Troubleshooting of Cisco test commands and TCP/IP connections

I. troubleshooting commands
1. show command:
1) Global commands:
Show version; displays the system hardware and software versions, DRAM, Flash
Show startup-config; displays the configuration content written into NVRAM
Show running-config; displays the currently running configuration content
Show buffers; Detailed output buffer name and size
Show stacks; provides the router process and processor utilization information, using stack decode
Show tech-support; displays the output of several show commands
Show access-lists; view access list Configuration
Show memory; used to test memory problems
2) interface-related commands
Show queueing [fair | priority | custom]
Show queue e0/1; view the queue settings and operations on the Interface
Show interface e0/1; the default Ethernet Encapsulation Method for Cisco is ARPA.
Show ip interface e0/1; display the TCP/IP configuration of the specified interface
3) process-related commands
Show processes cpu; displays the CPU usage of the router and the current process
Show processes memory; displays the memory usage of the current vro Process
4) TCP/IP protocol commands
Show ip access-list; display IP access list (1-199)
Show ip arp; displays the ARP cache (IP, MAC, encapsulation type, and interface) of the router)
Show ip protocols; displays information about the IP routing protocol running on the router
Show ip route; displays information in the IP route table
Show ip traffic; displays IP traffic statistics
2. debug command
DEBUG should not run on a vro whose CPU usage exceeds 50%.
1) Restrict debug output
After obtaining the required data using DEBUG, Disable Debug.
Configure timestamp for all messages on the vro:
Router # service timestamps debug datetime msec localtime
Router # service timestamp log datetime msec localtime
By default, the error and debug messages are sent only to the console, and the debug and log messages are not displayed on the vrotelnet through telnet. To view the debug and log information in telnet:
Router # terminal monitor
Router # terminal monitor; Disable information output
Router # undebug all; disable the debug process and output of all relevant information
You can apply the ACL to debug to limit that only the required debug information is output.
For example, to view only ICMP packets from 10.0.1.1 to 10.1.1.1:
Router (config) # access-list 101 permit icmp host 10.0.1.1 host 10.1.1.1
Router # debug ip packet detail 101
2) Global debug command:
3) debug
4) protocol debug
5) IP debug
Debug ip packets
3. logging command
Output error and other information to the console, terminal, buffer in the router, or a syslog server:
Router> show logging
Cisco routers have eight possible logging levels: 0-7
Logging-level Name Description
1. Information unavailable to the Emergencies System
2 Alerts direct action
3. Critical emergency
4. Errors error message
5. Warnings warning information
6. Normal but important circumstances of communications
7. Informational Information
8 Debugging
By default, logging of the console, monitor, and buffer is set to the debugging level, while logging of the trap (syslog) server is set to informational. 4. Route core Replication
Core dump contains an exact copy of information in the current system memory. The following methods are used to capture information contained in the memory:
1) configure the vro to execute Core Dump during crash and store it to the TFTP, FTP, and RCP servers:
For the TFTP protocol, you only need to specify the IP address of the TFTP server without any additional Configuration:
Router (config) # exception dump 192.168.1.1; IP address of the TFTP Server
Configure the FTP protocol:
Router (config) # exception dump 192.168.1.1; IP address of the FTP server
Router (config) # ip ftp username Kevin
Router (config) # ip ftp password aloha
Router (config) # ip ftp source-interface e0
Router (config) # exception protocol ftp
Configuration of the RCP protocol:
Router (config) # exception protocol rcp
Router (config) # exception dump 192.168.1.1; IP address of the RCP Server
Router (config) # ip rcmd remote-username Kevin
Router (config) # ip rcmd rcp-enable
Router (config) # ip rcmd rsh-enable
Router (config) # ip rcmd remote-host Kevin 192.168.1.1 kevin;
2) execute the Core Dump command without a system crash.
Router # write core
Core Dump is only useful when Cisco Engineers test and solve router problems.
5. ping Command
Ping is used to test the network accessibility and connectivity. It can be used in EXEC mode and Privileged EXEC mode.
IP ping uses the ICMP protocol to provide connectivity and likelihood information. By default, only five echo messages are sent.
The Ping extension options include: source IP address, service type, data, and Baotou.
Ping Response Character Set
Character Interpretation
! Received an echo-reply message Q Source quench
. Timeout M Unable to fragment
U/H Destination unreachable A Administratively denied
N Network unreachable? Unknown packet-type
P Protocol unreachable
6. traceroute command
Traceroute is used to display the package path to the target. It can be used in user mode and privileged mode.
Traceroute response:
Character Interpretation
Xx msec The RTT for each packet * Timeout
H Host unreachable U Port unreachable
N Network unreachable P Protocol unreachable
A Administratively denied Q Source quench
? Unknown packet type
Ii. LAN connection problems
1. Obtain the IP address
The host can obtain the IP address dynamically or statically.
1) DHCP: DHCP has more address pools and lease periods than BootP.
2) BootP:
3) Helper Addresses: IP address of the DHCP server in the Set
Ip helperaddress ip-address;
No ip forward-protocol udp 137;
4) DHCP service on the vro: configure the vrodhcp as a DHCP server.
5) DHCP and BootP troubleshooting
Show dhcp server;
Show dhcp lease;
2. ARP
ARP maps layer-4 MAC addresses to layer-3 addresses.
Show arp; displays the ARP table of the router.
Debug arp;
1) ARP Proxy: The ARP proxy of the Cisco router is enabled by default.
In the following cases, the CISCO router uses its MAC address to respond to ARP requests:
? The Proxy ARP on the interface that receives ARP is enabled;
? The address of the ARP request is not in the local subnet;
? The router routing table contains the subnet of the ARP request address;
3. TCP connection example
Iii. IP address access list
1. Standard ACL: Allow or Disable IP addresses based on IP Packets
2. Extended ACL: Provides source address, target address, port number, and Session Layer Protocol for filtering.
3. Named ACL: it can be a standard ACL or an extended ACL.
The difference between the named ACL and the numbered ACL: The named ACL has a logical name, which can delete a single row in the named ACL.
Ip access-list extended Example-Named-ACL
Deny tcp any eq echo
Deny tcp any eq 37
Permit udp host 172.16.10.2 any eq snmp
Permit tcp any
Chapter 4 troubleshooting of TCP/IP Routing Protocol
1. Default Gateway
If the destination address of the package is not in the router routing table, if the router is configured with the default gateway, it will be forwarded to the default gateway; otherwise, it will be discarded.
Show ip route; view the default gateway of a Cisco Router
Ii. Static and Dynamic Routing
Iii. Handling k_protocal/04937.htm" target = "_ blank"> RIP faults
RIP is the distance vector routing protocol, and the measured value is the number of hops. The maximum number of RIP hops is 15. If the number of hops to the target exceeds 15, it is not reachable.
RIP V1 is a classless routing protocol. RIP V2 is a non-classless routing protocol that supports CIDR, route induction, and VLSM. It uses multicast (224.0.0.9) to send route updates.
The show commands related to RIP:
Show ip route rip; only display RIP route table
Show ip route; Show all IP route tables
Show ip interface; display IP interface configuration
Show running-config
Debug ip rip events;
Common RIP faults: RIP versions are inconsistent, and RIP uses UDP broadcast updates.
Iv. Handling IGRP faults
IGRP is a Cisco dedicated routing protocol, distance vector protocol. The IGRP metric value can be based on five factors: bandwidth, latency, load, reliability, MTU. By default, only bandwidth and latency are used.
Show commands related to IGRP:
Show ip route igrp; displays the IGRP route table
Debug ip igrp events;
Debug ip igrp transactions;
Common IGRP faults: access list, incorrect configuration, line down to the adjacent Router
V. Handling of VPN faults
It is a hybrid Link Status Protocol and distance vector protocol, and is a CISCO dedicated routing protocol. VPC uses the multicast address 224.0.0.10 to send route updates. The DUAL algorithm is used to calculate routes. The measured value of the network-VPN protocol is based on bandwidth, latency, load, reliability, and MTU. By default, only the bandwidth and latency are used.
VPC uses three types of databases: Route database, topology database, and adjacent router database.
Show commands related to the MongoDB:
Show running-config
Show ip route
Show ip route VPN; Show only the OSPF route entries.
Show ip subnet interface; displays peer information of this interface
Show ip VPN nodes: displays all the nodes in the network and their information.
Show ip VPN topology; displays the content of the VPN topology table.
Show ip OSPF traffic; displays the summary of the OSPF route statistics.
Show ip glasevents; displays the latest event records of the VPN protocol.
Debug commands related to the MongoDB:
Debug ip ()
Debug ip: fig
Debug ip subnet configurations
Debug ip: VPN gateway
Debug ip subnet
Common VPN faults: loss of neighboring relationships, default gateways, routes of old IOS versions, and stuck in active.
When dealing with a VPN failure, first view all the adjacent routers with show ip subnet gigrp, then use show ip route gigrp to view the route table of the router, and then use show ip subnet topology to view the topology of the router, you can also view whether route updates are sent by the show ip address (OSPF) traffic.
6. Handling OSPF faults
OSPF is a link status protocol that maintains three databases: adjacent databases, topology databases, and route tables.
Show commands related to OSPF:
Show running-config
Show ip route
Show ip route ospf; only display OSPF routes
Show ip ospf process-id; displays information related to a specific process ID
Show ip ospf; displays OSPF Information
Show ip ospf border-routers; display VBR
Show ip ospf database; display OSPF inductive database
Show ip ospf interface; displays OSPF information on the specified interface
Show ip ospf neighbor; displays OSPF adjacent Information
Show ip ospf request-list; display the link status request list
Show ip ospf summary-address; displays the republishing information of the inductive route.
Show ip ospf virtual-links; displays virtual link information
Show ip interface; display the ip settings of the interface
Debug commands related to OSPF:
Debug ip ospf;
Debug ip ospf events
Debug ip ospf flood
Debug ip ospf lsa-generation
Debug ip ospf packet
Debug ip ospf retransmission
Debug ip ospf spf
Debug ip ospf tree
Common OSPF faults: Each OSPF area cannot exceed 100 routers, and the entire network cannot exceed 700 routers. The wildcard mask is improperly configured;
VII. Handling BGP faults
The key configuration of BGP (including IBGP and EBGP) is the neighbor relationship, and BGP uses TCP to establish the adjacent relationship.
Show commands related to BGP:
Show ip bgp; displays the Routes learned by BGP
Show ip bgp network; displays the BGP information of a specific network
Show ip neighbors; displays BGP neighbor Information
Show ip bgp peer-group; displays BGP peer group information
Show ip bgp summary; displays the summary of all BGP connections
Show ip route bgp; displays the BGP route table
BGP-related debug commands:
Debug ip bgp 192.1.1.1 updates
Debug ip bgp dampening
Debug ip bgp events
Debug ip bgp keepalives
Debug ip bgp updates
Typical BGP faults:
8. re-release the Routing Protocol
IX. TCP/IP symptoms and causes
Symptom cause
The local host cannot communicate with the remote host. 1) DNS is not working properly. 2) No route to the remote host. 3) the default gateway is missing. 4) Management rejection (ACL)
An application cannot work normally. 1) management deny (ACL) 2) the network is not configured properly to process the application.
Startup failed 1) BootP server no MAC address entity 2) IP helper-address3 missing) ACL4) Modify NIC or MAC address 5) Duplicate IP address 6) abnormal IP configuration
Remote Host cannot be pinged. 1) ACL2) No route to the remote host. 3) No Default Gateway is set. 4) remote host down.
Route 1 missing) route protocol not correctly configured 2) Release List 3) passive interface 4) Route neighbor not advertised 5) Route Protocol version inconsistent 6) No neighbor relationship established
No adjacent relationship is established. 1) Incorrect Routing Protocol configuration. 2) Incorrect IP configuration. 3) No network or neighbor statement is configured. 4) the hello interval is inconsistent. 5) Inconsistent area ID.
High CPU utilization 1) unstable route updates 2) debug3 is not disabled) the process is too heavy
Active routing mode 1) Inconsistent intervals 2) Hardware problems 3) unstable links
10. TCP/IP symptoms and Action Plan
Problem Action Plan
DNS is not working properly. 1) configure the DNS host and the DNS server. You can use nslookup to verify the DNS server.
No route to the remote host. 1) Use ipconfig/all to check the default gateway. 2) use show ip route to check whether the route is correct. 3) If no route is available, use show ip route to check whether there is a default gateway. 4) if a gateway exists, check the next hop of the target. If no gateway exists, correct the problem.
The issue of ACL separation is related to ACL. You must analyze the ACL, or override the ACL and apply it.
The network is not configured to process the application and view the router configuration
Booting failed 1) Check DHCP or BootP server, and check whether there is a MAC entity of the faulty machine 2) use debug ip udp to verify packets received from the host 3) Verify that helper-address is correctly configured 4) check whether the ACL has disabled the package.
Routing is missing. 1) Use show ip route on 1st routers to view the learned routes. 2) Verify the neighboring routers. 3) use the correct routing network and neighbor statement. 4) Use OSPF, verify the wildcard mask 5) Check the distribute list6 applied to the interface) Verify the IP Address Configuration of the neighbor. 7) if the route is published again, verify the measurement value. 8) Verify that the route is released normally.
No adjacent relationship is formed. 1) Use the show ip protocol neighbors list to view the adjacent relationship. 2) view the protocol configuration that does not constitute the adjacent relationship. 3) Check the network Statement in the route configuration. 4) use show ip protocol/interface to view specific interface information, such as Hello Interval