Troubleshooting and Maintaining Cisco Ip Networks Tshoot Amir Ranjbar
Troubleshooting and Maintaining Cisco Ip Networks Tshoot Amir Ranjbar
Contents
Introduction xxi
Chapter 1 Troubleshooting Methods 1
Troubleshooting Principles 1
Structured Troubleshooting Approaches 4
The Top-Down Troubleshooting Approach 6
The Bottom-Up Troubleshooting Approach 7
The Divide-and-Conquer Troubleshooting Approach 8
The Follow-the-Path Troubleshooting Approach 9
The Compare-Configurations Troubleshooting Approach 10
The Swap-Components Troubleshooting Approach 11
Troubleshooting Example Using Six Different Approaches 12
Summary 13
Review Questions 14
Summary 113
Review Questions 114
Summary 326
Review Questions 329
Index 453
xx Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide
File/Application
Router Laptop
Server
Workgroup
Terminal Secure Server
Switch
Network User
Cloud
Q Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).
Q Braces within brackets ([{ }]) indicate a required choice within an optional element.
xxi
Introduction
This book is based on the Cisco Systems TSHOOT course, which was recently
introduced as part of the CCNP curriculum. It provides troubleshooting and
maintenance information and examples that relate to Cisco routing and switching. It
is assumed that readers know and understand as much Cisco routing and switching
background as covered in the Cisco ROUTE and SWITCH courses. The book is enough
to prepare you for the TSHOOT exam, too.
Teaching troubleshooting is not an easy task. This book introduces you to many
troubleshooting methodologies and identifies the benefits of different techniques.
Technical routing and switching topics are briefly reviewed, but the emphasis
is on troubleshooting commands, and most important, this book presents many
troubleshooting examples. Chapter review questions will help you evaluate how well you
absorbed material within each chapter. The questions are also an excellent supplement
for exam preparation.
For the CCNP certification, you must pass exams on a series of CCNP topics, including
the SWITCH, ROUTE, and TSHOOT exams. For most exams, Cisco does not publish
the scores needed for passing. You need to take the exam to find that out for yourself.
To see the most current requirements for the CCNP certification, go to Cisco.com and
click Training and Events. There you can find out other exam details such as exam
topics and how to register for an exam.
xxii Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide
The strategy you use to prepare for the TSHOOT exam might differ slightly from strategies
used by other readers, mainly based on the skills, knowledge, and experience you have
already obtained. For instance, if you have attended the TSHOOT course, you might take a
different approach than someone who learned troubleshooting through on-the-job training.
Regardless of the strategy you use or the background you have, this book is designed to help
you get to the point where you can pass the exam with the least amount of time required.
Each core chapter covers a subset of the topics on the CCNP TSHOOT exam. The
chapters cover the following topics:
Q Chapter 1 introduces the troubleshooting principles and discusses the most common
troubleshooting approaches.
Q Chapter 4 reviews the Layer 2 switching and Layer 3 routing processes and shows
how to do selective information gathering using the IOS show command, debug
command, ping, and Telnet.
Q Chapters 6 through 10 are all troubleshooting cases. Each chapter is about a differ-
ent network with many different problems. Each problem is dealt with in the form
of a real-life trouble ticket, and it is fixed following the structured troubleshooting
methodology using the appropriate approach. All stages of troubleshooting, includ-
ing fact gathering, are presented with output from Cisco IOS routers and switches.
The network diagrams for Chapters 6 through 10 appear at the beginning and end
of each chapter. For easier reference, a PDF of these network diagrams is avail-
able to download and print out or read on your e-device. Go to ciscopress.com/
title/9781587204555 and click on the Downloads tab.
There is also an appendix that has answers to the review questions found at the end of each
chapter.
Chapter 1
Troubleshooting Methods
Q Troubleshooting principles
Most modern enterprises depend heavily on the smooth operation of their network
infrastructure. Network downtime usually translates to loss of productivity, revenue, and
reputation. Network troubleshooting is therefore one of the essential responsibilities of
the network support group. The more efficiently and effectively the network support
personnel diagnose and resolve problems, the lower impact and damages will be to
business. In complex environments, troubleshooting can be a daunting task, and the
recommended way to diagnose and resolve problems quickly and effectively is by
following a structured approach. Structured network troubleshooting requires well-
defined and documented troubleshooting procedures.
This chapter defines troubleshooting and troubleshooting principles. Next, six different
troubleshooting approaches are described. The third section of this chapter presents a
troubleshooting example based on each of the six troubleshooting approaches.
Troubleshooting Principles
Troubleshooting is the process that leads to the diagnosis and, if possible, resolution of a
problem. Troubleshooting is usually triggered when a person reports a problem. In mod-
ern and sophisticated environments that deploy proactive network monitoring tools and
techniques, a failure/problem may be discovered and even fixed/resolved before end
users notice or business applications get affected by it.
Some people say that a problem does not exist until it is noticed, perceived as a problem,
and reported as a problem. This implies that you need to differentiate between a problem,
2 Chapter 1: Troubleshooting Methods
as experienced by the user, and the actual cause of that problem. The time a problem is
reported is not necessarily the same time at which the event causing the problem happened.
Also, the reporting user generally equates the problem to the symptoms, whereas the trou-
bleshooter often equates the problem to the root cause. For example, if the Internet con-
nection fails on Saturday in a small company, it is usually not a problem, but you can be sure
that it will turn into a problem on Monday morning if it is not fixed before then. Although
this distinction between symptoms and cause of a problem might seem philosophical, you
need to be aware of the potential communication issues that might arise from it.
Define Gather
Analyze
Problem Information
Eliminate
Note It is noteworthy, however, that the solution to a network problem cannot always
be readily implemented and an interim workaround might have to be proposed. The
difference between a solution and a workaround is that a solution resolves the root cause
of the problem, whereas a workaround only alleviates the symptoms of the problem.
Although problem reporting and resolution are definitely essential elements of the trou-
bleshooting process, most of the time is spent in the diagnostic phase. One might even
believe that diagnosis is all troubleshooting is about. Nevertheless, within the context
of network maintenance, problem reporting and resolution are indeed essential parts of
troubleshooting. Diagnosis is the process of identifying the nature and cause of a prob-
lem. The main elements of this process are as follows:
Q Gathering information: Gathering information happens after the problem has been
reported by the user (or anyone). This might include interviewing all parties (user)
involved, plus any other means to gather relevant information. Usually, the problem
report does not contain enough information to formulate a good hypothesis without
first gathering more information. Information and symptoms can be gathered direct-
ly, by observing processes, or indirectly, by executing tests.
Troubleshooting Principles 3
Q Analyzing information: After the gathered information has been analyzed, the trou-
bleshooter compares the symptoms against his knowledge of the system, processes,
and baselines to separate normal behavior from abnormal behavior.
Q Testing the hypothesis: The hypothesis must be tested to confirm or deny that it is
the actual cause of the problem. The simplest way to do this is by proposing a solu-
tion based on this hypothesis, implementing that solution, and verifying whether
this solved the problem. If this method is impossible or disruptive, the hypothesis
can be strengthened or invalidated by gathering and analyzing more information.
All troubleshooting methods include the elements of gathering and analyzing information,
eliminating possible causes, and formulating and testing hypotheses. Each of these steps has
its merits and requires some time and effort; how and when one moves from one step to the
next is a key factor in the success level of a troubleshooting exercise. In a scenario where
you are troubleshooting a complex problem, you might go back and forth between differ-
ent stages of troubleshooting: Gather some information, analyze the information, eliminate
some of the possibilities, gather more information, analyze again, formulate a hypothesis,
test it, reject it, eliminate some more possibilities, gather more information, and so on.
Define Gather
Analyze
Problem Information
Eliminate
Assume that a user reports a LAN performance problem and in 90 percent of the past
cases with similar symptoms, the problem has been caused by duplex mismatch between
users’ workstations (PC or laptop) and the corresponding access switch port. The solu-
tion has been to configure the switch port for 100-Mbps full duplex. Therefore, it
sounds reasonable to quickly verify the duplex setting of the switch port to which
the user connects and change it to 100-Mbps full duplex to see whether that fixes the
problem. When it works, this method can be very effective because it takes very little
time. Unfortunately, the downside of this method is that if it does not work, you have
not come any closer to a possible solution, you have wasted some time (both yours and
users’), and you might possibly have caused a bit of frustration. Experienced trouble-
shooters use this method to great effect. The key factor in using this method effectively
is knowing when to stop and switch to a more methodical (structured) approach.
Q The top-down approach: Using this approach, you work from the Open Systems
Interconnection (OSI) model’s application layer down to the physical layer. The OSI
seven-layer networking model and TCP/IP four-layer model are shown side by side
in Figure 1-3 for your reference.
Structured Troubleshooting Approaches 5
7. Application Layer
5. Session Layer
Q The bottom-up approach: This approach starts from the OSI model’s physical layer
and moves up toward the application layer.
Q The divide-and-conquer approach: Using this approach, you start in the middle of
the OSI model’s stack (usually the network layer), and then, based on your findings,
you move up or down the OSI stack.
Q The follow-the-path approach: This approach is based on the path that packets take
through the network from source to destination.
The sections that follow describe each of these methods in more detail.
6 Chapter 1: Troubleshooting Methods
Let’s assume that you are researching a problem of a user that cannot browse a particu-
lar website and you find that you can establish a TCP connection on port 80 from this
host to the server and get a response from the server (see Figure 1-4). In this situation,
it is reasonable to conclude that the transport layer and all layers below must be fully
functional between the client and the server and that this is most likely a client or server
problem (most likely at application, presentation, or session layer) and not a network
problem. Be aware that in this example it is reasonable to conclude that Layers 1 through
4 must be fully operational, but it does not definitively prove this. For instance, nonfrag-
mented packets might be routed correctly, whereas fragmented packets are dropped.
The TCP connection to port 80 might not uncover such a problem.
IP Network
Providing a Redundant Data Path
Between the Client Workstation
and the Server
Essentially, the goal of the top-down approach is to find the highest OSI layer that is
still working. All devices and processes that work on that layer or layers below are then
eliminated from the scope of the troubleshooting. It might be clear that this approach
is most effective if the problem is on one of the higher OSI layers. It is also one of the
most straightforward troubleshooting approaches, because problems reported by users
are typically defined as application layer problems, so starting the troubleshooting pro-
cess at that layer is a natural thing to do. A drawback or impediment to this approach is
Structured Troubleshooting Approaches 7
that you need to have access to the client’s application layer software to initiate the trou-
bleshooting process, and if the software is only installed on a small number of machines,
your troubleshooting options might be limited.
IP Network
Providing a Redundant Data Path
Between the Client Workstation
During problem verification
and the Server
it is noticed that the user
workstation cannot obtain
an IP address.
A benefit of the bottom-up approach is that all the initial troubleshooting takes place
on the network, so access to clients, servers, or applications is not necessary until a very
late stage in the troubleshooting process. In certain environments, especially those where
many old and outdated devices and technologies are still in use, many network problems
8 Chapter 1: Troubleshooting Methods
are hardware related. The bottom-up approach is very effective under those circumstanc-
es. A disadvantage of this method is that, in large networks, it can be a time-consuming
process because a lot of effort will be spent on gathering and analyzing data and you
always start from the bottom layer. The best bottom-up approach is to first reduce
the scope of the problem using a different strategy and then switch to the bottom-up
approach for clearly bounded parts of the network topology.
Let’s assume that you are researching a problem of a user who cannot browse a particular
website and that while you are verifying the problem you find that the user’s worksta-
tion can successfully ping the server’s IP address (see Figure 1-6). In this situation, it is
reasonable to assume that the physical, data link, and network layers of the OSI model
are in good working condition, and so you examine the upper layers, starting from the
transport layer in a bottom-up approach.
IP Network
Providing a Redundant Data Path
Between the Client Workstation
During problem verification
and the Server
the network engineer
successfully pings the
server’s IP address.
Figure 1-6 Successful Ping Shifts the Focus to Upper OSI Layers (Divide-and-Conquer
Approach)
Structured Troubleshooting Approaches 9
Whether the result of the initial test is positive or negative, the divide-and-conquer
approach usually results in a faster elimination of potential problems than what you
would achieve by implementing a full top-down or bottom-up approach. Therefore, the
divide-and-conquer method is considered highly effective and possibly the most popular
troubleshooting approach.
6
5
L3 Switch g L3 Switch w
R2
4 R3
R4
3
L3 Switch j L3 Switch v
R1
2
L2 Switch x
1
A tracert from the user’s workstation
toward the server’s IP address
reaches only as far as L3 Switch v.
Figure 1-7 The Follow-the-Path Approach Shifts the Focus to Link 3 and Beyond
Toward the Server
10 Chapter 1: Troubleshooting Methods
Example 1-1 shows two routing tables; one belongs to Branch2’s edge router, experienc-
ing problems, and the other belongs to Branch1’s edge router, with no problems. If you
compare the content of these routing tables, as per the compare-configurations (spot-
ting-the-differences) approach, a natural deduction is that the branch with problems is
missing a static entry. The static entry can be added to see whether it solves the problem.
5 1
E A
2
4 ?
3
D B
What possible approaches can you take for this troubleshooting task? This case lends
itself to many different approaches, but some specific characteristics can help you
decide an appropriate approach:
Q You have access to the network devices, but not to the server. This implies that you
will likely be able to handle Layer 1–4 problems by yourself; however, for Layer
5–7, you will probably have to escalate to a different person.
Q You have access to the client device, so it is possible to start your troubleshooting
from it.
Q The controller has the same software and access rights on his machine, so it is pos-
sible to compare between the two devices.
What are the benefits and drawbacks of each possible troubleshooting approach for this
case?
Q Top-down: You have the opportunity to start testing at the application layer. It is
good troubleshooting practice to confirm the reported problem, so starting from
the application layer is an obvious choice. The only possible drawback is that you
will not discover simple problems, such as the cable being plugged in to a wrong
outlet, until later in the process.
Q Bottom-up: A full bottom-up check of the whole network is not a very useful
approach because it will take too much time and at this point, there is no reason to
assume that the network beyond the first access switch would be causing the issue.
You could consider starting with a bottom-up approach for the first stretch of the
network, from the consultant’s laptop to the access switch, to uncover potential
cabling problems.
Q Divide-and-conquer: This is a viable approach. You can ping from the consultant’s
laptop to the finance server. If that succeeds, the problem is most likely at upper
layers. For example, a firewall or access control list could be the culprit. If the ping
fails, assuming that ping is not blocked in the network, it is safe to assume that the
problem is at network or lower layers and you are responsible for fixing it. The
advantage of this method is that you can quickly decide on the scope of the prob-
lem and whether escalation is necessary.
Summary 13
Q Compare-configurations: You have access to both the controller’s PC and the con-
sultant’s laptop; therefore, compare-configurations is a possible strategy. However,
because these machines are not under the control of a single IT department, you
might find many differences, and it might therefore be hard to spot the significant
and relevant differences. The compare-configurations approach might prove useful
later, after it has been determined that the problem is likely to be on the client.
Q Swap-components: Using this approach alone is not likely to be enough to solve the
problem, but if following any of the other methods indicates a potential hardware
issue between the consultant’s PC and the access switch, this method might come
into play. However, merely as a first step, you could consider swapping the cable
and the jack connected to the consultant’s laptop and the controller’s PC, in turn, to
see whether the problem is cable, PC, or switch related.
Many combinations of these different methods could be considered here. The most
promising methods are top-down or divide-and-conquer. You will possibly switch to
follow-the-path or compare-configurations approach after the scope of the problem has
been properly reduced. As an initial step in any approach, the swap-components method
could be used to quickly separate client-related issues from network-related issues. The
bottom-up approach could be used as the first step to verify the first stretch of cabling.
Summary
The fundamental elements of a troubleshooting process are as follows:
Q Gathering information
Q Analyzing information
Q Formulating a hypothesis
Q Top-down
Q Bottom-up
14 Chapter 1: Troubleshooting Methods
Q Divide-and-conquer
Q Follow-the-path
Q Compare-configurations
Q Swap-components
Review Questions
1. Which three of the following processes are subprocesses or phases of a trouble-
shooting process?
a. Solve the problem
b. Eliminate
c. Compile
d. Report the problem
e. Define the problem
3. Which three of the following troubleshooting approaches use the OSI reference
model as a guiding principle?
a. Top-down
b. Bottom-up
c. Divide-and-conquer
d. Compare-configurations
e. Swap-components
compare-configurations approach,
Symbols 10, 13
divide-and-conquer approach, 5,
! (exclamation point), 84
8-9, 12
& (packet lifetime exceeded), 84
follow-the-path approach, 5, 9-10, 13
. (period), 84
move-the-problem approach, 5
| (pipe), 78
spot-the-differences approach, 5
? (unknown packet type), 84
swap-components approach, 11, 13
top-down approach, 4, 6-7, 12
A ASW2, management access to
ASW2, 310-313
AAA, troubleshooting, 377-378
authentication
AAA authentication, 375-378
AAA authentication, 375-378
ABR (OSPF Area Border Router), 372
OSPFv3 authentication, RADULKO
access ports, 400 Transport, 430-433
access switches, 290
ACL (access control lists), 361
troubleshooting, 362-364
B
addressing schemes, documentation, 48 BA (Bridge Assurance), 403
analyzing information, 3, 20-21 backup servers, 39
append, 79-80 backups, 32
approaches to troubleshooting, 4-5 performing, 42-47
bottom-up approach, 5, 7-8, 12 Bank of POLONA, 333-334
trouble ticket 1, 334
454 Bank of POLONA
F hypothesis
formulating/proposing, 3
failed devices, 32 proposing, 21-22
replacing, 32 SECHNIK Networking, 121,
fault notification, 109 126-127
IP SLA, troubleshooting 461
L M
labeling M (could not fragment), 84
cables, 48 Mac address, Layer 2 switching, 68
interfaces, 48 MAC addresses, port security,
lack of backup Internet connectivity 186-187
through GW2, 174-182
NMS (SNMP network management station) 463
shoot-from-the-hip, 3
S show access-list, 363
scheduling maintenance, 33-34 show archive, 45
SECHNIK Networking, 117-118 show bgp ipv6 unicast, 423
trouble ticket 1, 118 show bgp ipv6 unicast summary, 423
PC1's connectivity problems, show cdp, 410
118-123 show cdp entry, 410
PC2's connectivity problems, show cdp interface, 411
122-123 show cdp neighbors, 411
PC3's connectivity problem, show cdp neighbors detail, 411
128-130
show cdp traffic, 411
PC4's IPv6 connectivity prob-
lems, 131-134 show command, filtering/redirecting
output, 76-80
trouble ticket 2, 134-152
show commands, information
DHCP address problems, gathering, 143
146-152
show controllers, 91
Internet connectivity problems,
134-141 show diag, 92
SSH connectivity problems, show eigrp address-family {ipv4 | ipv6}
141-146 [autonomous-system-
number] [multicast]
trouble ticket 3, 152-166 accounting, 309
Internet connectivity problems, show eigrp address-family interfaces
162-166 detail [interface-type interface-
secondary Internet connections number], 309
through ISP2, troubleshooting, show eigrp address-family topology
267-274 route-type summary, 309
section option, 79 show eigrp plugins, 309
securing, management planes, show etherchannel group_number
325-326 detail, 230
security, port security, 151-152 show etherchannel summary, 230
verifying, 150-151 show frame-relay map, 141
servers show glbp brief, 241
backup servers, 39 show glbp interface type number
log servers, 39 [brief], 241
timer servers, 39 show interfaces, 91
services show interfaces switchport, 69
logging services, 40-41 show interfaces trunk, 69, 296
network time services, 39-40 show interfaces Tunnel tunnel-id, 369
468 show inventory
V-W-X-Y-Z
verifying
IP packet forwarding (Layer 3 data
plane), 73-75
Layer 2 switching, 67-69
port security, 150-151
VLAN Trunking Protocol (VTP),
415-416
VLANs
connectivity problems, RADULKO
Transport, 411-416
RSPAN (Remote Switched Port
Analyzer), 103-105
troubleshooting, 192-193
Pearson IT Certification
Articles & Chapters
THE LEADER IN IT CERTIFICATION LEARNING TOOLS
Blogs
Mobile Apps
Pearson is the official publisher of Cisco Press, IBM Press,
VMware Press and is a Platinum CompTIA Publishing Partner— Newsletters
EXAM TIPS AND TRICKS from Pearson IT Certification’s Question of the Day