/
Sign up to Ping Labz!
Already have an account? Sign in
Labs

Lab ts-cap-01 - Troubleshooting Capstone: The Branch Office Outage

J
4 min read

Real outages do not arrive one clean fault at a time. A change window goes wrong, three things break at once, and you get a single sentence from the user: "the branch is down, nothing works." This capstone stacks three faults across three layers on the five-node base topology and asks you to bring the site back. The skill it tests is sequencing: fix the lowest layer first, because until Layer 2 works you cannot even test Layer 3, and fixing one fault only reveals the next. This is the capstone of the PingLabz CCNA Troubleshooting Labs. Every output below was captured on Cisco IOS XE.

The scenario

The ticket: "After last night's maintenance, the branch (R1's LAN) can't reach anything. Internet is gone, internal is gone. Please fix."
Success criterion: R1 can reach the internet host 10.255.0.3 again.

You have one symptom and three hidden faults: one at Layer 2, one at Layer 3, and one in the NAT service. The only way through is bottom-up. Each fix lets you see the next problem, which is exactly how real layered outages unravel.

Lab setup: this topology boots with all three faults in place at once. That is the point of a capstone: one symptom, several causes. Work strictly bottom-up and re-test after each fix. The downloadable topology and the full walkthrough are part of PingLabz Pro.

What you will learn

  • How to triage a multi-fault outage without thrashing between layers.
  • Why "I fixed something and it's still down" is normal, not a sign you fixed the wrong thing.
  • How a stale ARP entry can lie to you, and which command to trust instead.
  • The full bottom-up sweep: VLAN, then routing, then service.

Layer 2: you can't even reach the gateway

Start at the user. From R1, the internet is unreachable, and so is the default gateway one hop away:

R1# ping 10.255.0.3 source 10.20.0.1
.....  (0%)
R1# ping 10.20.0.2
.....  (0%)     <-- can't even reach the gateway

If you cannot reach your own gateway, nothing above Layer 2 is worth testing yet. Go to SW1:

SW1# show vlan brief
10   USERS     active    Et0/0, Et0/2
20   SERVERS   active    Et0/1            <-- the gateway port is stranded

SW1# show mac address-table dynamic
 10   aabb.cc00.1300   DYNAMIC   Et0/0    (R1)
 20   aabb.cc00.1100   DYNAMIC   Et0/1    (R2 gateway, wrong VLAN)
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Ping Labz.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.