I. Network Complexity
General networks include routing, dialing, switching, video, WAN (ISDN, frame relay, ATM ,...) , LAN, VLAN ,...
Ii. Fault Handling Model
1. Define the Problem)
Detailed and accurate description of fault symptoms and potential causes
2. collect detailed information (Gather Facts) R> Source: key users, network management systems, routers/Switches
1) identify symptoms:
2) Repeat the fault: The verification fault still exists
3) fault frequency investigation:
4) determine the fault scope: There are three methods to establish the fault Scope
Outside-In Troubleshooting: Generally, multiple hosts cannot be connected to one server or server set.
? Inside-Out Troubleshooting ):
? Divide-by-Half Troubleshooting)
3. Consider the possible causes (Consider Possibilities)
4. Create an Action Plan)
5. Deployment of the Action Plan)
Used to correct the cause of network failure. From the most similar fault source, come up with a solution. Each time you complete a step, check whether the fault is resolved.
6. Observe the execution Results of the action plan (Observe Results)
7. If there is an action plan that cannot solve the problem, repeat the above process (Iterate as Needed)
3. record changes
After resolving the problem through the action plan, we recommend that you record the record as part of troubleshooting and record all configuration modifications.
Chapter 2 network documentation
I. Network baseline
The simplest way to solve the network problem is to compare the current configuration with the previous configuration.
The baseline document consists of different networks and system documents, including:
Network configuration table
Network Topology
ES network configuration table
ES Network Topology
Note:
1) determine the document coverage;
2) Consistency: Collects the same information of all devices on the network;
3) Clear goals: understand the purpose of the document;
4) ease of use and access to documents;
5) Maintain and update documents in a timely manner.
Ii. network configuration table
The network configuration table usually aims to provide a list of hardware and software used in the network, which consists:
Hierarchical Project
Miscellaneous information: device name, device model, CPU type, FLASH, DRAM, interface description, user name and password
Layer-3 media type, rate, duplex mode, interface number, connection socket or port
Layer-3 MAC address, STP status, STP root bridge, speed port information, VLAN, Etherchannel configuration, encapsulation, relay status, interface type, port security, VTP status, VTP Mode
Layer-3 IP address, IPX address, HSRP address, subnet mask, routing protocol, ACL, tunnel information, and loop interface
In most cases, the best way to store this information is through workbooks or databases. workbooks are used for small objects and network databases for large networks.
3. Network Topology
The network topology graph shows how the network components are logically connected to each other physically.
1. Composition of the network topology
Hierarchical Project
Miscellaneous information: device name, device model, connection between settings, Interface Description
Layer 3 media type and interface number
Layer-3 MAC address, VLAN, encapsulation, relay status, interface type, DLCI
Layer-3 IP addresses, subnet masks, and routing protocols
For large networks, multiple network topologies can be created. Each topology reflects a separate part.
2. Create a network topology
4. Network Configuration Information discovered
1. Collect vro and layer 3rd switch network configuration information
Show version: displays the device model, Flash, DRAM, and IOS versions.
Show ip interface brief; displays brief interface Information (type, status, Protocol Status, ip address)
Show interface e0/0; displays the details of an interface (MAC, IP, MASK ,...)
Show ip protocols; displays IP route protocol information
Show ip interface e0/0; display the ip protocol information (status, ip address, ACL,…) of the interface ,...)
2. Collect Switch configuration information
Information contained in the vswitch network configuration table: device Name, model, location, Flash, DRAM, CATOS version, management address, VTP domain, VTP mode, port number, port rate, port dual-work, VLAN, STP status, and speed port status, relay status ,...
Show version; display IOS or CATOS version, DRAM, Flash
Show vtp domain; (CatOS) display VTP domain and VTP Mode
Show vtp status; (IOS)
Show interface; (CatOS) display Management interface Information
Show port; (CatOS) displays brief information about each port (number, VLAN, duplex ,...)
Show interface; (IOS)
Show trunk; (CatOS) displays the relay information (mode, encapsulation, allowed port, cropping ,...)
Show interface trunk; (IOS)
Show spantree 45; (CatOS) shows the STP mode, type, status, speed port,...) of the port ,...)
Show spanning-tree 45; (IOS)
3. Information of adjacent CISCO devices is found
CDP (Cisco Discovery Protocol) is a dedicated Protocol for CISCO to identify directly adjacent CISCO device information. CDP operates on layer 2nd.
Show cdp neighbor; displays brief information about adjacent CISCO devices (ID, adjacent interfaces, platforms, etc ,...)
Show cdp neighbor detail; displays the details of adjacent CISCO devices (including layer 3rd Information)
5. process of creating network documents
1. LOGIN; log on to the device and enter privileged mode.
2. Interface discovery; discovery of required information about Devices
3. Document; record the information found in the network configuration table.
4. digoal: transmit the required information from the network configuration table to the network topology
5. device discovery; determine whether there are any adjacent devices without recording documents.
Chapter 4 ES documents and troubleshooting
I. ES network configuration table
The ES network configuration table is a list of ES hardware and software components. Elasticsearch network configuration usually includes the following items:
Hierarchical Project
Miscellaneous information system name, system vendor/model, CPU rate, RAM, memory, System Function
1st layer 2 media type, interface speed, VLAN, MAC, and network connection
Layer-3 IP address, default gateway, subnet mask, WINS, DNS,
Layer-3 operating systems (versions), network-based applications, high-bandwidth applications, low-latency applications, and specific considerations
Ii. ES network topology
Typical ES network topology projects include: system name, network connection, physical location, system target, VLAN, IP address, subnet mask, operating system, and network application
Most elasticsearch network topologies are created in the network topology. You can also add a subset of elasticsearch network configuration table data.
3. Collect ES network configuration information
Common commands:
1) ping host/ip-address to send and receive ICMP responses and verify network connectivity
2) arp-a; view the MAC-IP ing table for modifying ES (same subnet)
3) telnet host/ip-address; log on to elasticsearch or a specific TCP port.
Windows platform commands
1) ipconfig/all; view the IP address of elasticsearch (applicable to all Windows platforms)
2) winipcfg; view the IP address information of elasticsearch (applicable only to Win9x)
3) tracert host/ip-address; Verify the connection to the host and display the IP address of the device in the path
4) route print; displays the IP route table of the current device.
5) netstat; displays the current network connection
Unix, Linux, and Mac OS commands
1) ifconfig-a; view IP information of UNIX and MAC hosts
2) traceroute host/ip;
3) route-n;
4) cat/etc/resolv. conf; view DNS Server Information
Iv. General troubleshooting Process
1. General troubleshooting process:
L collect symptoms: Collect network, user, ES symptoms
1) analyze existing symptoms
2) determine the ownership
3) narrow scope
4) identify symptoms
5) record symptoms
L separation problems
1) Bottom-Up troubleshooting
Troubleshoot from the physical layer to the application layer. It is often used to suspect that a problem occurs at the physical layer or to handle complex network problems.
2) Top-Down troubleshooting
Troubleshoot from the application layer to the software section.
3) Divide-and-Conquer troubleshooting
Select a specific layer (data link layer, network layer, and transmission layer) of the OSI model to start troubleshooting. Suitable for experienced users.
Common traceroute commands are used to check the next layer (from the physical layer to the application layer ).
L correct the problem
2. ES troubleshooting command
1) ping
Continuous Ping: ping-t 192.168.0.1; Windows
Ping-s 192.168.0.1; Unix environment
Record Route: ping-r 192.168.0.1; Windows
Ping-s-nRv 192.168.0.1; Unix
2) Trace Route
Tracert 10.0.0.1; Windows
Tracerout 10.0.0.1; Unix
Ping records the router's outbound interface, while traceroute records the incoming interface.
3) Arp
Display the ing table for Layer 2 and layer 2nd addresses: Arp-a; Windows/Unix
4) Route
Display route table: route print; windows
Route-n; Unix
5) Netstat
Display the current connection and port to ES: netstat-n; Windowx & Unix
6) Ipconfig & Ifconfig
Show elasticsearch IP configuration: ipconfig/all; windows
Ifconfig-a; unix
7) Nbtstat
Display the current name resolution cache: nbtstat-c;
Clear the current name resolution cache: nbtstat-r;
Chapter 4 Protocol attributes
I. OSI reference model
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Ii. Global protocol Classification
1. connection-oriented protocol:
Windows size: the number of transmitted packets that need to be confirmed by the target system.
Queue data transmission: Specify the sequence number for the PDUS that enter and send, and rearrange the data at the destination by the sequence number;
Throttling: ensure that the transmission rate does not exceed the target receiving rate. It is achieved by setting a window size for transmission;
Error Control: ensure that the received data is continuous and there is no error. If there is a lost or lost PDU, no ACK packet is sent.
Connection-oriented protocols include ATM, TCP, Novell SPX, and Apple Talk ATP;
2. Non-connection protocols
Connection settings and termination are not included, and no throttling or error control is available.
Non-connection protocols include UDP, Apple Talk DDP, and Novell IPX;
Layer 3: data link layer
1. Ethernet/802.3
2. Token Ring/802.5
Iv. PPP
V. SDLC
Vi. Frame Relay
VII. ISDN
Layer 8, 3rd, and Layer 4: IP Routing Protocol
1. IP
2. ICMP
3. TCP
4. UDP
Chapter 4 troubleshooting of Cisco test commands and TCP/IP connections
I. troubleshooting commands
1. show command:
1) Global commands:
Show version; displays the system hardware and software versions, DRAM, Flash
Show startup-config; displays the configuration content written into NVRAM
Show running-config; displays the currently running configuration content
Show buffers; Detailed output buffer name and size
Show stacks; provides the router process and processor utilization information, using stack decode
Show tech-support; displays the output of several show commands
Show access-lists; view access list Configuration
Show memory; used to test memory problems
2) interface-related commands
Show queueing [fair | priority | custom]
Show queue e0/1; view the queue settings and operations on the Interface
Show interface e0/1; the default Ethernet Encapsulation Method for Cisco is ARPA.
Show ip interface e0/1; display the TCP/IP configuration of the specified interface
3) process-related commands
Show processes cpu; displays the CPU usage of the router and the current process
Show processes memory; displays the memory usage of the current vro Process
4) TCP/IP protocol commands
Show ip access-list; display IP access list (1-199)
Show ip arp; displays the ARP cache (IP, MAC, encapsulation type, and interface) of the router)
Show ip protocols; displays information about the IP routing protocol running on the router
Show ip route; displays information in the IP route table
Show ip traffic; displays IP traffic statistics
2. debug command
DEBUG should not run on a vro whose CPU usage exceeds 50%.
1) Restrict debug output
After obtaining the required data using DEBUG, Disable Debug.
Configure timestamp for all messages on the vro:
Router # service timestamps debug datetime msec localtime
Router # service timestamp log datetime msec localtime
By default, the error and debug messages are sent only to the console, and the debug and log messages are not displayed on the vrotelnet through telnet. To view the debug and log information in telnet:
Router # terminal monitor
Router # terminal monitor; Disable information output
Router # undebug all; disable the debug process and output of all relevant information
You can apply the ACL to debug to limit that only the required debug information is output.
For example, to view only ICMP packets from 10.0.1.1 to 10.1.1.1:
Router (config) # access-list 101 permit icmp host 10.0.1.1 host 10.1.1.1
Router # debug ip packet detail 101
2) Global debug command:
3) debug
4) protocol debug
5) IP debug
Debug ip packets
3. logging command
Output error and other information to the console, terminal, buffer in the router, or a syslog server:
Router> show logging
Cisco routers have eight possible logging levels: 0-7
Logging-level Name Description
1. Information unavailable to the Emergencies System
2 Alerts direct action
3. Critical emergency
4. Errors error message
5. Warnings warning information
6. Normal but important circumstances of communications
7. Informational Information
8 Debugging
By default, logging of the console, monitor, and buffer is set to the debugging level, while logging of the trap (syslog) server is set to informational.
4. Route core Replication
Core dump contains an exact copy of information in the current system memory. The following methods are used to capture information contained in the memory:
1) configure the vro to execute Core Dump during crash and store it to the TFTP, FTP, and RCP servers:
For the TFTP protocol, you only need to specify the IP address of the TFTP server without any additional Configuration:
Router (config) # exception dump 192.168.1.1; IP address of the TFTP Server
Configure the FTP protocol:
Router (config) # exception dump 192.168.1.1; IP address of the FTP server
Router (config) # ip ftp username Kevin
Router (config) # ip ftp password aloha
Router (config) # ip ftp source-interface e0
Router (config) # exception protocol ftp
Configuration of the RCP protocol:
Router (config) # exception protocol rcp
Router (config) # exception dump 192.168.1.1; IP address of the RCP Server
Router (config) # ip rcmd remote-username Kevin
Router (config) # ip rcmd rcp-enable
Router (config) # ip rcmd rsh-enable
Router (config) # ip rcmd remote-host Kevin 192.168.1.1 kevin;
2) execute the Core Dump command without a system crash.
Router # write core
Core Dump is only useful when Cisco Engineers test and solve router problems.
5. ping Command
Ping is used to test the network accessibility and connectivity. It can be used in EXEC mode and Privileged EXEC mode.
IP ping uses the ICMP protocol to provide connectivity and likelihood information. By default, only five echo messages are sent.
The Ping extension options include: source IP address, service type, data, and Baotou.
Ping Response Character Set
Character Interpretation
! Received an echo-reply message Q Source quench
. Timeout M Unable to fragment
U/H Destination unreachable A Administratively denied
N Network unreachable? Unknown packet-type
P Protocol unreachable
6. traceroute command
Traceroute is used to display the package path to the target. It can be used in user mode and privileged mode.
Traceroute response:
Character Interpretation
Xx msec The RTT for each packet * Timeout
H Host unreachable U Port unreachable
N Network unreachable P Protocol unreachable
A Administratively denied Q Source quench
Unknown packet type
Ii. LAN connection problems
1. Obtain the IP address
The host can obtain the IP address dynamically or statically.
1) DHCP: DHCP has more address pools and lease periods than BootP.
2) BootP:
3) Helper Addresses: IP address of the DHCP server in the Set
Ip helperaddress ip-address;
No ip forward-protocol udp 137;
4) DHCP service on the vro: configure the vrodhcp as a DHCP server.
5) DHCP and BootP troubleshooting
Show dhcp server;
Show dhcp lease;
2. ARP
ARP maps layer-4 MAC addresses to layer-3 addresses.
Show arp; displays the ARP table of the router.
Debug arp;
1) ARP Proxy: The ARP proxy of the Cisco router is enabled by default.
In the following cases, the CISCO router uses its MAC address to respond to ARP requests:
The Proxy ARP on the interface that receives ARP is enabled;
The address of the ARP request is not in the local subnet;
The router routing table contains the subnet of the ARP request address;
3. TCP connection example
Iii. IP address access list
1. Standard ACL: Allow or Disable IP addresses based on IP Packets
2. Extended ACL: Provides source address, target address, port number, and Session Layer Protocol for filtering.
3. Named ACL: it can be a standard ACL or an extended ACL.
The difference between the named ACL and the numbered ACL: The named ACL has a logical name, which can delete a single row in the named ACL.
Ip access-list extended Example-Named-ACL
Deny tcp any eq echo
Deny tcp any eq 37
Permit udp host 172.16.10.2 any eq snmp
Permit tcp any