We see our students at all levels sometimes struggle building a network from the “ground-up” using a logical topology diagram. Let us use this blog post to examine a portion of a logical diagram and discuss how one could most easily and accurately setup the network.


Here is a typical section of a typical logical diagram from one of our practice labs. The first mistake a student typically makes is assuming that R1 and BB2 are directly connected. Do not forget, to form this Ethernet segment, at least one switch is used to connect R1 and BB2, and the switch(es) may feature any amount of initial configuration. The switch is not shown on the diagram for simplicity, and you will possess the tools to discover the missing devices easily.

Let me provide a simple set of steps that I would use to ensure this portion of the network is built correctly.

Step 1: I go to R1 Fa0/0 and carefully add the correct IP address and issue the no shutdown command.

Step 2: Use the show cdp neighbor command on R1 to learn the remote port that Fa0/0 connects to.

Step 3: Move to this device, create VLAN 12 if needed, and ensure to place the port that connects to R1 Fa0/0 in VLAN 12 using the switchport access vlan 12 command.

Step 4: Use the show cdp neighbor command on this switch to determine the port connected to BB2. Place that port in VLAN 12.

Step 5: You can now attempt to ping the BB2 device. NOTE: It is typical in the actual lab for backbone devices to block ping attempts. So in the lab exam, be sure to do every verification that is possible except the ping. Hopefully later in the lab you will Layer 3 peer with the device and can confirm connectivity through the receipt of routes.

You can leave a response, or trackback from your own site.

23 Responses to “Solving for the Physical Topology Using a Logical Topology”

  1. Stephan says:

    Hi, you certainly have a way with making things easily understandable! Thanks!

  2. Burhan says:

    nice tips as u alyz gives.one thing i want to ask from you is in real CCIE lab do they provide L2 topology diagram or not?

  3. Rick says:

    @Burhan: They CAN give you a L1 diagram, but it’s possible that you don’t get one, or you get a switching diagram, but have to figure out the FR DLCI’s by yourself.

  4. You are provided with a physical and logical topology. When I sat for my lab I read the entire lab which took me less than 45 minutes. At the time of reading I also drew my own topology making notes where need.

    I used the physical topology extensively as I made sure all of the devices where connect to the port as listed in the lab exam.

    NEVER TRUST the configuration when you sit down. If you ignore this it can hurt you at the end of the day when you are verifying and find out routing and other technologies arent working as they should.

    Its common sense to know that a router does not connect directly to another router (though it can be done) but majority of the time it connects to a switch.

    Basic troubleshooting is within the CCNA cirriculm and I personally think if a CCIE candidate does not know how to troubleshoot, well; he/she isnt a candidate.

    Im sure everyone has read/heard the statements above. If not, then Im glad to have helped. :o )

  5. Wael says:

    Its nice to have a simple strategy for doing things..

  6. johnthom says:

    This is the easy part, but everything builds on it. My issue has been later in the lab when you’re instructed to block BB2 from ping/telnet/etc R1. “Don’t make any changes to R1 to accomplish this task.” This is when it is critical to remember the switch. Which after 5 or 6 hours of toil….not so easy to recall. Easier if you catch it before you ever start typing.

  7. I will be posting this week about diagrams in the lab exam – thanks for reading everyone!

  8. luisgarcia says:

    Hi, that was a priceless tip about the possibility of pings being blocked at the BB’s. Just think, I could be super stressed out wondering why I have no connectivity with the BB’s. This gives me another key point to consider when I first sit down at the lab. Thanks

  9. JP says:

    luisgarcia – You can always use ‘show ip arp’ on your routers to check for next-hop layer 2.5 adjacency of the backbone routers. I don’t think they’d be very successful in ensuring you won’t be able to check ARP to see if you have some sort of connectivity, seeing as how the router will need to support it for later tasks.

  10. Jeriel Atienza says:


    Can u please tell exactly what both of u refering of pings being blocked at the BB´s? Meaning the config or another stuff?
    And Xplain more about this note: “NOTE: It is typical in the actual lab for backbone devices to block ping attempts.”


  11. Yes Jerieal…

    In the actual lab exam, it is typically the case that you cannot ping the backbone in order to test connectivity. Cisco does not allow you to access the backbone devices in any way, and this includes pinging them for connectivity testing.

    Realize this is TYPICALLY the case, and since they are constantly modifying the exam, it is not an absolute by any means.

  12. This might be slightly OT in terms of taking a CCIE lab, but in the real world you cannot necessarily rely on CDP being available to give you information about physical connectivity:

    1) CDP is often disabled for security reasons.

    2) Shocking as it may seem, there may be non-Cisco devices involved.

    In these cases, the only way to discover physical topology is to either visually inspect the network, or do a shut/no shut on interfaces and monitor the resulting alarms. Both of these techniques have their differing issues on production networks, but that just goes to show the importance of accurate documentation!

  13. IPv6Freely says:

    The INE labs allow you to access the BB routers to do some basic show commands. Is there no access at all on the real thing?

    People still turn CDP off on infrastructure devices? That’s even more silly than shutting ping off! I can’t imagine ever crippling my troubleshooting ability due to CDP being off. (Though it should definitely be turned off on access ports).

    Your second point is certainly valid, though :)

  14. You will NOT be able to run any show commands on the BB devices in the real lab. You might not even be able to ping them.

  15. @IPv6Freely:
    Agreed regarding disabling CDP on access interfaces and leaving it on for network-facing (read: trusted) interfaces.

    But yes, some people do still disable CDP network-wide. Over the last few weeks, I’ve been auditing a large-ish network for a client of ours, and although all the routing/switching infrastructure is Cisco, they have CDP disabled completely. They also have non-Cisco firewalls (both routed and transparent), all of which made it quite an interesting challenge to verify the physical topology! ;-)

  16. Nick says:

    Yep, we use CDP extensively across our LANs. However, we turn it off on all externally (untrusted) facing router interfaces.

    Also, VOIP is now complicating matters with a requirement to enable CDP on access ports. I like KISS everywhere, and, unfortunately VOIP messes things up a bit. I wish CDP wasn’t used to work with IP phones.

    I also wish voip devices where not displayed in the default cdp neigh command, and instead required something like show cdp neigh voip. As it is, we all have to do a show cdp neigh | e SEP whenever we are checking the infrastructure. What a pain in the ass!

  17. Abid Nazeer says:

    nice post Antony thanks

  18. Deano says:

    I am sure this has been said many times already…but….this was a great help!

  19. Anthony Esdaile says:

    Thanks, i was pulling my hair out after having taken a year out of Cisco and forgot many of the concepts, this clarified everything. I sure hope i can do a re-sit of your class in London soon

  20. Aaron Dhiman says:

    Great Post! It led me to destroy all of the physical wiring diagrams! :)

  21. Christian Kyony says:

    Just bought Workbook v5 and this post is still relevant 5 years later.


Leave a Reply


CCIE Bloggers