Troubleshooting methods for Cisco switches and routers

I. Network Complexity

General networks include routing, dialing, switching, video, WAN (ISDN, frame relay, ATM ,...) , LAN, VLAN ,...

Ii. Fault Handling Model

1. Define the Problem)

Detailed and accurate description of fault symptoms and potential causes

2. collect detailed information (Gather Facts) R> Source: key users, network management systems, routers/Switches

1) identify symptoms:

2) Repeat the fault: The verification fault still exists

3) fault frequency investigation:

4) determine the fault scope: There are three methods to establish the fault Scope

Outside-In Troubleshooting: Generally, multiple hosts cannot be connected to one server or server set.

? Inside-Out Troubleshooting ):

? Divide-by-Half Troubleshooting)

3. Consider the possible causes (Consider Possibilities)

4. Create an Action Plan)

5. Deployment of the Action Plan)

Used to correct the cause of network failure. From the most similar fault source, come up with a solution. Each time you complete a step, check whether the fault is resolved.

6. Observe the execution Results of the action plan (Observe Results)

7. If there is an action plan that cannot solve the problem, repeat the above process (Iterate as Needed)

3. record changes

After resolving the problem through the action plan, we recommend that you record the record as part of troubleshooting and record all configuration modifications.

Chapter 2 network documentation

I. Network baseline

The simplest way to solve the network problem is to compare the current configuration with the previous configuration.

The baseline document consists of different networks and system documents, including:

Network configuration table

Network Topology

ES network configuration table

ES Network Topology

Note:

1) determine the document coverage;

2) Consistency: Collects the same information of all devices on the network;

3) Clear goals: understand the purpose of the document;

4) ease of use and access to documents;

5) Maintain and update documents in a timely manner.

Ii. network configuration table

The network configuration table usually aims to provide a list of hardware and software used in the network, which consists:

Hierarchical Project

Miscellaneous information: device name, device model, CPU type, FLASH, DRAM, interface description, user name and password

Layer-3 media type, rate, duplex mode, interface number, connection socket or port

Layer-3 MAC address, STP status, STP root bridge, speed port information, VLAN, Etherchannel configuration, encapsulation, relay status, interface type, port security, VTP status, VTP Mode

Layer-3 IP address, IPX address, HSRP address, subnet mask, routing protocol, ACL, tunnel information, and loop interface

In most cases, the best way to store this information is through workbooks or databases. workbooks are used for small objects and network databases for large networks.

3. Network Topology

The network topology graph shows how the network components are logically connected to each other physically.

1. Composition of the network topology

Hierarchical Project

Miscellaneous information: device name, device model, connection between settings, Interface Description

Layer 3 media type and interface number

Layer-3 MAC address, VLAN, encapsulation, relay status, interface type, DLCI

Layer-3 IP addresses, subnet masks, and routing protocols

For large networks, multiple network topologies can be created. Each topology reflects a separate part.

2. Create a network topology

4. Network Configuration Information discovered

1. Collect vro and layer 3rd switch network configuration information

Show version: displays the device model, Flash, DRAM, and IOS versions.

Show ip interface brief; displays brief interface Information (type, status, Protocol Status, ip address)

Show interface e0/0; displays the details of an interface (MAC, IP, MASK ,...)

Show ip protocols; displays IP route protocol information

Show ip interface e0/0; display the ip protocol information (status, ip address, ACL,…) of the interface ,...)

2. Collect Switch configuration information

Information contained in the vswitch network configuration table: device Name, model, location, Flash, DRAM, CATOS version, management address, VTP domain, VTP mode, port number, port rate, port dual-work, VLAN, STP status, and speed port status, relay status ,...

Show version; display IOS or CATOS version, DRAM, Flash

Show vtp domain; (CatOS) display VTP domain and VTP Mode

Show vtp status; (IOS)

Show interface; (CatOS) display Management interface Information

Show port; (CatOS) displays brief information about each port (number, VLAN, duplex ,...)

Show interface; (IOS)

Show trunk; (CatOS) displays the relay information (mode, encapsulation, allowed port, cropping ,...)

Show interface trunk; (IOS)

Show spantree 45; (CatOS) shows the STP mode, type, status, speed port,...) of the port ,...)

Show spanning-tree 45; (IOS)

3. Information of adjacent CISCO devices is found

CDP (Cisco Discovery Protocol) is a dedicated Protocol for CISCO to identify directly adjacent CISCO device information. CDP operates on layer 2nd.

Show cdp neighbor; displays brief information about adjacent CISCO devices (ID, adjacent interfaces, platforms, etc ,...)

Show cdp neighbor detail; displays the details of adjacent CISCO devices (including layer 3rd Information)

5. process of creating network documents

1. LOGIN; log on to the device and enter privileged mode.

2. Interface discovery; discovery of required information about Devices

3. Document; record the information found in the network configuration table.

4. digoal: transmit the required information from the network configuration table to the network topology

5. device discovery; determine whether there are any adjacent devices without recording documents.

Chapter 4 ES documents and troubleshooting

I. ES network configuration table

The ES network configuration table is a list of ES hardware and software components. Elasticsearch network configuration usually includes the following items:

Hierarchical Project

Miscellaneous information system name, system vendor/model, CPU rate, RAM, memory, System Function

1st layer 2 media type, interface speed, VLAN, MAC, and network connection

Layer-3 IP address, default gateway, subnet mask, WINS, DNS,

Layer-3 operating systems (versions), network-based applications, high-bandwidth applications, low-latency applications, and specific considerations

Ii. ES network topology

Typical ES network topology projects include: system name, network connection, physical location, system target, VLAN, IP address, subnet mask, operating system, and network application

Most elasticsearch network topologies are created in the network topology. You can also add a subset of elasticsearch network configuration table data.

3. Collect ES network configuration information

Common commands:

1) ping host/ip-address to send and receive ICMP responses and verify network connectivity

2) arp-a; view the MAC-IP ing table for modifying ES (same subnet)

3) telnet host/ip-address; log on to elasticsearch or a specific TCP port.

Windows platform commands

1) ipconfig/all; view the IP address of elasticsearch (applicable to all Windows platforms)

2) winipcfg; view the IP address information of elasticsearch (applicable only to Win9x)

3) tracert host/ip-address; Verify the connection to the host and display the IP address of the device in the path

4) route print; displays the IP route table of the current device.

5) netstat; displays the current network connection

Unix, Linux, and Mac OS commands

1) ifconfig-a; view IP information of UNIX and MAC hosts

2) traceroute host/ip;

3) route-n;

4) cat/etc/resolv. conf; view DNS Server Information

Iv. General troubleshooting Process

1. General troubleshooting process:

L collect symptoms: Collect network, user, ES symptoms

1) analyze existing symptoms

2) determine the ownership

3) narrow scope

4) identify symptoms

5) record symptoms

L separation problems

1) Bottom-Up troubleshooting

Troubleshoot from the physical layer to the application layer. It is often used to suspect that a problem occurs at the physical layer or to handle complex network problems.

2) Top-Down troubleshooting

Troubleshoot from the application layer to the software section.

3) Divide-and-Conquer troubleshooting

Select a specific layer (data link layer, network layer, and transmission layer) of the OSI model to start troubleshooting. Suitable for experienced users.

Common traceroute commands are used to check the next layer (from the physical layer to the application layer ).

L correct the problem

2. ES troubleshooting command

1) ping

Continuous Ping: ping-t 192.168.0.1; Windows

Ping-s 192.168.0.1; Unix environment

Record Route: ping-r 192.168.0.1; Windows

Ping-s-nRv 192.168.0.1; Unix

2) Trace Route

Tracert 10.0.0.1; Windows

Tracerout 10.0.0.1; Unix

Ping records the router's outbound interface, while traceroute records the incoming interface.

3) Arp

Display the ing table for Layer 2 and layer 2nd addresses: Arp-a; Windows/Unix

4) Route

Display route table: route print; windows

Route-n; Unix

5) Netstat

Display the current connection and port to ES: netstat-n; Windowx & Unix

6) Ipconfig & Ifconfig

Show elasticsearch IP configuration: ipconfig/all; windows

Ifconfig-a; unix

7) Nbtstat

Display the current name resolution cache: nbtstat-c;

Clear the current name resolution cache: nbtstat-r;

Chapter 4 Protocol attributes

I. OSI reference model

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Ii. Global protocol Classification

1. connection-oriented protocol:

Windows size: the number of transmitted packets that need to be confirmed by the target system.

Queue data transmission: Specify the sequence number for the PDUS that enter and send, and rearrange the data at the destination by the sequence number;

Throttling: ensure that the transmission rate does not exceed the target receiving rate. It is achieved by setting a window size for transmission;

Error Control: ensure that the received data is continuous and there is no error. If there is a lost or lost PDU, no ACK packet is sent.

Connection-oriented protocols include ATM, TCP, Novell SPX, and Apple Talk ATP;

2. Non-connection protocols

Connection settings and termination are not included, and no throttling or error control is available.

Non-connection protocols include UDP, Apple Talk DDP, and Novell IPX;

Layer 3: data link layer

1. Ethernet/802.3

2. Token Ring/802.5

Iv. PPP

V. SDLC

Vi. Frame Relay

VII. ISDN

Layer 8, 3rd, and Layer 4: IP Routing Protocol

1. IP

2. ICMP

3. TCP

4. UDP

Chapter 4 troubleshooting of Cisco test commands and TCP/IP connections

I. troubleshooting commands

1. show command:

1) Global commands:

Show version; displays the system hardware and software versions, DRAM, Flash

Show startup-config; displays the configuration content written into NVRAM

Show running-config; displays the currently running configuration content

Show buffers; Detailed output buffer name and size

Show stacks; provides the router process and processor utilization information, using stack decode

Show tech-support; displays the output of several show commands

Show access-lists; view access list Configuration

Show memory; used to test memory problems

2) interface-related commands

Show queueing [fair | priority | custom]

Show queue e0/1; view the queue settings and operations on the Interface

Show interface e0/1; the default Ethernet Encapsulation Method for Cisco is ARPA.

Show ip interface e0/1; display the TCP/IP configuration of the specified interface

3) process-related commands

Show processes cpu; displays the CPU usage of the router and the current process

Show processes memory; displays the memory usage of the current vro Process

4) TCP/IP protocol commands

Show ip access-list; display IP access list (1-199)

Show ip arp; displays the ARP cache (IP, MAC, encapsulation type, and interface) of the router)

Show ip protocols; displays information about the IP routing protocol running on the router

Show ip route; displays information in the IP route table

Show ip traffic; displays IP traffic statistics

2. debug command

DEBUG should not run on a vro whose CPU usage exceeds 50%.

1) Restrict debug output

After obtaining the required data using DEBUG, Disable Debug.

Configure timestamp for all messages on the vro:

Router # service timestamps debug datetime msec localtime

Router # service timestamp log datetime msec localtime

By default, the error and debug messages are sent only to the console, and the debug and log messages are not displayed on the vrotelnet through telnet. To view the debug and log information in telnet:

Router # terminal monitor

Router # terminal monitor; Disable information output

Router # undebug all; disable the debug process and output of all relevant information

You can apply the ACL to debug to limit that only the required debug information is output.

For example, to view only ICMP packets from 10.0.1.1 to 10.1.1.1:

Router (config) # access-list 101 permit icmp host 10.0.1.1 host 10.1.1.1

Router # debug ip packet detail 101

2) Global debug command:

3) debug

4) protocol debug

5) IP debug

Debug ip packets

3. logging command

Output error and other information to the console, terminal, buffer in the router, or a syslog server:

Router> show logging

Cisco routers have eight possible logging levels: 0-7

Logging-level Name Description

1. Information unavailable to the Emergencies System

2 Alerts direct action

3. Critical emergency

4. Errors error message

5. Warnings warning information

6. Normal but important circumstances of communications

7. Informational Information

8 Debugging

By default, logging of the console, monitor, and buffer is set to the debugging level, while logging of the trap (syslog) server is set to informational.

4. Route core Replication

Core dump contains an exact copy of information in the current system memory. The following methods are used to capture information contained in the memory:

1) configure the vro to execute Core Dump during crash and store it to the TFTP, FTP, and RCP servers:

For the TFTP protocol, you only need to specify the IP address of the TFTP server without any additional Configuration:

Router (config) # exception dump 192.168.1.1; IP address of the TFTP Server

Configure the FTP protocol:

Router (config) # exception dump 192.168.1.1; IP address of the FTP server

Router (config) # ip ftp username Kevin

Router (config) # ip ftp password aloha

Router (config) # ip ftp source-interface e0

Router (config) # exception protocol ftp

Configuration of the RCP protocol:

Router (config) # exception protocol rcp

Router (config) # exception dump 192.168.1.1; IP address of the RCP Server

Router (config) # ip rcmd remote-username Kevin

Router (config) # ip rcmd rcp-enable

Router (config) # ip rcmd rsh-enable

Router (config) # ip rcmd remote-host Kevin 192.168.1.1 kevin;

2) execute the Core Dump command without a system crash.

Router # write core

Core Dump is only useful when Cisco Engineers test and solve router problems.

5. ping Command

Ping is used to test the network accessibility and connectivity. It can be used in EXEC mode and Privileged EXEC mode.

IP ping uses the ICMP protocol to provide connectivity and likelihood information. By default, only five echo messages are sent.

The Ping extension options include: source IP address, service type, data, and Baotou.

Ping Response Character Set

Character Interpretation

! Received an echo-reply message Q Source quench

. Timeout M Unable to fragment

U/H Destination unreachable A Administratively denied

N Network unreachable? Unknown packet-type

P Protocol unreachable

6. traceroute command

Traceroute is used to display the package path to the target. It can be used in user mode and privileged mode.

Traceroute response:

Character Interpretation

Xx msec The RTT for each packet * Timeout

H Host unreachable U Port unreachable

N Network unreachable P Protocol unreachable

A Administratively denied Q Source quench

Unknown packet type

Ii. LAN connection problems

1. Obtain the IP address

The host can obtain the IP address dynamically or statically.

1) DHCP: DHCP has more address pools and lease periods than BootP.

2) BootP:

3) Helper Addresses: IP address of the DHCP server in the Set

Ip helperaddress ip-address;

No ip forward-protocol udp 137;

4) DHCP service on the vro: configure the vrodhcp as a DHCP server.

5) DHCP and BootP troubleshooting

Show dhcp server;

Show dhcp lease;

2. ARP

ARP maps layer-4 MAC addresses to layer-3 addresses.

Show arp; displays the ARP table of the router.

Debug arp;

1) ARP Proxy: The ARP proxy of the Cisco router is enabled by default.

In the following cases, the CISCO router uses its MAC address to respond to ARP requests:

The Proxy ARP on the interface that receives ARP is enabled;

The address of the ARP request is not in the local subnet;

The router routing table contains the subnet of the ARP request address;

3. TCP connection example

Iii. IP address access list

1. Standard ACL: Allow or Disable IP addresses based on IP Packets

2. Extended ACL: Provides source address, target address, port number, and Session Layer Protocol for filtering.

3. Named ACL: it can be a standard ACL or an extended ACL.

The difference between the named ACL and the numbered ACL: The named ACL has a logical name, which can delete a single row in the named ACL.

Ip access-list extended Example-Named-ACL

Deny tcp any eq echo

Deny tcp any eq 37

Permit udp host 172.16.10.2 any eq snmp

Permit tcp any