These 3 diagrams have been publicly available for years, I downloaded this TSHOOT Topology off Cisco’s official learning forum, post can be viewed here.
I doubt this is exactly the Topology used on exam day, it very well could be, however if this is not it the Topology will be something extremely similar to this.
Look at how those 3 Topologies layer on top of each other perfectly!
Very important for exam day, avoid jumping between the diagrams and CLI windows, write down a template of info seen on these diagrams before you even touch the mouse so you can quickly fill in the VLAN / IP Info from the diagram!!
It is easy to get lost in troubleshooting when you are trying to keep an entire Topology straight in your head, do yourself a favor, and write as much down as possible so you can calmly ping around based on your written diagram on the dry erase board!
So before even beginning the exam tutorial, take your dry erase board and write:
- Data, Server, and Mgmt VLAN =, and fill in the # values when you see the Topology
- Draw out all the devices as pictured here, so you can quickly fill in IP Addresses upon seeing the Topology IP Addressing, at very least for Layer 3
- Draw out a quick binary / subnet chart that makes sense to you to quickly reference for address ranges if subnets are irregular numbers as I’d expect
This is too much information / free information to use prior to the exam, do not waste the opportunity to take advantage of it, write it down to reference during the exam so you can calmly troubleshoot methodically rather than trying to get back to the correct device CLI window after referencing the diagram over and over!
Even write down concepts you might draw a blank on, like iBGP = next-hop-self and eBGP = ebgp-multihop #, and things like that which you may just panic during a simulator and forget as it is a very possible and very avoidable!
The dry erase board will mostly be for reference during this exam, so fill it with information before beginning the exam, you will be doing yourself a huge favor!!!
The PDF can also be viewed / downloaded here as well to learn and love: TSHOOT Exam Topology
Again this is all based off the exam sim and public discussion / topologies, but I wanted to really make a clear understanding of “Problem Report” -> “Flow of Troubleshooting” when working with a multi-layered Topology.
QUESTION :
Client 1 cannot reach the Server at 209.65.200.241 – WHAT DO YOU DO HOT SHOT!?!?
Think about it now, before you are sitting the exam, about how this Topology lines up as 3 layered and what you ping / how you proceed through this and practice it!
I wouldn’t expect traceroute / tracert to be available from the PC / Cisco Device, as that would make it just too easy, so I’d be prepared to ping my way to a Pass!
Follow the Data Path and Divide and conquer Methods, found in depth here.
Boson Exam Sim is great, CBT Nuggets has a course with a pre-configured TSHOOT lab / series, and Jeremy C’s course on there is amazing with quick “fly by” videos to refresh topics in terms of troubleshooting. I highly recommend any / all of the above training!
Also when running “follow the path” connectivity tests, make sure that pings work in both directions, as I’ve started out troubleshooting Layer 3 for about 10 minutes on a Boson sim ticket, found the issue (a good amount of time later) to be a Frame-Relay clockrate not set issue by looking very carefully at both Layer 2 and Layer 3 and using “stare and compare” on all 3 routers connected.
Also watch for Layer 3 Dynamic Protocol Authentication on Frame-Relay sub-interfaces, as this is where it will be configured per the Layer 2 diagram!
The same way IPv4 can be mixed into an IPv6 looking problem, Layer 2 properties such as Frame-Relay can be part of the upper level (Layer 3) Topology issue!
One important command for frame-relay to remember for the TSHOOT is “sh controllers (int)” especially when working with Frame-Relay, as this will indicate not only if a cable is connected but also the cable type, remember the DCE = Set clock rate in Frame-Relay and DTE = Clock-Rate provided by other end of Frame-Relay Link!
Also check every device and category available for the correct answer!
In the Boson sim I’ve found the correct answer under weird categories when I am choosing which device / tech / config needs to be changed. So because you are not seeing it where you would expect it to logically be, doesn’t mean it is not the answer somewhere within the pile of possibly tech / config answers you can select!
There is the Layer 2 LAN Topology, but there is also a Layer 2 Multi-Point / Frame-Relay sort of underlay to the IP Networks sitting on top of that hidden layer 2 connectivity!
Port-Channels carrying multiple VLANs, probably an FHRP / Virtual IP for a Gateway (if I were writing the TSHOOT), and it doesn’t stop at the LAN Edge Router because Layer 2 continues on via Frame-Relay or some kind of Layer 2 mapping underneath the IPv4 and IPv6 Routed networks across the configured LAN Topology.
Imagine writing a test with 3 Layers of the same Diagram to randomly break in niche places, how many people would survive your exam with no practice?
One point that cannot be stressed enough is because this diagram has all this information, does not mean it has / needs all that configuration for each ticket, so it could truly be an issue at any layer in the 3 published Topologies.
Without further ado!
The 3 layers of PC1 to no Connectivity to the WAN Server issues reviewed:
Note there are two Layer 2 parts to this Topology, the LAN, and Frame-Relay!
This is a “Layer 2” Topology, though plenty of Layer 3 mixed in, possible issues are:
- Bad Port / Cable
- Down Interface
- Port Security
- Misconfigured / Missing VLANs on Trunks
- Mismatched Port-Channel configurations
- VTP (Possibly)
- Layer 2 (or Layer 3?) Port-Channels
- FHRP on L3 switches and possibly edge router
- Layer 3 routing services running on Distribution switches
- Possibly Access Layer Switches not published on the diagram
- VACL (“sh vlan access-map” / “sh vlan filter”)
It just goes on and on, you get on PC1 and issue ipconfig to start your first ticket, and you see an autoconfig addy of 169.254.x.x, what do you do then? DHCP? Native VLAN Mismatch? EtherChannel settings mismatch? Panic??
My approach for these scenarios within Boson is to first check the Access Switch for obvious Port Security / Interface Down / not in VLAN / Check DHCP Router to verify its config is correct and your PC’s IP is not being leased to a different device!
No! I am not sure about traceroute, but you will want to take a moment to jot down the Topology however you can remember it, and use a “follow the path” backwards from PC1, and where ever that stops hitting you just “Divide and Conquered” your way to the identifying where the issue is!
If PC1 can’t get an address, maybe panic a little.
A note for Port-Channels as I can just never remember the nitty gritty details from Cisco’s Implemented Etherchannel doc found here for more depth, however this is definitively what must match on an EtherChannel (basically everything):
- EtherChannel support: All Ethernet interfaces on all modules support EtherChannel, with no requirement that interfaces be physically contiguous or on the same module.
- Speed and duplex: Configure all interfaces in an EtherChannel to operate at the same speed and in the same duplex mode. Also, if one interface in the bundle is shut down, it is treated as a link failure, and traffic will traverse other links in the bundle.
- VLAN match: All interfaces in the EtherChannel bundle must be assigned to the same VLAN or be configured as a trunk.
- Range of VLANs: An EtherChannel supports the same allowed range of VLANs on all the interfaces in a trunking Layer 2 EtherChannel.
And they must be applied correctly, interfaces turned on, not in an error state, etc.
So there is that to begin with, then there is this:
- Incorrect Area # / Network Configuration / Redistribution
- Incorrect Redistribution
- Incorrect Area Types
- Broken Virtual-Links
- DHCP
- Possible FHRP with L3 Switches
- NAT
Some commands for this:
- “sh run”
- “sh ip proto”
- “sh ip route x.x.x.x”
- “sh ip (ospf/eigrp/etc) nei”
- sh ip (ospf/eigrp/etc) int”
There is a lot to go wrong here, I won’t rattle off an exhaustive list of everything that is running at IPv4, but if you know the core principles you should have most of the battle of knowing the IPv6 Topology if your comfortable with IPv6 Address.
IPv6 runs basically the same as IPv4 in logic, only with its IPv6 quirks of MultiCast / Named ACL’s only, the gross GRE Tunnel of doom, I mean really know how GRE Tunnels work and especially what they look like when they aren’t working!
The interface error types and codes, like what does a GRE Tunnel Interface status of Reset/Down mean? If you don’t know it, find out, and then read everything else about it đŸ™‚
And then there was IPv6!
One absolute critical point to keep in mind is to verify IPv4 connectivity along side the IPv6 connectivity, as you probably will see configurations for both to confuse you, and you need to be able to spot when an IPv4 command is being used instead of IPv6.
For example, OSPFv3 needs to be configured per-interface (as with all IPv6 Dynamic Routing Protocols), and the interface might have “ip ospf 10 area 34” rather than “ipv6 ospf 10 area 34” which will prevent R3 from advertising IPv6 OSPF to R4!
This is really the 3 layered Topology tricky, is having IPv4 and IPv6 configurations side by side might allow for such a small detail to be overlooked in the mix, do not get fixated on one possible cause as the answer on exam day!
If you are going down a path of a device / technology / configuration as the solution, if you don’t see anything that makes sense you need to back up and re-assess either the device or technology that is causing the issue!
Like with the Simulator examples shown on Cisco’s exam website tutorials, you are not setting your answer in stone until you click the “done” or “finish” button, so do not commit yourself to an answer that does not make sense!!!
I find myself sometimes getting fixated during Boson Exam Sim questions on what I believe is the issue, and then I completely overlook other possibilities (that are relatively obvious), and fail the sim question because I was fixated on one possibility!
For example, when PC1 could not ping the Layer 3 Switch, I thought for sure some kind of Trunk or Port-Channel misconfiguraton, and completely missed that the DHCP Server in the Topology handed out a DHCP Address to PC1 configured on an SVI Interface.
In this case I was fixated on the LAN Segment, when the actual problem was well outside of the LAN Segment on the DHCP Server / Router! Beware of falling into this fixation!
Only RIPng and OSPFv3 at this Layer (I assume), so I’d focus my attention to those two IPv6 routing protocols / behaviors!
- “sh ipv6 route”
- “sh ipv6 access-list (name) …” (only named ACL’s in IPv6)
- “sh ipv6 proto”
- “sh ipv6 int (int)” to see IPv6 routing protocol config
- Etc, just use ipv6 instead of “ip” in the verification command!
So prepare yourself anywhere you can, use all available resources!
Exam Sims from CBT Nuggets and Boson are both amazing, I am using Boson for now, but the CBT series looks jut as good.
The TSHOOT OCG is like a network engineers bible, to not just learn about how a protocol works, but to identify exactly what the issue is and fix it on the spot.
That is a true Network Ninja engineer no matter how certified they are!
So this is my experience looking at Cisco CCNP Forums (great resource) and seeing these Topologies published but without the understanding of being hammered over and over with 20 questions about the same Topology.
Really take some time to understand it, and however you can, exchange broken GNS3 configs with someone else who is studying and fix each others networks or however you can do it but practice before you walk in the door is my best advice.
With that I will end it here with the solid understanding of the 3 Layered Topology
I wanted to share my new found understanding of probably how exam tickets / topology troubleshooting might look like on exam day, based on the Boson Simulator / CBT Labs I’ve watched but not actually worked with in VMware Player / GNS3.
Divide and Conquer, Follow the Data Path, Stare and Compare, those troubleshooting methods and strategies discussed in my first TSHOOT post are now VERY relevant!
Learn it, love it, pass it! đŸ™‚
The DEVNET GRIND! 