
Review All Key Topics 384
Define Key Terms 385
Use the Command Reference to Check Your Memory 385

Chapter 10 Troubleshooting OSPFv3 386

“Do I Know This Already?” Quiz 386
Foundation Topics 388
Troubleshooting OSPFv3 for IPv6 388
OSPFv3 Troubleshooting Commands 389
OSPFv3 Trouble Tickets 395
Trouble Ticket 10-1 395
Trouble Ticket 10-2 398
Troubleshooting OSPFv3 Address Families 402
OSPFv3 AF Trouble Ticket 412
Trouble Ticket 10-3 412
Exam Preparation Tasks 416
Review All Key Topics 416
Define Key Terms 417
Use the Command Reference to Check Your Memory 417

Chapter 11 BGP 420

“Do I Know This Already?” Quiz 420
Foundation Topics 422
BGP Fundamentals 422
Autonomous System Numbers (ASNs) 422
BGP Sessions 423
Path Attributes 423
Loop Prevention 423
Address Families 423
Inter-Router Communication 424
BGP Messages 425
BGP Neighbor States 426
Basic BGP Configuration 428
Verification of BGP Sessions 431
Prefix Advertisement 433
Receiving and Viewing Routes 436
Understanding BGP Session Types and Behaviors 441
iBGP 441
xvi CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

iBGP Full Mesh Requirement 443

Peering Using Loopback Addresses 444
eBGP 446
eBGP and iBGP Topologies 447
Next-Hop Manipulation 449
iBGP Scalability Enhancements 450
Route Reflectors 450
Confederations 454
Multiprotocol BGP for IPv6 458
IPv6 Configuration 459
IPv6 Summarization 464
IPv6 over IPv4 466
References in This Chapter 470
Exam Preparation Tasks 470
Review All Key Topics 470
Define Key Terms 471
Use the Command Reference to Check Your Memory 471

Chapter 12 Advanced BGP 474

“Do I Know This Already?” Quiz 474
Foundation Topics 476
Route Summarization 476
Aggregate Addresses 476
The Atomic Aggregate Attribute 481
Route Aggregation with AS_SET 483
BGP Route Filtering and Manipulation 486
Distribution List Filtering 487
Prefix List Filtering 488
AS_Path Filtering 489
Regular Expressions (Regex) 489
AS_Path ACLs 495
Route Maps 497
Clearing BGP Connections 499
BGP Communities 499
Enabling BGP Community Support 500
Well-Known Communities 500
The No_Advertise BGP Community 501
The No_Export BGP Community 502
The Local-AS (No_Export_SubConfed) BGP Community 503
 Contents xvii

Conditionally Matching BGP Communities 504

Setting Private BGP Communities 506
Maximum Prefix 507
Configuration Scalability 509
IOS Peer Groups 509
IOS Peer Templates 510
References in This Chapter 511
Exam Preparation Tasks 511
Review All Key Topics 511
Define Key Terms 512
Use the Command Reference to Check Your Memory 512

Chapter 13 BGP Path Selection 514

“Do I Know This Already?” Quiz 515
Foundation Topics 516
Understanding BGP Path Selection 516
BGP Best Path 517
Weight 519
Local Preference 522
Phase I: Initial BGP Edge Route Processing 525
Phase II: BGP Edge Evaluation of Multiple Paths 526
Phase III: Final BGP Processing State 527
Locally Originated in the Network or Aggregate Advertisement 528
Accumulated Interior Gateway Protocol (AIGP) 528
Shortest AS_Path 530
Origin Type 532
Multi-Exit Discriminator 534
Missing MED Behavior 537
Always Compare MED 538
BGP Deterministic MED 538
eBGP over iBGP 540
Lowest IGP Metric 540
Prefer the Oldest EBGP Path 541
Router ID 541
Minimum Cluster List Length 541
Lowest Neighbor Address 541
BGP Equal-Cost Multipath 542
Exam Preparation Tasks 543
xviii CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Review All Key Topics 543

Define Key Terms 543
Use the Command Reference to Check Your Memory 544

Chapter 14 Troubleshooting BGP 546

“Do I Know This Already?” Quiz 547
Foundation Topics 549
Troubleshooting BGP Neighbor Adjacencies 549
Interface Is Down 551
Layer 3 Connectivity Is Broken 551
Path to the Neighbor Is Through the Default Route 552
Neighbor Does Not Have a Route to the Local Router 553
Incorrect neighbor Statement 553
BGP Packets Sourced from the Wrong IP Address 554
ACLs 555
The TTL of the BGP Packet Expires 557
Mismatched Authentication 559
Misconfigured Peer Groups 560
Timers 561
Troubleshooting BGP Routes 562
Missing or Bad network mask Command 564
Next-Hop Router Not Reachable 566
BGP Split-Horizon Rule 568
Better Source of Information 569
Route Filtering 572
Troubleshooting BGP Path Selection 577
Understanding the Best-Path Decision-Making Process 577
Private Autonomous System Numbers 581
Using debug Commands 581
Troubleshooting BGP for IPv6 583
BGP Trouble Tickets 587
Trouble Ticket 14-1 588
Trouble Ticket 14-2 593
Trouble Ticket 14-3 600
MP-BGP Trouble Ticket 604
Trouble Ticket 14-4 604
Exam Preparation Tasks 607
Review All Key Topics 607
 Contents xix

Define Key Terms 608

Use the Command Reference to Check Your Memory 608

Chapter 15 Route Maps and Conditional Forwarding 610

“Do I Know This Already?” Quiz 610
Foundation Topics 612
Conditional Matching 612
Access Control Lists (ACLs) 612
Standard ACLs 612
Extended ACLs 613
Prefix Matching 614
Prefix Lists 617
IPv6 Prefix Lists 617
Route Maps 618
Conditional Matching 619
Multiple Conditional Match Conditions 620
Complex Matching 621
Optional Actions 621
Continue 622
Conditional Forwarding of Packets 623
PBR Configuration 624
Local PBR 626
Trouble Tickets 628
Trouble Ticket 15-1 629
Trouble Ticket 15-2 632
Trouble Ticket 15-3 634
Exam Preparation Tasks 636
Review All Key Topics 637
Define Key Terms 637
Use the Command Reference to Check Your Memory 637

Chapter 16 Route Redistribution 640

“Do I Know This Already?” Quiz 640
Foundation Topics 641
Redistribution Overview 641
Redistribution Is Not Transitive 643
Sequential Protocol Redistribution 645
Routes Must Exist in the RIB 645
Seed Metrics 647
xx CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Protocol-Specific Configuration 648

Source-Specific Behaviors 649
Connected Networks 649
BGP 649
Destination-Specific Behaviors 650
EIGRP 650
EIGRP-to-EIGRP Redistribution 653
OSPF 655
OSPF-to-OSPF Redistribution 658
OSPF Forwarding Address 659
BGP 662
Reference in This Chapter 664
Exam Preparation Tasks 665
Review All Key Topics 665
Define Key Terms 665
Use the Command Reference to Check Your Memory 665

Chapter 17 Troubleshooting Redistribution 668

“Do I Know This Already?” Quiz 668
Foundation Topics 671
Troubleshooting Advanced Redistribution Issues 671
Troubleshooting Suboptimal Routing Caused by Redistribution 671
Troubleshooting Routing Loops Caused by Redistribution 673
Troubleshooting IPv4 and IPv6 Redistribution 680
Route Redistribution Review 680
Troubleshooting Redistribution into EIGRP 683
Troubleshooting Redistribution into OSPF 688
Troubleshooting Redistribution into BGP 693
Troubleshooting Redistribution with Route Maps 696
Redistribution Trouble Tickets 696
Trouble Ticket 17-1 697
Trouble Ticket 17-2 701
Trouble Ticket 17-3 705
Trouble Ticket 17-4 711
Exam Preparation Tasks 715
Review All Key Topics 715
Define Key Terms 716
Use the Command Reference to Check Your Memory 716
 Contents xxi

Chapter 18 VRF, MPLS, and MPLS Layer 3 VPNs 718

“Do I Know This Already?” Quiz 718
Foundation Topics 720
Implementing and Verifying VRF-Lite 720
VRF-Lite Overview 721
Creating and Verifying VRF Instances 721
An Introduction to MPLS Operations 734
MPLS LIB and LFIB 734
Label Switching Routers 735
Label-Switched Path 736
Labels 736
Label Distribution Protocol 737
Label Switching 738
Penultimate Hop Popping 739
An Introduction to MPLS Layer 3 VPNs 739
MPLS Layer 3 VPNs 740
MPLS Layer 3 VPNv4 Address 741
MPLS Layer 3 VPN Label Stack 743
Reference in This Chapter 745
Exam Preparation Tasks 745
Review All Key Topics 745
Define Key Terms 746
Use the Command Reference to Check Your Memory 746

Chapter 19 DMVPN Tunnels 748

“Do I Know This Already?” Quiz 748
Foundation Topics 750
Generic Routing Encapsulation (GRE) Tunnels 750
GRE Tunnel Configuration 751
GRE Sample Configuration 753
Next Hop Resolution Protocol (NHRP) 756
Dynamic Multipoint VPN (DMVPN) 758
Phase 1: Spoke-to-Hub 759
Phase 2: Spoke-to-Spoke 759
Phase 3: Hierarchical Tree Spoke-to-Spoke 759
DMVPN Phase Comparison 760
DMVPN Configuration 761
DMVPN Hub Configuration 762
DMVPN Spoke Configuration for DMVPN Phase 1 (Point-to-Point) 764
xxii CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Viewing DMVPN Tunnel Status 766

Viewing the NHRP Cache 769
DMVPN Configuration for Phase 3 DMVPN (Multipoint) 773
IP NHRP Authentication 775
Unique IP NHRP Registration 775
Spoke-to-Spoke Communication 777
Forming Spoke-to-Spoke Tunnels 777
NHRP Routing Table Manipulation 782
NHRP Routing Table Manipulation with Summarization 784
Problems with Overlay Networks 788
Recursive Routing Problems 788
Outbound Interface Selection 789
Front Door Virtual Routing and Forwarding (FVRF) 790
Configuring Front Door VRF (FVRF) 790
FVRF Static Routes 792
DMVPN Failure Detection and High Availability 792
DMVPN Hub Redundancy 793
IPv6 DMVPN Configuration 793
IPv6-over-IPv6 Sample Configuration 794
IPv6 DMVPN Verification 797
References in This Chapter 798
Exam Preparation Tasks 799
Review All Key Topics 799
Define Key Terms 799
Use the Command Reference to Check Your Memory 800

Chapter 20 Securing DMVPN Tunnels 802

“Do I Know This Already?” Quiz 802
Foundation Topics 803
Elements of Secure Transport 803
IPsec Fundamentals 805
Security Protocols 806
Authentication Header 806
Encapsulating Security Payload (ESP) 806
Key Management 806
Security Associations 806
ESP Modes 807
DMVPN Without IPsec 808
DMVPN with IPsec in Transport Mode 808
 Contents xxiii

DMVPN with IPsec in Tunnel Mode 808

IPsec Tunnel Protection 808
Pre-Shared Key Authentication 808
IKEv2 Keyring 809
IKEv2 Profile 810
IPsec Transform Set 812
IPsec Profile 813
Encrypting the Tunnel Interface 814
IPsec Packet Replay Protection 814
Dead Peer Detection 815
NAT Keepalives 815
Complete IPsec DMVPN Configuration with Pre-Shared
Authentication 816
Verification of Encryption on DMVPN Tunnels 817
IKEv2 Protection 819
References in This Chapter 820
Exam Preparation Tasks 821
Review All Key Topics 821
Define Key Terms 821
Use the Command Reference to Check Your Memory 821

Chapter 21 Troubleshooting ACLs and Prefix Lists 824

“Do I Know This Already?” Quiz 824
Foundation Topics 827
Troubleshooting IPv4 ACLs 827
Reading an IPv4 ACL 827
Using an IPv4 ACL for Filtering 829
Using a Time-Based IPv4 ACL 829
Troubleshooting IPv6 ACLs 830
Reading an IPv6 ACL 831
Using an IPv6 ACL for Filtering 832
Troubleshooting Prefix Lists 833
Reading a Prefix List 833
Prefix List Processing 835
Trouble Tickets 836
Trouble Ticket 21-1: IPv4 ACL Trouble Ticket 836
Trouble Ticket 21-2: IPv6 ACL Trouble Ticket 839
Trouble Ticket 21-3: Prefix List Trouble Ticket 842
Exam Preparation Tasks 844
xxiv CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Review All Key Topics 844

Define Key Terms 845
Use the Command Reference to Check Your Memory 845

Chapter 22 Infrastructure Security 846

“Do I Know This Already?” Quiz 846
Foundation Topics 849
Cisco IOS AAA Troubleshooting 849
Troubleshooting Unicast Reverse Path Forwarding (uRPF) 852
Troubleshooting Control Plane Policing (CoPP) 854
Creating ACLs to Identify the Traffic 854
Creating Class Maps to Define a Traffic Class 856
Creating Policy Maps to Define a Service Policy 859
Applying the Service Policy to the Control Plane 861
CoPP Summary 863
IPv6 First-Hop Security 863
Router Advertisement (RA) Guard 863
DHCPv6 Guard 864
Binding Table 864
IPv6 Neighbor Discovery Inspection/IPv6 Snooping 864
Source Guard 864
Exam Preparation Tasks 864
Review All Key Topics 865
Define Key Terms 865
Use the Command Reference to Check Your Memory 865

Chapter 23 Device Management and Management Tools Troubleshooting 868

“Do I Know This Already?” Quiz 868
Foundation Topics 871
Device Management Troubleshooting 871
Console Access Troubleshooting 871
vty Access Troubleshooting 872
Telnet 872
SSH 874
Password Encryption Levels 875
Remote Transfer Troubleshooting 875
TFTP 875
HTTP(S) 876
SCP 877
 Contents xxv

Management Tools Troubleshooting 878

Syslog Troubleshooting 879
SNMP Troubleshooting 881
Cisco IOS IP SLA Troubleshooting 885
Object Tracking Troubleshooting 891
NetFlow and Flexible NetFlow Troubleshooting 892
Bidirectional Forwarding Detection (BFD) 900
Cisco DNA Center Assurance 901
Exam Preparation Tasks 908
Review All Key Topics 909
Define Key Terms 910
Use the Command Reference to Check Your Memory 910

Chapter 24 Final Preparation 912

Advice About the Exam Event 912
Think About Your Time Budget Versus Numbers of Questions 912
A Suggested Time-Check Method 913
Miscellaneous Pre-Exam Suggestions 914
Exam-Day Advice 914
Reserve the Hour After the Exam in Case You Fail 915
Take Practice Exams 916
Advice on How to Answer Exam Questions 917
Assessing Whether You Are Ready to Pass (and the Fallacy of
Exam Scores) 918
Study Suggestions After Failing to Pass 919
Other Study Tasks 920
Final Thoughts 921

Appendix A Answers to the “Do I Know This Already?” Quiz Questions 922

Appendix B CCNP Enterprise Advanced Routing ENARSI 300-410 Official

Certification Guide Exam Updates 932

Glossary 934

Index 952

Online Elements
Glossary

Appendix C Command Reference Exercises

Appendix D Command Reference Exercises Answer Key

Appendix E Study Planner

xxvi CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

About the Authors

Raymond Lacoste has dedicated his career to developing the skills of those interested
in IT. In 2001, he began to mentor hundreds of IT professionals pursuing their Cisco
certification dreams. This role led to teaching Cisco courses full time. Raymond is
currently master instructor for Cisco Enterprise Routing and Switching, AWS, and ITIL
at StormWind Studios. Raymond treats all technologies as an escape room, working to
uncover every mystery in the protocols he works with. Along this journey, Raymond has
passed more than 110 exams, and his office wall includes certificates from Microsoft,
Cisco, ISC2, ITIL, AWS, and CompTIA. If you were visualizing Raymond’s office, you’d
probably expect the usual network equipment, certifications, and awards. Those certainly
take up space, but they aren’t his pride and joy. Most impressive, at least to Raymond,
is his gemstone and mineral collection; once he starts talking about it, he just can’t stop.
Who doesn’t get excited by a wondrous barite specimen in a pyrite matrix? Raymond
presently resides with his wife and two children in eastern Canada, where they experience
many adventures together.

Brad Edgeworth, CCIE No. 31574 (R&S and SP), is a systems architect at Cisco
Systems. He is a distinguished speaker at Cisco Live, where he has presented on various
topics. Before joining Cisco, Brad worked as a network architect and consultant for
various Fortune 500 companies. Brad’s expertise is based on enterprise and service
provider environments, with an emphasis on architectural and operational simplicity and
consistency. Brad holds a bachelor of arts degree in computer systems management from
St. Edward’s University in Austin, Texas. Brad can be found on Twitter as
@BradEdgeworth.
 xxvii

About the Technical Reviewers

Hector Mendoza, Jr., No. 10687 (R&S, SP, and Security) has spent the past 14 years
at Cisco Systems and is currently a solutions integration architect supporting large SP
customers. Prior to this proactive role in CX, he spent nearly a decade providing reactive
support in High Touch Technical Services in the Security Group, where he provided
escalation support for some of the largest customers for Cisco. A four-time Cisco Live
speaker and an Alpha reviewer of Cisco Security courseware, he is a huge advocate of
continuing education and knowledge sharing. Hector has a passion for technology, enjoys
solving complex problems, and loves working with customers. In his spare time, he tech
reviews his esteemed colleagues’ Cisco Press books.

Russ Long was introduced to computers and networking at a very young age, when he
tried to save the world from digital monsters and aliens, an endeavor that keeps him
busy to this day. Russ started his career in enterprise-level IT work splicing fiber-optic
networks in the Pacific Northwest. His career has taken a long and winding path from
there: from systems administrator, to IT consultant and computer shop owner, to IT
instructor. Roughly the last decade of his career has focused solely on instruction and
consulting in IT environments. Some of his favorite topics include Cisco routing and
switching, real-world security, storage solutions, and virtualization.
xxviii CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Dedications
Raymond Lacoste:

This book is dedicated to my wife, Melanie, who has dedicated her life to making me a
better person, which is the hardest job in the world. Thank you, Melanie, for being the
most amazing wife and mother in the world.

Brad Edgeworth:

This book is dedicated to my daughter, Teagan. I know that you want to write a book
with wizards and princesses, but I don’t know how to do that. However, these are your
words in a book:

I can speak in Spanish, English, French, Chinese, and Parseltongue!

—Teagan Edgeworth
 xxix

Acknowledgments
Raymond Lacoste:
A huge thank you goes out to Brad for joining me on this writing adventure. Putting our
knowledge together to create this work of art was the best decision. Thank you so much
for sharing this with me.

To my wife and children for allowing me to avoid many family adventures while this book
was being developed and supporting me though the entire process. Love you guys!

To Russ Long, a long-time friend and a man whom I can trust. Thank you for finding my
mistakes before the readers do. You have always been there to make me look my best.
(The R&R Show for life!)

To Hector Mendoza, Jr.: I don’t know you personally, but you found those little things
that make a huge difference to the readers, and for that I thank you!

To Brett Bartow, thanks for trusting us to put this book together and put our knowledge
on paper.

To MJB, thank you for keeping me on task and making sure nothing slipped through the
cracks.

Finally, thank you to the entire team at Cisco Press, as well as their families and friends,
who work extremely hard to produce high-quality training material.

Brad Edgeworth:
To Raymond and Brett, thanks for letting me write this book. I am privileged to be able
to share my knowledge with others, and I’m grateful. To the rest of the Cisco Press team,
thanks for taking my block of stone and turning it into a work of art.

To the technical editors: Hector and Russ, thank you for finding our mistakes before
everyone else found them. If any slipped by, I completely blame the both of you.

Many people within Cisco have shared their knowledge with me and taken a chance on
me with various projects over the years. For that I’m forever indebted. Special gratitude
goes to Craig Smith, Aaron Foss, Ramiro Garza Rios, Vinit Jain, Richard Furr, David Prall,
Dustin Schuemann, Tyson Scott, Denise Fishbourne, Tyler Creek, and Mohammad Ali.
xxx CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Icons Used in This Book

ASA LAN Serial Switched

Firewall Segment Circuit

Radio Routing Router

Tower Domain

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions
used in the IOS Command Reference. The Command Reference describes these
conventions as follows:

■ Boldface indicates commands and keywords that are entered literally as shown.
In actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).

■ Italic indicates arguments for which you supply actual values.

■ Vertical bars (|) separate alternative, mutually exclusive elements.

■ Square brackets ([ ]) indicate an optional element.

■ Braces ({ }) indicate a required choice.

■ Braces within brackets ([{ }]) indicate a required choice within an optional element.
 Introduction xxxi

Introduction
Congratulations! If you are reading this Introduction, then you have probably decided
to obtain your Cisco CCNP Enterprise certification. Obtaining a Cisco certification will
ensure that you have a solid understanding of common industry protocols along with
Cisco’s device architecture and configuration. Cisco has a high market share of routers
and switches, with a global footprint.

Professional certifications have been an important part of the computing industry for
many years and will continue to become more important. Many reasons exist for these
certifications, but the most popularly cited reason is credibility. All other considerations
held equal, a certified employee/consultant/job candidate is considered more valuable
than one who is not certified.

Cisco provides three primary certifications:

Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional

(CCNP), and Cisco Certified Internetwork Expert (CCIE).

Cisco announced changes to all three certifications to take effect in February 2020. The
announcement included many changes, but these are the most notable:

■ The exams will include additional topics, such as programming.

■ The CCNA certification is not a prerequisite for obtaining the CCNP certification.
CCNA specializations will not be offered anymore.

■ The exams will test a candidate’s ability to configure and troubleshoot network
devices in addition to answering multiple-choice questions.

■ The CCNP is obtained by taking and passing a Core exam and a Concentration
exam, like the Implementing Cisco Enterprise Advanced Routing and Services
(ENARSI).

CCNP Enterprise candidates need to take and pass the CCNP and CCIE Enterprise Core
ENCOR 350-401 examination. Then they need to take and pass one of the following
Concentration exams to obtain their CCNP Enterprise:

■ 300-410 ENARSI to obtain Implementing Cisco Enterprise Advanced Routing and

Services (ENARSI)

■ 300-415 ENSDWI to obtain Implementing Cisco SD-WAN Solutions (SDWAN300)

■ 300-420 ENSLD to obtain Designing Cisco Enterprise Networks (ENSLD)

■ 300-425 ENWLSD to obtain Designing Cisco Enterprise Wireless Networks

(ENWLSD)

■ 300-430 ENWLSI to obtain Implementing Cisco Enterprise Wireless Networks

(ENWLSI)

■ 300-435 ENAUTO to obtain Implementing Automation for Cisco Enterprise

Solutions (ENAUI)
xxxii CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Goals and Methods

The most important and somewhat obvious goal of this book is to help you pass the
CCNP Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
300-410 exam. In fact, if the primary objective of this book were different, then the
book’s title would be misleading; however, the methods used in this book to help you
pass the exam are designed to also make you much more knowledgeable about how to
do your job.

One key methodology used in this book is to help you discover the exam topics that you
need to review in more depth, to help you fully understand and remember those details,
and to help you prove to yourself that you have retained your knowledge of those topics.
This book does not try to help you pass by memorization but helps you truly learn and
understand the topics. The ENARSI 300-410 exam covers foundation topics in the CCNP
certification, and the knowledge contained within is vitally important for a truly skilled
routing/switching engineer or specialist. This book would do you a disservice if it didn’t
attempt to help you learn the material. To that end, the book will help you pass the exam
by using the following methods:

■ Helping you discover which test topics you have not mastered

■ Providing explanations and information to fill in your knowledge gaps

■ Supplying exercises and scenarios that enhance your ability to recall and deduce the
answers to test questions

■ Providing practice exercises on the topics and the testing process via test questions
on the companion website

Who Should Read This Book?

This book is not designed to be a general networking topics book, although it can be
used for that purpose. This book is intended to tremendously increase your chances of
passing the ENARSI 300-410 exam. Although other objectives can be achieved from
using this book, the book is written with one goal in mind: to help you pass the exam.

So why should you want to pass the ENARSI 300-410 exam? Because it’s one of
the milestones toward getting the CCNP Enterprise certification, which is no small
feat. What would getting the CCNP Enterprise certification mean to you? A raise, a
promotion, recognition? How about enhancing your resume? Demonstrating that you
are serious about continuing the learning process and that you’re not content to rest on
your laurels? Pleasing your reseller-employer, who needs more certified employees for a
higher discount from Cisco? You might have one of these reasons for getting the CCNP
Enterprise certification or one of many others.

Strategies for Exam Preparation

The strategy you use for taking the ENARSI 300-410 exam might be slightly different
from strategies used by other readers, depending on the skills, knowledge, and
 Introduction xxxiii

experience you already have obtained. For instance, if you have attended the CCNP
Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) 300-410
course, you might take a different approach than someone who learned routing through
on-the-job training.
Regardless of the strategy you use or the background you have, this book is designed
to help you get to the point where you can pass the exam with the least amount of time
required. For instance, there is no need for you to practice or read about IP addressing
and subnetting if you fully understand it already. However, many people like to make sure
that they truly know a topic and thus read over material that they already know. Several
book features will help you gain the confidence you need to be convinced that you know
some material already and to also help you know what topics you need to study more.

How This Book Is Organized

Although this book could be read cover-to-cover, it is designed to be flexible and allow
you to easily move between chapters and sections of chapters to cover just the material
that you need more work with. If you intend to read the entire book, the order in the
book is an excellent sequence to use.

The chapters cover the following topics:

■ Chapter 1, “IPv4/IPv6 Addressing and Routing Review”: This chapter provides a

review of IPv4 and IPv6 addressing, DHCP, and routing, as well as details about how
to troubleshoot these topics.

■ Chapter 2, “EIGRP”: This chapter explains the underlying mechanics of the EIGRP
routing protocol, the path metric calculations, and how to configure EIGRP.

■ Chapter 3, “Advanced EIGRP”: This chapter explains the a variety of advanced

concepts, such as failure detection, network summarization, router filtering, and
techniques to optimize WAN sites.

■ Chapter 4, “Troubleshooting EIGRP for IPv4”: This chapter focuses on how to

troubleshoot EIGRP neighbor adjacency issues as well as EIGRP route issues.

■ Chapter 5, “EIGRPv6”: This chapter explains how EIGRP advertises IPv6 networks
and guides you through configuring, verifying, and troubleshooting EIGRPv6.

■ Chapter 6, “OSPF”: This chapter explains the core concepts of OSPF, the exchange
of routes, OSPF network types, failure detection, and OSPF authentication.

■ Chapter 7, “Advanced OSPF”: This chapter expands on Chapter 6 by explaining the

OSPF database and how it builds the topology. It also explains OSPF path selection,
router summarization, and techniques to optimize an OSPF environment.

■ Chapter 8, “Troubleshooting OSPFv2”: This chapter explores how to troubleshoot-

ing OSPFv2 neighbor adjacency issues as well as route issues.
xxxiv CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

■ Chapter 9, “OSPFv3”: This chapter explains how the OSPF protocol has changed to
accommodate support of the IPv6 protocol.

■ Chapter 10, “Troubleshooting OSPFv3”: This chapter explains how you can
troubleshooting issues that may arise with OSPFv3.

■ Chapter 11, “BGP”: This chapter explains the core concepts of BGP, its path
attributes, and configuration for IPv4 and IPv6 network prefixes.

■ Chapter 12, “Advanced BGP”: This chapter expands on Chapter 11 by explaining

BGP communities and configuration techniques for routers with lots of BGP
peerings.

■ Chapter 13, “BGP Path Selection”: This chapter explains the BGP path selection
process, how BGP identifies the best BGP path, and methods for load balancing
across equal paths.

■ Chapter 14, “Troubleshooting BGP”: This chapter explores how you can identify
and troubleshoot issues relating to BGP neighbor adjacencies, BGP routes, and BGP
path selection. It also covers MP-BGP (BGP for IPv6).

■ Chapter 15, “Route Maps and Conditional Forwarding”: This chapter explains
route maps, concepts for selecting a network prefix, and how packets can be condi-
tionally forwarded out different interfaces for certain network traffic.

■ Chapter 16, “Route Redistribution”: This chapter explains the rules of

redistribution, configuration for route redistribution, and behaviors of redistribution
based on the source or destination routing protocol.

■ Chapter 17, “Troubleshooting Redistribution”: This chapter focuses on how

to troubleshoot issues related to redistribution, including configuration issues,
suboptimal routing issues, and routing loop issues.

■ Chapter 18, “VRF, MPLS, and MPLS Layer 3 VPNs”: This chapter explores how
to configure and verify VRF and introduces you to MPLS operations and MPLS
Layer 3 VPNs.

■ Chapter 19, “DMVPN Tunnels”: This chapter covers GRE tunnels, NHRP, DMVPN,
and techniques to optimize a DMVPN deployment.

■ Chapter 20, “Securing DMVPN Tunnels”: This chapter explains the importance
of securing network traffic on the WAN and techniques for deploying IPsec tunnel
protection for DMVPN tunnels.

■ Chapter 21, “Troubleshooting ACLs and Prefix Lists”: This chapter shows how to
troubleshoot issues related to IPv4 and IPv6 access control lists and prefix lists.

■ Chapter 22, “Infrastructure Security”: This chapter covers how to troubleshoot

AAA issues, uRPF issues, and CoPP issues. In addition, it introduces various IPv6
First-Hop Security features.

■ Chapter 23, “Device Management and Management Tools Troubleshooting”: This

chapter explores how to troubleshoot issues that you might experience with local or
 Introduction xxxv

remote access, remote transfers, syslog, SNMP, IP SLA, Object Tracking, NetFlow,
and Flexible NetFlow. In addition, it introduces the troubleshooting options available
with Cisco DNA Center Assurance.

■ The last chapter, Chapter 24, “Final Preparation,” provides tips and strategies for
studying for the ENARSI 300-410 exam.

Certification Exam Topics and This Book

The questions for each certification exam are a closely guarded secret. However, we
do know which topics you must know to successfully complete the ENARSI 300-410
exam. Cisco publishes them as an exam blueprint. Table I-1 lists the exam topics from the
blueprint along with references to the book chapters that cover each topic. These are the
same topics you should be proficient in when working with enterprise technologies in the
real world.

Table I-1 Enterprise Core Topics and Chapter References

Implementing Cisco Enterprise Advanced Routing Chapter(s) in Which

(ENARSI) (300-410) Exam Topic Topic Is Covered
1.0 Layer 3 Technologies
1.1 Troubleshoot administrative distance (all routing protocols) 1
1.2 Troubleshoot route map for any routing protocol (attributes, 17
tagging, filtering)
1.3 Troubleshoot loop prevention mechanisms (filtering, tagging, 17
split horizon, route poisoning)
1.4 Troubleshoot redistribution between any routing protocols or 16, 17
routing sources
1.5 Troubleshoot manual and auto-summarization with any 3, 4, 5, 7, 8, 9, 10, 12
routing protocol
1.6 Configure and verify policy-based routing 15
1.7 Configure and verify VRF-Lite 18
1.8 Describe Bidirectional Forwarding Detection 23
1.9 Troubleshoot EIGRP (classic and named mode) 4, 5
1.9.a Address families (IPv4, IPv6) 2, 3, 4, 5
1.9.b Neighbor relationship and authentication 2, 4, 5
1.9.c Loop-free path selections (RD, FD, FC, successor, feasible 3, 4
successor, stuck in active)
1.9.d Stubs 4
1.9.e Load balancing (equal and unequal cost) 2
1.9.f Metrics 2
1.10 Troubleshoot OSPF (v2/v3) 6, 7, 8, 9, 10
1.10.a Address families (IPv4, IPv6) 8, 10
1.10.b Neighbor relationship and authentication 6, 8, 10
xxxvi CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Implementing Cisco Enterprise Advanced Routing Chapter(s) in Which

(ENARSI) (300-410) Exam Topic Topic Is Covered
1.10.c Network types, area types, and router types 8, 10
1.10.c (i) Point-to-point, multipoint, broadcast, nonbroadcast 6, 8, 10
1.10.c (ii) Area type: backbone, normal, transit, stub, NSSA, 7, 8, 10
totally stub
1.10.c (iii) Internal router, backbone router, ABR, ASBR 6, 8, 10
1.10.c (iv) Virtual link 7, 8
1.10.d Path preference 7
1.11 Troubleshoot BGP (Internal and External) 11, 12, 13, 14
1.11.a Address families (IPv4, IPv6) 10, 14
1.11.b Neighbor relationship and authentication (next-hop, 10, 14
mulithop, 4-byte AS, private AS, route refresh, synchronization,
operation, peer group, states and timers)
1.11.c Path preference (attributes and best-path) 13, 14
1.11.d Route reflector (excluding multiple route reflectors, 10
confederations, dynamic peer)
1.11.e Policies (inbound/outbound filtering, path manipulation) 11, 14
2.0 VPN Technologies
2.1 Describe MPLS operations (LSR, LDP, label switching, LSP) 18
2.2 Describe MPLS Layer 3 VPN 18
2.3 Configure and verify DMVPN (single hub) 19, 20
2.3.a GRE/mGRE 19
2.3.b NHRP 19
2.3.c IPsec 20
2.3.d Dynamic neighbor 19
2.3.e Spoke-to-spoke 19
3.0 Infrastructure Security
3.1 Troubleshoot device security using IOS AAA (TACACS+, 22
RADIUS, local database)
3.2 Troubleshoot router security features
3.2.a IPv4 access control lists (standard, extended, time-based) 21
3.2.b IPv6 traffic filter 21
3.2.c Unicast reverse path forwarding (uRPF) 22
3.3 Troubleshoot control plane policing (CoPP) (Telnet, SSH, 22
HTTP(S), SNMP, EIGRP, OSPF, BGP)
3.4 Describe IPv6 First Hop Security features (RA Guard, DHCP 22
Guard, binding table, ND inspection/snooping, Source Guard)
4.0 Infrastructure Services
4.1 Troubleshoot device management 23
4.1.a Console and VTY 23
 Introduction xxxvii

Implementing Cisco Enterprise Advanced Routing Chapter(s) in Which

(ENARSI) (300-410) Exam Topic Topic Is Covered
4.1.b Telnet, HTTP, HTTPS, SSH, SCP 23
4.1.c (T)FTP 23
4.2 Troubleshoot SNMP (v2c, v3) 23
4.3 Troubleshoot network problems using logging (local, syslog, 23
debugs, conditional debugs, timestamps)
4.4 Troubleshoot IPv4 and IPv6 DHCP (DHCP client, IOS DHCP 1
server, DHCP relay, DHCP options)
4.5 Troubleshoot network performance issues using IP SLA (jitter, 23
tracking objects, delay, connectivity)
4.6 Troubleshoot NetFlow (v5, v9, flexible NetFlow) 23
4.7 Troubleshoot network problems using Cisco DNA Center 23
assurance (connectivity, monitoring, device health, network health)

Each version of the exam can have topics that emphasize different functions or features,
and some topics can be rather broad and generalized. The goal of this book is to
provide the most comprehensive coverage to ensure that you are well prepared for the
exam. Although some chapters might not address specific exam topics, they provide a
foundation that is necessary for a clear understanding of important topics.

It is also important to understand that this book is a “static” reference, whereas the
exam topics are dynamic. Cisco can and does change the topics covered on certification
exams often.

This exam guide should not be your only reference when preparing for the certification
exam. You can find a wealth of information at [Link] that covers each topic in great
detail. If you think that you need more detailed information on a specific topic, read the
Cisco documentation that focuses on that topic.

Note that as technologies continue to evolve, Cisco reserves the right to change the
exam topics without notice. Although you can refer to the list of exam topics in Table I-1,
always check [Link] to verify the actual list of topics to ensure that you are prepared
before taking the exam. You can view the current exam topics on any current Cisco
certification exam by visiting [Link]
training-certifications/[Link]. Note also that, if needed, Cisco
Press might post additional preparatory content on the web page associated with this
book: [Link] It’s a good idea to check the
website a couple weeks before taking your exam to be sure that you have up-to-date
content.

Learning in a Lab Environment

This book is an excellent self-study resource for learning the technologies. However,
reading is not enough, and any network engineer can tell you that you must implement
a technology to fully understand it. We encourage the reader to re-create the topologies
and technologies and follow the examples in this book.
xxxviii CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

A variety of resources are available for practicing the concepts in this book. Look online
for the following:

■ Cisco VIRL (Virtual Internet Routing Lab) provides a scalable, extensible network
design and simulation environment. For more information about VIRL, see
[Link]

■ Cisco dCloud provides a huge catalog of demos, training, and sandboxes for
every Cisco architecture. It offers customizable environments and is free. For more
information, see [Link]

■ Cisco Devnet provides many resources on programming and programmability, along

with free labs. For more information, see [Link]
CHAPTER 1

IPv4/IPv6 Addressing and

Routing Review

This chapter covers the following topics:

■ IPv4 Addressing: This section provides a review of IPv4 addressing and covers issues
you might face and how to troubleshoot them.

■ DHCP for IPv4: This section reviews DHCP for IPv4 operations, explores potential
DHCP issues, and examines the output of various DHCP show commands.

■ IPv6 Addressing: This section provides a brief review of IPv6 addressing.

■ IPv6 SLAAC, Stateful DHCPv6, and Stateless DHCPv6: This section explores how
clients obtain IPv6 addressing information using SLACC, stateful DHCPv6, and state-
less DHCPv6.

■ Packet-Forwarding Process: This section discusses the packet-forwarding process and

the commands to verify the entries in the data structures that are used for this process.
It also provides you with a collection of Cisco IOS Software commands that could
prove useful when troubleshooting related issues.

■ Routing Information Sources: This section explains which sources of routing infor-
mation are the most believable and how the routing table interacts with various data
structures to populate itself with the best information.

■ Static Routes: This section reviews how to configure and verify IPv4 and IPv6 static
routes.

■ Trouble Tickets: This section provides a number of trouble tickets that demonstrate
how a structured troubleshooting process is used to solve a reported problem.

IPv6 is currently being deployed, but that deployment is occurring at a slow pace. Most net-
works still rely on IPv4, and many new networks and network additions are being deployed
with IPv4. Therefore, you still need the skills to successfully configure, verify, and trouble-
shoot IPv4 addressing. Therefore, this chapter provides a review of IPv4 addressing.
Typically, when deploying IPv4 addresses, Dynamic Host Configuration Protocol (DHCP)
is used so that addresses can be dynamically assigned. However, with this dynamic process,
issues may arise that prevent a device from successfully obtaining an IPv4 address from a
DHCP server. Therefore, this chapter reviews how DHCP operates and how to identify the
issues that may prevent a client from obtaining an IP address from a DHCP server.
Sooner or later, organizations will have to switch to IPv6. There is a whole lot more to
IPv6 than just having a larger address space than IPv4. This chapter reminds you how
 IPv6-enabled devices determine whether a destination is local or remote and explores the
various options for address assignment and what to look out for when troubleshooting.
Before you dive into the advanced routing topics such as Enhanced Interior Gateway Rout-
ing Protocol (EIGRP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP),
you need to review the packet-delivery process (also known as the routing process). This is
the process that a router goes through when a packet arrives at an ingress interface and needs
to be packet switched to an egress interface. It does not matter whether the packet is an IPv4
or IPv6 packet. Either way, the router goes through the same steps to successfully take a
packet from an ingress interface and packet switch it to the egress interface. You also need to
review how a router populates the routing table with “the best” routes. What classifies those
routes as the best? Is an EIGRP-learned route better than a static route? What about an
OSPF-learned route or a BGP-learned route? How do they compare to the other sources of
routing information? When multiple sources provide the same routing information, you need
to be able to identify why the router made the decision it made.
Static routes are part of every network. However, because they are manually configured,
they are prone to human error, which can produce suboptimal routing or routing loops;
therefore, this chapter reviews IPv4 and IPv6 static routing configuration and verification.
Notice that this chapter is mostly a review of IPv4/IPv6 addressing, DHCP for IPv4/IPv6,
the packet-forwarding process, administrative distance, and static routing that you learned in
CCNA or ENCORE. I encourage you not to skip this chapter as it is a great place to warm up
for what is to come in the rest of this book, which prepares you for the Implementing Cisco
Enterprise Advanced Routing and Services (ENARSI) exam.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this
entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in
doubt about your answers to these questions or your own assessment of your knowledge
of the topics, read the entire chapter. Table 1-1 lists the major headings in this chapter and
their corresponding “Do I Know This Already?” quiz questions. You can find the answers in
Appendix A, “Answers to the ‘Do I Know This Already?’ Quiz Questions.”

Table 1-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section Questions
IPv4 Addressing 1–3
DHCP for IPv4 4–6
IPv6 Addressing 7–8
IPv6 SLAAC, Stateful DHCPv6, and Stateless DHCPv6 9–12
Packet-Forwarding Process 13–15
Routing Information Sources 16–17
Static Routes 18–19
4 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chap-
ter. If you do not know the answer to a question or are only partially sure of the answer, you
should mark that question as wrong for purposes of self-assessment. Giving yourself credit
for an answer that you correctly guess skews your self-assessment results and might provide
you with a false sense of security.

1. What occurs when a PC with the IP address [Link]/28 needs to communicate with a
PC that has IP address [Link]? (Choose two.)
a. It sends the frame to its default gateway.
b. It sends the frame directly to the destination PC.
c. It uses ARP to get the MAC address of the default gateway.
d. It uses ARP to get the MAC address of the destination PC.
2. What occurs when a PC with the IP address [Link]/29 needs to communicate with a
PC that has IP address [Link]? (Choose two.)
a. It sends the frame to its default gateway.
b. It sends the frame directly to the destination PC.
c. It uses ARP to get the MAC address of the default gateway.
d. It uses ARP to get the MAC address of the destination PC.
3. Which command enables you to verify the IP address configured on a router’s
interface?
a. ipconfig
b. show ip interface
c. arp -a
d. show ip arp
4. What is the correct order of operations for the DHCP for IPv4 process?
a. Offer, Request, Ack, Discover
b. Discover, Request, Ack, Offer
c. Request, Offer, Discover, Ack
d. Discover, Offer, Request, Ack
5. Which command is needed on a router interface to forward DHCP Discover messages
to a DHCP server on a different subnet?
a. ip address dhcp
b. ip helper-address
c. ip dhcp-forwarder
d. ip dhcp server
6. Which command enables a router interface to obtain an IP address from a DHCP
server?
a. ip dhcp client
b. ip dhcp server
c. ip address dhcp
d. ip helper-address
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 5

7. What protocol is used with IPv6 to determine the MAC address of a device in the
same local area network? 1
a. Address Resolution Protocol
b. Inverse Address Resolution Protocol
c. Neighbor Discovery Protocol
d. Neighbor Solicitation
8. Which of the following are true when using EUI-64? (Choose two.)
a. The interface MAC address is used unmodified.
b. The interface MAC address is used with FFFE added to the middle.
c. The seventh bit from the left in the MAC address is flipped.
d. The seventh bit from the right in the MAC address is flipped.
9. What command is used on a Cisco IOS router to enable SLAAC on an interface?
a. ipv6 address autoconfig
b. ipv6 address dhcp
c. ipv6 address prefix eui-64
d. ipv6 nd ra suppress
10. Which of the following are requirements for stateless address autoconfiguration to
function? (Choose three.)
a. The prefix must be /64.
b. The router must be sending and not suppressing RA messages.
c. The router must be enabled for IPv6 unicast routing.
d. The router must be sending RS messages.
11. Which command is used to enable a router to inform clients that they need to get
additional configuration information from a DHCPv6 server?
a. ipv6 nd ra suppress
b. ipv6 dhcp relay destination
c. ipv6 address autoconfig
d. ipv6 nd other-config-flag
12. What command enables you to configure a router interface as a DHCPv6 relay agent?
a. ipv6 forwarder
b. ipv6 helper-address
c. ipv6 dhcp relay destination
d. ipv6 dhcp client
13. Which two data structures reside at the router’s data plane?
a. IP routing table
b. ARP cache
c. Forwarding Information Base
d. Adjacency table
6 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

14. Which command enables you to verify routes in the FIB?

a. show ip route
b. show ip arp
c. show ip cef
d. show adjacency detail
15. Which of the following populate a routing protocol’s data structure, such as the
EIGRP topology table? (Choose three.)
a. Updates from a neighbor
b. Redistributed routes
c. Interfaces enabled for the routing process
d. Static routes
16. Which of the following has the lowest default administrative distance?
a. OSPF
b. EIGRP (internal)
c. RIP
d. eBGP
17. What is the default administrative distance of an OSPF intra-area route?
a. 90
b. 110
c. 115
d. 120
18. How can you create a floating static route?
a. Provide the static route with a metric higher than the preferred source of the
route.
b. Provide the static route with a metric lower than the preferred source of the route.
c. Provide the static route with an AD higher than the preferred source of the route.
d. Provide the static route with an AD lower than the preferred source of the route.
19. What occurs when you create an IPv4 static route with an Ethernet interface desig-
nated instead of a next-hop IP address?
a. The router uses ARP to get the MAC address of the directly connected router’s IP
address.
b. The router forwards the packet with the destination MAC address
[Link].
c. The router uses ARP to get the MAC address of the IP address in the source of
the packet.
d. The router uses ARP to get the MAC address of the IP address in the destination
of the packet.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 7

Foundation Topics 1
IPv4 Addressing
Just as your personal street address uniquely defines where you live, an IPv4 address
uniquely defines where a device resides in a network. Your street address is made of two
parts—the street name and the number of your residence—and the combination of these
is unique within your city/town. As a result, a pizza delivery person can bring your pizza to
your house in 30 minutes, or it is free. If your house is addressed incorrectly, you may not
get your pizza, and you do not want that to happen.
Similarly, with IPv4 addressing, if devices are addressed incorrectly, they may not receive the
packets that are intended for them. Therefore, it is imperative that you have a solid under-
standing of IPv4 addressing and how to verify that devices are addressed correctly on a net-
work. This section provides a review of IPv4 addressing and discusses issues you might face
and how to troubleshoot them.

IPv4 Addressing Issues

An IPv4 address is made up of two parts: a network/subnet portion and a host portion. It
is imperative that all devices in the same network/subnet share exactly the same network/
subnet portion. If they are not the same, the PC could end up addressing the Layer 2 frame
incorrectly and sending the packet in the wrong direction. Figure 1-1 shows a sample subnet
([Link]/26) with two PCs and their default gateway, R1.

[Link]/26

[Link]
[Link] PC1
DG:[Link]
[Link]
.1
R1

[Link]
[Link] PC2
DG:[Link]

Figure 1-1 Correct IPv4 Addressing Example

When PC1 needs to communicate with PC2, it does a DNS lookup for the IP address of
PC2. The IP address [Link] is returned. Now PC1 needs to determine whether PC2 is
located in the same subnet because this determines whether the frame has the MAC address
of PC2 or the MAC address of the default gateway (DG). PC1 determines its network/subnet
portion by comparing its IP address to its subnet mask in binary, as follows:

00001010.00000001.00000001.00001010 - PC1 IP address in binary

11111111.11111111.11111111.11000000 - PC1 subnet mask in binary

-----------------------------------

00001010.00000001.00000001.00 - PC1 network/subnet ID

(The 1s in the subnet mask identify the network portion.)
8 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Now PC1 compares exactly the same binary bits to those binary bits in PC2’s address, as
follows:

00001010.00000001.00000001.00 - PC1 network/subnet ID

00001010.00000001.00000001.00010100 - PC2 IP address in binary

Because the binary bits are the same, PC1 concludes that PC2 is in the same network/subnet;
therefore, it communicates directly with it and does not need to send the data to its default
gateway. PC1 creates a frame with its own source MAC address and the MAC address of
PC2 as the destination.
Consider what occurs when PC1 needs to communicate with the web server at [Link]. It
does a DNS lookup for the IP address of the web server. The IP address [Link] is returned.
Now PC1 needs to determine whether the web server is located in the same network/subnet.
This determines whether the frame has the MAC address of the web server or the MAC
address of the DG. PC1 determines its network/subnet portion by comparing its IP address
to its subnet mask in binary, as follows:

00001010.00000001.00000001.00001010 - PC1 IP address in binary

11111111.11111111.11111111.11000000 - PC1 subnet mask in binary

-----------------------------------

00001010.00000001.00000001.00 - PC1 network/subnet ID

(The 1s in the subnet mask identify the network portion.)
Now PC1 compares exactly the same binary bits to those binary bits in the web server
address, as follows:

00001010.00000001.00000001.00 - PC1 network/subnet ID

11000000.00000000.00000010.00000001 - web server IP address in

binary
PC1 concludes that the web server is in a different network/subnet because the bits are
not the same; therefore, to communicate with the web server, it needs to send the data to
its default gateway. PC1 creates a frame with its own source MAC address and the MAC
address of R1 as the destination.
As you can see, accurate IP addressing is paramount for successful communication. Let’s
look at what happens if PC1 is configured with the wrong subnet mask ([Link]), as
shown in Figure 1-2.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 9

[Link]/26
1
[Link]
[Link] PC1
DG:[Link]
[Link]
.1
R1

[Link]
[Link] PC2
DG:[Link]

Figure 1-2 Incorrect IPv4 Addressing Example

PC1 determines its network/subnet portion by comparing its IP address to its subnet mask in
binary, as follows:

00001010.00000001.00000001.00001010 - PC1 IP address in binary

11111111.11111111.11111111.11110000 - PC1 subnet mask in binary

-------------------------------

00001010.00000001.00000001.0000 - PC1 network/subnet ID

Now PC1 compares exactly the same binary bits to those binary bits in PC2’s address, as
follows:
00001010.00000001.00000001.0000 - PC1 network/subnet ID

00001010.00000001.00000001.00010100 - PC2 IP address in binary

PC1 concludes that PC2 is not in the same network/subnet because the binary bits are not
the same. Therefore, it cannot communicate directly with it and needs to send the frame to
the router so that the router can route the packet to the subnet PC2 is in. However, the PCs
are actually connected to the same subnet, and as a result, there is an IPv4 addressing and
connectivity issue.
Not only does an improper subnet mask cause issues, but an inappropriate IP address
combined with the correct subnet mask also causes issues. In addition, if the default gate-
way is not configured correctly on the PCs, packets are not forwarded to the correct device
when packets need to be sent to a different subnet.
As a troubleshooter, you must recognize these issues and eliminate them as possible issues
quickly. You verify the IP addressing information on a Windows PC by using the ipconfig
command, as shown in Example 1-1. On an IOS router or IOS switch, you verify IP address-
ing information by using the show ip interface interface_type interface_number command,
as also shown in Example 1-1.
10 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-1 Verifying IP Addressing on a PC and on a Router

C:\>ipconfig
Windows IP Configuration

Ethernet adapter PC1:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . .: [Link]
Subnet Mask . . . . . . . . . . .: [Link]
IP Address. . . . . . . . . . . .: [Link]
IP Address. . . . . . . . . . . .: fe80::4107:2cfb:df25:5124%7
Default Gateway . . . . . . . . .: [Link]

R1# show ip interface gigabitEthernet 1/0

GigabitEthernet1/0 is up, line protocol is up
Internet address is [Link]/26
...output omitted...

Determining IP Addresses Within a Subnet

This section describes a quick way to determine all the IP addresses that will be in a particu-
lar subnet. Refer to Figure 1-3 as you are exploring this method.

[Link]/26
[Link]
[Link] PC1
DG:[Link]

[Link]
.1
R1

[Link]
[Link] PC2
DG:[Link]

Figure 1-3 Determining IP Addresses Within a Subnet

In the subnet mask, find the most interesting octet. In binary, it’s the octet with the last
binary 1. In decimal, it’s the last octet that is greater than 0. In this case, for [Link],
the fourth octet is the last octet with a value great than 0. The value of this octet is 192. If
your subnet mask were [Link], then it would be the third octet. Consider the subnet
mask [Link]. Because the fourth octet is a 0, it would be the third octet, as it’s the
last octet with a value greater than 0.
Now, subtract 192 from 256. The result is 64. The number 64 represents the block size or
the number you are counting by in that octet. The subnet in this case is [Link]/26, and
because the block size is 64, this subnet begins at [Link]/26 and ends at [Link]/26. The
next subnet is [Link]/26 to [Link]/26. The third subnet is [Link]/26 to [Link]/26,
and so on.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 11

Now compare the addresses of devices with the subnet ranges you just identified. In this
case, PC1, PC2, and an interface on R1 are supposed to be in the same subnet. As a result, 1
they better all be addressed correctly, or communication will not occur correctly. For exam-
ple, if you are reviewing the output of ipconfig on PC1, as shown in Example 1-2, now that
you have the ranges, you can easily see that PC1 is not in the same subnet as R1 and PC2.
Although they have the same subnet mask, in this case PC1 falls in the range [Link]/26
to [Link]/26, whereas PC2 and the default gateway fall in the range [Link]/26 to
[Link]/26. PC1 is in a different network/subnet, but it should be in the same subnet,
according to Figure 1-3. You must fix the address on PC1 so that it is within the correct
network/subnet.
Example 1-2 Verifying IP Addressing on a PC with the ipconfig Command

C:\>ipconfig
Windows IP Configuration

Ethernet adapter PC1:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . .: [Link]
Subnet Mask . . . . . . . . . . .: [Link]
IP Address. . . . . . . . . . . .: [Link]
IP Address. . . . . . . . . . . .: fe80::4107:2cfb:df25:5124%7
Default Gateway . . . . . . . . .: [Link]

DHCP for IPv4

Dynamic Host Configuration Protocol (DHCP) is commonly used for assigning IPv4 address
information to a network host. Specifically, DHCP allows a DHCP client to obtain an IP
address, subnet mask, default gateway IP address, DNS server IP address, and other types
of IP addressing information from a DHCP server. The DHCP server can be local within the
subnet, in a remote subnet, or the same device that is also the default gateway.
Because using DHCP is the most common way to deploy IPv4 addresses, you need to be
well versed in the DHCP process and able to recognize issues related to DHCP. This section
explains how DHCP operates and focuses on how to identify DHCP-related issues.

Reviewing DHCP Operations

If you have a cable modem, Digital Subscriber Line (DSL), or fiber connection in your
home, your router more than likely obtains its IP address from your service provider through
DHCP. The router is also acting as a DHCP server for the devices in your home. In corporate
networks, when a PC boots, that PC receives its IP address configuration information
from a corporate DHCP server. Figure 1-4 illustrates the exchange of messages (Discover,
Offer, Request, Acknowledgment [DORA] process) that occurs as a DHCP client obtains
IP addressing information from a DHCP server.
12 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

DHCP DISCOVER
DHCP Client Step 1 DHCP Server
[Link]
DHCP OFFER
Step 2
DHCP REQUEST
Step 3
DHCP ACK
Step 4
Figure 1-4 DHCP DORA Process
The DORA process works as follows:

Step 1. When a DHCP client initially boots, it has no IP address, default gateway, or
other such configuration information. Therefore, the way a DHCP client initially
communicates is by sending a broadcast message (that is, a DHCPDISCOVER
message) to destination IP address [Link] and destination MAC
address [Link] in an attempt to discover a DHCP server. The source
IP address is [Link], and the source MAC address is the MAC address of the
sending device.
Step 2. When a DHCP server receives a DHCPDISCOVER message, it can respond
with a DHCPOFFER message with an unleased IP address, subnet mask, and
default gateway information. Because the DHCPDISCOVER message is sent as
a broadcast, more than one DHCP server might respond to this Discover mes-
sage with a DHCPOFFER. However, the client typically selects the server that
sent the first DHCPOFFER response it received.
Step 3. The DHCP client communicates with the selected server by sending a broad-
casted DHCPREQUEST message indicating that it will be using the address
provided in the DHCPOFFER and, as a result, wants the associated address
leased to itself.
Step 4. Finally, the DHCP server responds to the client with a DHCPACK message
indicating that the IP address is leased to the client and includes any additional
DHCP options that might be needed at this point, such as the lease duration.

Notice that in step 1, the DHCPDISCOVER message is sent as a broadcast. The broadcast
cannot cross a router boundary. Therefore, if a client resides on a different network from the
DHCP server, you need to configure the default gateway of the client as a DHCP relay agent
to forward the broadcast packets as unicast packets to the server. You use the ip helper-
address ip_address interface configuration mode command to configure a router to relay
DHCP messages to a DHCP server in the organization.
To illustrate, consider Figure 1-5 and Example 1-3. In the figure, the DHCP client belongs
to the [Link]/24 network, whereas the DHCP server belongs to the [Link]/24 network.
Router R1 is configured as a DHCP relay agent, using the syntax shown in Example 1-3.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 13

DHCP DISCOVER DHCP DISCOVER

Broadcast Unicast
1
Fa 0/0 Fa 0/1
.1 R1 .1
DHCP Client DHCP Relay DHCP Server
[Link]/24 Agent [Link]/24 .2
Figure 1-5 DHCP Relay Agent
Example 1-3 DHCP Relay Agent Configuration

R1# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# service dhcp
R1(config)# interface fa 0/0
R1(config-if)# ip helper-address [Link]

In the configuration, notice the service dhcp command. This command enables the DHCP
service on the router, which must be enabled for the DHCP services to function. This com-
mand is usually not required because the DHCP service is enabled by default; however, when
troubleshooting a DHCP relay agent issue, you might want to confirm that the service is
enabled. Also, the ip helper-address [Link] command specifies the IP address of the DHCP
server. If the wrong IP address is specified, the DHCP messages are relayed to the wrong
device. In addition, the ip helper-address command must be configured on the interface
that is receiving the DHCPDISCOVER messages from the clients. If it isn’t, the router cannot
relay the DHCP messages.
When you configure a router to act as a DHCP relay agent, realize that it relays a few other
broadcast types in addition to a DHCP message. Other protocols that are forwarded by a
DHCP relay agent include the following:

■ TFTP

■ Domain Name System (DNS)

■ Internet Time Service (ITS)

■ NetBIOS name server

■ NetBIOS datagram server

■ BootP

■ TACACS

As a reference, Table 1-2 provides a comprehensive list of DHCP message types you might
encounter while troubleshooting a DHCP issue.
14 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Table 1-2 DHCP Message Types

DHCP Message Description
DHCPDISCOVER A client sends this message in an attempt to locate a DHCP server.
This message is sent to broadcast IP address [Link], using
UDP port 67.
DHCPOFFER A DHCP server sends this message in response to a DHCPDISCOVER
message, using UDP port 68.
DHCPREQUEST This broadcast message is a request from the client to the DHCP
server for the IP addressing information and options that were
received in the DHCPOFFER message.
DHCPDECLINE This message is sent from a client to a DHCP server to inform the
server that an IP address is already in use on the network.
DHCPACK A DHCP server sends this message to a client and includes IP
configuration parameters.
DHCPNAK A DHCP server sends this message to a client and informs the client
that the DHCP server declines to provide the client with the requested
IP configuration information.
DHCPRELEASE A client sends this message to a DHCP server and informs the DHCP
server that the client has released its DHCP lease, thus allowing the
DHCP server to reassign the client IP address to another client.
DHCPINFORM This message is sent from a client to a DHCP server and requests
IP configuration parameters. Such a message might be sent from an
access server requesting IP configuration information for a remote
client attaching to the access server.

In addition to acting as a DHCP relay agent, a router might act as a DHCP client. Specifically,
the interface of a router might obtain its IP address from a DHCP server. Figure 1-6 shows a
router acting as a DHCP client, where the router’s Fast Ethernet 0/1 interface obtains its IP
address from a DHCP server. Example 1-4 provides the configuration for the router in the
topology (that is, router R1). Notice that the dhcp option is used in the ip address command,
instead of the usual IP address and subnet mask information.

Fa 0/1
R1
DHCP DISCOVER DHCP Server

DHCP OFFER

DHCP REQUEST

DHCP ACK

Figure 1-6 Router Acting as a DHCP Client

 Chapter 1: IPv4/IPv6 Addressing and Routing Review 15

The following snippet shows a DHCP client configuration:

1
R1# configure terminal

R1(config)# int fa 0/1

R1(config-if)# ip address dhcp

A router and multilayer switch may also act as a DHCP server. Figure 1-7 shows a router
acting as a DHCP server, and Example 1-4 shows the router configuration. The ip dhcp
excluded-address [Link] [Link] command prevents DHCP from assigning those IP
addresses to a client. Note that you do not have to include the IP address of the router inter-
face in this exclusion because the router never hands out its own interface IP address. The ip
dhcp pool POOL-A command creates a DHCP pool named POOL-A. This pool hands out IP
addresses from the [Link]/24 network, with a default gateway of [Link], a DNS server of
[Link], and a WINS server of [Link].

Fa 0/0
.1
DHCPDISCOVER
DHCP Client DHCP Server

DHCPOFFER

DHCPREQUEST

DHCPACK

Figure 1-7 Router Acting as a DHCP Server

Example 1-4 DHCP Server Configuration

R1# show run

...OUTPUT OMITTED...
ip dhcp excluded-address [Link] [Link]
!
ip dhcp pool POOL-A
network [Link] [Link]
default-router [Link]
dns-server [Link]
netbios-name-server [Link]
...OUTPUT OMITTED...

If your device is configured to receive an IP address from a DHCP server but the IP address
shown on the client is an Automatic Private IP Addressing (APIPA) address (169.254.x.x)
because of autoconfiguration, as shown in Example 1-5, conclude that the client could
not obtain an IP address from the DHCP server. However, do not immediately assume that
DHCP is the problem. It is quite possible that you have a Layer 2 problem, such as VLANs,
trunks, Spanning Tree Protocol (STP), or security, that is, for example, preventing the client’s
DHCPDISCOVER message from reaching the DHCP server.
16 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-5 Verifying DHCP-Assigned IP Address on a PC

C:\>ipconfig /all
Windows IP Configuration

...output omitted...

Ethernet adapter PC1 Lab:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . .: AMD PCNET Family PCI Ethernet Adapter
Physical Address. . . . . . . . .: 08-00-27-5D-06-D6
Dhcp Enabled. . . . . . . . . . .: Yes
Autoconfiguration Enabled . . . .: Yes
Autoconfiguration IP Address. . .: [Link]
Subnet Mask . . . . . . . . . . .: [Link]
IP Address. . . . . . . . . . . .: [Link]
IP Address. . . . . . . . . . . .: fe80::a00:27ff:fe5d:6d6%4
Default Gateway . . . . . . . . .:

Potential DHCP Troubleshooting Issues

When troubleshooting what you suspect might be a DHCP issue, consider the following
potential issues:

■ A router not forwarding broadcasts: By default, a router does not forward broad-
casts, including DHCPDISCOVER broadcast messages. Therefore, a router needs to
be explicitly configured to act as a DHCP relay agent if the DHCP client and DHCP
server are on different subnets.

■ DHCP pool out of IP addresses: A DHCP pool contains a finite number of addresses.
Once a pool becomes depleted, new DHCP requests are rejected.

■ Misconfiguration: The configuration of a DHCP server might be incorrect. For exam-

ple, the range of network addresses given out by a particular pool might be incorrect,
or the exclusion of addresses statically assigned to routers or DNS servers might be
incorrect.

■ Duplicate IP addresses: A DHCP server might hand out an IP address to a client

that is already statically assigned to another host on the network. These duplicate IP
addresses can cause connectivity issues for both the DHCP client and the host that
was statically configured for the IP address.

■ Redundant services not communicating: Some DHCP servers coexist with other
DHCP servers for redundancy. For this redundancy to function, these DHCP servers
need to communicate with one another. If this interserver communication fails, the
DHCP servers hand out overlapping IP addresses to their client’s.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 17

■ The “pull” nature of DHCP: When a DHCP client wants an IP address, it requests an
IP address from a DHCP server. However, the DHCP server has no ability to initiate a 1
change in the client IP address after the client obtains an IP address. In other words,
the DHCP client pulls information from the DHCP server, the DHCP server cannot
push information changes to the DHCP client.

■ Interface not configured with IP address in DHCP pool: A router or a multilayer

switch that is acting as a DHCP server must have an interface with an IP address that is
part of the pool/subnet that it is handing out IP addresses for. The router only hands
the addresses in the pool to clients reachable out that interface. This ensures that the
router interface and the clients are in the same subnet. However, note that this is not
the case if a relay agent is forwarding DHCP messages between the client and the
router that is the DHCP server. In that case, the DHCP server does not have to have an
IP address on an interface that is part of the pool it is handing out addresses for.

DHCP Troubleshooting Commands

The following snippet provides sample output from the show ip dhcp conflict command:

R1# show ip dhcp conflict

IP address Detection method Detection time

[Link] Ping Oct 15 2018 8:56 PM

The output indicates a duplicate [Link] IP address on the network, which the router dis-
covered via a ping. You clear the information displayed by issuing the clear ip dhcp conflict *
command after resolving the duplicate address issue on the network.
Example 1-6 shows sample output from the show ip dhcp binding command. The output
indicates that IP address [Link] was assigned to a DHCP client. You can release this DHCP
lease with the clear ip dhcp binding * command.
Example 1-6 show ip dhcp binding Command Output

R1# show ip dhcp binding

Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
[Link] 0100.50b6.0765.7a Oct 17 2018 07:53 PM Automatic
[Link] 0108.0027.5d06.d6 Oct 17 2018 07:53 PM Automatic

Example 1-7 shows sample output from the debug ip dhcp server events command. The
output shows updates to the DHCP database.
18 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-7 debug ip dhcp server events Command Output

R1# debug ip dhcp server events

DHCPD: Seeing if there is an internally specified pool class:
DHCPD: htype 1 chaddr c001.0f1c.0000
DHCPD: remote id 020a00000a01010101000000
DHCPD: circuit id 00000000
DHCPD: Seeing if there is an internally specified pool class:
DHCPD: htype 1 chaddr c001.0f1c.0000
DHCPD: remote id 020a00000a01010101000000
DHCPD: circuit id 00000000
DHCPD: no subnet configured for [Link].

Example 1-8 shows sample output from the debug ip dhcp server packet command. The
output shows a DHCPRELEASE message being received when a DHCP client with IP
address [Link] is shut down. You can also see the four-step process of a DHCP client
obtaining IP address [Link] with the following messages: DHCPDISCOVER, DHCPOFFER,
DHCPREQUEST, and DHCPACK.
Example 1-8 debug ip dhcp server packet Command Output

R1# debug ip dhcp server packet

DHCPD: DHCPRELEASE message received from client
0063.6973.636f.2d63.3030.312e.3066.3163.2e30.3030.302d.4661.302f.30 ([Link]).
DHCPD: DHCPRELEASE message received from client
0063.6973.636f.2d63.3030.312e.3066.3163.2e30.3030.302d.4661.302f.30 ([Link]).
DHCPD: Finding a relay for client
0063.6973.636f.2d63.3030.312e.3066.3163.2e30.3030.302d.4661.302f.30 on interface
FastEthernet0/1.
DHCPD: DHCPDISCOVER received from client
0063.6973.636f.2d63.3030.312e.3066.3163.2e30.3030.302d.4661.302f.30 on interface
FastEthernet0/1.
DHCPD: Allocate an address without class information
([Link])
DHCPD: Sending DHCPOFFER to client
0063.6973.636f.2d63.3030.312e.3066.3163.2e30.3030.302d.4661.302f.30 ([Link]).
DHCPD: broadcasting BOOTREPLY to client c001.0f1c.0000.
DHCPD: DHCPREQUEST received from client
0063.6973.636f.2d63.3030.312e.3066.3163.2e30.3030.302d.4661.302f.30.
DHCPD: No default domain to append - abort update
DHCPD: Sending DHCPACK to client
0063.6973.636f.2d63.3030.312e.3066.3163.2e30.3030.302d.4661.302f.30 ([Link]).
DHCPD: broadcasting BOOTREPLY to client c001.0f1c.0000.

IPv6 Addressing
Just as your personal street address uniquely defines where you live, an IPv6 address
uniquely defines where a device resides. Your street address is made of two parts—the street
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 19

name and the number of your residence—and the combination of these parts is unique. Sim-
ilarly, an IPv6 address is made up of two parts. The first 64 bits usually represent the subnet 1
prefix (what network you belong to), and the last 64 bits usually represent the interface
ID/host ID (who you are in the network).
This section covers IPv6 addressing and assignment so that you are armed with the knowl-
edge needed for troubleshooting IPv6 addressing issues.

IPv6 Addressing Review

As with IPv4, it is important that devices are configured with the appropriate IPv6 address
based on where they reside so that packets are successfully routed to and from them. Refer
to Figure 1-8, which depicts an IPv6 network. [Link]/64 represents the first 64 bits
of the IPv6 address, which is the subnet prefix. This is the IPv6 network the nodes reside
in. Router R1 has interface IPv6 address [Link], where the last 64 bits, which are
::1 in this case, represent the interface/host ID or who it is in the IPv6 network. PC1 is ::10,
and PC2 is ::20. All the devices in [Link]/64 are configured with the default gateway
address of R1’s Gig0/0 interface, which is [Link].

::10
[Link]/64
PC1

::1
Default Gateway [Link]
Gi0/0 Gi1/0
[Link]
Gi0/0 ::2 R1

PC2 R2

::20
Figure 1-8 IPv6 Addressing Example
Just as with IPv4, when a host wants to communicate with another host, it compares its sub-
net bits to exactly the same bits in the destination IP address. If they match, both devices are
in the same subnet; if they do not match, the devices are in different subnets. If both devices
are in the same subnet, they can communicate directly with each other, and if they are in dif-
ferent subnets, they need to communicate through the default gateway.
For example, when PC1 in Figure 1-8 needs to communicate with the server at [Link],
it realizes that the web server is in a different network. Therefore, PC1 has to send the frame
to the default gateway, using the default gateway’s MAC address. If PC1 wants to communi-
cate with PC2, it determines it is in the same subnet and communicates directly with it.
You verify the IPv6 address of a Windows PC by using the ipconfig command, as shown
in Example 1-9. In this example, PC1 has the link-local address fe80::a00:27ff:fe5d:6d6 and
the global unicast address [Link], which was statically configured. Notice the %11
at the end of the link-local address in this case. This is the interface identification number,
and it is needed so that the system knows which interface to send the packets out of; keep
in mind that you can have multiple interfaces on the same device with the same link-local
address assigned to it.
20 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-9 Using ipconfig to Verify IPv6 Addressing

C:\PC1>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . .: [Link]
Link-local IPv6 Address . . . . .: fe80::a00:27ff:fe5d:6d6%11
IPv4 Address. . . . . . . . . . .: [Link]
Subnet Mask . . . . . . . . . . .: [Link]
Default Gateway . . . . . . . . .: [Link]
[Link]

EUI-64
Recall that an IPv6 address consists of two parts: the subnet ID and the interface/host ID.
The host ID is usually 64 bits long, and as a result, it is not something you want to be config-
uring manually in your organization. Although you can statically define the interface ID, the
best approach is to allow your end devices to automatically assign their own interface ID for
global unicast and link-local addresses randomly or based on the IEEE EUI-64 standard.
EUI-64 takes the client’s MAC address, which is 48 bits, splits it in half, and adds the hex val-
ues FFFE in the middle. In addition, it takes the seventh bit from the left and flips it. So, if it
is a 1, it becomes a 0, and if it is a 0, it becomes a 1. Look back at Example 1-9. Notice that
the link-local address is fe80::a00:27ff:fe5d:6d6. The subnet ID is FE80::, and the interface ID
is [Link]. If you fill in the missing leading 0s, the address is [Link].
This is an EUI-64 interface ID because it has FFFE in it. Let’s look at how it is derived.
Example 1-10 shows the output of ipconfig /all on PC1. Notice that the MAC address is
08-00-27-5D-06-D6. Split it in half and add FFFE in the middle to get 08-00-27-FF-FE-
5D-06-D6. Now group the hex values into groups of four and replace each dash (-) with a
colon, like this: [Link]. This looks very close to what is listed in the link-
local address, but it is not exactly the same. The interface ID in the link-local address starts
with 0a, and ours starts with 08. This is because the seventh bit is flipped, as discussed
earlier. Flip it. 08 hex in binary is 00001000. The seventh bit from left to right is a 0, so make
it a 1. Now you have 00001010. Convert to hex, and you get 0a. So, your interface ID is
[Link].
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 21

Example 1-10 Using ipconfig /all to Verify IPv6 Addressing

1
C:\PC1>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . .: PC1

Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . .: Broadcast
IP Routing Enabled. . . . . . . .: No
WINS Proxy Enabled. . . . . . . .: No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . .: Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . .: 08-00-27-5D-06-D6
DHCP Enabled. . . . . . . . . . .: No
Autoconfiguration Enabled . . . .: Yes
IPv6 Address. . . . . . . . . . .: [Link](Preferred)
Link-local IPv6 Address . . . . .: fe80::a00:27ff:fe5d:6d6%11(Preferred)
IPv4 Address. . . . . . . . . . .: [Link](Preferred)
Subnet Mask . . . . . . . . . . .: [Link]
Default Gateway . . . . . . . . .: [Link]
[Link]
DNS Servers . . . . . . . . . . .: [Link]%1
[Link]%1
[Link]%1
NetBIOS over Tcpip. . . . . . . .: Enabled

By default, routers use EUI-64 when generating the interface portion of the link-local address
of an interface. Modern Windows PCs randomly generate the interface portion by default
for both the link-local address and the global unicast address when autoconfiguring their
IPv6 addresses. However, this can be changed so that EUI-64 is used instead. When stati-
cally configuring an IPv6 address on a PC, the interface portion is manually assigned. How-
ever, on a router, if you want to use EUI-64 for a statically configured global unicast address,
use the eui-64 keyword at the end of the ipv6 address command, as shown in Example 1-11.
Example 1-11 Using EUI-64 on a Router Interface

R2# config t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)# interface gigabitEthernet 0/0
R2(config-if)# ipv6 address [Link]/64 eui-64

You verify the global unicast address and the EUI-64 interface ID assigned to an interface by
using the show ipv6 interface command, as shown in Example 1-12. In this case, R2’s Gig0/0
interface has a global unicast address that obtained the interface ID from the EUI-64 standard.
22 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-12 Verifying EUI-64 on a Router Interface

R2# show ipv6 interface gigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C80E:15FF:FEF4:8
No Virtual link-local address(es):
Global unicast address(es):
[Link], subnet is [Link]/64 [EUI]
Joined group address(es):
FF02::1
FF02::1:FFF4:8
MTU is 1500 bytes
...output omitted...

IPv6 SLAAC, Stateful DHCPv6, and Stateless DHCPv6

Manually assigning IP addresses (either IPv4 or IPv6) is not a scalable option. With IPv4, DHCP
provides a dynamic addressing option. With IPv6, you have three dynamic options to choose
from: stateless address autoconfiguration (SLAAC), stateful DHCPv6, or stateless DHCPv6. This
section looks at the issues that might arise for each and how to troubleshoot them.

SLAAC
SLAAC is designed to enable a device to configure its own IPv6 address, prefix, and default
gateway without a DHCPv6 server. Windows PCs automatically have SLAAC enabled and
generate their own IPv6 addresses, as shown in Example 1-13, which displays the output of
ipconfig /all on PC1.
Example 1-13 Using ipconfig /all to Verify That IPv6 SLAAC Is Enabled

C:\PC1>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . .: PC1

Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . .: Broadcast
IP Routing Enabled. . . . . . . .: No
WINS Proxy Enabled. . . . . . . .: No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : [Link]

Description . . . . . . . . . . .: Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . .: 08-00-27-5D-06-D6
DHCP Enabled. . . . . . . . . . .: Yes
Autoconfiguration Enabled . . . .: Yes
IPv6 Address. . . . . . . . . . .: [Link](Preferred)
Link-local IPv6 Address . . . . .: fe80::a00:27ff:fe5d:6d6%11(Preferred)
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 23

IPv4 Address. . . . . . . . . . .: [Link](Preferred)

1
Subnet Mask . . . . . . . . . . .: [Link]
...output omitted...

On Cisco routers, if you want to take advantage of SLAAC, you need to enable it manually
on an interface with the ipv6 address autoconfig command, as shown in Example 1-14.
Example 1-14 Enabling SLAAC on a Router Interface

R2# config t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)# interface gigabitEthernet 0/0
R2(config-if)# ipv6 address autoconfig

When a Windows PC and router interface are enabled for SLAAC, they send a Router Solicita-
tion (RS) message to determine whether there are any routers connected to the local link. They
then wait for a router to send a Router Advertisement (RA) that identifies the prefix being used
by the router (the default gateway) connected to the same network they are on. They then use
that prefix information to generate their own IPv6 address in the same network as the router
interface that generated the RA. The router uses EUI-64 for the interface portion, and the PC
randomly generates the interface portion unless it is configured to use EUI-64. In addition, the
PC uses the IPv6 link-local address of the device that sent the RA as the default gateway address.
Figure 1-9 shows the RA process. R1 sends an RA out its Gig0/0 interface. The source IPv6
address is the Gig0/0 link-local address, and the source MAC address is the MAC address
of interface Gig0/0. The destination IPv6 address is the all-nodes link-local multicast IPv6
address FF02::1. The destination MAC address is the all-nodes destination MAC address
[Link], which is associated with the all-nodes link-local multicast IPv6 address
FF02::1. By default, all IPv6-enabled interfaces listen for packets and frames destined for
these two addresses.

Destination Source
MAC [Link] ca0a.0e3c.0008
IPv6 FF02::1 FE80::C80A:EFF:FE3C:8

::10

PC1
Router Advertisement
::1
Default Gateway [Link]
[Link]/64 Gi0/0 Gi1/0
[Link]
Gi0/0 ::2 R1

PC2 R2

::20
Figure 1-9 Router Advertisement Example
When PC1 in Figure 1-9 receives the RA, it takes the prefix included in the RA, which is
[Link]/64, and in this case uses EUI-64 to create its IPv6 address. It also takes the
link-local address from the source of the RA and uses it as the default gateway address, as
shown in Example 1-15, which displays the output of ipconfig on PC1.
24 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-15 Verifying IPv6 Addresses Generated by SLAAC on a PC

C:\PC1>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . .: [Link]
Link-local IPv6 Address . . . . .: fe80::a00:27ff:fe5d:6d6%11
IPv4 Address. . . . . . . . . . .: [Link]
Subnet Mask . . . . . . . . . . .: [Link]
Default Gateway . . . . . . . . .: fe80::c80a:eff:fe3c:8%11
[Link]

To verify an IPv6 address generated by SLAAC on a router interface, use the show ipv6
interface command. As shown in Example 1-16, the global unicast address was generated
using SLAAC. Also notice at the bottom of the example that the default router is listed as
the link-local address of R1. However, note that this occurs only if IPv6 unicast routing was
not enabled on the router and, as a result, the router is acting as an end device.
Example 1-16 Verifying IPv6 Addresses Generated by SLAAC on a Router Interface

R2# show ipv6 interface gig 0/0

GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C80B:EFF:FE3C:8
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
[Link], subnet is [Link]/64 [EUI/CAL/PRE]
valid lifetime 2591816 preferred lifetime 604616
Joined group address(es):
FF02::1
FF02::1:FF3C:8
...output omitted...
Default router is FE80::C80A:EFF:FE3C:8 on GigabitEthernet0/0

It is important to realize that RAs are generated by default on router interfaces only if the
router interface is enabled for IPv6, IPv6 unicast routing is enabled, and RAs are not being
suppressed on the interface. Therefore, if SLAAC is not working, check the following:

■ Make sure that IPv6 unicast routing is enabled on the router that should be generating
RAs by using the show run | include ipv6 unicast-routing command, as shown in the
following snippet:

R1# show run | include ipv6 unicast-routing

ipv6 unicast-routing
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 25

■ Make sure that the appropriate interface is enabled for IPv6 by using the show ipv6
interface command, as shown in Example 1-17. 1

■ Make sure that the router interface advertising RAs has a /64 prefix by using the show
ipv6 interface command, as shown in Example 1-17. (SLAAC works only if the router
is using a /64 prefix.)

■ Make sure that RAs are not being suppressed on the interface by using the show ipv6
interface command, as shown in Example 1-18 (where they are being suppressed).

Example 1-17 Verifying That an Interface Is Enabled for IPv6

R1# show ipv6 interface gigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C80A:EFF:FE3C:8
No Virtual link-local address(es):
Global unicast address(es):
[Link], subnet is [Link]/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF3C:8
...output omitted...

Example 1-18 Verifying That RAs Are Not Suppressed

R1# show ipv6 interface gigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C80A:EFF:FE3C:8
No Virtual link-local address(es):
Global unicast address(es):
[Link], subnet is [Link]/64
...output omitted...
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (all)
Hosts use stateless autoconfig for addresses.

In addition, if you have more than one router on a subnet generating RAs, which is normal
when you have redundant default gateways, the clients learn about multiple default gate-
ways from the RAs, as shown in Example 1-19. The top default gateway is R2’s link-local
address, and the bottom default gateway is R1’s link-local address. Now, this might seem like
a benefit; however, it is a benefit only if both default gateways can reach the same networks.
Refer to Figure 1-8. If PC1 uses R2 as the default gateway, the packets to the web server are
dropped because R2 does not have a way to route packets to the web server, as shown in the
ping output of Example 1-20, unless it redirects them back out the interface they arrived on,
which is not a normal behavior. Therefore, if users are complaining that they cannot access
resources, and they are connected to a network with multiple routers generating RAs, check
26 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

the default gateways learned by SLAAC and make sure that those default gateways can route
to the intended resources.
Example 1-19 Verifying Default Gateways Configured on a PC

C:\PC1># ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . .: [Link]
Link-local IPv6 Address . . . . .: fe80::a00:27ff:fe5d:6d6%11
IPv4 Address. . . . . . . . . . .: [Link]
Subnet Mask . . . . . . . . . . .: [Link]
Default Gateway . . . . . . . . .: fe80::c80b:eff:fe3c:8%11
fe80::c80a:eff:fe3c:8%11
[Link]

Example 1-20 Failed Ping from PC1 to [Link]

C:\PC1>ping [Link]

Pinging [Link] with 32 bytes of data:

Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.

Ping statistics for [Link]

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Stateful DHCPv6
Although a device is able to determine its IPv6 address, prefix, and default gateway using
SLAAC, there is not much else the devices can obtain. In a modern-day network, the devices
may also need information such as Network Time Protocol (NTP) server information, domain
name information, DNS server information, and Trivial File Transfer Protocol (TFTP) server
information. To hand out the IPv6 addressing information along with all optional informa-
tion, use a DHCPv6 server. Both Cisco routers and multilayer switches may act as DHCP
servers. Example 1-21 provides a sample DHCPv6 configuration on R1 and the ipv6 dhcp
server interface command necessary to enable the interface to use the DHCP pool for hand-
ing out IPv6 addressing information. If you are troubleshooting an issue where clients are not
receiving IPv6 addressing information or are receiving wrong IPv6 addressing information
from a router or multilayer switch acting as a DHCPv6 server, check the interface and make
sure it was associated with the correct pool.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 27

Example 1-21 Sample DHCPv6 Configuration on R1

1
R1# show run | section dhcp
ipv6 dhcp pool DHCPV6POOL
address prefix [Link]/64
dns-server [Link]
domain-name [Link]
R1# show run interface gigabitEthernet 0/0
Building configuration...

Current configuration : 173 bytes

!
interface GigabitEthernet0/0
no ip address
ipv6 address [Link]/64
ipv6 dhcp server DHCPV6POOL
end

Example 1-22 provides examples of the show ipv6 dhcp binding command, which displays
the IPv6 addresses used by clients, the show ipv6 dhcp interface command, which displays
the interface to DHCPv6 pool associations, and the show ipv6 dhcp pool command, which
displays the configured pools.
Example 1-22 Verifying DHCPv6 Information on R1

R1# show ipv6 dhcp binding

Client: FE80::A00:27FF:FE5D:6D6
DUID: 000100011B101C740800275D06D6
Username : unassigned
VRF : default
IA NA: IA ID 0x0E080027, T1 43200, T2 69120
Address: [Link]
preferred lifetime 86400, valid lifetime 172800
expires at May 25 2018 08:37 PM (172584 seconds)

R1# show ipv6 dhcp interface

GigabitEthernet0/0 is in server mode
Using pool: DHCPV6POOL
Preference value: 0
Hint from client: ignored
Rapid-Commit: disabled

R1# show ipv6 dhcp pool

DHCPv6 pool: DHCPV6POOL
Address allocation prefix: [Link]/64 valid 172800 preferred 86400 (1 in
use, 0 conflicts)
DNS server: [Link]
Domain name: [Link]
Active clients: 0
28 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Stateless DHCPv6
Stateless DHCPv6 is a combination of SLAAC and DHCPv6. In this case, a router’s RA is
used by the clients to automatically determine the IPv6 address, prefix, and default gateway.
Included in the RA is a flag that tells the client to get other non-addressing information from
a DHCPv6 server, such as the address of a DNS server or a TFTP server. To accomplish this,
ensure that the ipv6 nd other-config-flag interface configuration command is enabled. This
ensures that the RA informs the client that it must contact a DHCPv6 server for other infor-
mation. In Example 1-23, notice this command configured under the Gigabit Ethernet 0/0
interface. Also, in Example 1-23, the output of show ipv6 interface gigabitEthernet 0/0
states that hosts obtain IPv6 addressing from stateless autoconfig and other information
from a DHCP server.
Example 1-23 Verifying Stateless DHCPv6

R1# show run int gig 0/0

Building configuration...

Current configuration : 171 bytes

!
interface GigabitEthernet0/0
no ip address
media-type gbic
speed 1000
duplex full
negotiation auto
ipv6 address [Link]/64
ipv6 nd other-config-flag
end

R1# show ipv6 interface gigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C80A:EFF:FE3C:8
No Virtual link-local address(es):
Global unicast address(es):
[Link], subnet is [Link]/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF3C:8
...output omitted...
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Hosts use DHCP to obtain other configuration.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 29

DHCPv6 Operation
1
DHCPv6 has a four-step negotiation process, like IPv4. However, DHCPv6 uses the follow-
ing messages:

Step 1. SOLICIT: A client sends this message to locate DHCPv6 servers using the multi-
cast address FF02::1:2, which is the all-DHCPv6-servers multicast address.
Step 2. ADVERTISE: Servers respond to SOLICIT messages with a unicast
ADVERTISE message, offering addressing information to the client.
Step 3. REQUEST: The client sends this message to the server, confirming the addresses
provided and any other parameters.
Step 4. REPLY: The server finalizes the process with this message.

As a reference, Table 1-3 provides a comprehensive list of DHCPv6 message types you might
encounter while troubleshooting a DHCPv6 issue.

Table 1-3 DHCP Message Types

DHCP Message Description
SOLICIT A client sends this message in an attempt to locate a DHCPv6 server.
ADVERTISE A DHCPv6 server sends this message in response to a SOLICIT,
indicating that it is available.
REQUEST This message is a request for IP configuration parameters sent from a
client to a specific DHCPv6 server.
CONFIRM A client sends this message to a server to determine whether the address
it was assigned is still appropriate.
RENEW A client sends this message to the server that assigned the address in
order to extend the lifetime of the addresses assigned.
REBIND When there is no response to a RENEW, a client sends a REBIND
message to a server to extend the lifetime on the address assigned.
REPLY A server sends this message to a client containing assigned address and
configuration parameters in response to a SOLICIT, REQUEST, RENEW,
or REBIND message received from a client.
RELEASE A client sends this message to a server to inform the server that the
assigned address is no longer needed.
DECLINE A client sends this message to a server to inform the server that the
assigned address is already in use.
RECONFIGURE A server sends this message to a client when the server has new or
updated information.
INFORMATION- A client sends this message to a server when the client only needs
REQUEST additional configuration information without any IP address assignment.
RELAY-FORW A relay agent uses this message to forward messages to DHCP server.
RELAY-REPL A DHCP server uses this message to reply to the relay agent.

DHCPv6 Relay Agents

All the DHCPv6 examples so far have included the DHCP server within the same local net-
work. However, in most networks, the DHCP server is located in a different network, which
creates an issue. If you review the multicast address of the SOLICIT message, notice that it
30 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

is a link-local scope multicast address. It starts with FF02. Therefore, the multicast does not
leave the local network, and the client is not able to reach the DHCPv6 server.
To relay the DHCPv6 messages to a DHCPv6 server in another network, the local router inter-
face in the network the client belongs to needs to be configured as a relay agent with the ipv6
dhcp relay destination interface configuration command. Example 1-24 shows interface Gigabit
Ethernet 0/0 configured with the command ipv6 dhcp relay destination [Link], which
is used to forward SOLICIT messages to a DHCPv6 server at the address listed.
Example 1-24 Configuring R1 as a DHCPv6 Relay Agent

R1# config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# interface gigabitethernet0/0
R1(config-if)# ipv6 dhcp relay destination [Link]

Packet-Forwarding Process
When troubleshooting connectivity issues for an IP-based network, the network layer (Layer 3)
of the OSI reference model is often an appropriate place to begin your troubleshooting efforts
(divide-and-conquer method). For example, if you are experiencing connectivity issues
between two hosts on a network, you could check Layer 3 by pinging between the hosts. If
the pings are successful, you can conclude that the issue resides at upper layers of the OSI
reference model (Layers 4 through 7). However, if the pings fail, you should focus your trouble-
shooting efforts on Layers 1 through 3. If you ultimately determine that there is a problem at
Layer 3, your efforts might be centered on the packet-forwarding process of a router.
This section discusses the packet-forwarding process and the commands used to verify the
entries in the data structures that are used for this process. It also provides you with a collec-
tion of Cisco IOS software commands that are useful when troubleshooting related issues.

Reviewing the Layer 3 Packet-Forwarding Process

To review basic routing processes, consider Figure 1-10. In this topology, PC1 needs to
access HTTP resources on Server1. Notice that PC1 and Server1 are on different networks.
So how does a packet from source IP address [Link] get routed to destination IP
address [Link]?

IP Address: [Link]/24 IP Address: [Link]/24

MAC Address: 1111.1111.1111 MAC Address: 2222.2222.2222
Default Gateway: [Link] Default Gateway: [Link]
PC1
Server1

Se 1/1
SW1 Fa 0/0 R1 [Link]/30 R2 SW2
Se 1/1 Fa 0/0
[Link]/24 [Link]/30 [Link]/24
[Link] [Link]
Figure 1-10 Basic Routing Topology
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 31

Consider the following step-by-step walkthrough of this process:

1
Step 1. PC1 compares its IP address and subnet mask [Link]/24 with the destina-
tion IP address [Link], as discussed earlier in the chapter. PC1 determines
the network portion of its own IP address. It then compares these binary bits
with the same binary bits of the destination address. If they are the same, it
knows the destination is on the same subnet. If they differ, it knows the des-
tination is on a remote subnet. PC1 concludes that the destination IP address
resides on a remote subnet in this example. Therefore, PC1 needs to send the
frame to its default gateway, which could have been manually configured on
PC1 or dynamically learned via DHCP. In this example, PC1 has the default
gateway address [Link] (that is, router R1). To construct a proper Layer 2
frame, PC1 needs the MAC address of the frame’s destination, which is PC1’s
default gateway in this example. If the MAC address is not in PC1’s Address
Resolution Protocol (ARP) cache, PC1 uses ARP to discover it. Once PC1
receives an ARP reply from router R1, PC1 adds router R1’s MAC address to its
ARP cache. PC1 then sends its data destined for Server1 in a frame addressed to
R1, as shown in Figure 1-11.

IP Address: [Link]/24 IP Address: [Link]/24

MAC Address: 1111.1111.1111 MAC Address: 2222.2222.2222
Default Gateway: [Link] Default Gateway: [Link]
PC1’s ARP Cache
PC1
[Link] [Link]
Server1

ARP Request

ARP Reply

Se 1/1
SW1 Fa 0/0 R1 [Link]/30 R2 SW2
Se 1/1 Fa 0/0
[Link]/24 [Link]/30 [Link]/24
[Link] [Link]
Frame from
PC1 to R1

PC1 Server1 PC1 R1

Data Transport SRC IP DST IP SRC MAC DST MAC
HTTP TCP [Link] [Link] 1111.1111.1111 [Link]

Figure 1-11 Basic Routing, Step 1

Step 2. Router R1 receives the frame sent from PC1, and because the destination MAC
address is R1’s, R1 tears off the Layer 2 header and interrogates the IP (Layer 3)
header. An IP header contains a time-to-live (TTL) field, which is decremented
once for each router hop. Therefore, router R1 decrements the packet’s TTL
field. If the value in the TTL field is reduced to zero, the router discards the
packet and sends a time-exceeded Internet Control Message Protocol (ICMP)
32 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

message back to the source. Assuming that the TTL is not decremented to
zero, router R1 checks its routing table to determine the best path to reach the
IP address [Link]. In this example, router R1’s routing table has an entry
stating that network [Link]/24 is accessible through interface Serial 1/1.
Note that ARP is not required for serial interfaces because these interface types
do not have MAC addresses. Therefore, router R1 forwards the frame out its
Serial 1/1 interface, as shown in Figure 1-12, using the Point-to-Point Protocol
(PPP) Layer 2 framing header.

IP Address: [Link]/24 IP Address: [Link]/24

MAC Address: 1111.1111.1111 MAC Address: 2222.2222.2222
Default Gateway: [Link] Default Gateway: [Link]
PC1
Server1
Router R1’s Route Entry
[Link]/24 Serial 1/1

PPP
Se 1/1
SW1 Fa 0/0 R1 [Link]/30 Se 1/1 R2 Fa 0/0 SW2
[Link]/24 [Link]/30 [Link]/24
[Link] [Link]

PPP Frame
R1 to R2

PC1 Server1
Data Transport SRC IP DST IP PPP L2 Header
HTTP TCP [Link] [Link]

Figure 1-12 Basic Routing, Step 2

Step 3. When router R2 receives the frame, it removes the PPP header and then
decrements the TTL in the IP header, just as router R1 did. Again, assuming that
the TTL did not get decremented to zero, router R2 interrogates the IP header
to determine the destination network. In this case, the destination network
[Link]/24 is directly attached to router R2’s Fast Ethernet 0/0 interface.
Much the way PC1 sent out an ARP request to determine the MAC address
of its default gateway, router R2 sends an ARP request to determine the MAC
address of Server1 if it is not already known in the ARP cache. Once an ARP
reply is received from Server1, router R2 stores the results of the ARP reply in
the ARP cache and forwards the frame out its Fast Ethernet 0/0 interface to
Server1, as shown in Figure 1-13.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 33

IP Address: [Link]/24 IP Address: [Link]/24

MAC Address: 1111.1111.1111 MAC Address: 2222.2222.2222 1
Default Gateway: [Link] Default Gateway: [Link]

PC1
Router R2’s Route Entry
Server1
[Link]/24 FA 0/0

Router R2’s ARP Cache ARP Request

[Link] 2222.2222.2222 ARP Reply

Se 1/1
SW1 Fa 0/0 R1 [Link]/30 Se 1/1 R2 Fa 0/0 SW2
[Link]/24 [Link]/30 [Link]/24
[Link] [Link]

Frame from
R2 to Server1

PC1 Server1 R2 Server1

Data Transport SRC IP DST IP SRC MAC DST MAC
HTTP TCP [Link] [Link] [Link] 2222.2222.2222

Figure 1-13 Basic Routing, Step 3

The previous steps identified two router data structures:

■ IP routing table: When a router needs to route an IP packet, it consults its IP routing
table to find the best match. The best match is the route that has the longest pre-
fix. For example, suppose that a router has a routing entry for networks [Link]/8,
[Link]/24, and [Link]/26. Also, suppose that the router is trying to forward a packet
with the destination IP address [Link]. The router selects the [Link]/26 route entry
as the best match for [Link] because that route entry has the longest prefix, /26 (so
it matches the most number of bits).

■ Layer 3-to-Layer 2 mapping table: In Figure 1-13, router R2’s ARP cache contains
Layer 3-to-Layer 2 mapping information. Specifically, the ARP cache has a mapping
that says MAC address 2222.2222.2222 corresponds to IP address [Link]. An
ARP cache is the Layer 3-to-Layer 2 mapping data structure used for Ethernet-based
networks, but similar data structures are used for Multipoint Frame Relay networks
and Dynamic Multipoint Virtual Private Network (DMVPN) networks. However, for
point-to-point links such as PPP or High-Level Data Link Control (HDLC), because
there is only one other possible device connected to the other end of the link, no map-
ping information is needed to determine the next-hop device.

Continually querying a router’s routing table and its Layer 3-to-Layer 2 mapping data struc-
ture (for example, an ARP cache) is less than efficient. Fortunately, Cisco Express Forward-
ing (CEF) gleans its information from the router’s IP routing table and Layer 3-to-Layer 2
mapping tables. Then, CEF’s data structures in hardware can be referenced when forwarding
packets.
34 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

The two primary CEF data structures are as follows:

■ Forwarding Information Base (FIB): The FIB contains Layer 3 information, similar to
the information found in an IP routing table. In addition, an FIB contains information
about multicast routes and directly connected hosts.

■ Adjacency table: When a router is performing a route lookup using CEF, the FIB refer-
ences an entry in the adjacency table. The adjacency table entry contains the frame
header information required by the router to properly form a frame. Therefore, an egress
interface and a next-hop MAC address is in an adjacency entry for a multipoint Ethernet
interface, whereas a point-to-point interface requires only egress interface information.

As a reference, Figure 1-14 shows the router data structures.

Layer 3-to-Layer 2
IP Routing Table
Mappings
Control Plane

CEF Forwarding CEF Adjacency

Information Base Table
Data Plane
Figure 1-14 A Router’s Data Structures

Troubleshooting the Packet-Forwarding Process

When troubleshooting packet-forwarding issues, you need to examine a router’s IP routing
table. If the observed behavior of the traffic is not conforming to information in the IP rout-
ing table, remember that the IP routing table is maintained by a router’s control plane and
is used to build the tables at the data plane. CEF is operating in the data plane and uses the
FIB. You need to view the CEF data structures (that is, the FIB and the adjacency table) that
contain all the information required to make packet-forwarding decisions.
Example 1-25 provides sample output from the show ip route ip_address command. The
output shows that the next-hop IP address to reach IP address [Link] is [Link],
which is accessible via interface Fast Ethernet 0/0. Because this information is coming from the
control plane, it includes information about the routing protocol, which is OSPF in this case.
Example 1-25 show ip route ip_address Command Output

Router# show ip route [Link]

Routing entry for [Link]/24
Known via "ospf 1", distance 110, metric 11, type intra area
Last update from [Link] on FastEthernet0/0, [Link] ago
Routing Descriptor Blocks:
[Link], from [Link], [Link] ago, via FastEthernet0/0
Route metric is 11, traffic share count is 1
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 35

Example 1-26 provides sample output from the show ip route ip_address subnet_mask
command. The output indicates that the entire network [Link]/24 is accessible out inter- 1
face Fast Ethernet 0/0, with next-hop IP address [Link].
Example 1-26 show ip route ip_address subnet_mask Command Output

Router# show ip route [Link] [Link]

Routing entry for [Link]/24
Known via "ospf 1", distance 110, metric 11, type intra area
Last update from [Link] on FastEthernet0/0, [Link] ago
Routing Descriptor Blocks:
[Link], from [Link], [Link] ago, via FastEthernet0/0
Route metric is 11, traffic share count is 1

Example 1-27 provides sample output from the show ip route ip_address subnet_mask
longer-prefixes command, with and without the longer-prefixes option. Notice that the
router responds that the subnet [Link] [Link] is not in the IP routing table. However,
with the longer-prefixes option added, two routes are displayed, because these routes are
subnets of the [Link]/16 network.
Example 1-27 show ip route ip_address subnet_mask longer-prefixes Command Output

Router# show ip route [Link] [Link]

% Subnet not in table
R2# show ip route [Link] [Link] longer-prefixes
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
- ODR, P - periodic downloaded static route

Gateway of last resort is not set

[Link]/30 is subnetted, 2 subnets

C [Link] is directly connected, Serial1/0.1
C [Link] is directly connected, Serial1/0.2

Example 1-28 provides sample output from the show ip cef ip_address command. The out-
put indicates that, according to CEF, IP address [Link] is accessible out interface Fast
Ethernet 0/0, with the next-hop IP address [Link].
36 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-28 show ip cef ip_address Command Output

Router# show ip cef [Link]

[Link]/24, version 42, epoch 0, cached adjacency [Link]
0 packets, 0 bytes
via [Link], FastEthernet0/0, 0 dependencies
next hop [Link], FastEthernet0/0
valid cached adjacency

Example 1-29 provides sample output from the show ip cef ip_address subnet_mask
command. The output indicates that network [Link]/24 is accessible off interface Fast
Ethernet 0/0, with the next-hop IP address [Link].
Example 1-29 show ip cef ip_address subnet_mask Command Output

Router# show ip cef [Link] [Link]

[Link]/24, version 42, epoch 0, cached adjacency [Link]
0 packets, 0 bytes
via [Link], FastEthernet0/0, 0 dependencies
next hop [Link], FastEthernet0/0
valid cached adjacency

The following snippet provides sample output from the show ip cef exact-route
source_address destination_address command:

Router# show ip cef exact-route [Link] [Link]

[Link] -> [Link] : FastEthernet0/0 (next hop [Link])

The output indicates that a packet sourced from IP address [Link] and destined for IP
address [Link] will be sent out interface Fast Ethernet 0/0 to next-hop IP address
[Link].
For a multipoint interface such as point-to-multipoint Frame Relay or Ethernet, when a
router knows the next-hop address for a packet, it needs appropriate Layer 2 information (for
example, next-hop MAC address or data link connection identifier [DLCI]) to properly con-
struct a frame. Example 1-30 provides sample output from the show ip arp command, which
displays the ARP cache that is stored in the control plane on a router. The output shows the
learned or configured MAC addresses along with their associated IP addresses.
Example 1-30 show ip arp Command Output

Router# show ip arp

Protocol Address Age (min) Hardware Addr Type Interface
Internet [Link] 0 0009.b7fa.d1e1 ARPA FastEthernet0/0
Internet [Link] - c001.0f70.0000 ARPA FastEthernet0/0
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 37

Example 1-31 provides sample output from the show frame-relay map command. The out-
put shows the Frame Relay interfaces, the corresponding DLCIs associated with the inter- 1
faces, and the next-hop IP address that is reachable out the interface using the permanent
virtual circuit (PVC) associated with the listed DLCI. In this case, if R2 needs to send data to
the next-hop IP address [Link], it uses the PVC associated with DLCI 406 to get there.
Example 1-31 show frame-relay map Command Output

Router# show frame-relay map

Serial1/0 (up): ip [Link] dlci 405(0x195,0x6450), static,broadcast,
CISCO, status defined, active
Serial1/0 (up): ip [Link] dlci 406(0x196,0x6460), static,broadcast,
CISCO, status defined, active

Example 1-32 provides sample output from the show ip nhrp command. This command
displays the Next Hop Resolution Protocol cache that is used with DMVPN networks. In
this example, if a packet needs to be sent to the [Link] next-hop IP address, the non-
broadcast multiaccess (NBMA) address [Link] is used to reach it.
Example 1-32 show ip nhrp Command Output

HUBRouter# show ip nhrp

[Link]/32 via [Link]
Tunnel0 created [Link], expire [Link]
Type: dynamic, Flags: unique registered
NBMA address: [Link]
[Link]/32 via [Link]
Tunnel0 created [Link], expire [Link]
Type: dynamic, Flags: unique registered
NBMA address: [Link]

Example 1-33 provides sample output from the show adjacency detail command. The
output shows the CEF information used to construct frame headers needed to reach the
next-hop IP addresses through the various router interfaces. Notice the value 64510800 for
Serial 1/0. This is a hexadecimal representation of information that is needed by the router to
successfully forward the packet to the next-hop IP address [Link], including the DLCI
405. Notice the value CA1B01C4001CCA1C164000540800 for Fast Ethernet 3/0. This is the
destination MAC address, the source MAC address, and the EtherType code for an Ethernet
frame. The first 12 hex values are the destination MAC address, the next 12 are the source
MAC address, and 0800 is the IPv4 EtherType code.
38 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-33 show adjacency detail Command Output

Router# show adjacency detail

Protocol Interface Address
IP Serial1/0 [Link](7)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 1
Encap length 4
64510800
FR-MAP
IP Serial1/0 [Link](7)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 1
Encap length 4
64610800
FR-MAP
IP FastEthernet3/0 [Link](7)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 1
Encap length 14
CA1B01C4001CCA1C164000540800
L2 destination address byte offset 0
L2 destination address byte length 6
Link-type after encap: ip
ARP

Routing Information Sources

When designing a routed network, you have many options to choose from when determining
what will be the source of routing information: connected, static, EIGRP, OSPF, and BGP, to
name a few. With all these different options, you need to be able to recognize what is most
trustworthy (believable). This is extremely important when you are using multiple sources
because only one source of information can be used to populate the routing table for any
given route. As a result, it is important for a troubleshooter to understand how the best
source of routing information is determined and how that source’s information is placed in
the routing table.
This section explains which sources of routing information are the most believable and
how the routing table interacts with various data structures to populate itself with the best
information.

Data Structures and the Routing Table

To better troubleshoot routing information sources, consider, generically, how the data
structures of dynamic routing protocols interact with a router’s IP routing table. Figure 1-15
shows the interaction between the data structures of an IP routing protocol and a router’s IP
routing table.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 39

Incoming Route Information Outgoing Route Information

1

Interface enabled
for routing process
Static Routes
Data
Redistributed Routes
Structure IP
of IP Directly Connected Routing
Routing Table
Protocol Route Installation

Figure 1-15 Interaction Between the IP Routing Table and a Routing Protocol Data
Structure
As a router receives routing information from a neighboring router, the information is stored
in the data structures of the IP routing protocol and analyzed by the routing protocol to
determine the best path, based on metrics. An IP routing protocol’s data structure can
also be populated by the local router. For example, a router might be configured for route
redistribution, where routing information is redistributed from the routing table into the IP
routing protocol’s data structure. The router might be configured to have specific interfaces
participate in an IP routing protocol process. In that case, the network that the interface
belongs to is placed into the routing protocol data structure as well.
However, what goes in the routing table? Reviewing Figure 1-15 again, notice that the rout-
ing protocol data structure can populate the routing table, a directly connected route can
populate the routing table, and static routes can populate the routing table. These are all
known as sources of routing information.

Sources of Routing Information

A router could conceivably receive routing information from the following routing sources
all at the same time:

■ Connected interface

■ Static route
■ RIP

■ EIGRP

■ OSPF

■ BGP

If the routing information received from all these sources is for different destination net-
works, each one is used for its respectively learned destination networks and placed in the
routing table. However, what if the route received from Routing Information Protocol (RIP)
and OSPF is exactly the same? For example, say that both protocols have informed the
router about the [Link]/24 network. How does the router choose which is the most believ-
able, or the best source of routing information? It cannot use both; it must pick one and
install that information in the routing table.
40 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Routing information sources are each assigned an administrative distance (AD). Think of
an administrative distance of a routing information source as the believability or trustwor-
thiness of that routing source when comparing it to the other routing information sources.
Table 1-4 lists the default ADs of routing information sources. The lower the AD, the more
preferred the source of information.
For instance, RIP has a default AD of 120, whereas OSPF has a default AD of 110. There-
fore, if both RIP and OSPF have knowledge of a route to a specific network (for example,
[Link]/24), the OSPF route is injected into the router’s IP routing table because OSPF has a
more believable AD. Therefore, the best route selected by an IP routing protocol’s data struc-
ture is only a candidate to be injected into the router’s IP routing table. The route is injected
into the routing table only if the router concludes that it came from the best routing source.
As you will see in later chapters, when you troubleshoot specific routing protocols, routes
might be missing in the routing table from a specific routing protocol, or suboptimal routing
may be occurring because a different routing source with a lower AD is being used.

Table 1-4 Default Administrative Distance of Route Sources

Source of Routing information AD
Connected interface 0
Static route 1
EIGRP summary route 5
eBGP (External Border Gateway Protocol) 20
EIGRP (internal) 90
OSPF 110
IS-IS (Intermediate System to Intermediate System) 115
RIP 120
ODR (On-Demand Routing) 160
EIGRP (external) 170
iBGP (Internal Border Gateway Protocol) 200
Unknown (not believable) 255

You can verify the AD of a route in the routing table by using the show ip route ip_address
command, as shown in Example 1-34. Notice in the example that the route to [Link] has an
AD of 0, and the route to [Link] has an AD of 90.
Example 1-34 Verifying the Administrative Distance of a Route in the Routing Table

R1# show ip route [Link]

Routing entry for [Link]/26
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via eigrp 100
Routing Descriptor Blocks:
directly connected, via GigabitEthernet1/0
Route metric is 0, traffic share count is 1
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 41

R1# show ip route [Link]

1
Routing entry for [Link]/24
Known via "eigrp 100", distance 90, metric 3072, type internal
Redistributing via eigrp 100
Last update from [Link] on GigabitEthernet2/0, [Link] ago
Routing Descriptor Blocks:
[Link], from [Link], [Link] ago, via GigabitEthernet2/0
Route metric is 3072, traffic share count is 1
Total delay is 20 microseconds, minimum bandwidth is 1000000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1

If you ever need to make sure that the routing information or subset of routing information
received from a particular source is never used, change the AD of specific routes or all routes
from that source to 255, which means “do not believe.”
AD is also used to manipulate path selection. For example, you might have two different
paths to the same destination, learned from two different sources (for example, EIGRP and
a static route). In this case, the static route is preferred. However, this static route may be
pointing to a backup link that is slower than the EIGRP path. Therefore, you want the EIGRP
path to be installed in the routing table because the static route is causing suboptimal rout-
ing. But you are not allowed to remove the static route. To solve this issue, create a floating
static route. This static route has a higher AD than the preferred route. Because you want
EIGRP to be preferred, modify the static route so that it has an AD higher than EIGRP,
which is 90. As a result, the EIGRP-learned route is installed in the routing table, and the
static route is installed only if the EIGRP-learned route goes away.

Static Routes
Static routes are manually configured by administrators, and by default they are the second-
most-trustworthy source of routing information, with an AD of 1. They allow an admin-
istrator to precisely control how to route packets for a particular destination. This section
discusses the syntax of IPv4 and IPv6 static routes and explains what to look for while
troubleshooting.

IPv4 Static Routes

To create an IPv4 static route, you use the ip route prefix mask {ip_address | interface_
type interface_number} [distance] command in global configuration mode. The following
snippet displays the configuration of a static route on R1. The static route is training R1
about the [Link]/24 network:
R1# config t

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)# ip route [Link] [Link] [Link] 8

The network is reachable via the next-hop address [Link], which is R2, and is assigned an
AD of 8. (The default is 1.)
42 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

[Link]/24 [Link]/24
Gi1/0
R1 [Link]/24 R2 [Link]/24 R3

[Link]/24 via [Link]

Figure 1-16 Configuring a Static Route on R1 with the Next-Hop Option
Example 1-35, which shows the output of show ip route static on R1, indicates that the
[Link]/24 network was learned by a static route, it is reachable via the next-hop IP address
[Link], it has an AD of 8, and the metric is 0 because there is no way to know how far
away the destination truly is (as there is with a dynamic routing protocol).
Example 1-35 Verifying a Static Route on R1

R1# show ip route static

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
...output omitted...

[Link]/8 is variably subnetted, 7 subnets, 2 masks

S [Link]/24 [8/0] via [Link]

When troubleshooting IPv4 static routes, you need to be able to recognize why the static
route may not be providing the results you want. For example, are the network and mask
accurate? If either of them is incorrect, your static route will not route the packets you are
expecting it to route. The router might drop packets because it does not match the static
route or any other route. It might end up forwarding packets using the default route, which
may be pointing the wrong way. In addition, if the static route includes networks that it
should not, you could be routing packets the wrong way.
Consider this: If you were to configure the static route ip route [Link] [Link]
[Link] on R2 in Figure 1-16, packets destined to [Link] would be sent to R1, which is the
wrong way. However, notice in Example 1-35 that R1 points to R2 ([Link]) for the network
[Link]/24. Therefore, R1 and R2 simply bounce packets that are destined for [Link]/24
back and forth until the TTL expires.
Notice that the next-hop IP address is a very important parameter for the static route. It tells
the local router where to send the packet. For instance, in Example 1-35, the next hop is
[Link]. Therefore, a packet destined to [Link] has to go to [Link] next. R1 now does a
recursive lookup in the routing table for [Link] to determine how to reach it, as shown in
Example 1-36. This example displays the output of the show ip route [Link] command on
R1. Notice that [Link] is directly connected out Gigabit Ethernet 1/0.
Example 1-36 Recursive Lookup on R1 for the Next-Hop Address

R1# show ip route [Link]

Routing entry for [Link]/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
directly connected, via GigabitEthernet1/0
Route metric is 0, traffic share count is 1
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 43

Because the exit interface to reach [Link] is Gigabit Ethernet 1/0, the Ethernet frame
requires source and destination MAC addresses. As a result, R1 looks in its ARP cache, as 1
shown in Example 1-37, and finds that the MAC address for [Link] is ca08.0568.0008.
Example 1-37 MAC Address Lookup in the ARP Cache

R1# show ip arp

Protocol Address Age (min) Hardware Addr Type Interface
Internet [Link] - ca07.0568.0008 ARPA GigabitEthernet0/0
Internet [Link] - ca07.0568.001c ARPA GigabitEthernet1/0
Internet [Link] 71 ca08.0568.0008 ARPA GigabitEthernet1/0

Notice in this case that the MAC address of the next-hop address is used for the Layer 2
frame. It is not the MAC address of the IP address in the packet. The benefit of this is that
the router only has to find the MAC address of the next hop when using the ARP process,
and then it can store the results in the ARP cache. Then, any packet that has to go to the
next hop address [Link] does not require an ARP request to be sent; it needs just a lookup
in the ARP cache, which makes the overall routing process more efficient.
Now that you understand the next-hop IP address, there is another option you need to know
about. As you saw earlier in the ip route syntax, you can specify an exit interface instead
of a next-hop IP address. There is a right time to use the exit interface, and there is a wrong
time to use it. The right time is when it’s a pure point-to-point interface, such as DSL or
serial. Point-to-point Ethernet links are not pure point-to-point but are still multiaccess, and
because they are Ethernet, they require source and destination MAC addresses. If you spec-
ify an Ethernet interface as the next hop, you will be making your router ARP for the MAC
address of every destination IP address in every packet. Let’s look at this.
Say that you configure the following static route on R1: ip route [Link] [Link]
gigabit Ethernet 1/0. Example 1-38 shows how the static route appears in the routing
table. It states that [Link]/24 is directly connected to Gigabit Ethernet 1/0. But is it? Refer
to Figure 1-17 to know for sure. It is clear in Figure 1-17 that [Link]/24 is not directly
connected. But because of the way the static route is configured, R1 thinks that it is directly
connected.
Example 1-38 Static Route with an Exit Interface Specified

R1# show ip route static

...output omitted...

[Link]/8 is variably subnetted, 7 subnets, 2 masks

S [Link]/24 is directly connected, GigabitEthernet1/0

[Link]/24 [Link]/24
Gig1/0
R1 [Link]/24 R2 [Link]/24 R3

[Link]/24 via Gig1/0

Figure 1-17 Configuring a Static Route on R1 with Exit Interface Option
44 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Imagine that users in the [Link]/24 network are trying to access resources in the [Link]/24
network. Specifically, they are accessing resources on [Link] through [Link]. R1 receives
the packets, and it looks in the routing table and finds that the longest match is the following
entry:

S [Link]/24 is directly connected, GigabitEthernet1/0

R1 believes the network is directly connected; therefore, the destination IP address in
the packet is on the network connected to Gig1/0. However, you know better because
Figure 1-17 shows that it is not. So, because it is an Ethernet interface, R1 uses ARP to
determine the MAC address of the IP address in the destination field of the packet. (This is
different from what occurred when the next-hop IP address was specified. When the next
hop was specified, the MAC address of the next-hop address was used.) Example 1-39 shows
the ARP cache on R1. Notice that every destination IP address has an entry in the ARP
cache. How can that be if ARP requests are not forwarded by routers? It is because of proxy
ARP, which is on by default on the routers. Proxy ARP allows a router to respond to ARP
requests with its own MAC address if it has a route in the routing table to the IP address in
the ARP request. Notice that the MAC addresses listed are all the same. In addition, they
match the MAC address of the [Link] entry. Therefore, because R2 has a route to reach
the IP address of the ARP request, it responds back with its MAC address.
Example 1-39 ARP Cache on R1 with R2 Proxy ARP Enabled

R1# show ip arp

Protocol Address Age (min) Hardware Addr Type Interface
Internet [Link] - ca07.0568.0008 ARPA GigabitEthernet0/0
Internet [Link] 0 ca08.0568.0008 ARPA GigabitEthernet1/0
Internet [Link] 0 ca08.0568.0008 ARPA GigabitEthernet1/0
Internet [Link] 3 ca08.0568.0008 ARPA GigabitEthernet1/0
Internet [Link] 0 ca08.0568.0008 ARPA GigabitEthernet1/0
Internet [Link] 1 ca08.0568.0008 ARPA GigabitEthernet1/0
Internet [Link] 0 ca08.0568.0008 ARPA GigabitEthernet1/0
Internet [Link] 0 ca08.0568.0008 ARPA GigabitEthernet1/0
Internet [Link] 1 ca08.0568.0008 ARPA GigabitEthernet1/0
Internet [Link] - ca07.0568.001c ARPA GigabitEthernet1/0
Internet [Link] 139 ca08.0568.0008 ARPA GigabitEthernet1/0

Example 1-40 shows how to use the show ip interface command to verify whether proxy
ARP is enabled.
Example 1-40 Verifying Whether Proxy ARP Is Enabled

R2# show ip interface gigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up
Internet address is [Link]/24
Broadcast address is [Link]
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 45

Directed broadcast forwarding is disabled

1
Multicast reserved groups joined: [Link] [Link]
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent

If proxy ARP is not enabled, the ARP cache on R1 appears as shown in Example 1-41.
Notice that R1 is still sending ARP requests; however, it is not getting any ARP replies.
Therefore, it cannot build the Layer 2 frame, and the result is an encapsulation failure,
which you would be able to see if you were debugging IP packets.
Example 1-41 ARP Cache on R1 with R2 Proxy ARP Disabled

R1# show ip arp

Protocol Address Age (min) Hardware Addr Type Interface
Internet [Link] - ca07.0568.0008 ARPA GigabitEthernet0/0
Internet [Link] 0 Incomplete ARPA
Internet [Link] 0 Incomplete ARPA
Internet [Link] 0 Incomplete ARPA
Internet [Link] 0 Incomplete ARPA
Internet [Link] 0 Incomplete ARPA
Internet [Link] 0 Incomplete ARPA
Internet [Link] 0 Incomplete ARPA
Internet [Link] 0 Incomplete ARPA
Internet [Link] - ca07.0568.001c ARPA GigabitEthernet1/0
Internet [Link] 139 ca08.0568.0008 ARPA GigabitEthernet1/0

Because of the fact that R1 uses ARP to determine the MAC address of every destination
IP address in every packet, you should never specify an Ethernet interface in a static route.
Specifying an Ethernet interface in a static route results in excessive use of router resources,
such as processor and memory, as the control plane gets involved during the forwarding pro-
cess to determine the appropriate Layer 2 MAC address using ARP.
Being able to recognize misconfigured static routes and the issues that arise is an important
skill to have when troubleshooting because a misconfigured static route causes traffic to
be misrouted or suboptimally routed. In addition, remember that static routes have an AD
of 1; therefore, they are preferred over other sources of routing information to the same
destination.

IPv6 Static Routes

To create an IPv6 static route, you use the ipv6 route {ipv6_prefix/prefix_length} {ipv6_
address | interface_type interface_number} [administrative_distance] [next_hop_address]
command in global configuration mode.
46 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

The following snippet displays the configuration of an IPv6 static route on R1, as shown in
Figure 1-18:

R1# config t

R1(config)# ipv6 route [Link]/64 gigabitEthernet 1/0

FE80::2 8
The static route is training R1 about the [Link]/64 network. The network is reach-
able using the next-hop address FE80::2, which is R2’s link-local address, and it was assigned
an AD of 8. (The default is 1.) Notice that the exit Ethernet interface is specified. This is
mandatory when using the link-local address as the next hop because the same link-local
address can be used on multiple local router interfaces. In addition, multiple remote router
interfaces can have the same link-local address as well. However, as long as the link-local
addresses are unique between the devices within the same local network, communication
occurs as intended. If you are using a global unicast address as the next hop, you do not have
to specify the exit interface.

[Link]/64 [Link]/64

Gig1/0
R1 R2 R3

[Link]/64 via FE80::2

Figure 1-18 Configuring an IPv6 Static Route on R1 with the Next-Hop Option
Example 1-42, which shows the output of show ipv6 route static on R1, indicates that the
[Link]/64 network was learned by a static route, it is reachable via the next-hop IP
address FE80::2, it has an AD of 8, and the metric is 0 because there is no way to know how
far away the destination truly is (as there is with a dynamic routing protocol).
Example 1-42 Verifying an IPv6 Static Route on R1

R1# show ipv6 route static

...output omitted...
S [Link]/64 [8/0]
via FE80::2, GigabitEthernet1/0

Recall that there are no broadcasts with IPv6. Therefore, IPv6 does not use ARP. It uses NDP
(Neighbor Discovery Protocol), which is multicast based, to determine a neighboring device’s
MAC address. In this case, if R1 needs to route packets to [Link]/64, the routing
table says to use the next-hop address FE80::2, which is out Gig1/0. Therefore, it consults its
IPv6 neighbor table, as shown in the following snippet, to determine whether there is a MAC
address for FE80::2 out Gig 1/0:

R1# show ipv6 neighbors

IPv6 Address Age Link-layer Addr State Interface

FE80::2 0 ca08.0568.0008 REACH Gi1/0

 Chapter 1: IPv4/IPv6 Addressing and Routing Review 47

It is imperative that the table have an entry that maps the link-local address and the interface.
If only one matches, it is not the correct entry. If there is no entry in the IPv6 neighbor table, 1
a neighbor solicitation message is sent to discover the MAC address FE80::2 on Gig1/0.
As you discovered earlier with IPv4, it is not acceptable to use the interface option in a static
route when the interface is an Ethernet interface because proxy ARP consumes an exces-
sive amount of router resources. Note that proxy ARP does not exist in IPv6. Therefore, if
you use the interface option with an Ethernet interface, it works only if the destination IPv6
address is directly attached to the router interface specified. This is because the destination
IPv6 address in the packet is used as the next-hop address, and the MAC address needs to
be discovered using NDP. If the destination is not in the directly connected network, neigh-
bor discovery fails, and Layer 2 encapsulation ultimately fails. Consider Figure 1-18 again.
On R1, if you configured the following IPv6 static route (which is called a directly attached
static route), what would happen?

ipv6 route [Link]/64 gigabitEthernet 1/0

When R1 receives a packet destined for [Link], it determines based on the static
route that it is directly connected to Gig1/0 (which it is not according to Figure 1-18). There-
fore, R1 sends an Neighbor Solicitation (NS) out Gig1/0 for the MAC address associated
with [Link], using the solicited-node multicast address FF02::1:FF00:3. If no device
attached to Gig1/0 is using the solicited-node multicast address FF02::1:FF00:3 and the IPv6
address [Link], the NS goes unanswered, and Layer 2 encapsulation fails.
As you can see, being able to recognize misconfigured static routes and the issues that arise
is an important skill to have when troubleshooting because a misconfigured static route
causes traffic to be misrouted or suboptimally routed. In addition, remember that static
routes have an AD of 1 by default; therefore, they are preferred over other sources of routing
information to the same destination.

Trouble Tickets
This section presents various trouble tickets related to the topics discussed earlier in the
chapter. The purpose of this section is to show you a process you can follow when trouble-
shooting in the real world or in an exam environment.

IPv4 Addressing and Addressing Technologies Trouble Tickets

Trouble Tickets 1-1 and 1-2 are based on the topology shown in Figure 1-19.
DHCP
[Link]/26 Server
[Link]
[Link] PC1 [Link]
DG:[Link]

Gig2/0
Gig0/0 Gig1/0 [Link]
.1
R1
NAT Enabled Router
[Link]
[Link] PC2
DG:[Link]

Figure 1-19 IPv4 Addressing Trouble Tickets Topology

48 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Trouble Ticket 1-1

Problem: PC1 is not able to access resources on web server [Link].
You begin troubleshooting by verifying the issue with a ping from PC1 to [Link]. As
shown in Example 1-43, the ping fails.
Example 1-43 Failed Ping from PC1 to [Link]

C:\PC1>ping [Link]
Pinging [Link] with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for [Link]:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Next, you ping the default gateway for PC1, which is R1, at [Link]. As shown in Example 1-44,
the ping is successful.
Example 1-44 Successful Ping from PC1 to the Default Gateway

C:\PC1>ping [Link]

Reply from [Link]: bytes=32 time 1ms TTL=128

Reply from [Link]: bytes=32 time 1ms TTL=128
Reply from [Link]: bytes=32 time 1ms TTL=128
Reply from [Link]: bytes=32 time 1ms TTL=128

Ping statistics for [Link]:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

You decide to see whether this is an isolated incident. You access PC2 and ping [Link],
which is successful, as shown in Example 1-45.
Example 1-45 Successful Ping from PC2 to [Link]

C:\PC2>ping [Link]

Reply from [Link]: bytes=32 time 1ms TTL=128

Reply from [Link]: bytes=32 time 1ms TTL=128
Reply from [Link]: bytes=32 time 1ms TTL=128
Reply from [Link]: bytes=32 time 1ms TTL=128
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 49

Ping statistics for [Link]:

1
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

At this point, you have determined that Layer 2 and Layer 3 connectivity from PC1 and
PC2 to the router is fine. You have also confirmed that PC2 can reach Internet resources
even though PC1 cannot. There are many reasons this situation might exist. One of the big
ones is that an access control list (ACL) on Gig0/0 or Gig1/0 is denying PC1 from accessing
resources on the Internet. Alternatively, a NAT issue could be preventing [Link] from being
translated. However, before you go down that path, review the basics. For example, what
about the default gateway configured on PC1? If it is configured incorrectly, PC1 is sending
packets that are destined to a remote subnet to the wrong default gateway. If you review the
output of ipconfig on PC1, as shown in Example 1-46, you see that the default gateway is
configured as [Link], which is not the IP address of R1’s interface.
Example 1-46 ipconfig Output on PC1

C:\PC1>ipconfig
Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . .: [Link]
Subnet Mask . . . . . . . . . . .: [Link]
Default Gateway . . . . . . . . .: [Link]

After you change the default gateway on R1 to [Link], the ping to [Link] is successful, as
shown in Example 1-47.
Example 1-47 Successful Ping from PC1 to [Link]

C:\PC1>ping [Link]

Reply from [Link]: bytes=32 time 1ms TTL=128

Reply from [Link]: bytes=32 time 1ms TTL=128
Reply from [Link]: bytes=32 time 1ms TTL=128
Reply from [Link]: bytes=32 time 1ms TTL=128

Ping statistics for [Link]:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Trouble Ticket 1-2

Problem: PC1 is not able to access resources on web server [Link].
50 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

You begin troubleshooting by verifying the issue with a ping from PC1 to [Link]. As
shown in Example 1-48, the ping fails.
Example 1-48 Failed Ping from PC1 to [Link]

C:\PC1>ping [Link]
Pinging [Link] with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for [Link]:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Next, you ping the default gateway for PC1, which is R1, at [Link]. As shown in
Example 1-49, it fails as well.
Example 1-49 Failed Ping from PC1 to the Default Gateway

C:\PC1>ping [Link]
Pinging [Link] with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for [Link]:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Next, you decide to see whether this is an isolated incident by pinging from PC2 to the IP
address [Link] and to the default gateway at [Link]. As shown in Example 1-50, both
pings fail as well, indicating that the problem is not isolated.
Example 1-50 Failed Ping from PC2 to [Link] and the Default Gateway

C:\PC2>ping [Link]
Pinging [Link] with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for [Link]:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 51

C:\PC2>ping [Link]
1
Pinging [Link] with 32 bytes of data:

Request timed out.

Request timed out.
Request timed out.
Request timed out.

Ping statistics for [Link]:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

At this point, you have confirmed that there is no Layer 2 or Layer 3 connectivity from PC1
or PC2 to their default gateway. This can be caused by many different factors. For example,
VLANs, VLAN access control lists (VACLs), trunks, VLAN Trunking Protocol (VTP), and
Spanning Tree Protocol (STP) could all possibly cause this issue to occur. However, always
remember to check the basics first; start with IP addressing on the client. On PC1, you issue
the ipconfig command, and as shown in Example 1-51, PC1 has an APIPA (Automatic Private
IP Addressing) address of [Link]/16 and no default gateway. This means that PC1
cannot contact a DHCP server and is autoconfiguring an IP address. This still does not rule
out VLAN, trunk, VTP, STP, and so on as causes. However, it helps you narrow the focus.
Example 1-51 ipconfig Output on PC1

C:\PC1>ipconfig
Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . .: [Link]
Subnet Mask . . . . . . . . . . .: [Link]
Default Gateway . . . . . . . . .:

Notice in the trouble ticket topology in Figure 1-19 that the DHCP server is located out inter-
face Gig2/0 on R1. It is in a different subnet than the PCs. Therefore, R1 is required to forward
the DHCPDISCOVER messages from the PCs to the DHCP server at [Link]. To do this, it
needs the ip helper-address command configured on Gig0/0. You can start there to eliminate
this as the issue and then focus elsewhere if need be. On R1, you issue the command show
run interface gigabitEthernet 0/0, as shown in Example 1-52. The output indicates that the
IP helper address is [Link], which is not correct according to the network diagram.
Example 1-52 Verifying the IP Helper Address on Gig0/0 of R1

R1# show run interface gigabitEthernet 0/0

Building configuration...

Current configuration : 193 bytes

52 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

!
interface GigabitEthernet0/0
ip address [Link] [Link]
ip helper-address [Link]
ip nat inside
end

After you fix the IP helper address with the no ip helper-address [Link] command
and issue the ip helper-address [Link] command in interface configuration mode, PC1
successfully receives IP addressing information from the DHCP server, as shown in
Example 1-53.
Example 1-53 Correct IP Addressing After Fixing the ip helper-address Command

C:\PC1>ipconfig
Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : [Link]
Subnet Mask . . . . . . . . . . . : [Link]
Default Gateway . . . . . . . . . : [Link]

After you verify the addressing information on PC1, the ping to [Link] is successful, as
shown in Example 1-54.
Example 1-54 Successful Ping from PC1 to [Link]

C:\PC1>ping [Link]

Reply from [Link]: bytes=32 time 1ms TTL=128

Reply from [Link]: bytes=32 time 1ms TTL=128
Reply from [Link]: bytes=32 time 1ms TTL=128
Reply from [Link]: bytes=32 time 1ms TTL=128

Ping statistics for [Link]:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 53

IPv6 Addressing Trouble Tickets

1
Trouble Tickets 1-3 and 1-4 are based on the topology shown in Figure 1-20.

[Link]
DHCP Server
::10

PC1

::1
Default Gateway [Link]
[Link]/64 Gi0/0 Gi1/0
[Link]
Gi0/0 ::2 R1

PC2 R2

::20
Figure 1-20 IPv6 Addressing Trouble Tickets Topology

Trouble Ticket 1-3

Problem: PC1 is not able to access resources on the web server [Link].
Your network uses stateless address autoconfiguration for IPv6 addressing and DHCPv6 for
additional options such as a domain name, TFTP server addresses, and DNS server addresses.
You begin troubleshooting by verifying the issue with a ping from PC1 to [Link]. As
shown in Example 1-55, the ping fails.
Example 1-55 Failed Ping from PC1 to Web Server at [Link]

C:\PC1>ping [Link]

Pinging [Link] with 32 bytes of data:

PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.

Ping statistics for [Link]

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

You ping the default gateway at [Link], but the ping fails, as shown in Example 1-56.
Example 1-56 Failed Ping from PC1 to the Default Gateway at [Link]

C:\PC1>ping [Link]

Pinging [Link] with 32 bytes of data:

PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
54 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

PING: transmit failed. General failure.

Ping statistics for [Link]

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Next, you verify the IPv6 addresses on PC1 by using the ipconfig command. Example 1-57
indicates that PC1 is not generating its own global unicast address using stateless address
autoconfiguration or identifying a default gateway on the network.
Example 1-57 Verifying IPv6 Addressing on PC1

C:\PC1>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : [Link]

Link-local IPv6 Address . . . . . : fe80::a00:27ff:fe5d:6d6%11
IPv4 Address. . . . . . . . . . . : [Link]
Subnet Mask . . . . . . . . . . . : [Link]
Default Gateway . . . . . . . . . : [Link]

Your phone rings, and the user at PC2 is indicating that he cannot access any of the IPv6-
enabled resources. You access PC2 and issue the ipconfig command, as shown in
Example 1-58, and notice that it is also not generating an IPv6 address or identifying
a default gateway.
Example 1-58 Verifying IPv6 Addressing on PC2

C:\PC2>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : [Link]

Link-local IPv6 Address . . . . . : fe80::a00:27ff:fe5d:ce47%9
IPv4 Address. . . . . . . . . . . : [Link]
Subnet Mask . . . . . . . . . . . : [Link]
Default Gateway . . . . . . . . . : [Link]

Recall that SLAAC relies on RAs. Therefore, R1’s Gig0/0 interface needs to be sending RAs
on the link for PC1 and PC2 to generate their own IPv6 addresses using SLAAC. You issue
the command show ipv6 interface gigabitEthernet 0/0 on R1, as shown in Example 1-59.
The output indicates that hosts use SLAAC for addresses, and DHCP is used for other
configuration values. However, it also indicates that RAs are suppressed. Therefore, PC1
and PC2 do not receive RAs that provide the prefix information necessary to perform
autoconfiguration.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 55

Example 1-59 Verifying Whether RAs Are Suppressed on R1

1
R1# show ipv6 interface gigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C80A:EFF:FE3C:8
No Virtual link-local address(es):
Global unicast address(es):
[Link], subnet is [Link]/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:2
FF02::1:FF00:1
FF02::1:FF3C:8
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND RAs are suppressed (all)
Hosts use stateless autoconfig for addresses.
Hosts use DHCP to obtain other configuration.

You issue the command show run interface gigabitEthernet 0/0 to verify the configuration
commands on the interface. As shown in Example 1-60, the interface is configured with the
command ipv6 nd ra suppress all, which stops R1 from sending RAs.
Example 1-60 Verifying Interface Configuration on R1

R1# show run interface gigabitEthernet 0/0

Building configuration...

Current configuration : 241 bytes

!
interface GigabitEthernet0/0
no ip address
ipv6 address [Link]/64
ipv6 nd other-config-flag
ipv6 nd ra suppress all
ipv6 dhcp relay destination [Link]
end

After you remove this command with the no ipv6 nd ra suppress all command, PC1 suc-
cessfully generates a global IPv6 address and identifies an IPv6 default gateway, as shown in
Example 1-61.
56 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Example 1-61 Verifying IPv6 Addressing on PC1

C:\PC1>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : [Link]

IPv6 Address. . . . . . . . . . . : [Link]
Link-local IPv6 Address . . . . . : fe80::a00:27ff:fe5d:6d6%11
IPv4 Address. . . . . . . . . . . : [Link]
Subnet Mask . . . . . . . . . . . : [Link]
Default Gateway . . . . . . . . . : fe80::c80a:eff:fe3c:8%11
[Link]

You confirm that IPv6 resources are accessible by pinging [Link], as shown in
Example 1-62, and it is successful. You then call the user at PC2 and confirm that he can
access the resources as well. He indicates that he can.
Example 1-62 Successful Ping from PC1 to the Web Server at [Link]

C:\PC1>ping [Link]
Pinging [Link] with 32 bytes of data:
Reply from [Link] time=37ms
Reply from [Link] time=35ms
Reply from [Link] time=38ms
Reply from [Link] time=38ms

Ping statistics for [Link]

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 38ms, Average = 36ms

Trouble Ticket 1-4

Problem: PC1 is not able to access resources on the web server [Link].
Your network uses stateless address autoconfiguration for IPv6 addressing and DHCPv6 for
additional options such as a domain name, TFTP server addresses, and DNS server addresses.
You begin troubleshooting by verifying the issue with a ping from PC1 to [Link]. As
shown in Example 1-63, the ping fails.
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 57

Example 1-63 Failed Ping from PC1 to the Web Server at [Link]
1
C:\PC1>ping [Link]

Pinging [Link] with 32 bytes of data:

PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.

Ping statistics for [Link]

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

You ping the default gateway at [Link], but the ping fails, as shown in Example 1-64.
Example 1-64 Failed Ping from PC1 to the Default Gateway at [Link]

C:\PC1>ping [Link]

Pinging [Link] with 32 bytes of data:

PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.

Ping statistics for [Link]

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Next, you verify the IPv6 addresses on PC1 by using the ipconfig command. Example 1-65
indicates that PC1 is not generating its own global unicast address using stateless address
autoconfiguration; however, it is identifying a default gateway on the network at the link-
local address fe80::c80a:eff:fe3c:8.
Example 1-65 Verifying IPv6 Addressing on PC1

C:\PC1>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : [Link]

Link-local IPv6 Address . . . . . : fe80::a00:27ff:fe5d:6d6%11
IPv4 Address. . . . . . . . . . . : [Link]
Subnet Mask . . . . . . . . . . . : [Link]
Default Gateway . . . . . . . . . : fe80::c80a:eff:fe3c:8%11
[Link]
58 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

Your phone rings, and the user at PC2 is indicating that she cannot access any of the IPv6-
enabled resources. You access PC2 and issue the ipconfig command, as shown in
Example 1-66, and notice that it’s experiencing the same issues as PC1.
Example 1-66 Verifying IPv6 Addressing on PC2

C:\PC2>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : [Link]

Link-local IPv6 Address . . . . . : fe80::a00:27ff:fe5d:ce47%9
IPv4 Address. . . . . . . . . . . : [Link]
Subnet Mask . . . . . . . . . . . : [Link]
Default Gateway . . . . . . . . . : fe80::c80a:eff:fe3c:8%11
[Link]

Recall that SLAAC relies on RAs. Therefore, R1’s Gig0/0 interface must send RAs on the link
for PC1 and PC2 to generate their own IPv6 address using SLAAC. You issue the command
show ipv6 interface gigabitEthernet 0/0 on R1, as shown in Example 1-67. The output indi-
cates that hosts use SLAAC for addresses, and DHCP is used for other configuration values.
Also, there is no indication that RAs are being suppressed. This is also confirmed by the fact
that PC1 and PC2 are identifying a default gateway. However, is it the right one? According
to Examples 1-65 and 1-66, the default gateway is fe80::c80a:eff:fe3c:8. Based on Example 1-67,
this is correct. If you review Example 1-67 further, can you see the issue?
Example 1-67 Verifying Whether RAs Are Suppressed on R1

R1# show ipv6 interface gigabitEthernet 0/0

GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C80A:EFF:FE3C:8
No Virtual link-local address(es):
Global unicast address(es):
[Link], subnet is [Link]/60
Joined group address(es):
FF02::1
FF02::2
FF02::1:2
FF02::1:FF00:1
FF02::1:FF3C:8
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
 Chapter 1: IPv4/IPv6 Addressing and Routing Review 59

ND advertised reachable time is 0 (unspecified)

1
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Hosts use DHCP to obtain other configuration.

If you did not spot it, look at the global prefix assigned to interface Gig0/0. It is
[Link]/60. SLAAC works only if the prefix is /64.
You issue the command show run interface gigabitEthernet 0/0 to verify the configuration
commands on the interface. As shown in Example 1-68, the interface is configured with the
command ipv6 address [Link]/60. RAs are still generated, but SLAAC does not
work unless the prefix is /64.
Example 1-68 Verifying Interface Configuration on R1

R1# show run interface gigabitEthernet 0/0

Building configuration...

Current configuration : 216 bytes

!
interface GigabitEthernet0/0
ipv6 address [Link]/60
ipv6 nd other-config-flag
ipv6 dhcp relay destination [Link]
end

You confirm with your network design plans that the prefix should be /64. After you remove
this command with the no ipv6 address [Link]/60 command and issue the com-
mand ipv6 address [Link]/64, PC1 successfully generates a global IPv6 unicast
address, as shown in Example 1-69.
Example 1-69 Verifying IPv6 Addressing on PC1

C:\PC1>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : [Link]

IPv6 Address. . . . . . . . . . . : [Link]
Link-local IPv6 Address . . . . . : fe80::a00:27ff:fe5d:6d6%11
IPv4 Address. . . . . . . . . . . : [Link]
Subnet Mask . . . . . . . . . . . : [Link]
Default Gateway . . . . . . . . . : fe80::c80a:eff:fe3c:8%11
[Link]
60 CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide

You confirm that IPv6 resources are accessible by pinging [Link], as shown in
Example 1-70, and the ping is successful. In addition, you contact the user at PC2, and she
indicates that everything is fine now.
Example 1-70 Successful Ping from PC1 to the Web Server at [Link]

C:\PC1>ping [Link]
Pinging [Link] with 32 bytes of data:
Reply from [Link] time=37ms
Reply from [Link] time=35ms
Reply from [Link] time=38ms
Reply from [Link] time=38ms

Ping statistics for [Link]

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 38ms, Average = 36ms

Static Routing Trouble Tickets

Trouble Tickets 1-5 and 1-6 are based on the topology shown in Figure 1-21.
[Link]/24 [Link]/24
[Link]/64 [Link]/64

PC1 Gig1/0 Gig0/0 Gig1/0 Gig1/0 FTP

R1 [Link]/24 R2 [Link]/24 R3 Server
Gig0/0 [Link]/64 [Link]/64 Gig0/0

Gig2/0 Gig2/0 WWW

[Link]/64 Server

Figure 1-21 Static Routing Trouble Tickets Topology

Trouble Ticket 1-5

Problem: Users in the [Link]/24 network have indicated that they are not able to access
resources on the FTP server in the [Link]/24 network. The FTP server uses the static IPv4
address [Link]. Users have also indicated that they are able to access the web server at
[Link]. (Note that this network uses only static routes.)
You start your troubleshooting efforts by verifying the problem with a ping to [Link] from
PC1 in the [Link]/24 network. As shown in Example 1-71, the ping is not successful. R1 is
responding with a destination unreachable message. This indicates that R1 does not know
how to route the packet destined for [Link]. In addition, you ping [Link] from PC1, and it
is successful, as shown in Example 1-71 as well.
Example 1-71 Failed Ping from PC1 to [Link] and Successful Ping to [Link]

C:\PC1>ping [Link]

Pinging [Link] with 32 bytes of data;

Reply from [Link]: Destination host unreachable.