Network Configuration and Troubleshooting: Key Considerations

Posted on Feb 20, 2025 in Computer Engineering

Network Configuration and Troubleshooting

Area Configuration

  • Area 1 Stub Area: No summaries.
  • Create 2 areas, but do not connect to Area 0.
  • The area range is incorrect; SW1 is missing SW2.

RADIUS and Authentication

  • RADIUS MAC-Auth Guest Ports: Enable ACL grouping and apply shared ACL.
  • Enable dynamic authentication with RADIUS server settings.
  • RADIUS MAC-Auth should enable guest ports.
  • Permit/Allow all MAC-Auth ClearPass portal.
  • Role-based tunnel – RADIUS server such as ClearPass.
  • Granular control of authentication login privileges.
  • Will reject RADIUS CoA messages one minute old.
  • Each AOS-SW sends all RADIUS first server list unless server is unreachable.

Routing and Switching

  • Set cost to 100 and redistribute SW1 external LSA.
  • Permit OSPF adjacency for 2VSF.
  • OSPF link-state path first algorithm.
  • Every OSPF router network LSU applies.
  • Type 2 metric stays the same; external route is advertised. Type 1 metric OSPF link costs.
  • Set BGP AS number to 46501.
  • Validate BGP messages from authorized devices.
  • Expected behavior: SW1 should still be able to route traffic for Client1.
  • Only SW2 will respond with the virtual MAC VRID2.

Security and Access Control

  • BPDU block, root guard block port only.
  • Enable SNMP2 and enable SNMP3 with restricted access.
  • Enhance security with 802.1X solution.
  • Connection-rate filtering.
  • Ethertype Class of Service Extended MAC ACL only.
  • Domain ID matches both SW.
  • UDLD (Unidirectional Link Detection).
  • It drops the traffic.
  • Block traffic and send SNMP.
  • It denies both frames.
  • Define TRK1 as a trusted DHCP port.
  • Eavesdrop prevention disabled; report security is limited in continuous mode.

Virtualization and Stacking

  • Member4 remains commander, Member5 remains standby.
  • Proposed SW replaced; support VSF required distance stack members.
  • Fragment commander becomes inactive.
  • VRRP takes longer for the second failover.
  • VRID – Virtual IP.

Quality of Service (QoS)

  • Create QoS policy with extended IPv4 ACL.
  • Run packet device2, run application, look at DSCP IP header.
  • DSCP map 46 priority value.
  • Override DSCP priority directly on an interface.
  • Traffic class selects TCP traffic, map class mirror session policy VLAN2.
  • Type app-sflow.
  • Outbound rate limit on edge port.

Troubleshooting and Monitoring

  • Guest successfully authenticated via captive portal and redirected back to the portal page.
  • Monitor thresholds and generate alerts with RMON alarm.
  • Track configuration changes with SNMP traps.
  • SW1 continues to act before preempt delay – must plan additional changes fix.
  • Configure RMON to receive switches.
  • Reconfigure mirror endpoint SW2 IP reserved in order.
  • After 2 consecutive missed keepalive packets, SW1 disables interface1; interface stays disabled; issue fixed.

VLAN and Access Control Lists (ACLs)

  • VLAN-Out.
  • Name ACL applied to VLAN2 is incorrect.
  • Create user role, apply user VLAN, and set this role as the initial role.
  • SW2 does not filter traffic with ACL; session established successfully.

Other Considerations

  • Drops multicast groups that have no members.
  • IT Auth control traffic SW-MC.
  • It does not let the user alter the URL redirect to the portal.
  • Client3 and Client4 work, but not Client2.
  • It accepts the client packet but drops packets from the DHCP server.
  • Configure backplane switching. Make sure the desired commander is Member1.
  • 200MBPS.
  • Can supplement MSTP switch edge ports to detect loops in more circumstances.
  • Double-check the settings of the MController admin because the planned configuration is incomplete.
  • Static route 192.0.2.0/24 blackhole.