NET-230 (NetAcad Chapter 12)
OSI Reference Model
7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical
3. Which are recommendations to be used when communicate with a user?
All the above
12.5.4 Step 2 - Check for Duplex Mismatches
Another common cause for interface errors is a mismatched duplex mode between two ends of an Ethernet link. In many Ethernet-based networks, point-to-point connections are now the norm, and the use of hubs and the associated half-duplex operation is becoming less common. This means that most Ethernet links today operate in full-duplex mode, and while collisions were normal for an Ethernet link, collisions today often indicate that duplex negotiation has failed, or the link is not operating in the correct duplex mode. The IEEE 802.3ab Gigabit Ethernet standard mandates the use of autonegotiation for speed and duplex. In addition, although it is not strictly mandatory, practically all Fast Ethernet NICs also use autonegotiation by default. The use of autonegotiation for speed and duplex is the current recommended practice. However, if duplex negotiation fails for some reason, it might be necessary to set the speed and duplex manually on both ends. Typically, this would mean setting the duplex mode to full-duplex on both ends of the connection. If this does not work, running half-duplex on both ends is preferred over a duplex mismatch. Duplex configuration guidelines include the following: Autonegotiation of speed and duplex is recommended. If autonegotiation fails, manually set the speed and duplex on interconnecting ends. Point-to-point Ethernet links should always run in full-duplex mode. Half-duplex is uncommon and typically encountered only when legacy hubs are used. Troubleshooting Example In the previous scenario, the network administrator needed to add additional users to the network. To incorporate these new users, the network administrator installed a second switch and connected it to the first. Soon after S2 was added to the network, users on both switches began experiencing significant performance problems connecting with devices on the other switch, as shown in the figure. S1S2PC1Fa0/20Fa0/20SRV2 I am experiencing significant performance issues when communicating with SRV2. The network administrator notices a console message on switch S2: *Mar 1 00:45:08.756: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/20 (not half duplex), with Switch FastEthernet0/20 (half duplex). Using the show interfaces fa 0/20 command, the network administrator examines the interface on S1 that is used to connect to S2 and notices it is set to full-duplex, as shown the command output. S1# show interface fa 0/20 FastEthernet0/20 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0cd9.96e8.8a01 (bia 0cd9.96e8.8a01) MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, Auto-speed, media type is 10/100BaseTX (Output omitted) S1# The network administrator now examines the other side of the connection, the port on S2. The command out shows that this side of the connection has been configured for half-duplex. S2# show interface fa 0/20 FastEthernet0/20 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0cd9.96d2.4001 (bia 0cd9.96d2.4001) MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, Auto-speed, media type is 10/100BaseTX (Output omitted) S2(config)# interface fa 0/20 S2(config-if)# duplex auto S2(config-if)# The network administrator corrects the setting to duplex auto to automatically negotiate the duplex. Because the port on S1 is set to full-duplex, S2 also uses full-duplex. The users report that there are no longer any performance problems.
6. Which structured troubleshooting method should be used when a cabling problem is suspected?
Bottom-up Troubleshooting Method
Step 2.
Check for duplex mismatches.
Routing table
Check the routing table for anything unexpected, such as missing routes or unexpected routes. Use debug commands to view routing updates and routing table maintenance.
12.1.9 Check Your Understanding - Network Documentation
Check your understanding of network documentation by choosing the BEST answer to the following questions.
12.4.7 Check Your Understanding - Symptoms and Causes of Network Problems
Check your understanding of symptom and causes of network problems by choosing the BEST answer to the following questions.
2. Which OSI layer are you troubleshooting when investigating a spanning-tree loop?
Data Link
debug command
Displays a list of options for enabling or disabling debugging events
show ip interface brief and show ipv6 interface brief command
Displays a summary status of all interfaces on a device Useful for quickly identifying IP addressing on all interfaces.
show running-config command
Displays current configuration.
show arp and show ipv6 neighbors command
Displays the contents of the ARP table (IPv4) and the neighbor table (IPv6).
show vlan command
Displays the status of VLANs on a switch.
show port command
Displays the status of ports on a switch.
Terminal lines
Enabled EXEC sessions can be configured to receive log messages on any terminal lines. Like console logging, this type of logging is not stored by the network device and, therefore, is only valuable to the user on that line.
SSH/Telnet
Enables users to establish terminal session connections with remote hosts.
Tunneling and encryption protocols
Encryption and tunneling protocols often require that traffic be sourced from a specific UDP or TCP port, or use a protocol at the transport layer that cannot be processed by NAT. For example, IPsec tunneling protocols and generic routing encapsulation protocols used by VPN implementations cannot be processed by NAT.
2. Which document could be referenced to identify the OS on a server?
End-system Documentation
Step 8.
Ensure that DNS settings are correct. There should be a DNS server that is accessible.
Step 5.
Ensure that devices are determining the correct path from the source to the destination. Manipulate the routing information if necessary.
Console error messages
Error messages reported on the device console could indicate a physical layer problem. Console messages should be logged to a central syslog server.
4. True or False? A network baseline never ends and continually gathers information on a yearly basis.
False
Hardware faults
Faulty network interface cards (NICs) can be the cause of network transmission errors due to late collisions, short frames, and jabber. Jabber is often defined as the condition in which a network device continually transmits random, meaningless data onto the network. Other likely causes of jabber are faulty or corrupt NIC driver files, bad cabling, or grounding problems.
Knowledge Bases
Online network device vendor knowledge bases have become indispensable sources of information. When vendor-based knowledge bases are combined with internet search engines, a network administrator has access to a vast pool of experience-based information. For example, the Cisco Tools & Resources page can be found at http://www.cisco.com under the Support menu. This page provides tools that can be used for Cisco hardware and software.
SMTP
Supports basic message delivery services.
12.3.3 Hardware Troubleshooting Tools
There are multiple types of hardware troubleshooting tools. Click each button for a detailed description of common hardware troubleshooting tools. (On cards 86-90).
Power-related
This is the most fundamental reason for network failure. Check the operation of the fans and ensure that the chassis intake and exhaust vents are clear. If other nearby units have also powered down, suspect a power failure at the main power supply.
4. Which OSI layer are you troubleshooting when investigating an extended ACL related problem?
Transport
6. A network technician is troubleshooting an email connection problem. Which question to the end-user will provide clear information to better define the problem?
When did you first notice your email problem?
9. What is the purpose of establishing a network baseline?
to help monitor and troubleshoot network performance
TCP/IP Reference Model
(Part of Application, Presentation, and Session Layers). HTTP, Telnet, FTP, TFTP, SMTP, POP, IMAP, SNMP, NTP, DNS, NNTP NFS, XDR, RPC (Part of Application). (Part of Transport Layer). TCP, UDP (Part of Transport). (Part of Network Layer). Routing Protocols, IP, ICMP (Part of Internet). (Part of Data Link Layer). ARP, ND (Part of Network). (Part of the Physical Layer). Not Specified (Part of Network).
4. Cisco IOS log messages fall into one of eight levels. Which syslog logging level is used to log the highest severity level?
0
Exceeding design limits
A component may be operating sub-optimally at the physical layer because it is being utilized beyond specifications or configured capacity. When troubleshooting this type of problem, it becomes evident that resources for the device are operating at or near the maximum capacity and there is an increase in the number of interface errors.
Logical IPv4 Topology
A logical network topology illustrates how devices are logically connected to the network. This refers to how devices transfer data across the network when communicating with other devices. Symbols are used to represent network components, such as routers, switches, servers, and hosts. Additionally, connections between multiple sites may be shown, but do not represent actual physical locations. Information recorded on a logical network topology may include the following: Device identifiers IP addresses and prefix lengths Interface identifiers Routing protocols / static routes Layer 2 information (i.e., VLANs, trunks, EtherChannels) The figure displays a sample logical IPv4 network topology. The diagram shows a logical network topology with various equipment, associated IPv4 addressing, and layer 2 information. There are three interconnected routers and a connection to the Internet cloud. At the top of the diagram is the Central router which has four connections. It is connected at the left to network 10.0.0.0/30 via interface G0/0/0, address .1, to server Svr1, address .2. Central is connected at the right to network 209.165.200.224/30 via G0/1/0, address .226, to a router, ISP, in the Internet cloud at address .225. Also located in the cloud is Svr2 at address 209.165.201.10. Central is connected at the lower left to network 10.1.1.0/30 via interface G0/0/1, address .1, to the Branch-1 router at G0/0/1, address .2. Branch-1 is connected via a trunk link on G0/0/0 to switch S1 at port G0/1. S1 has an IP address of 192.168.77.2 and has a connection via Fa0/5 to host PC1 at address 192.168.10.10. S1 has two connections forming EtherChannel Po1 to switch S2. They are connected via Fa0/1 to Fa0/1 and Fa0/2 to Fa0/2. S2 has an IP address of 192.168.77.3 and has a connection via Fa0/5 to host PC2 at address 192.168.20.10. A table shows the following VLAN configuration for the Branch-1 location: VLAN 10, name LAN-1, Network 192.168.10.0/24: VLAN 20, name LAN-2, network 192.168.20.0/24; VLAN 77, name Management, network 192.168.77.0/24; VLAN 99, name Native; and VLAN 999, name Unused. The last connection from the Central router is a serial connection at the lower right to network 10.2.2.0/30 via S0/1/1, address .1, to the Branch-2 router S0/1/1, address .2. Branch-2 has a connection to network 192.168.30.0/24 via G0/0/0, address .1, to switch S3 at port G0/1. S3 is connected via Fa0/5 to host PC3 at address .10. S0/1/1PC1PC2PC3S1S2S3Svr1Svr2ISPBranch-1Branch-2G0/0/0CentralG0/0/1G0/0/1G0/1/0S0/1/1G0/0/0Fa0/1Fa0/2Fa0/1Fa0/2Fa0/5Fa0/5G0/1192.168.10.10192.168.20.10Fa0/5G0/1G0/0/0209.165.201.1010.0.0.0/30.2209.165.200.224/30.22610.2.2.0/3010.1.1.0/30TrunkLAN 3192.168.30.0/24.225Po1192.168.77.2192.168.77.3.2.2.2.1.1.1.10.1 VLANNameNetwork10LAN-1192.168.10.0/2420LAN-2192.168.20.0/2477Management192.168.77.0/2499Native999Unused
Physical Topology
A physical network topology shows the physical layout of the devices connected to the network. You need to know how devices are physically connected to troubleshoot physical layer problems. Information recorded on the physical topology typically includes the following: Device name Device location (address, room number, rack location) Interface and ports used Cable type The figure shows a sample physical network topology diagram. The diagram shows a physical network topology with various equipment located in three different locations/wiring closets. There are three interconnected routers, one at each location, and a connection to the Internet cloud. At the top of the diagram is the Main Office (Building A) Rm: 107 - Wiring Closet 1. It contains the Central router mounted on Rack 1 Shelf 1 and a server, Svr1. The Central router has four connections. It is connected at the left via interface G0/0/0 to Svr1 mounted on Rack 2 shelf 1. Central is connected at the right via a metro Ethernet link on interface G0/1/0 to a router, ISP, in the Internet cloud. Also located in the cloud is Svr2, a Web server colocated at the ISP. Central is connected via interface G0/0/1 to G0/0/1 on the Branch-1 router, located in the Research and Development (Building B) Rm: 137 - Wiring Closet 2 at the lower left of the diagram. Branch-1 is mounted on Rack 2 Shelf 1 and has a connection via G0/0/0 to switch S1 at port G0/1. S1 is mounted on Rack 2 Shelf 2 and has a connection via Fa0/5 to host PC1 in Rm 1307. S1 has two connections to switch S2 which is mounted on Rack 2 Shelf 3. They are connected via Fa0/1 to Fa0/1 and Fa0/2 to Fa0/2. S2 has a connection via Fa0/5 to host PC2 in Rm 1305. The last connection from the Central router is a serial connection via S0/1/1 to the Branch-2 router S0/1/1 located in the Remote Sales Office Rm: 7 - Wiring Closet 3 at the lower right of the diagram. Branch-2 is mounted on Rack 1 Shelf 1. It has a connection via G0/0/0 to switch S3 at port G0/1. S3 is mounted on Rack 1 Shelf 2 and is connected via Fa0/5 to host PC3 in a conference room. Svr1CentralSvr2ISPPC1PC2PC3S3S1S2Branch-1Branch-2G0/0/0G0/0/1G0/1/0S0/1/1S0/1/1G0/0/0G0/1G0/0/0G0/0/1G0/1Fa0/1Fa0/1Fa0/2Fa0/2Fa0/5Fa0/5Fa0/5 Main Office (Building A)Rm: 107 - Wiring Closet 1WEB Server Colocated at ISPMetro Ethernet to ISPResearch and Development (Building B)Rm: 137 - Wiring Closet 2Rack 2Shelf 1Rack 1Shelf 1Remote Sales OfficeRm: 7 - Wiring Closet 3Rack 1Shelf 1Rack 1Shelf 2Rm 1307Rm 1305Conference roomRack 2Shelf 1Rack 2Shelf 2Rack 2Shelf 3
Console messages
A router recognizes that a Layer 2 problem has occurred and sends alert messages to the console. Typically, a router does this when it detects a problem with interpreting incoming frames (encapsulation or framing problems) or when keepalives are expected but do not arrive. The most common console message that indicates a Layer 2 problem is a line protocol down message
Correct the Issue
After correctly placing the IPv4 ACL on the Serial 0/0/1 inbound interface, as shown in the command output, devices can successfully connect to the server. R3(config)# interface GigabitEthernet 0/0/0 R3(config-if)# no ip access-group 100 in R3(config-if)# exit R3(config)# R3(config)# interface serial 0/1/1 R3(config-if)# ip access-group 100 in R3(config-if)# end R3#
12.5.3 Step 1 - Verify the Physical Layer
All network devices are specialized computer systems. At a minimum, these devices consist of a CPU, RAM, and storage space, allowing the device to boot and run the operating system and interfaces. This allows for the reception and transmission of network traffic. When a network administrator determines that a problem exists on a given device, and that problem might be hardware-related, it is worthwhile to verify the operation of these generic components. The most commonly used Cisco IOS commands for this purpose are show processes cpu, show memory, and show interfaces. This topic discusses the show interfaces command. When troubleshooting performance-related issues and hardware is suspected to be at fault, the show interfaces command can be used to verify the interfaces through which the traffic passes. Refer to the command output of the show interfaces command. R1# show interfaces GigabitEthernet 0/0/0 GigabitEthernet0/0/0 is up, line protocol is up Hardware is CN Gigabit Ethernet, address is d48c.b5ce.a0c0(bia d48c.b5ce.a0c0) Internet address is 10.1.10.1/24 (Output omitted) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 85 packets input, 7711 bytes, 0 no buffer Received 25 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 5 multicast, 0 pause input 10112 packets output, 922864 bytes, 0 underruns 0 output errors, 0 collisions, l interface resets 11 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out R1#
Logical IPv6 Topology
Although IPv6 addresses could also be displayed in the same IPv4 logical topology, for the sake of clarity, we have created a separate logical IPv6 network topology. The figure displays a sample IPv6 logical topology. The diagram shows a logical network topology with various equipment, associated IPv6 addressing, and layer 2 information. There are three interconnected routers and a connection to the Internet cloud. At the top of the diagram is the Central router which has four connections. It is connected at the left to network 2001:db8:acad:1::/64 via interface G0/0/0, address :1, to server Svr1, address :2. Central is connected at the right to network 2001:db8:feed:1::/64 via G0/1/0, address :226, to a router, ISP, in the Internet cloud at address :225. Also located in the cloud is Svr2 at address 2001:db8:feed:1::10/64. Central is connected at the lower left to network 10.1.1.0/30 (FIX WHEN DIAGRAM UPDATED) via interface G0/0/1, address .1 (FIX WHEN DIAGRAM UPDATED), to the Branch-1 router at G0/0/1, address .2 (FIX WHEN DIAGRAM UPDATED). Branch-1 is connected to to the LAN 2 network 2001:db8:acad:2::/64 via a trunk link on G0/0/0 to switch S1 at port G0/1. S1 has two connections forming EtherChannel Po1 to switch S2. They are connected via Fa0/1 to Fa0/1 and Fa0/2 to Fa0/2. S2 has a connection via Fa0/5 to host PC2. The last connection from the Central router is a serial connection at the lower right to network 2001:db8:acad:2::/64 via S0/1/1, address :1, to the Branch-2 router S0/1/1, address :2. Branch-2 has a connection to the LAN 3 network 2001:db8:acad:3::/64 via G0/0/0, address :1, to switch S3 at port G0/1. S3 has an address of :2 and is connected via Fa0/5 to host PC3 at address :10. S0/1/1PC1PC2ISPPC3Branch-1Branch-2S1S2S3Svr1Svr2G0/0/0CentralG0/0/1G0/0/1G0/1/0S0/1/1G0/0/0Fa0/1Fa0/2Fa0/1Fa0/2Fa0/5Fa0/5G0/1Fa0/5G0/1G0/0/02001:db8:feed:1::10/642001:db8:acad:1::/64:22001:db8:feed:1::/64:2262001:db8:acad:2::/6410.1.1.0/30LAN 22001:db8:acad:2::/64TrunkLAN 32001:db8:acad:3::/64:225Po1:2:2:2:1:1:1:10:1NAT64
Encapsulation errors
An encapsulation error occurs because the bits placed in a field by the sender are not what the receiver expects to see. This condition occurs when the encapsulation at one end of a WAN link is configured differently from the encapsulation used at the other end.
Check the ARP Table
An examination of PC1 ARP table using the arp Windows command shows that the ARP table no longer contains an entry for the default gateway 10.1.10.1, as shown in the command output. C:\> arp -a Interface: 10.1.10.100 --- 0xd Internet Address Physical Address Type 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static C:\>
12.5.6 Troubleshoot VLAN Assignment Example
Another issue to consider when troubleshooting end-to-end connectivity is VLAN assignment. In the switched network, each port in a switch belongs to a VLAN. Each VLAN is considered a separate logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a device that supports routing. If a host in one VLAN sends a broadcast Ethernet frame, such as an ARP request, all hosts in the same VLAN receive the frame; hosts in other VLANs do not. Even if two hosts are in the same IP network, they will not be able to communicate if they are connected to ports assigned to two separate VLANs. Additionally, if the VLAN to which the port belongs is deleted, the port becomes inactive. All hosts attached to ports belonging to the VLAN that was deleted are unable to communicate with the rest of the network. Commands such as show vlan can be used to validate VLAN assignments on a switch. Assume for example, that in an effort to improve the wire management in the wiring closet, your company has reorganized the cables connecting to switch S1. Almost immediately afterward, users started calling the support desk stating that they could no longer reach devices outside their own network. Click each button for an explanation of the process used to troubleshoot this issue. (On cards 216-218).
5. Which OSI layer are you troubleshooting when investigating a DNS related problem?
Application
R1 Routing Table
As shown in the command output, the show ipv6 route Cisco IOS command is used to check for the IPv6 default route on R1. R1 has a default route via R2. R1# show ipv6 route (Output omitted) S ::/0 [1/0] via 2001:DB8:ACAD:2::2 R1#
Top-Down
As shown in the figure, top-down troubleshooting starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified. End-user applications of an end system are tested before tackling the more specific networking pieces. Use this approach for simpler problems, or when you think the problem is with a piece of software. The disadvantage with the top-down approach is it requires checking every network application until the possible cause of the problem is found. Each conclusion and possibility must be documented. The challenge is to determine which application to start examining first. Application (Start Here) Transport Network Data Link Physical
Network Documentation 12.1.1 Documentation Overview
As with any complex activity like network troubleshooting, you will need to start with good documentation. Accurate and complete network documentation is required to effectively monitor and troubleshoot networks. Common network documentation includes the following: Physical and logical network topology diagrams Network device documentation that records all pertinent device information Network performance baseline documentation All network documentation should be kept in a single location, either as hard copy or on the network on a protected server. Backup documentation should be maintained and kept in a separate location.
Troubleshooting Tools 12.3.1 Software Troubleshooting Tools
As you know, networks are made up of software and hardware. Therefore, both software and hardware have their respective tools for troubleshooting. This topic discusses the troubleshooting tools available for both. A wide variety of software and hardware tools are available to make troubleshooting easier. These tools may be used to gather and analyze symptoms of network problems. They often provide monitoring and reporting functions that can be used to establish the network baseline. Click each button for a detailed description of common software troubleshooting tools. (On cards 81-83).
Attenuation
Attenuation can be caused if a cable length exceeds the design limit for the media, or when there is a poor connection resulting from a loose cable, or dirty or oxidized contacts. If attenuation is severe, the receiving device cannot always successfully distinguish one bit in the data stream from another bit.
DNS
Because a router running dynamic NAT is changing the relationship between inside and outside addresses regularly as table entries expire and are recreated, a DNS server outside the NAT router does not have an accurate representation of the network inside the router. Configuring the IPv4 helper feature can help solve this problem.
Test Hypothesis
Before testing the solution, it is important to assess the impact and urgency of the problem. For instance, could the solution have an adverse effect on other systems or processes? The severity of the problem should be weighed against the impact of the solution. For example, if a critical server or router must be offline for a significant amount of time, it may be better to wait until the end of the workday to implement the fix. Sometimes, a workaround can be created until the actual problem is resolved. Create a rollback plan identifying how to quickly reverse a solution. This may prove to be necessary if the solution fails. Implement the solution and verify that it has solved the problem. Sometimes a solution introduces an unexpected problem. Therefore, it is important that a solution be thoroughly verified before proceeding to the next step. If the solution fails, the attempted solution is documented and the changes are removed. The technician must now go back to the Gathering Information step and isolate the issue.
BOOTP and DHCP
Both protocols manage the automatic assignment of IPv4 addresses to clients. Recall that the first packet that a new client sends is a DHCP-Request broadcast IPv4 packet. The DHCP-Request packet has a source IPv4 address of 0.0.0.0. Because NAT requires both a valid destination and source IPv4 address, BOOTP and DHCP can have difficulty operating over a router running either static or dynamic NAT. Configuring the IPv4 helper feature can help solve this problem.
Buffered logging
Buffered logging is a little more useful as a troubleshooting tool because log messages are stored in memory for a time. However, log messages are cleared when the device is rebooted.
3. Which hardware troubleshooting tool is a multifunctional handheld device used to test and certify copper and fiber cables for different services and standards?
Cable Analyzer
Cable Analyzers
Cable analyzers are multifunctional handheld devices that are used to test and certify copper and fiber cables for different services and standards. The more sophisticated tools include advanced troubleshooting diagnostics that measure the distance to a performance defect such as near-end crosstalk (NEXT) or return loss (RL), identify corrective actions, and graphically display crosstalk and impedance behavior. Cable analyzers also typically include PC-based software. After field data is collected, the data from the handheld device can be uploaded so that the network administrator can create up-to-date reports.
Cable Testers
Cable testers are specialized, handheld devices designed for testing the various types of data communication cabling. Cable testers can be used to detect broken wires, crossed-over wiring, shorted connections, and improperly paired connections. These devices can be inexpensive continuity testers, moderately priced data cabling testers, or expensive time-domain reflectometers (TDRs). TDRs are used to pinpoint the distance to a break in a cable. These devices send signals along the cable and wait for them to be reflected. The time between sending the signal and receiving it back is converted into a distance measurement. The TDR function is normally packaged with data cabling testers. TDRs used to test fiber-optic cables are known as optical time-domain reflectometers (OTDRs).
Determine if the problem is constant or intermittent.
Can you reproduce the problem? Can you send me a screenshot or video of the problem?
SNMP traps
Certain thresholds can be preconfigured on routers and other devices. Router events, such as exceeding a threshold, can be processed by the router and forwarded as SNMP traps to an external SNMP network management station. SNMP traps are a viable security logging facility but require the configuration and maintenance of an SNMP system.
Step 3.
Check data link and network layer addressing on the local network. This includes IPv4 ARP tables, IPv6 neighbor tables, MAC address tables, and VLAN assignments.
Connectivity issues
Check for any equipment and connectivity problems, including power problems such as outages and environmental problems (for example, overheating). Also check for Layer 1 problems, such as cabling problems, bad ports, and ISP problems.
Step 1.
Check physical connectivity at the point where network communication stops. This includes cables and hardware. The problem might be with a faulty cable or interface, or involve misconfigured or faulty hardware.
12.2.8 Check Your Understanding - Troubleshooting Process
Check your understanding of troubleshooting processes by choosing the BEST answer to the following questions.
12.3.5 Check Your Understanding - Troubleshooting Tools
Check your understanding of troubleshooting tools by choosing the BEST answer to the following questions.
Syslog
Cisco routers and switches can be configured to forward log messages to an external syslog service. This service can reside on any number of servers or workstations, including Microsoft Windows and Linux-based systems. Syslog is the most popular message logging facility, because it provides long-term log storage capabilities and a central location for all router messages.
SNMP
Collects management information from network devices.
Addresses and IPv4 wildcard masks
Complex IPv4 wildcard masks provide significant improvements in efficiency but are more subject to configuration errors. An example of a complex wildcard mask is using the IPv4 address 10.0.32.0 and wildcard mask 0.0.32.15 to select the first 15 host addresses in either the 10.0.0.0 network or the 10.0.32.0 network.
ssh -l user-id ip-address command
Connects to an IP address using SSH SSH is more secure than Telnet
telnet {host | ip-address} command
Connects to an IP address using the Telnet application Use SSH whenever possible instead of Telnet
POP
Connects to mail servers and downloads email.
Console
Console logging is on by default. Messages log to the console and can be viewed when modifying or testing the router or switch using terminal emulation software while connected to the console port of the network device.
Digital Multimeters
Digital multimeters (DMMs) are test instruments that are used to directly measure electrical values of voltage, current, and resistance. In network troubleshooting, most tests that would need a multimeter involve checking power supply voltage levels and verifying that network devices are receiving power.
show ip interface [brief] and show ipv6 interface [brief] command
Displays all the configuration options that are set on an interface. Use the brief keyword to only display up/down status of IP interfaces and the IP address of each interface.
show cdp neighbors detail command
Displays detailed information about directly connected Cisco neighbor devices.
show interfaces command
Displays detailed output for each interface. To display detailed output for only a single interface, include the interface type and number in the command (e.g. Gigabit Ethernet 0/0/0).
show protocols command
Displays the configured protocols and shows the global and interface-specific status of any configured Layer 3 protocol
show ip route and show ipv6 route command
Displays the current IPv4 and IPv6 routing tables, which contains the routes to all known network destinations
show ip route and show ipv6 route command
Displays the routing table content listing directly connected networks and learned remote networks. Append static, eigrp, or ospf to display those routes only.
show version command
Displays uptime, version information for device software and hardware.
Correct the VLAN Assignment
During the re-cabling, the patch cable for R1 was moved from Fa 0/4 on VLAN 10 to Fa 0/1 on VLAN 1. After the network administrator configured the Fa 0/1 port of S1 to be on VLAN 10, as shown in the command output, the problem was resolved. The MAC address table now shows VLAN 10 for the MAC address of R1 on port Fa 0/1. S1(config)# interface fa0/1 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 10 S1(config-if)# exit S1# S1# show mac address-table Mac Address Table -------------------------------------------- Vlan Mac Address Type Ports All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU 10 d48c.b5ce.a0c0 DYNAMIC Fa0/1 10 000f.34f9.9201 DYNAMIC Fa0/5 10 5475.d08e.9ad8 DYNAMIC Fa0/13 Total Mac Addresses for this criterion: 5 S1#
Network File System (NFS)
Enables computers to mount drives on remote hosts and operate them as if they were local drives. Originally developed by Sun Microsystems, it combines with two other application layer protocols, external data representation (XDR) and remote-procedure call (RPC), to allow transparent access to remote network resources.
End-system Documentation Files
End-system documentation focuses on the hardware and software used in servers, network management consoles, and user workstations. An incorrectly configured end-system can have a negative impact on the overall performance of a network. For this reason, having access to end-system device documentation can be very useful when troubleshooting. This table displays a sample of information that could be recorded in an end-system device document. SRV1 MS Server 2016 SMTP, POP3, File services, DHCP 5475.d08e.9ad8 10.0.0.2/30 2001:db8:acad:1::2/64 10.0.0.1 2001:db8:acad:1::1 10.0.0.1 2001:db8:acad:1::1 SRV2 MS Server 2016 HTTP, HTTPS 5475.d07a.5312 209.165.201.10 2001:db8:feed:1::10/64 209.165.201.1 2001:db8:feed:1::1 209.165.201.1 2001:db8:feed:1::1 PC1 MS Windows 10 HTTP, HTTPS 5475.d017.3133 192.168.10.10/24 2001:db8:acad:1::251/64 192.168.10.1 2001:db8:acad:1::1 192.168.10.1 2001:db8:acad:1::1 ...
Framing errors
Frames usually work in groups of 8-bit bytes. A framing error occurs when a frame does not end on an 8-bit byte boundary. When this happens, the receiver may have problems determining where one frame ends, and another frame starts. Too many invalid frames may prevent valid keepalives from being exchanged. Framing errors can be caused by a noisy serial line, an improperly designed cable (too long or not properly shielded), faulty NIC, duplex mismatch, or an incorrectly configured channel service unit (CSU) line clock.
1. Which option lists the three troubleshooting stages in the correct order?
Gather symptoms, isolate the problem, and implement corrective action.
High CPU utilization rates
High CPU utilization rates are a symptom that a device, such as a router, switch, or server, is operating at or exceeding its design limits. If not addressed quickly, CPU overloading can cause a device to shut down or fail.
3. Which three statements will a network baseline answer? (Choose three.)
How does the network perform during a normal or average day? What part of the network is least used? What part of the network is most heavily used?
traceroute destination command
Identifies the path a packet takes through the networks The destination variable is the hostname or IP address of the target system
Network bottlenecks or congestion
If a router, interface, or cable fails, routing protocols may redirect traffic to other routes that are not designed to carry the extra capacity. This can result in congestion or bottlenecks in parts of the network.
Eliminate Possible Causes
If multiple causes are identified, then the list must be reduced by progressively eliminating possible causes to eventually identify the most probable cause. Troubleshooting experience is extremely valuable to quickly eliminate causes and identify the most probable cause.
12.5.10 Step 6 - Verify the Transport Layer
If the network layer appears to be functioning as expected, but users are still unable to access resources, then the network administrator must begin troubleshooting the upper layers. Two of the most common issues that affect transport layer connectivity include ACL configurations and NAT configurations. A common tool for testing transport layer functionality is the Telnet utility. Caution: While Telnet can be used to test the transport layer, for security reasons, SSH should be used to remotely manage and configure devices. Troubleshooting Example A network administrator is troubleshooting a problem where they cannot connect to a router using HTTP. The administrator pings R2 as shown in the command output. R1# ping 2001:db8:acad:2::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:ACAD:2::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms R1# R2 responds and confirms that the network layer, and all layers below the network layer are operational. The administrator knows the issue is with Layer 4 or up and must start troubleshooting those layers. Next, the administrator verifies that they can Telnet to R2 as shown in the command output. R1# telnet 2001:db8:acad:2::2 Trying 2001:DB8:ACAD:2::2 ... Open User Access Verification Password: R2> exit [Connection to 2001:db8:acad:2::2 closed by foreign host] R1# The administrator has confirmed that Telnet services is running on R2. Although the Telnet server application runs on its own well-known port number 23 and Telnet clients connect to this port by default, a different port number can be specified on the client to connect to any TCP port that must be tested. Using a different port other than TCP port 23 indicates whether the connection is accepted (as indicated by the word "Open" in the output), refused, or times out. From any of those responses, further conclusions can be made concerning the connectivity. Certain applications, if they use an ASCII-based session protocol, might even display an application banner, it may be possible to trigger some responses from the server by typing in certain keywords, such as with SMTP, FTP, and HTTP. For example, the administrator attempts to Telnet to R2 using port 80. R1# telnet 2001:db8:acad:2::2 80 Trying 2001:DB8:ACAD:2::2, 80 ... Open ^C HTTP/1.1 400 Bad Request Date: Mon, 04 Nov 2019 12:34:23 GMT Server: cisco-IOS Accept-Ranges: none 400 Bad Request [Connection to 2001:db8:acad:2::2 closed by foreign host] R1# The output verifies a successful transport layer connection, but R2 is refusing the connection using port 80.
Neighbor issues
If the routing protocol establishes an adjacency with a neighbor, check to see if there are any problems with the routers forming neighbor adjacencies.
Topology database
If the routing protocol uses a topology table or database, check the table for anything unexpected, such as missing entries or unexpected entries.
12.5.7 Step 4 - Verify Default Gateway
If there is no detailed route on the router, or if the host is configured with the wrong default gateway, then communication between two endpoints in different networks does not work. The figure illustrates how PC1 uses R1 as its default gateway. Similarly, R1 uses R2 as its default gateway or gateway of last resort. If a host needs access to resources beyond the local network, the default gateway must be configured. The default gateway is the first router on the path to destinations beyond the local network. PC1S1R1R2R3S3S22001:db8:acad:1::/642001:db8:acad:2::/642001:db8:acad:2::/642001:db8:acad:4::/6410.1.10.0/24172.16.1.0/24192.168.1.0/30192.168.1.4/30S0/1/0:2.2S0/1/1:1.5S0/1/0.1S0/1/1.6:2:1G0/0/0.1:1G0/0/0.1:12001:db8:acad:4::100/64172.16.1.100/242001:db8:acad:1::100/6410.1.10.100/242001:db8:acad:1:5075:d0ff:fe8e:9ad8/6410.1.10.10/24 My gateway of last resort is R2.My default gateway is R1.SRV1MAC Address: 5475.D08E.9AD8SRV2 Troubleshooting IPv4 Default Gateway Example In this example, R1 has the correct default gateway, which is the IPv4 address of R2. However, PC1 has the wrong default gateway. PC1 should have the default gateway of R1 10.1.10.1. This must be configured manually if the IPv4 addressing information was manually configured on PC1. If the IPv4 addressing information was obtained automatically from a DHCPv4 server, then the configuration on the DHCP server must be examined. A configuration problem on a DHCP server usually affects multiple clients.
12.5.8 Troubleshoot IPv6 Default Gateway Example
In IPv6, the default gateway can be configured manually, using stateless autoconfiguration (SLAAC), or by using DHCPv6. With SLAAC, the default gateway is advertised by the router to hosts using ICMPv6 Router Advertisement (RA) messages. The default gateway in the RA message is the link-local IPv6 address of a router interface. If the default gateway is configured manually on the host, which is very unlikely, the default gateway can be set to either the global IPv6 address, or to the link-local IPv6 address.
Bottom-Up
In bottom-up troubleshooting, you start with the physical layer and the physical components of the network as shown in the figure, and move up through the layers of the OSI model until the cause of the problem is identified. Bottom-up troubleshooting is a good approach to use when the problem is suspected to be a physical one. Most networking problems reside at the lower levels, so implementing the bottom-up approach is often effective. The disadvantage with the bottom-up troubleshooting approach is it requires that you check every device and interface on the network until the possible cause of the problem is found. Remember that each conclusion and possibility must be documented so there can be a lot of paper work associated with this approach. A further challenge is to determine which devices to start examining first. Application Transport Network Data Link Physical (Start here)
12.6.2 Packet Tracer - Troubleshooting Challenge - Use Documentation to Solve Issues
In this Packet Tracer activity, you use network documentation to identify and fix network communications problems. Use various techniques and tools to identify connectivity issues. Use documentation to guide troubleshooting efforts. Identify specific network problems. Implement solutions to network communication problems. Verify network operation. Troubleshooting Challenge Troubleshooting Challenge
Module Practice and Quiz 12.6.1 Packet Tracer - Troubleshooting Challenge - Document the Network
In this Packet Tracer activity, you will document a network that is unknown to you. Test network connectivity. Compile host addressing information. Remotely access default gateway devices. Document default gateway device configurations. Discover devices on the network. Draw the network topology. Troubleshooting Challenge Troubleshooting Challenge
Gather Information
In this step, targets (i.e., hosts, devices) to be investigated must be identified, access to the target devices must be obtained, and information gathered. During this step, the technician may gather and document more symptoms, depending on the characteristics that are identified. If the problem is outside the boundary of the organization's control (e.g., lost internet connectivity outside of the autonomous system), contact an administrator for the external system before gathering additional network symptoms.
Address mapping errors
In topologies, such as point-to-multipoint or broadcast Ethernet, it is essential that an appropriate Layer 2 destination address be given to the frame. This ensures its arrival at the correct destination. To achieve this, the network device must match a destination Layer 3 address with the correct Layer 2 address using either static or dynamic maps. In a dynamic environment, the mapping of Layer 2 and Layer 3 information can fail because devices may have been specifically configured not to respond to ARP requests, the Layer 2 or Layer 3 information that is cached may have physically changed, or invalid ARP replies are received because of a misconfiguration or a security attack.
Input errors
Input errors indicate errors that are experienced during the reception of the frame, such as CRC errors. High numbers of CRC errors could indicate cabling problems, interface hardware problems, or, in an Ethernet-based network, duplex mismatches.
Input queue drops
Input queue drops (and the related ignored and throttle counters) signify that at some point, more traffic was delivered to the router than it could process. This does not necessarily indicate a problem. That could be normal traffic during peak periods. However, it could be an indication that the CPU cannot process packets in time, so if this number is consistently high, it is worth trying to spot at which moments these counters are increasing and how this relates to CPU usage.
1. Which statement describes the physical topology for a LAN?
It defines how hosts and network devices connect to the LAN.
(Highest Level) Level 1
Keyword Alerts Description Immediate action is needed Definition LOG_ALERT
(Highest Level) Level 2
Keyword Critical Description Critical conditions exist Definition LOG_CRIT
(Lowest Level) Level 7
Keyword Debugging Description Debugging messages Definition LOG_DEBUG
(Highest Level) Level 0
Keyword Emergencies Description System is unusable Definition LOG_EMERG
(Highest Level) Level 3
Keyword Errors Description Error conditions exist Definition LOG_ERR
(Lowest Level) Level 6
Keyword Informational Description Informational messages only Definition LOG_NFO
(Lowest Level) Level 5
Keyword Notifications Description Normal (but significant) condition Definition LOG_NOTICE
(Highest Level) Level 4
Keyword Warnings Description Warning conditions exist Definition LOG_WARNING
1. Which of these is an on-line network device vendor resource that can be used as a source of information?
Knowledge base
5. What is the highest OSI layer that should be considered when troubleshooting routers and Layer 3 switches?
Layer 4
SNMP
Like DNS packets, NAT is unable to alter the addressing information stored in the data payload of the packet. Because of this, an SNMP management station on one side of a NAT router may not be able to contact SNMP agents on the other side of the NAT router. Configuring the IPv4 helper feature can help solve this problem.
IPv4 traceroute
Like the ping command, the Cisco IOS traceroute command can be used for both IPv4 and IPv6. The tracert command is used with Windows operating systems. The trace generates a list of hops, router IP addresses and the destination IP address that are successfully reached along the path. This list provides important verification and troubleshooting information. If the data reaches the destination, the trace lists the interface on every router in the path. If the data fails at some hop along the way, the address of the last router that responded to the trace is known. This address is an indication of where the problem or security restrictions reside. The tracert output illustrates the path the IPv4 packets take to reach their destination. C:\> tracert 172.16.1.100 Tracing route to 172.16.1.100 over a maximum of 30 hops: 1 1 ms <1 ms <1 ms 10.1.10.1 2 2 ms 2 ms 1 ms 192.168.1.2 3 2 ms 2 ms 1 ms 192.168.1.6 4 2 ms 2 ms 1 ms 172.16.1.100 Trace complete. C:\>
Noise
Local electromagnetic interference (EMI) is commonly known as noise. Noise can be generated by many sources, such as FM radio stations, police radio, building security, and avionics for automated landing, crosstalk (noise induced by other cables in the same pathway or adjacent cables), nearby electric cables, devices with large electric motors, or anything that includes a transmitter more powerful than a cell phone.
Loss of connectivity
Loss of connectivity could be due to a failed or disconnected cable. Can be verified using a simple ping test. Intermittent connectivity loss can indicate a loose or oxidized connection.
12.2.3 Question End Users
Many network problems are initially reported by an end user. However, the information provided is often vague or misleading. For example, users often report problems such as "the network is down", "I cannot access my email", or "my computer is slow". In most cases, additional information is required to fully understand a problem. This usually involves interacting with the affected user to discover the "who", "what", and "when" of the problem. The following recommendations should be employed when communicate with user: Speak at a technical level they can understand and avoid using complex terminology. Always listen or read carefully what the user is saying. Taking notes can be helpful when documenting a complex problem. Always be considerate and empathize with users while letting them know you will help them solve their problem. Users reporting a problem may be under stress and anxious to resolve the problem as quickly as possible. When interviewing the user, guide the conversation and use effective questioning techniques to quickly ascertain the problem. For instance, use open questions (i.e., requires detailed response) and closed questions (i.e., yes, no, or single word answers) to discover important facts about the network problem. The table provides some questioning guidelines and sample open ended end-user questions. When done interviewing the user, repeat your understanding of the problem to the user to ensure that you both agree on the problem being reported. (On cards 45-50).
Cabling faults
Many problems can be corrected by simply reseating cables that have become partially disconnected. When performing a physical inspection, look for damaged cables, improper cable types, and poorly crimped RJ-45 connectors. Suspect cables should be tested or exchanged with a known functioning cable.
Interface configuration errors
Many things can be misconfigured on an interface to cause it to go down, such as incorrect clock rate, incorrect clock source, and interface not being turned on. This causes a loss of connectivity with attached network segments.
Baselining Tools
Many tools for automating the network documentation and baselining process are available. Baselining tools help with common documentation tasks. For example, they can draw network diagrams, help keep network software and hardware documentation up-to-date, and help to cost-effectively measure baseline network bandwidth use. Search the internet for "Network Performance Monitoring Tools" for more information.
DNS
Maps IP addresses to the names assigned to network devices.
Uncommon protocols
Misconfigured ACLs often cause problems for protocols other than TCP and UDP. Uncommon protocols that are gaining popularity are VPN and encryption protocols.
12.0.2 What will I learn to do in this module?
Module Title: Network Troubleshooting Module Objective: Troubleshoot enterprise networks. Topic Title Network Documentation Topic Objective Explain how network documentation is developed and used to troubleshoot network issues. Topic Title Troubleshooting Process Topic Objective Compare troubleshooting methods that use a systematic, layered approach. Topic Title Troubleshooting Tools Topic Objective Describe different networking troubleshooting tools. Topic Title Symptoms and Causes of Network Problems Topic Objective Determine the symptoms and causes of network problems using a layered model. Topic Title Troubleshooting IP Connectivity Topic Objective Troubleshoot a network using the layered model.
12.4.6 Application Layer Troubleshooting
Most of the application layer protocols provide user services. Application layer protocols are typically used for network management, file transfer, distributed file services, terminal emulation, and email. New user services are often added, such as VPNs and VoIP. The figure shows the most widely known and implemented TCP/IP application layer protocols.
3. Which OSI layer are you troubleshooting when investigating a routing protocol loop?
Network
12.6.3 What did I learn in this module?
Network Documentation Common network documentation includes: physical and logical network topologies, network device documentation recording all pertinent device information, and network performance baseline documentation. Information found on a physical topology typically includes the device name, device location (address, room number, rack location, etc.), interface and ports used, and cable type. Network device documentation for a router may include the interface, IPv4 address, IPv6 address, MAC address and routing protocol. Network device documentation for a switch may include the port, access, VLAN, trunk, EtherChannel, native, and enabled. Network device documentation for end-systems may include device name, OS, services, MAC address, IPv4 and IPv6 addresses, default gateway, and DNS. A network baseline should answer the following questions: How does the network perform during a normal or average day? Where are the most errors occurring? What part of the network is most heavily used? What part of the network is least used? Which devices should be monitored and what alert thresholds should be set? Can the network meet the identified policies? When conducting the initial baseline, start by selecting a few variables that represent the defined policies, such as interface utilization and CPU utilization. A logical network topology diagram can be useful in identifying key devices and ports to monitor. The length of time and the baseline information being gathered must be long enough to determine a "normal" picture of the network. When documenting the network, gather information directly from routers and switches using the show, ping, traceroute, and telnet commands. Troubleshooting Process The troubleshooting process should be guided by structured methods. One method is the seven-step troubleshooting process: 1. Define the problem, 2. Gather information, 3. Analyze information, 4. Eliminate possible causes, 5. Propose hypothesis, 6. Test hypothesis, and 7. Solve the problem. When talking to end users about their network problems, ask both open and closed-ended questions. Use the show, ping, traceroute, and telnet commands to gather information from devices. Use the layered models to perform bottom-up, top-down, or divide-and-conquer troubleshooting. Other models include follow-the-path, substitution, comparison, and educated guess. Software problems are often solved using a top-down approach while hardware-based problems are solved using the bottom-up approach. New problems may be solved by an experienced technician using the divide-and-conquer method. Troubleshooting Tools Common software troubleshooting tools include NMS tools, knowledge bases, and baselining tools. A protocol analyzer, such as Wireshark, decodes the various protocol layers in a recorded frame and presents this information in an easy to use format. Hardware troubleshooting tools include digital multimeters, cable testers, cable analyzers, portable network analyzers, and Cisco Prime NAM. Syslog server can also be used as a troubleshooting tool. Implementing a logging facility for network troubleshooting. Cisco devices can log information regarding configuration changes, ACL violations, interface status, and many other types of events. Event messages can be sent to one or more of the following: console, terminal lines, buffered logging, SNMP traps, and syslog. The lower the level number, the higher the severity level. The logging trap level command limits messages logged to the syslog server based on severity. The level is the name or number of the severity level. Only messages equal to or numerically lower than the specified level are logged. Symptoms and Causes of Network Problems Failures and suboptimal conditions at the physical layer usually cause networks to shut down. Network administrators must have the ability to effectively isolate and correct problems at this layer. Symptoms include performance lower than baseline, loss of connectivity, congestion, high CPU utilization, and console error messages. The causes are usually power-related, hardware faults, cabling faults, attenuation, noise, interface configuration errors, exceeding component design limits, and CPU overload. Data link layer problems cause specific symptoms that, when recognized, will help identify the problem quickly. Symptoms include no functionality/connectivity at Layer 2 or above, network operating below baseline levels, excessive broadcasts, and console messages. The causes are usually encapsulation errors, address mapping errors, framing errors, and STP failures or loops. Network layer problems include any problem that involves a Layer 3 protocol, both routed protocols (such as IPv4 or IPv6) and routing protocols (such as EIGRP, OSPF, etc.). Symptoms include network failure and suboptimal performance. The causes are usually general network issues, connectivity issues, routing table problems, neighbor issues, and the topology database. Transport layer problems can arise from transport layer problems on the router, particularly at the edge of the network where traffic is examined and modified. Symptoms include connectivity and access issues. Causes are likely to be misconfigured NAT or ACLs. ACL misconfigurations commonly occur at the selection of traffic flow, order of access control entries, implicit deny any, addresses and IPv4 wildcard masks, selection of transport layer protocol, source and destination ports, use of the established keyword, and uncommon protocols. There are several problems with NAT including misconfigured NAT inside, NAT outside, or ACL. Common interoperability areas with NAT include BOOTP and DHCP, DNS, SNMP, and tunneling and encryption protocols. Application layer problems can result in unreachable or unusable resources when the physical, data link, network, and transport layers are functional. It is possible to have full network connectivity, but the application simply cannot provide data. Another type of problem at the application layer occurs when the physical, data link, network, and transport layers are functional, but the data transfer and requests for network services from a single network service or application do not meet the normal expectations of a user. Troubleshooting IP Connectivity Diagnosing and solving problems is an essential skill for network administrators. There is no single recipe for troubleshooting, and a problem can be diagnosed in many ways. However, by employing a structured approach to the troubleshooting process, an administrator can reduce the time it takes to diagnose and solve a problem. End-to-end connectivity problems are usually what initiates a troubleshooting effort. Two of the most common utilities used to verify a problem with end-to-end connectivity are ping and traceroute. The ping command uses a Layer 3 protocol that is a part of the TCP/IP suite called ICMP. The traceroute command is commonly performed when the ping command fails. Step 1. Verify the physical layer. The most commonly used Cisco IOS commands for this purpose are show processes cpu, show memory, and show interfaces. Step 2. Check for duplex mismatches. Another common cause for interface errors is a mismatched duplex mode between two ends of an Ethernet link. In many Ethernet-based networks, point-to-point connections are now the norm, and the use of hubs and the associated half-duplex operation is becoming less common. Use the show interfaces interface command to diagnose this problem. Step 3. Verify addressing on the local network. When troubleshooting end-to-end connectivity, it is useful to verify mappings between destination IP addresses and Layer 2 Ethernet addresses on individual segments. The arp Windows command displays and modifies entries in the ARP cache that are used to store IPv4 addresses and their resolved Ethernet physical (MAC) addresses. The netsh interface ipv6 show neighbor Windows command output lists all devices that are currently in the neighbor table. The show ipv6 neighbors command output displays an example of the neighbor table on the Cisco IOS router. Use the show mac address-table command to display the MAC address table on the switch. VLAN assignment is another issue to consider when troubleshooting end-to-end connectivity. Use the arp Windows command to see the entry for a default gateway. Use the show mac address-table command to check the switch MAC table. This may show that not a VLAN assignments are correct. Step 4. Verify the default gateway. The command output of the show ip route Cisco IOS command is used to verify the default gateway of a router. On a Windows host, the route print Windows command is used to verify the presence of the IPv4 default gateway. In IPv6, the default gateway can be configured manually, using stateless autoconfiguration (SLAAC), or by using DHCPv6. The show ipv6 route Cisco IOS command is used to check for the IPv6 default route on a router. The ipconfig Windows command is used to verify if a PC1 has an IPv6 default gateway. The command output of the show ipv6 interface interface will tell you if a router is or is not enabled as an IPv6 router. Enable a router as an IPv6 router using the ipv6 unicast-routing command. To verify that a host has the default gateway set, use the ipconfig command on the Microsoft Windows PC or the ifconfig command on Linux and Mac OS X. Step 5. Verify correct path. The routers in the path make the routing decision based on information in the routing tables. Use the show ip route | begin Gateway command for an IPv4 routing table. Use the show ipv6 route command for an IPv6 routing table. Step 6. Verify the transport layer. Two of the most common issues that affect transport layer connectivity include ACL configurations and NAT configurations. A common tool for testing transport layer functionality is the Telnet utility. Step 7. Verify ACLs. Use the show ip access-lists command to display the contents of all IPv4 ACLs and the show ipv6 access-list command to show the contents of all IPv6 ACLs configured on a router. Verify which interface has the ACL applied using the show ip interfaces command. Step 8. Verify DNS. To display the DNS configuration information on the switch or router, use the show running-config command. Use the ip host command to enter name to IPv4 mapping to the switch or router as shown in the command output.
12.1.3 Network Device Documentation
Network device documentation should contain accurate, up-to-date records of the network hardware and software. Documentation should include all pertinent information about the network devices. Many organizations create documents with tables or spreadsheets to capture relevant device information. Click each button for examples of router, switch, and end device documentation. (On cards 9-11).
Network failure
Network failure is when the network is nearly or completely non-functional, affecting all users and applications on the network. These failures are usually noticed quickly by users and network administrators and are obviously critical to the productivity of a company.
12.4.3 Network Layer Troubleshooting
Network layer problems include any problem that involves a Layer 3 protocol, such as IPv4, IPv6, EIGRP, OSPF, etc. The figure summarizes the symptoms and causes of network layer network problems. 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical Symptoms: Network failure Suboptimal performance Causes: General network issues Connectivity issues Routing table Neighbor issues Topology database
Network Management System Tools
Network management system (NMS) tools include device-level monitoring, configuration, and fault-management tools. These tools can be used to investigate and correct network problems. Network monitoring software graphically displays a physical view of network devices, allowing network managers to monitor remote devices continuously and automatically. Device management software provides dynamic device status, statistics, and configuration information for key network devices. Search the internet for "NMS Tools" for more information.
Suboptimal performance
Network optimization problems usually involve a subset of users, applications, destinations, or a type of traffic. Optimization issues can be difficult to detect and even harder to isolate and diagnose. This is because they usually involve multiple layers, or even a single host computer. Determining that the problem is a network layer problem can take time.
12.4.4 Transport Layer Troubleshooting - ACLs
Network problems can arise from transport layer problems on the router, particularly at the edge of the network where traffic is examined and modified. For instance, both access control lists (ACLs) and Network Address Translation (NAT) operate at the network layer and may involve operations at the transport layer, as shown in the figure. 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical Symptoms: Connectivity Issues Access Issues Causes: ACL configurations NAT configurations The most common issues with ACLs are caused by improper configuration, as shown in the figure. 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical Common ACL Misconfigurations: Selection of traffic flow Order of ACL entries Implicit deny any Address and IPv4 wildcard masks Selection of transport layer protocol Source and destination ports Use of the established keyword Uncommon protocols
12.1.2 Network Topology Diagrams
Network topology diagrams keep track of the location, function, and status of devices on the network. There are two types of network topology diagrams: the physical topology and the logical topology. Click each button for an example and explanation of physical and logical topologies. (On cards 5-7).
Symptoms and Causes of Network Problems 12.4.1 Physical Layer Troubleshooting
Now that you have your documentation, some knowledge of troubleshooting methods and the software and hardware tools to use to diagnose problems, you are ready to start troubleshooting! This topic covers the most common issues that you will find when troubleshooting a network. Issues on a network often present as performance problems. Performance problems mean that there is a difference between the expected behavior and the observed behavior, and the system is not functioning as could be reasonably expected. Failures and suboptimal conditions at the physical layer not only inconvenience users but can impact the productivity of the entire company. Networks that experience these kinds of conditions usually shut down. Because the upper layers of the OSI model depend on the physical layer to function, a network administrator must have the ability to effectively isolate and correct problems at this layer. The figure summarizes the symptoms and causes of physical layer network problems. 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical Symptoms: Performance lower than baseline Loss of connectivity Network bottlenecks or congestion High CPU utilization rates Console error messages Causes: Power related Hardware faults Cabling faults Attenuation Noise Interface configuration errors Exceeding design limits CPU overload
General network issues
Often a change in the topology, such as a down link, may have effects on other areas of the network that might not be obvious at the time. This may include the installation of new routes, static or dynamic, or removal of other routes. Determine whether anything in the network has recently changed, and if there is anyone currently working on the network infrastructure.
PC1 Routing Table
On a Windows host, the route print Windows command is used to verify the presence of the IPv4 default gateway as shown in the command output. C:\> route print (Output omitted) IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.10 11 (Output omitted)
12.5.11 Step 7 - Verify ACLs
On routers, there may be ACLs that prohibit protocols from passing through the interface in the inbound or outbound direction. Use the show ip access-lists command to display the contents of all IPv4 ACLs and the show ipv6 access-list command to display the contents of all IPv6 ACLs configured on a router. The specific ACL can be displayed by entering the ACL name or number as an option for this command. The show ip interfaces and show ipv6 interfaces commands display IPv4 and IPv6 interface information that indicates whether any IP ACLs are set on the interface. Troubleshooting Example To prevent spoofing attacks, the network administrator decided to implement an ACL that is preventing devices with a source network address of 172.16.1.0/24 from entering the inbound S0/0/1 interface on R3, as shown in the figure. All other IP traffic should be allowed. The figure shows a topology and example of preventing spoofing attacks with ACLs. R1 is linked with a serial connection to R2. R2 is linked with a serial connection to R3. R1 has a link to S1. S1 has a link to PC1 and S2. S2 has a link to SRV2. R3 has a link to S3. S3 has a link to SRV1. To prevent spoofing attacks, all packets are denied with a source address of 172.16.1.0/24 from entering R3s Serial 0/1/1. R1R2R3S1S3PC1S2SRV1SRV210.1.10.10/242001:db8:acad:1:5075:d0ff:fe8e:9ad8/642001:db8:acad:1::/642001:db8:acad:2::/642001:db8:acad:3::/642001:db8:acad:4::/6410.1.10.0/24172.16.1.0/24192.168.1.0/30192.168.1.4/30S0/1/0:2.2S0/1/1:1.5S0/1/0.1S0/1/1.6:2G0/0/0.1:1G0/0/0.1:1172.16.1.100/242001:db8:acad:4::100/6410.1.10.100/242001:db8:acad:1::100/64:1 To prevent spoofing attacks, deny all packets with a source address of 172.16.1.0/24 from entering Serial 0/1/1.MAC Address: 5475.D08E.9AD8 However, shortly after implementing the ACL, users on the 10.1.10.0/24 network were unable to connect to devices on the 172.16.1.0/24 network, including SRV1.
Excessive broadcasts
Operating systems use broadcasts and multicasts extensively to discover network services and other hosts. Generally, excessive broadcasts are the result of a poorly programmed or configured applications, a large Layer 2 broadcast domain, or an underlying network problem (e.g., STP loops or route flapping).
Output errors
Output errors indicate errors, such as collisions, during the transmission of a frame. In most Ethernet-based networks today, full-duplex transmission is the norm, and half-duplex transmission is the exception. In full-duplex transmission, operation collisions cannot occur; therefore, collisions (especially late collisions) often indicate duplex mismatches.
Output queue drops
Output queue drops indicate that packets were dropped due to congestion on the interface. Seeing output drops is normal for any point where the aggregate input traffic is higher than the output traffic. During peak traffic periods, packets are dropped if traffic is delivered to the interface faster than it can be sent out. However, even if this is considered normal behavior, it leads to packet drops and queuing delays, so applications that are sensitive to those, such as VoIP, might suffer from performance issues. Consistently seeing output queue drops can be an indicator that you need to implement an advanced queuing mechanism to implement or modify QoS.
TFTP
Performs basic interactive file transfers typically between hosts and networking devices.
FTP
Performs interactive file transfers between hosts.
1. Which OSI layer are you troubleshooting when the cause of network transmission errors is due to late collisions, short frames, and jabber?
Physical
IPv4 ping
Ping is probably the most widely-known connectivity-testing utility in networking and has always been part of Cisco IOS Software. It sends out requests for responses from a specified host address. The ping command uses a Layer 3 protocol that is a part of the TCP/IP suite called ICMP. Ping uses the ICMP echo request and ICMP echo reply packets. If the host at the specified address receives the ICMP echo request, it responds with an ICMP echo reply packet. Ping can be used to verify end-to-end connectivity for both IPv4 and IPv6. The command output shows a successful ping from PC1 to SRV1, at address 172.16.1.100. C:\> ping 172.16.1.100 Pinging 172.16.1.100 with 32 bytes of data: Reply from 172.16.1.100: bytes=32 time=199ms TTL=128 Reply from 172.16.1.100: bytes=32 time=193ms TTL=128 Reply from 172.16.1.100: bytes=32 time=194ms TTL=128 Reply from 172.16.1.100: bytes=32 time=196ms TTL=128 Ping statistics for 172.16.1.100: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 193ms, Maximum = 199ms, Average = 195ms C:\>
Portable Network Analyzers
Portable devices are used for troubleshooting switched networks and VLANs. By plugging the network analyzer in anywhere on the network, a network engineer can see the switch port to which the device is connected, and the average and peak utilization. The analyzer can also be used to discover VLAN configuration, identify top network talkers (hosts generating the most traffic), analyze network traffic, and view interface details. The device can typically output to a PC that has network monitoring software installed for further analysis and troubleshooting.
Analyze Information
Possible causes must be identified. The gathered information is interpreted and analyzed using network documentation, network baselines, searching organizational knowledge bases, searching the internet, and talking with other technicians.
Source and destination ports
Properly controlling the traffic between two hosts requires symmetric access control elements for inbound and outbound ACLs. Address and port information for traffic generated by a replying host is the mirror image of address and port information for traffic generated by the initiating host.
2. Which tool is useful to investigate packet content while flowing through the network?
Protocol Analyzer
12.3.2 Protocol Analyzers
Protocol analyzers can investigate packet content while flowing through the network. A protocol analyzer decodes the various protocol layers in a recorded frame and presents this information in a relatively easy to use format. The figure shows a screen capture of the Wireshark protocol analyzer. The information displayed by a protocol analyzer includes the physical layer bit data, data link layer information, protocols, and descriptions for each frame. Most protocol analyzers can filter traffic that meets certain criteria so that all traffic to and from a device can be captured. Protocol analyzers such as Wireshark can help troubleshoot network performance problems. It is important to have both a good understanding of TCP/IP and how to use a protocol analyzer to inspect information at each TCP/IP layer.
Correct R1 IPv6 Routing
R1 is enabled as an IPv6 router using the ipv6 unicast-routing command. The show ipv6 interface GigabitEthernet 0/0/0 command verifies that R1 is a member of ff02::2, the All-IPv6-Routers multicast group. R1(config)# ipv6 unicast-routing R1(config)# exit R1# show ipv6 interface GigabitEthernet 0/0/0 GigabitEthernet0/0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 No Virtual link-local address(es): Global unicast address(es): 2001:DB8:ACAD:1::1, subnet is 2001:DB8:ACAD:1::/64 Joined group address(es): FF02:: 1 FF02:: 2 FF02::1:FF00:1 (Output omitted) R1#
R1 IPv4 Routing Table
R1# show ip route | begin Gateway Gateway of last resort is 192.168.1.2 to network 0.0.0.0 O*E2 0.0.0.0/0 [110/1] via 192.168.1.2, 00:00:13, Serial0/1/0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.1.10.0/24 is directly connected, GigabitEthernet0/0/0 L 10.1.10.1/32 is directly connected, GigabitEthernet0/0/0 172.16.0.0/24 is subnetted, 1 subnets O 172.16.1.0 [110/100] via 192.168.1.2, 00:01:59, Serial0/1/0 192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks C 192.168.1.0/30 is directly connected, Serial0/1/0 L 192.168.1.1/32 is directly connected, Serial0/1/0 O 192.168.1.4/30 [110/99] via 192.168.1.2, 00:06:25, Serial0/1/0 R1# The IPv4 and IPv6 routing tables can be populated by the following methods: Directly connected networks Local host or local routes Static routes Dynamic routes Default routes The process of forwarding IPv4 and IPv6 packets is based on the longest bit match or longest prefix match. The routing table process will attempt to forward the packet using an entry in the routing table with the greatest number of leftmost matching bits. The number of matching bits is indicated by the prefix length of the route. The figure describes the process for both the IPv4 and IPv6 routing tables. Destination IP AddressMatch in routing table?YesMatch with more than one entry?All entries havethe sameprefix lengths?NoNoNoYesYesNoYesForward packet using load balancingForward packet usinglongest matching prefix lengthForward packetDiscard packetDefault route? Examine the following scenarios based on the flow chart above. If the destination address in a packet: Does not match an entry in the routing table, then the default route is used. If there is not a default route that is configured, the packet is discarded. Matches a single entry in the routing table, then the packet is forwarded through the interface that is defined in this route. Matches more than one entry in the routing table and the routing entries have the same prefix length, then the packets for this destination can be distributed among the routes that are defined in the routing table. Matches more than one entry in the routing table and the routing entries have different prefix lengths, then the packets for this destination are forwarded out of the interface that is associated with the route that has the longer prefix match. Troubleshooting Example Devices are unable to connect to the server SRV1 at 172.16.1.100. Using the show ip route command, the administrator should check to see if a routing entry exists to network 172.16.1.0/24. If the routing table does not have a specific route to the SRV1 network, the network administrator must then check for the existence of a default or summary route entry in the direction of the 172.16.1.0/24 network. If none exists, then the problem may be with routing and the administrator must verify that the network is included within the dynamic routing protocol configuration or add a static route.
R1 IPv6 Routing Table
R1# show ipv6 route IPv6 Routing Table - default - 8 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, R - RIP, H - NHRP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1 OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 a - Application OE2 ::/0 [110/1], tag 1 via FE80::2, Serial0/1/0 C 2001:DB8:ACAD:1::/64 [0/0] via GigabitEthernet0/0/0, directly connected L 2001:DB8:ACAD:1::1/128 [0/0] via GigabitEthernet0/0/0, receive C 2001:DB8:ACAD:2::/64 [0/0] via Serial0/1/0, directly connected L 2001:DB8:ACAD:2::1/128 [0/0] via Serial0/1/0, receive O 2001:DB8:ACAD:3::/64 [110/99] via FE80::2, Serial0/1/0 O 2001:DB8:ACAD:4::/64 [110/100] via FE80::2, Serial0/1/0 L FF00::/8 [0/0] via Null0, receive R1# The IPv4 and IPv6 routing tables can be populated by the following methods: Directly connected networks Local host or local routes Static routes Dynamic routes Default routes The process of forwarding IPv4 and IPv6 packets is based on the longest bit match or longest prefix match. The routing table process will attempt to forward the packet using an entry in the routing table with the greatest number of leftmost matching bits. The number of matching bits is indicated by the prefix length of the route. The figure describes the process for both the IPv4 and IPv6 routing tables. Destination IP AddressMatch in routing table?YesMatch with more than one entry?All entries havethe sameprefix lengths?NoNoNoYesYesNoYesForward packet using load balancingForward packet usinglongest matching prefix lengthForward packetDiscard packetDefault route? Examine the following scenarios based on the flow chart above. If the destination address in a packet: Does not match an entry in the routing table, then the default route is used. If there is not a default route that is configured, the packet is discarded. Matches a single entry in the routing table, then the packet is forwarded through the interface that is defined in this route. Matches more than one entry in the routing table and the routing entries have the same prefix length, then the packets for this destination can be distributed among the routes that are defined in the routing table. Matches more than one entry in the routing table and the routing entries have different prefix lengths, then the packets for this destination are forwarded out of the interface that is associated with the route that has the longer prefix match. Troubleshooting Example Devices are unable to connect to the server SRV1 at 172.16.1.100. Using the show ip route command, the administrator should check to see if a routing entry exists to network 172.16.1.0/24. If the routing table does not have a specific route to the SRV1 network, the network administrator must then check for the existence of a default or summary route entry in the direction of the 172.16.1.0/24 network. If none exists, then the problem may be with routing and the administrator must verify that the network is included within the dynamic routing protocol configuration or add a static route.
Performance lower than baseline
Requires previous baselines for comparison. The most common reasons for slow or poor performance include overloaded or underpowered servers, unsuitable switch or router configurations, traffic congestion on a low-capacity link, and chronic frame loss.
ping {host | ip-address} command
Sends an echo request packet to an address, then waits for a reply The host or ip-address variable is the IP alias or IP address of the target system
No functionality or connectivity at the network layer or above
Some Layer 2 problems can stop the exchange of frames across a link, while others only cause network performance to degrade.
HTTP
Supports the exchanging of text, graphic images, sound, video, and other multimedia files on the web.
CPU overload
Symptoms include processes with high CPU utilization percentages, input queue drops, slow performance, SNMP timeouts, no remote access, or services such as DHCP, Telnet, and ping are slow or fail to respond. On a switch the following could occur: spanning tree reconvergence, EtherChannel links bounce, UDLD flapping, IP SLAs failures. For routers, there could be no routing updates, route flapping, or HSRP flapping. One of the causes of CPU overload in a router or switch is high traffic. If one or more interfaces are regularly overloaded with traffic, consider redesigning the traffic flow in the network or upgrading the hardware.
12.3.4 Syslog Server as a Troubleshooting Tool
Syslog is a simple protocol used by an IP device known as a syslog client, to send text-based log messages to another IP device, the syslog server. Syslog is currently defined in RFC 5424. Implementing a logging facility is an important part of network security and for network troubleshooting. Cisco devices can log information regarding configuration changes, ACL violations, interface status, and many other types of events. Cisco devices can send log messages to several different facilities. Event messages can be sent to one or more of the following: (On cards 92-96).
2. In which step of the seven-step troubleshooting process, would you create a rollback plan identifying how to quickly reverse a solution?
Test hypothesis
Cisco Prime Network Analysis Module
The Cisco Prime Network Analysis Module (NAM) portfolio, shown in the figure, includes hardware and software for performance analysis in switching and routing environments. It includes an embedded browser-based interface that generates reports on the traffic that consumes critical network resources. In addition, the NAM can capture and decode packets and track response times to pinpoint an application problem to a network or server. The figure shows the Cisco Prime Network Analysis Module (NAM) portfolio. The figure displays a Cisco Nexus 7000 Series NAM,Cisco Catalyst 65xx Series NAM, Cisco Prime NAM 2300 Series Appliance, Cisco Prime Virtual NAM (vNAM),Cisco Prime NAM for Cisco Nexus 1110, and a Cisco Prime NAM for ISR G2 SRE. Cisco Nexus 7000 Series NAM(NAM-NX1)Cisco Catalyst 65xx Series NAM (NAM-3)Cisco Prime NAM 2300 Series ApplianceCisco Prime Virtual NAM (vNAM)Cisco Prime NAM for Cisco Nexus 1110Cisco Prime NAM for ISR G2 SRE
12.5.12 Step 8 - Verify DNS
The DNS protocol controls the DNS, a distributed database with which you can map hostnames to IP addresses. When you configure DNS on the device, you can substitute the hostname for the IP address with all IP commands, such as ping or telnet. To display the DNS configuration information on the switch or router, use the show running-config command. When there is no DNS server installed, it is possible to enter names to IP mappings directly into the switch or router configuration. Use the ip host command to enter a name to be used instead of the IPv4 address of the switch or router, as shown in the command output. R1(config)# ip host ipv4-server 172.16.1.100 R1(config)# exit R1# Now the assigned name can be used instead of using the IP address, as shown in the command output. R1# ping ipv4-server Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms R1# To display the name-to-IP-address mapping information on a Windows-based PC, use the nslookup command.
12.2.5 Troubleshooting with Layered Models
The OSI and TCP/IP models can be applied to isolate network problems when troubleshooting. For example, if the symptoms suggest a physical connection problem, the network technician can focus on troubleshooting the circuit that operates at the physical layer. The figure shows some common devices and the OSI layers that must be examined during the troubleshooting process for that device. 7. Application End System 6. Presentation End System 5. Session End System 4. Transport Router and Multilayer Switch 3. Network Router and Multilayer Switch 2. Data Link Standard Switch 1. Physical Hub Notice that routers and multilayer switches are shown at Layer 4, the transport layer. Although routers and multilayer switches usually make forwarding decisions at Layer 3, ACLs on these devices can be used to make filtering decisions using Layer 4 information.
13. A networked PC is having trouble accessing the Internet, but can print to a local printer and ping other computers in the area. Other computers on the same network are not having any issues. What is the problem?
The PC has a missing or incorrect default gateway.
Windows IPv4 ARP Table
The arp Windows command displays and modifies entries in the ARP cache that are used to store IPv4 addresses and their resolved Ethernet physical (MAC) addresses. As shown in the command output, the arp Windows command lists all devices that are currently in the ARP cache. The information that is displayed for each device includes the IPv4 address, physical (MAC) address, and the type of addressing (static or dynamic). The cache can be cleared by using the arp -d Windows command if the network administrator wants to repopulate the cache with updated information. Note: The arp commands in Linux and MAC OS X have a similar syntax. C:\> arp -a Interface: 10.1.10.100 --- 0xd Internet Address Physical Address Type 10.1.10.1 d4-8c-b5-ce-a0-c0 dynamic 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static C:\>
R1 Routing Table
The command output of the show ip route Cisco IOS command is used to verify the default gateway of R1 R1# show ip route | include Gateway|0.0.0.0 Gateway of last resort is 192.168.1.2 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 192.168.1.2 R1#
Check R1 Interface Settings
The command output of the show ipv6 interface GigabitEthernet 0/0/0 on R1 reveals that although the interface has an IPv6 address, it is not a member of the All-IPv6-Routers multicast group FF02::2. This means the router is not enabled as an IPv6 router. Therefore, it is not sending out ICMPv6 RAs on this interface. R1# show ipv6 interface GigabitEthernet 0/0/0 GigabitEthernet0/0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 No Virtual link-local address(es): Global unicast address(es): 2001:DB8:ACAD:1::1, subnet is 2001:DB8:ACAD:1::/64 Joined group address(es): FF02:: 1 FF02::1:FF00:1 (Output omitted) R1#
14. A technician installed a network adapter in a computer and wants to test network connectivity. The ping command can receive responses from workstations on the same subnet but not from remote workstations. What could be causing the problem?
The default gateway is incorrect.
Order of access control entries
The entries in an ACL should be from specific to general. Although an ACL may have an entry to specifically permit a type of traffic flow, packets never match that entry if they are being denied by another entry earlier in the list. If the router is running both ACLs and NAT, the order in which each of these technologies is applied to a traffic flow is important. Inbound traffic is processed by the inbound ACL before being processed by outside-to-inside NAT. Outbound traffic is processed by the outbound ACL after being processed by inside-to-outside NAT.
Use of the established keyword
The established keyword increases the security provided by an ACL. However, if the keyword is applied incorrectly, unexpected results may occur.
12.2.2 Seven-Step Troubleshooting Process
The figure displays a more detailed seven-step troubleshooting process. Notice how some steps interconnect. This is because, some technicians may be able to jump between steps based on their level of experience. 1. Define Problem 2. Gather Information 3. Analyze Information 4. Eliminate Possible Causes 5. Solve the Problem and Document Solution 6. Test Hypothesis 7. Propose Hypothesis
Divide-and-Conquer
The figure shows the divide-and-conquer approach to troubleshooting a networking problem. The network administrator selects a layer and tests in both directions from that layer. In divide-and-conquer troubleshooting, you start by collecting user experiences of the problem, document the symptoms and then, using that information, make an informed guess as to which OSI layer to start your investigation. When a layer is verified to be functioning properly, it can be assumed that the layers below it are functioning. The administrator can work up the OSI layers. If an OSI layer is not functioning properly, the administrator can work down the OSI layer model. For example, if users cannot access the web server, but they can ping the server, then the problem is above Layer 3. If pinging the server is unsuccessful, then the problem is likely at a lower OSI layer. Application Transport (Start Here) - Or - Network (Start Here) - Or - Data Link (Start Here) Physical
Define the Problem
The goal of this stage is to verify that there is a problem and then properly define what the problem is. Problems are usually identified by a symptom (e.g., the network is slow or has stopped working). Network symptoms may appear in many different forms, including alerts from the network management system, console messages, and user complaints. While gathering symptoms, it is important to ask questions and investigate the issue in order to localize the problem to a smaller range of possibilities. For example, is the problem restricted to a single device, a group of devices, or an entire subnet or network of devices? In an organization, problems are typically assigned to network technicians as trouble tickets. These tickets are created using trouble ticketing software that tracks the progress of each ticket. Trouble ticketing software may also include a self-service user portal to submit tickets, access to a searchable trouble tickets knowledge base, remote control capabilities to solve end-user issues, and more.
PC1 Addressing
The ipconfig Windows command is used to verify that a PC1 has an IPv6 default gateway. In the command output, PC1 is missing an IPv6 global unicast address and an IPv6 default gateway. PC1 is enabled for IPv6 because it has an IPv6 link-local address. The link-local address is automatically created by the device. Checking the network documentation, the network administrator confirms that hosts on this LAN should be receiving their IPv6 address information from the router using SLAAC. Note: In this example, other devices on the same LAN using SLAAC would also experience the same problem receiving IPv6 address information. C:\> ipconfig Windows IP Configuration Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . : fe80::5075:d0ff:fe8e:9ad8%13 IPv4 Address . . . . . . . . . . : 10.1.10.10 Subnet Mask . . . . . . . . . . : 255.255.255.0 Default Gateway. . . . . . . . . : 10.1.10.1 C:\>
12.1.7 Step 3 - Determine the Baseline Duration
The length of time and the baseline information being gathered must be long enough to determine a "normal" picture of the network. It is important that daily trends of network traffic are monitored. It is also important to monitor for trends that occur over a longer period, such as weekly or monthly. For this reason, when capturing data for analysis, the period specified should be, at a minimum, seven days long. The figure displays examples of several screenshots of CPU utilization trends captured over a daily, weekly, monthly, and yearly period. 48.036.024.012.00.02018161412108642022201816141244.033.022.011.00.0SunSatFriThuWedTueMonSunSat4.03.02.01.00.0FebJanDecNovOctSepAugJulJunMayAprMarFeb24.018.012.06.00.0Week 09Week 08Week 07Week 06Week 05 Daily Graph (5 minute Average)Weekly Graph (2 Hour Average)Monthly Graph (30 Minute Average)Yearly Graph (1 day Average)CPU UtilizationCPU UtilizationCPU UtilizationCPU UtilizationMax Load: 46% Average Load: 3% Current Load: 1%Max Load: 43% Average Load: 2% Current Load: 1%Max Load: 43% Average Load: 2% Current Load: 1%Max Load: 43% Average Load: 0% Current Load: 1% In this example, notice that the work week trends are too short to reveal the recurring utilization surge every weekend on Saturday evening, when a database backup operation consumes network bandwidth. This recurring pattern is revealed in the monthly trend. A yearly trend as shown in the example may be too long of a duration to provide meaningful baseline performance details. However, it may help identify long term patterns which should be analyzed further. Typically, a baseline needs to last no more than six weeks, unless specific long-term trends need to be measured. Generally, a two-to-four-week baseline is adequate. Baseline measurements should not be performed during times of unique traffic patterns, because the data would provide an inaccurate picture of normal network operations. Conduct an annual analysis of the entire network, or baseline different sections of the network on a rotating basis. Analysis must be conducted regularly to understand how the network is affected by growth and other changes.
Windows IPv6 Neighbor Table
The netsh interface ipv6 show neighbor Windows command output lists all devices that are currently in the neighbor table. The information that is displayed for each device includes the IPv6 address, physical (MAC) address, and the type of addressing. By examining the neighbor table, the network administrator can verify that destination IPv6 addresses map to correct Ethernet addresses. The IPv6 link-local addresses on all interfaces of R1 have been manually configured to FE80::1. Similarly, R2 has been configured with the link-local address of FE80::2 on its interfaces and R3 has been configured with the link-local address of FE80::3 on its interfaces. Remember, link-local addresses must be unique on the link or network. Note: The neighbor table for Linux and MAC OS X can be displayed using ip neigh show command. C:\> netsh interface ipv6 show neighbor Internet Address Physical Address Type -------------------------------------------- ----------------- ----------- fe80::9657:a5ff:fe0c:5b02 94-57-a5-0c-5b-02 Stale fe80::1 d4-8c-b5-ce-a0-c0 Reachable (Router) ff02::1 33-33-00-00-00-01 Permanent ff02::2 33-33-00-00-00-02 Permanent ff02::16 33-33-00-00-00-16 Permanent ff02::1:2 33-33-00-01-00-02 Permanent ff02::1:3 33-33-00-01-00-03 Permanent ff02::1:ff0c:5b02 33-33-ff-0c-5b-02 Permanent ff02::1:ff2d:a75e 33-33-ff-2d-a7-5e Permanent
12.1.4 Establish a Network Baseline
The purpose of network monitoring is to watch network performance in comparison to a predetermined baseline. A baseline is used to establish normal network or system performance to determine the "personality" of a network under normal conditions. Establishing a network performance baseline requires collecting performance data from the ports and devices that are essential to network operation. A network baseline should answer the following questions: How does the network perform during a normal or average day? Where are the most errors occurring? What part of the network is most heavily used? What part of the network is least used? Which devices should be monitored and what alert thresholds should be set? Can the network meet the identified policies? Measuring the initial performance and availability of critical network devices and links allows a network administrator to determine the difference between abnormal behavior and proper network performance, as the network grows, or traffic patterns change. The baseline also provides insight into whether the current network design can meet business requirements. Without a baseline, no standard exists to measure the optimum nature of network traffic and congestion levels. Analysis after an initial baseline also tends to reveal hidden problems. The collected data shows the true nature of congestion or potential congestion in a network. It may also reveal areas in the network that are underutilized, and quite often can lead to network redesign efforts, based on quality and capacity observations. The initial network performance baseline sets the stage for measuring the effects of network changes and subsequent troubleshooting efforts. Therefore, it is important to plan for it carefully.
STP failures or loops
The purpose of the Spanning Tree Protocol (STP) is to resolve a redundant physical topology into a tree-like topology by blocking redundant ports. Most STP problems are related to forwarding loops that occur when no ports in a redundant topology are blocked and traffic is forwarded in circles indefinitely. This causes excessive flooding because of a high rate of STP topology changes. A topology change should be a rare event in a well-configured network. When a link between two switches goes up or down, there is eventually a topology change when the STP state of the port is changing to or from forwarding. However, when a port is flapping (oscillating between up and down states), this causes repetitive topology changes and flooding, or slow STP convergence or re-convergence. This can be caused by a mismatch between the real and documented topology, a configuration error, such as an inconsistent configuration of STP timers, an overloaded switch CPU during convergence, or a software defect.
show ip access-lists
The show ip access-lists command displays that the ACL is configured correctly, as shown in the command output. R3# show ip access-lists Extended IP access list 100 10 deny ip 172.16.1.0 0.0.0.255 any (108 matches) 20 permit ip any any (28 matches) R3#
IOS IPv6 Neighbor Table
The show ipv6 neighbors command output displays an example of the neighbor table on the Cisco IOS router. Note: The neighbor states for IPv6 are more complex than the ARP table states in IPv4. Additional information is contained in RFC 4861. R1# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FE80::21E:7AFF:FE79:7A81 8 001e.7a79.7a81 STALE Gi0/0 2001:DB8:ACAD:1:5075:D0FF:FE8E:9AD8 0 5475.d08e.9ad8 REACH Gi0/0
Router Device Documentation
The table displays sample network device documentation for two interconnecting routers. Central ISR 4321 Central Edge RouterBuilding A Rm: 137 Cisco IOS XE Software, Version 16.09.04 flash:isr4300-universalk9_ias.16.09.04.SPA.bin ipbasek9 securityk9 Interface Description IPv4 Address IPv6 Address MAC Address Routing G0/0/0 Connects to SVR-1 10.0.0.1/30 2001:db8:acad:1::1/64 a03d.6fe1.e180 OSPF G0/0/1 Connects to Branch-1 10.1.1.1/30 2001:db8:acad:a001::1/64 a03d.6fe1.e181 OSPFv3 G0/1/0 Connects to ISP 209.165.200.226/30 2001:db8:feed:1::2/64 a03d.6fc3.a132 Default S0/1/1 Connects to Branch-2 10.1.1.2/24 2001:db8:acad:2::1/64 n/a OSPFv3 Branch-1 ISR 4221 Branch-2 Edge Router Building B Rm: 107 Cisco IOS XE Software, Version 16.09.04 flash:isr4200-universalk9.16.09.04.SPA.bin ipbasek9 securityk9 Interface Description IPv4 Address IPv6 Address MAC Address Routing G0/0/0 Connects to S1 Router-on-a-stick Router-on-a-stick a03d.6fe1.9d90 OSPF G0/0/1 Connects to Central 10.1.1.2/30 2001:db8:acad:a001::2/64 a03d.6fe1.9d91 OSPF
12.4.5 Transport Layer Troubleshooting - NAT for IPv4
There are several problems with NAT, such as not interacting with services like DHCP and tunneling. These can include misconfigured NAT inside, NAT outside, or ACLs. Other issues include interoperability with other network technologies, especially those that contain or derive information from host network addressing in the packet. The figure summarizes common interoperability areas with NAT. 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical Common Interoperability Areas: BOOTP and DHCP DNS and WINS SNMP Tunneling and encryption protocols
12.2.6 Structured Troubleshooting Methods
There are several structured troubleshooting approaches that can be used. Which one to use will depend on the situation. Each approach has its advantages and disadvantages. This topic describes methods and provides guidelines for choosing the best method for a specific situation. Click each button for a description of the different troubleshooting approaches that can be used. (On cards 63-69).
Network is operating below baseline performance levels
There are two distinct types of suboptimal Layer 2 operation that can occur in a network. First, the frames take a suboptimal path to their destination but do arrive causing the network to experience unexpected high-bandwidth usage on links. Second, some frames are dropped as identified through error counter statistics and console error messages that appear on the switch or router. An extended or continuous ping can help reveal if frames are being dropped.
Check the Switch MAC Table
There were no configuration changes on the router, so S1 is the focus of the troubleshooting. The MAC address table for S1, as shown in the command output, shows that the MAC address for R1 is on a different VLAN than the rest of the 10.1.10.0/24 devices, including PC1. S1# show mac address-table Mac Address Table -------------------------------------------- Vlan Mac Address Type Ports All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU 1 d48c.b5ce.a0c0 DYNAMIC Fa0/1 10 000f.34f9.9201 DYNAMIC Fa0/5 10 5475.d08e.9ad8 DYNAMIC Fa0/13 Total Mac Addresses for this criterion: 5 S1#
12.5.13 Packet Tracer - Troubleshoot Enterprise Networks
This activity uses a variety of technologies you have encountered during your CCNA studies, including routing, port security, EtherChannel, DHCP, and NAT. Your task is to review the requirements, isolate and resolve any issues, and then document the steps you took to verify the requirements. Troubleshoot Enterprise Networks Troubleshoot Enterprise Networks
Substitution
This approach is also called swap-the-component because you physically swap the problematic device with a known, working one. If the problem is fixed, then the problem is with the removed device. If the problem remains, then the cause may be elsewhere. In specific situations, this can be an ideal method for quick problem resolution, such as with a critical single point of failure. For example, a border router goes down. It may be more beneficial to simply replace the device and restore service, rather than to troubleshoot the issue. If the problem lies within multiple devices, it may not be possible to correctly isolate the problem.
Educated Guess
This approach is also called the shoot-from-the-hip troubleshooting approach. This is a less-structured troubleshooting method that uses an educated guess based on the symptoms of the problem. Success of this method varies based on your troubleshooting experience and ability. Seasoned technicians are more successful because they can rely on their extensive knowledge and experience to decisively isolate and solve network issues. With a less-experienced network administrator, this troubleshooting method may too random to be effective.
Comparison
This approach is also called the spot-the-differences approach and attempts to resolve the problem by changing the nonoperational elements to be consistent with the working ones. You compare configurations, software versions, hardware, or other device properties, links, or processes between working and nonworking situations and spot significant differences between them. The weakness of this method is that it might lead to a working solution, without clearly revealing the root cause of the problem.
show tech-support
This command is useful for collecting a large amount of information about the device for troubleshooting purposes. It executes multiple show commands which can be provided to technical support representatives when reporting a problem
Follow-the-Path
This is one of the most basic troubleshooting techniques. The approach first discovers the traffic path all the way from source to destination. The scope of troubleshooting is reduced to just the links and devices that are in the forwarding path. The objective is to eliminate the links and devices that are irrelevant to the troubleshooting task at hand. This approach usually complements one of the other approaches.
LAN Switch Device Documentation
This table displays sample device documentation for a LAN switch. S1 Cisco Catalyst WS-C2960-24TC-L Branch-1 LAN1 switch 192.168.77.2/24 IOS: 15.0(2)SE7 Image: C2960-LANBASEK9-M Domain: CCNA Mode: Server Port Description Access VLAN Trunk EtherChannel Native Enabled Fa0/1 Port Channel 1 trunk to S2 Fa0/1 - - Yes Port-Channel 1 99 Yes Fa0/2 Port Channel 1 trunk to S2 Fa0/2 - - Yes Port-Channel 1 99 Yes Fa0/3 *** Not in use *** Yes 999 - - Shut Fa0/4 *** Not in use *** Yes 999 - - Shut Fa0/5 Access port to user Yes 10 - - Yes ... - - - Fa0/24 Access port to user Yes 20 - - Yes Fa0/24 *** Not in use *** Yes 999 - - Shut G0/1 Trunk link to Branch-1 - - Yes - 99 Yes G0/2 *** Not in use *** Yes 999 -
Troubleshooting IP Connectivity 12.5.1 Components of Troubleshooting End-to-End Connectivity
This topic presents a single topology and the tools to diagnose, and in some cases solve, an end-to-end connectivity problem. Diagnosing and solving problems is an essential skill for network administrators. There is no single recipe for troubleshooting, and a problem can be diagnosed in many ways. However, by employing a structured approach to the troubleshooting process, an administrator can reduce the time it takes to diagnose and solve a problem. Throughout this topic, the following scenario is used. The client host PC1 is unable to access applications on Server SRV1 or Server SRV2. The figure shows the topology of this network. PC1 uses SLAAC with EUI-64 to create its IPv6 global unicast address. EUI-64 creates the Interface ID using the Ethernet MAC address, inserting FFFE in the middle, and flipping the seventh bit. R1R2R3S1S3PC1S2SRV1SRV210.1.10.10/242001:db8:acad:1:5075:d0ff:fe8e:9ad8/642001:db8:acad:1::/642001:db8:acad:2::/642001:db8:acad:3::/642001:db8:acad:4::/6410.1.10.0/24172.16.1.0/24192.168.1.0/30192.168.1.4/30S0/1/0:2.2S0/1/1:1.5S0/1/0.1S0/1/1.6:2G0/0/0.1:1G0/0/0.1:1172.16.1.100/242001:db8:acad:4::100/6410.1.10.100/242001:db8:acad:1::100/64:1 MAC Address: 5475.D08E.9AD8 When there is no end-to-end connectivity, and the administrator chooses to troubleshoot with a bottom-up approach, the following are common steps the administrator can take: (On cards 188-195).
12.2.4 Gather Information
To gather symptoms from suspected networking device, use Cisco IOS commands and other tools such as packet captures and device logs. The table describes common Cisco IOS commands used to gather the symptoms of a network problem. (On cards 52-59).
12.2.7 Guidelines for Selecting a Troubleshooting Method
To quickly resolve network problems, take the time to select the most effective network troubleshooting method. The figure illustrates which method could be used when a certain type of problem is discovered. Define Problem Determine the type of problem. Analyze the symptoms. Apply previous experiences. Type of Problem Software-Oriented Hardware/Cable-oriented or Complex New Problem Experienced Before Troubleshooting Method Top-Down Method Bottom-Up Method Divide-and-Conquer Method
Verify PC1 Has an IPv6 Default Gateway
To verify that PC1 has the default gateway set, use the ipconfig command on the Microsoft Windows PC or the netstat -r or ip route command on Linux and Mac OS X. In the, PC1 has an IPv6 global unicast address and an IPv6 default gateway. The default gateway is set to the link-local address of router R1, fe80::1. C:\> ipconfig Windows IP Configuration Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . : 2001:db8:acad:1:5075:d0ff:fe8e:9ad8 Link-local IPv6 Address . . . . : fe80::5075:d0ff:fe8e:9ad8%13 IPv4 Address . . . . . . . . . . : 10.1.10.10 Subnet Mask . . . . . . . . . . : 255.255.255.0 Default Gateway. . . . . . . . . : fe80::1 10.1.10.1 C:\>
7. Which structured troubleshooting method should be used when a software orientated problem occurs?
Top-down Troubleshooting Method
Selection of traffic flow
Traffic is defined by both the router interface through which the traffic is traveling and the direction in which this traffic is traveling. An ACL must be applied to the correct interface, and the correct traffic direction must be selected to function properly.
12.4.2 Data Link Layer Troubleshooting
Troubleshooting Layer 2 problems can be a challenging process. The configuration and operation of these protocols are critical to creating a functional, well-tuned network. Layer 2 problems cause specific symptoms that, when recognized, will help identify the problem quickly. The figure summarizes the symptoms and causes of data link layer network problems. 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical Symptoms: No functionality or connectivity at network layer or above Network operating below baseline performance levels Excessive broadcasts Console messages Causes: Encapsulation errors Address mapping errors Framing errors STP failure or loops
Troubleshooting Process 12.2.1 General Troubleshooting Procedures
Troubleshooting can be time consuming because networks differ, problems differ, and troubleshooting experience varies. However, experienced administrators know that using a structured troubleshooting method will shorten overall troubleshooting time. Troubleshooting can be time consuming because networks differ, problems differ, and troubleshooting experience varies. However, experienced administrators know that using a structured troubleshooting method will shorten overall troubleshooting time. There are several troubleshooting processes that can be used to solve a problem. The figure displays the logic flowchart of a simplified three-stage troubleshooting process. However, a more detailed process may be more helpful to solve a network problem. Stage 1: Gather Symptoms Stage 2: Isolate the Problem Stage 3: Implement Corrective Action No Problem Fixed? Yes If it did not fix the problem or if it created another problem, undo corrective action and start again. Stage 4: Document solution and save changes.
12.1.6 Step 2 - Identify Devices and Ports of Interest
Use the network topology to identify those devices and ports for which performance data should be measured. Devices and ports of interest include the following: Network device ports that connect to other network devices Servers Key users Anything else considered critical to operations A logical network topology can be useful in identifying key devices and ports to monitor. In the figure, the network administrator has highlighted the devices and ports of interest to monitor during the baseline test. S0/1/1PC1PC2ISPPC3Branch-1Branch-2S1S2S3Svr1Svr2G0/0/0CentralG0/0/1G0/0/1G0/1/0S0/1/1G0/0/0Fa0/1Fa0/2Fa0/1Fa0/2Fa0/5Fa0/5G0/1192.168.10.10192.168.20.10Fa0/5G0/1G0/0/0209.165.201.1010.0.0.0/30.2209.165.200.224/30.22610.2.2.0/3010.1.1.0/30TrunkLAN 3192.168.30.0/24.225Po1192.168.77.2192.168.77.3.2.2.2.1.1.1.10.1 VLANNameNetwork10LAN-1192.168.10.0/2420LAN-2192.168.20.0/2477Management192.168.77.0/2499Native17999Unused30 The devices of interest include PC1 (the Admin terminal), and the two servers (i.e., Srv1 and Svr2). The ports of interest typically include router interfaces and key ports on switches. By shortening the list of ports that are polled, the results are concise, and the network management load is minimized. Remember that an interface on a router or switch can be a virtual interface, such as a switch virtual interface (SVI).
12.5.2 End-to-End Connectivity Problem Initiates Troubleshooting
Usually what initiates a troubleshooting effort is the discovery that there is a problem with end-to-end connectivity. Two of the most common utilities used to verify a problem with end-to-end connectivity are ping and traceroute, as shown in the figure. R1R2R3S1S3S2SRV2PC1SRV12001:db8:acad:1:5075:d0ff:fe8e:9ad8/64S0/1/0:2.2S0/1/1:1.5S0/1/0.1S0/1/1.6:2:1G0/0/0.1:1G0/0/0.1:1172.16.1.100/242001:db8:acad:4::100/6410.1.10.10/24 MAC Address: 5475.D08E.9AD8Use ping and traceroute tools.
Step 4.
Verify that the default gateway is correct.
Step 7.
Verify that there are no ACLs blocking traffic.
Step 6.
Verify the transport layer is functioning properly. Telnet can also be used to test transport layer connections from the command line.
show ip interfaces
We can verify which interface has the ACL applied using the show ip interfaces serial 0/1/1 command and the show ip interfaces gig 0/0/0 command. The output reveals that the ACL was never applied to the inbound interface on Serial 0/0/1 but it was accidentally applied to the G0/0/0 interface, blocking all outbound traffic from the 172.16.1.0/24 network. R3# show ip interface serial 0/1/1 | include access list Outgoing Common access list is not set Outgoing access list is not set Inbound Common access list is not set Inbound access list is not set R3# R3# show ip interface gig 0/0/0 | include access list Outgoing Common access list is not set Outgoing access list is not set Inbound Common access list is not set Inbound access list is 100 R3#
Introduction 12.0.1 Why should I take this module?
Welcome to Network Troubleshooting! Who is the best network administrator that you have ever seen? Why do you think this person is so good at it? Likely, it is because this person is really good at troubleshooting network problems. They are probably experienced administrators, but that is not the whole story. Good network troubleshooters generally go about this in a methodical fashion, and they use all of the tools available to them. The truth is that the only way to become a good network troubleshooter is to always be troubleshooting. It takes time to get good at this. But luckily for you, there are many, many tips and tools that you can use. This module covers the different methods for network troubleshooting and all of the tips and tools you need to get started. This module also has two really good Packet Tracer activities to test your new skills and knowledge. Maybe your goal should be to become the best network administrator that someone else has ever seen!
Ask pertinent questions.
What does not work? What exactly is the problem? What are you trying to accomplish?
Determine if anything has changed.
What has changed since the last time it did work?
Use questions to eliminate or discover possible problems.
What works? What does not work?
8. Which troubleshooting software is an example of a network management system tool?
WhatsUp Gold
Switch MAC Address Table
When a destination MAC address is found in the switch MAC address table, the switch forwards the frame only to the port of the device that has that MAC address. To do this, the switch consults its MAC address table. The MAC address table lists the MAC address connected to each port. Use the show mac address-table command to display the MAC address table on the switch. An example of a switch MAC address table is shown in the command output. Notice how the MAC address for PC1, a device in VLAN 10, has been discovered along with the S1 switch port to which PC1 attaches. Remember, the MAC address table of switch only contains Layer 2 information, including the Ethernet MAC address and the port number. IP address information is not included. S1# show mac address-table Mac Address Table -------------------------------------------- Vlan Mac Address Type Ports All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU 10 d48c.b5ce.a0c0 DYNAMIC Fa0/4 10 000f.34f9.9201 DYNAMIC Fa0/5 10 5475.d08e.9ad8 DYNAMIC Fa0/13 Total Mac Addresses for this criterion: 5
12.1.5 Step 1 - Determine What Types of Data to Collect
When conducting the initial baseline, start by selecting a few variables that represent the defined policies. If too many data points are selected, the amount of data can be overwhelming, making analysis of the collected data difficult. Start out simply and fine-tune along the way. Some good starting variables are interface utilization and CPU utilization.
Selection of transport layer protocol
When configuring ACLs, it is important that only the correct transport layer protocols be specified. Many network administrators, when unsure whether a type of traffic flow uses a TCP port or a UDP port, configure both. Specifying both opens a hole through the firewall, possibly giving intruders an avenue into the network. It also introduces an extra element into the ACL, so the ACL takes longer to process, introducing more latency into network communications.
12.1.8 Data Measurement
When documenting the network, it is often necessary to gather information directly from routers and switches. Obvious useful network documentation commands include ping, traceroute, and telnet, as well as show commands. The table lists some of the most common Cisco IOS commands used for data collection. (On cards 17-26).
Determine when the problem occurred / occurs.
When exactly does the problem occur? When was the problem first noticed? Were there any error message(s) displayed?
Implicit deny any
When high security is not required on the ACL, this implicit access control element can be the cause of an ACL misconfiguration.
Propose Hypothesis
When the most probable cause has been identified, a solution must be formulated. At this stage, troubleshooting experience is very valuable when proposing a plan.
Solve the problem
When the problem is solved, inform the users and anyone involved in the troubleshooting process that the problem has been resolved. Other IT team members should be informed of the solution. Appropriate documentation of the cause and the fix will assist other support technicians in preventing and solving similar problems in the future.
12.5.5 Step 3 - Verify Addressing on the Local Network
When troubleshooting end-to-end connectivity, it is useful to verify mappings between destination IP addresses and Layer 2 Ethernet addresses on individual segments. In IPv4, this functionality is provided by ARP. In IPv6, the ARP functionality is replaced by the neighbor discovery process and ICMPv6. The neighbor table caches IPv6 addresses and their resolved Ethernet physical (MAC) addresses. Click each button for an example and explanation of the command to verify Layer 2 and Layer 3 addressing. (On cards 211-214).
12.5.9 Step 5 - Verify Correct Path
When troubleshooting, it is often necessary to verify the path to the destination network. The figure shows the reference topology indicating the intended path for packets from PC1 to SRV1. R2R3S1S3PC1S2SRV1SRV2R110.1.10.10/242001:db8:acad:1:5075:d0ff:fe8e:9ad8/642001:db8:acad:1::/642001:db8:acad:2::/642001:db8:acad:3::/642001:db8:acad:4::/6410.1.10.0/24172.16.1.0/24192.168.1.0/30192.168.1.4/30S0/1/0:2.2S0/1/1:1.5S0/1/0.1S0/1/1.6:2:1G0/0/0.1:1G0/0/0.1:1172.16.1.100/242001:db8:acad:4::100/6410.1.10.100/242001:db8:acad:1::100/64 Use show ip route and show ipv6 route commands.
IPv6 ping and traceroute
When using these utilities, the Cisco IOS utility recognizes whether the address is an IPv4 or IPv6 address and uses the appropriate protocol to test connectivity. The command output shows the ping and traceroute commands on router R1 used to test IPv6 connectivity. R1# ping 2001:db8:acad:4::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:ACAD:4::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms R1# R1# traceroute 2001:db8:acad:4::100 Type escape sequence to abort. Tracing the route to 2001:DB8:ACAD:4::100 1. 2001:DB8:ACAD:2::2 20 msec 20 msec 20 msec 2. 2001:DB8:ACAD:3::2 44 msec 40 msec 40 msec R1#
Determine the scope of the problem.
Who does this issue affect? Is it just you or others? What device is this happening on?
5. While designing changes to a data center because of a new IoE implementation, a network administrator has the job of diagramming the new physical topology of the area. What should be included in the physical topology diagram?
cable locations and lengths between servers and switches
7. Which troubleshooting tool can be used to pinpoint the distance to a break in a network cable?
cable tester
12. When should a network performance baseline be measured?
during normal work hours of an organization
3. A computer technician performed a number of actions to correct a problem. Some actions did not solve the problem, but eventually a solution was found. What should be documented?
everything that was done to try to solve the problem
4. A network engineer is troubleshooting a network problem and can successfully ping between two devices. However, Telnet between the same two devices does not work. Which OSI layers should the administrator investigate next?
from the network layer to the application layer
10. After which step in the network troubleshooting process would one of the layered troubleshooting methods be used?
gathering symptoms from suspect devices
1. Which topology diagram displays IP addresses?
logical topology
11. A company is setting up a web site with SSL technology to protect the authentication credentials required to access the web site. A network engineer needs to verify that the setup is correct and that the authentication is indeed encrypted. Which tool should be used?
protocol analyzer
5. Which command could be used to get detailed information about directly connected Cisco neighbor devices?
show cdp neighbor
4. During the gathering information step, which command would display the configured protocols and the global and interface-specific status of any configured Layer 3 protocol?
show protocols
6. Which IOS command can be used to test if other network protocols are working?
telnet
15. What network troubleshooting capability is provided by a cable analyzer?
testing and certifying of copper and fiber cables
2. A network engineer is troubleshooting a network problem where users cannot access the FTP server at the same IP address where a website can be successfully accessed. Which troubleshooting method would be the best to apply in this case?
top-down