Network Trouble shooting Skills Essence

We have introduced an article on how to choose the method of network fault elimination, and introduced three kinds of network troubleshooting methods. Here we return to the topic, through concrete examples to help you troubleshoot network failures.

Before you begin, let's briefly review the three methods that have been introduced. >

Bottom-up approach: Start at the bottom of the OSI model, in order.

Top-down approach: Starting at the top of the OSI model, in sequence.

Divide-and-conquer approach: start at a specific layer of the OSI model to determine whether the problem is at that level, or upper or lower.

It is easy to understand these methods theoretically, but how to use them in practical application to solve practical problems? Take a look at several examples of using bottom-up and divide-and-conquer methods. (because the method from top to bottom is actually the reverse method from bottom to top, so do not introduce.) )

From the bottom of the first

Application: When the user calls from the remote address to say that the computer can not work, he used the applications need network access.

Start: First look at the user 1 level of connectivity (such as physical layer). For example, you can let the user see if the network cable is connected to the port and the device on the wall. For most users, it is much easier to let them see the status of the switch port LEDs than to explain to them what a network cable is.

Ideally, the switch is well managed and has a complete network recording document. As a result, it is known that the user uses a wall outlet port number of 12, and that the 12th port is connected to the 11th port in the switch terminal cabinet. (Note that if an administrator does not have this information, he needs to ask the user for this information.) (Computer science)

Method 1: Then remotely log on to the Cisco switch and use the show ip interface Brief command. You can get information for list A.

List A

switch# show ip interface brief interface ip-address OK?       Method Status Protocol Vlan1 10.1.1.1 YES NVRAM up FASTETHERNET0/1 unassigned Yes unset up FASTETHERNET0/2 unassigned Yes unset down FASTETHERNET0/3 unas     Signed yes unset down FASTETHERNET0/4 unassigned Yes unset down down FASTETHERNET0/5 Unassigned Yes unset down FASTETHERNET0/6 unassigned Yes unset down down fastethe
RNET0/7 Unassigned Yes unset down the FASTETHERNET0/8 unassigned Yes unset down           FASTETHERNET0/9 Unassigned Yes unset up FASTETHERNET0/10 unassigned Yes unset up           Up FASTETHERNET0/11 unassigned Yes unset down FASTETHERNET0/12 unassigned Yes unset up Up FASTETHERNET0/13 unassigned YES unset up FASTETHERNET0/14 Unassigned Yes unset up FASTETHERNET0/15 unassigned Yes unset down         Down FASTETHERNET0/16 unassigned Yes unset down FASTETHERNET0/17 unassigned Yes unset down Down FASTETHERNET0/18 unassigned Yes unset down FASTETHERNET0/19 unassigned Yes Unse      T down FASTETHERNET0/20 unassigned YES unset down FASTETHERNET0/21 unassigned Yes unset down FASTETHERNET0/22 unassigned Yes unset down FASTETHERNET0/23 unassign Ed Yes unset up and fastethernet0/24 unassigned Yes unset up switch#

By looking at this output, we can see that the FASTETHERNET0/11 port is not working. Because this is the first level of failure, let the user locate the switch port along the network cable on the PC's network card.

Method 2: What if this is not the problem? What if the user is using port number 14th? Since there is a connection, the net is through. What should we do next? Use the show interface fastethernet 0/14 command on the switch. Displays as listed in Table B.

List B

switch# Show Interface Fa0/14 FASTETHERNET0/14 are up, line protocol are up (connected) hardware are Fast Ethernet, address Is 0014.1c40.b08e (BIA 0014.1c40.b08e) MTU 1500 bytes, BW 100000 kbit, DLY usec, Reliability 255/255, Txload 1/255, rxload 1/255 encapsulation ARPA, loopback not set Keepalive Set (Ten sec) Half-duplex, 100mb/s, media type is
  100BaseTX input Flow-control is unsupported output Flow-control is unsupported arp type:arpa, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never last clearing of ' show interface ' counters never input queue:0/ 75/0/0 (size/max/drops/flushes); Total output drops:0 queueing Strategy:fifo output Queue:0/40 (Size/max) 5 minute input rate 0 bits/sec, 0 packet S/sec 5 minute output rate bits/sec, 3 packets/sec 96848 packets input, 8083322 bytes, 0 no buffer receiv Ed 9293 broadcasts (0 multicast) 0 runts, 0 giants, 0 throttles 323210 input errors, 123123 CRC, 0 FramE, 0 overrun, 0 ignored 0 watchdog, multicast, 0 pause input 0 input packets with dribble condition detected 10061627 packets output, 866400040 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 Babbles, 0 late collision, 2 deferred 132 lost, no carrier, 0 carrier output 0 output buffer PAUSE, 0 output buffers swapped out switch#

With Table B, we can see that although the network can be connected, there are some first-tier problems.

Method 3: What if the port has a network connection and there are no problems? Next you should look at the second level. Take a look at the example

Switch#show mac Address-table Interface fastethernet 0/14

Hardware Address Table

Vlan Hardware Address Type port number

1 00c0.b768.5409 DYNAMIC FA0/14

Total Mac Addresses for this criterion:1

switch#

If this information conforms to the MAC address on your PC, then you need to determine that there is no unrelated configuration on the switch port. For example:

switch# Show run interface FA0/14
Building configuration ...
Current configuration:82 bytes
interface FASTETHERNET0/14
switchport mode access
Spanning-tree portfast< C5/>end
switch#

Even though there may be a second tier of problems, at least it looks good at this level. Next, look at the third layer. Use the Ipconfig/all command on your PC for checking, as shown in column C of the list.

List C

C:\> Ipconfig/all the Windows IP Configuration Host Name ...: PC100 Primary Dns Suf Fix ...: techrepublic.com Node Type ...: peer-peer IP Routing Enabled. \ \ \ \ \ \ ...: No WINS Proxy Enabled ....... : No DNS Suffix Search List ... : techrepublic.com Ethernet Adapter Local area connection:connection-specific DNS Suffix. : techrepublic.com Description ........... : Intel (R) pro/1000 MT network Connection Physical Address ... . : 00-c0-b7-68-54-09 Dhcp Enabled ..... : Yes autoconfiguration Enabled .... : Yes IP Address ...: 10.80.2.2 Subnet Mask ..........., ... : 255.255.0.0 Default Gateway ... . : 10.80.2.1 DHCP Server ........... : 10.2.1.26 DNS Servers ........... : 10.2.1.26 PrImary WINS server ...: 10.2.1.26 secondary WINS server ..... : 10.2.1.21 Lease obtained ...: Wednesday, November, and 5:43:55 AM Lease Expires. . . . . . . . . . : Thursday, November, 5:43:55 AM

Here, we can see that the PC has an IP address, but is this the right address? This PC gets the 10.80.x.x-range address through DHCP, but now the address is 10.1.x.x.

So, we finally found the problem. The IP address distributed by the DHCP server does not belong to a subnet. This problem occurs when a PC moves from one subnet to another, and the PC still requests the old IP address.

You can try to resolve the problem by having the leased IP address of all the interfaces re delivered to the DHCP server (that is, returning the IP address). Use Ipconfig/release, and then use the Ipconfig/renew command, and then the PC will get the correct IP address, all network applications can be used.

Divide

Hypothetical scenario: A user says that all applications are available except IE browsers. When you try to browse the Web page, you receive a prompt that "no host or DNS errors are found and the Web page cannot be displayed."

How to start: because it's an application-related issue, you might want to take a top-down approach from the application layer of the OSI model. But there are a number of reasons why this can be a mistake.

Take the divide-and-conquer approach and start with what we know. Users say that other applications can work except IE. Problems may arise in local and extranet networks.

Method 1: Since the error report mentions DNS, it can be considered a DNS issue. Since other applications are still working, there may be a local DNS server that provides services to LAN applications.

To detect this theory, we can use the nslookup command to determine if DNS is working. Examples are as follows:

C:\> nslookup www.techrepublic.com
server:dns. techrepublic.com
address:10.2.1.26

non-authoritative Answer:
name:c10-sha-redirect-lb.cnet.com
address:216.239.115.148
Aliases:www.techrepublic.com

This means that DNS is really working, so continue viewing.

Method 2: Does the Web site that the user wants to visit exist on a local or remote subnet? Like an internet site, we call it an external subnet.

Since some connections and other applications are still available, we can view the third layer, the network layer. We use the ipconfig command to see if the Silence Gateway is 10.80.2.1. Now you need to ping the default gateway. As in the following example.

c:\> Ping 10.80.2.1
Pinging 10.80.2.1 with bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.80.2.1:
packets:sent = 4, Received = 0, Lost = 4 (100% loss),

From here, we can determine that there is a problem with the third layer. Silent Gateway deactivated or unreachable.

If the location is a central data center, remote login user default gateway. After landing, use the show ip interface Brief command, as shown in Listing D.

List D

router# show ip interface Brief
interface              ip-address      OK? Method Status       Protocol
serial3/0              unassigned      YES NVRAM  up      
serial3/0.1            10.80.100.2     Yes nvram  up      
serial3/0.2            10.80.100.6     yes nvram           up      
bri3/0                 Unassigned      Yes NVRAM  up      
bri3/0:1               unassigned      Yes unset  Down         down    
bri3/0:2               unassigned      YES unset  down    
Dialer1                10.80.100.10    Yes nvram  up      
Loopback1              unassigned      yes nvram up      
ethernet3/0            10.80.2.1     YES NVRAM  down
router#

With this output, we can determine that the network cable connecting the router to the local switch is not connected. We thought it was the third tier, but the problem was actually the first.

In my opinion, the divide-and-conquer approach requires more network and troubleshooting knowledge. However, this method is also the fastest way to find the problem. Using a troubleshooting method is similar to using an access list, and once you find a match, there is no need to pursue it.