As a network administrator, network administrators always encounter various problems during their work, especially when encountering some unfamiliar networks. For example, we provide fiber optic network services for a certain unit in this city, although the switch device is not provided by us, due to frequent packet loss in the network of the Organization recently, the network administrator of the Organization provides us with the logon password of the switch, I hope we can help him find network faults. Next we will introduce the methods and techniques for locating network faulty nodes in conjunction with the troubleshooting process.
I. Use switch fault logs as first-hand Materials
The premise of determining a network failure is to have a clear understanding of the network topology. However, when troubleshooting a relatively unfamiliar network, familiarity with the network is an incremental process, if problems are quickly detected and fault points are determined, it is an effective method to view the log information on the switch. This Organization's networking mainly uses Huawei 3500 and H3C3100 switches, all of which support the Log Viewing function, facilitating us to quickly locate the cause of the fault. Log on to the Huawei 3500 switch and see a large amount of information as follows:
% Nov 11 07:50:10 2010 rcq_3526 SYSM/5/ip move: Rcv src IP packet from port 3 but it's nexthop arp 219. *. *. 72 with 000f-e23f-3180 resided in port 26
Through the analysis of the above information, we can conclude that one IP address is 219. *. *. for 72 network devices, ARP Address Spoofing attacks are performed on Port 3 of the Huawei 3500 vswitch. The following is how to determine the VLAN in which the IP address is located, the IP address is located on the port of the vswitch. The following useful information is displayed:
Vlan 101
Description link *****
Interface Vlan-interface101
Description link *****
Ip address 219. *. *. 65 255.255.255.240
Based on the description information displayed on the vswitch, we can determine that the IP address belongs to VLAN101, and the description information can also roughly determine that the VLAN is the unit of connection, however, as a network administrator, we also know that many of the descriptions on the vswitch are written in the initial configuration. In many cases, the network connection is changed but the description is not modified in time, so what we need to do is verify that the IP address and the gateway belong to the same network segment. The Network Manager of this organization has already told us that he is used to using the smallest address in the network as the gateway address. According to this rule, 219 is displayed. *. *. 72 and 219. *. *. 65 when the subnet mask is 255.255.255.255.255.240, it should belong to a network segment. However, to clarify this problem, we should introduce in detail the judgment method.
2. fully understand and flexibly apply IP addresses, subnet masks, and gateways
In the preceding example, the subnet mask is 255.255.255.255.240, indicating that only 4th IP addresses in the CIDR block are different. First, we will convert 248 in the subnet mask to 11110000 in binary format, then, 65 and 72 are converted into binary numbers respectively, and the subnet mask is operated as follows:
Decimal number binary number
6501000001
7201001000
24011110000
65 and subnet mask and calculation result 01000000
72. subnet mask and calculation result 01000000
As shown in the preceding figure, if 65 and 72 are the same as the subnet mask, 219 is displayed. *. *. 65 and 219. *. *. 72 belongs to the same network segment. Knowledge of IP addresses, subnet masks, and gateways is the basic knowledge of computer networks. However, skilled and flexible applications are essential for us to judge network faults. If the IP address in the network cannot be determined through the subnet mask correctly, the IP address that does not belong to this network segment will be set to the corresponding port, resulting in network failure, fortunately, this phenomenon does not appear in this example.
3. Use IP address conflicts to find the node of the faulty network
View the configuration information through dis cu. We found Port 3 is set to TRUNK mode, which allows multiple VLANs including VLAN101 to pass through. As follows:
Interface Ethernet0/3
Port link-type trunk
Port trunk, permit, vlan 101, 109
Port 3 is connected to a H3C3100 switch. multiple ports belong to VLAN101, but the network device address under which port is 219 cannot be known at the moment because the description is incomplete. *. *. 72. It is a solution to go to the device where the H3C switch is placed for troubleshooting, But it saves time and effort and we will adopt another method, that is, on the Huawei 3500 switch, we set a spare port to VLAN101, and set the IP address of our laptop to 219. *. *. 72. The IP address conflict prompt is immediately displayed in the event viewer.
Then, we log on to the H3C3100 switch and run the shutdown operation on all the three ports belonging to VLAN101. Then, we run the undo shutdown operation in sequence. Each time we run the undo shutdown operation, unplug the network cable from your laptop once. If an IP address conflict occurs, it indicates that the network connected to this port has 219. *. *. in fact, we are very lucky to find a faulty network node when trying the first port and reset the network port to shutdown, when the other two ports are set to the undo shutdown status, log on to the Huawei 3500 switch and find that no new alarm information is generated. Ask the units associated with the switch, also, no packet loss is returned.
Despite some twists and turns, the troubleshooting of this network fault was successfully solved, especially when looking for faulty network nodes, the IP address conflict was set, network faults can be solved by means of network faults. This is a way to learn and use network knowledge.