vii

Contents
Introduction xxi
Chapter 1 Troubleshooting Methods 1
Troubleshooting Principles 1
Structured Troubleshooting Approaches 4
The Top-Down Troubleshooting Approach 6
The Bottom-Up Troubleshooting Approach 7
The Divide-and-Conquer Troubleshooting Approach 8
The Follow-the-Path Troubleshooting Approach 9
The Compare-Configurations Troubleshooting Approach 10
The Swap-Components Troubleshooting Approach 11
Troubleshooting Example Using Six Different Approaches 12
Summary 13
Review Questions 14

Chapter 2 Structured Troubleshooting 15

Troubleshooting Method and Procedure 16
Defining the Problem 17
Gathering Information 18
Analyzing the Information 20
Eliminating Potential Causes 21
Proposing a Hypothesis (Likely Cause of the Problem) 21
Testing and Verifying Validity of the Proposed Hypothesis 23
Solving the Problem and Documenting the Work 24
Troubleshooting Example Based on the Structured Method and
Procedures 25
Summary 26
Review Questions 27

Chapter 3 Network Maintenance Tasks and Best Practices 29

Structured Network Maintenance 29
Network Maintenance Processes and Procedures 31
Common Maintenance Tasks 32
Network Maintenance Planning 33
Scheduling Maintenance 33
Formalizing Change-Control Procedures 34
Establishing Network Documentation Procedures 34
Establishing Effective Communication 35
Defining Templates/Procedures/Conventions (Standardization) 36
Planning for Disaster Recovery 36
viii Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide

Network Maintenance Services and Tools 37

Network Time Services 39
Logging Services 40
Performing Backup and Restore 42
Integrating Troubleshooting into the Network Maintenance Process 47
Network Documentation and Baseline 48
Communication 50
Change Control 53
Summary 54
Review Questions 57

Chapter 4 Basic Switching and Routing Process and Effective IOS

Troubleshooting Commands 61
Basic Layer 2 Switching Process 61
Ethernet Frame Forwarding (Layer 2 Data Plane) 62
Layer 2 Switching Verification 67
Basic Layer 3 Routing Process 69
IP Packet Forwarding (Layer 3 Data Plane) 70
Using IOS Commands to Verify IP Packet Forwarding 73
Selective Information Gathering Using IOS show Commands, debug
Commands, Ping, and Telnet 76
Filtering and Redirecting show Command’s Output 76
Testing Network Connectivity Using Ping and Telnet 81
Collecting Real-Time Information Using Cisco IOS debug Commands 85
Diagnosing Hardware Issues Using Cisco IOS Commands 86
Checking CPU Utilization 87
Checking Memory Utilization 88
Checking Interfaces 89
Summary 92
Review Questions 94

Chapter 5 Using Specialized Maintenance and Troubleshooting Tools 99

Categories of Troubleshooting Tools 100
Traffic-Capturing Features and Tools 101
SPAN 102
RSPAN 103
Information Gathering with SNMP 105
Information Gathering with NetFlow 107
Network Event Notification 109
 ix

Summary 113
Review Questions 114

Chapter 6 Troubleshooting Case Study: SECHNIK Networking 117

SECHNIK Networking Trouble Ticket 1 118
Troubleshooting PC1’s Connectivity Problem 118
Gathering Information 119
Analyzing Information, Eliminating Causes, and Gathering Further
Information 119
Proposing Hypotheses 121
Testing the Hypotheses and Solving the Problem 121
Troubleshooting Ethernet Trunks 122
Troubleshooting PC2’s Connectivity Problem 123
Gathering Information 124
Proposing a Hypothesis, Testing the Hypothesis, and Solving the
Problem 126
Troubleshooting NAT 127
Troubleshooting PC3’s Connectivity Problem 128
Gathering Information 129
Eliminating Possibilities, Proposing a Hypothesis, and Testing the
Hypothesis 129
Troubleshooting Network Device Interfaces 130
Troubleshooting PC4’s IPv6 Connectivity Problem 131
Gathering Information 131
Eliminating Possibilities, Proposing a Hypothesis, and Testing the
Hypothesis 132
Troubleshooting IPv6 Address Assignment on Clients 133
SECHNIK Networking Trouble Ticket 2 134
Troubleshooting PC1’s Internet Connectivity Problem 134
Gathering Information 135
Proposing a Hypothesis, Testing the Hypothesis, and Solving the
Problem 137
Troubleshooting Network Layer Connectivity 138
Troubleshooting PC2’s SSH Connectivity Problem 141
Verifying and Defining the Problem 141
Gathering Information 142
Proposing a Hypothesis and Testing the Hypothesis 143
TCP Three-Way Handshake 145
x Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide

Troubleshooting PC4’s DHCP Address Problem 146

Verifying and Defining the Problem 146
Gathering Information 147
Proposing a Hypothesis, Testing a Hypothesis, and Solving the
Problem 148
Troubleshooting Error-Disabled Ports 151
SECHNIK Networking Trouble Ticket 3 152
Troubleshooting PC1 and PC2’s Internet Connectivity Issues 153
Verifying and Defining the Problem 153
Gathering Information 153
Proposing a Hypothesis and Testing the Hypothesis 157
Solving the Problem 159
Troubleshooting DHCP 160
The passive-interface Command 161
Troubleshooting PC3’s Internet Connectivity Issues 162
Verifying and Defining the Problem 162
Gathering Information 162
Proposing a Hypothesis and Testing the Hypothesis 164
Solving the Problem 165
IPv6 Review 166
Summary 166
Review Questions 169

Chapter 7 Troubleshooting Case Study: TINC Garbage Disposal 173

TINC Garbage Disposal Trouble Ticket 1 174
Troubleshooting Lack of Backup Internet Connectivity Through
GW2 174
Information Gathering 176
Analyzing Information, Eliminating Possibilities, and Proposing a
Hypothesis 178
Proposing a Hypothesis, Testing the Hypothesis, and Solving the
Problem 178
Troubleshooting BGP Neighbor Relationships 181
Troubleshooting PC1’s Connectivity Problem 182
Gathering Information 182
Analyzing Information and Gathering Further Information 183
Proposing a Hypothesis, Testing the Hypothesis, and Solving the
Problem 184
Troubleshooting Port Security 186
 xi

Troubleshooting PC2’s Connectivity Problem 187

Gathering Information 188
Eliminating Possibilities, Proposing a Hypothesis, and Testing the
Hypothesis 190
Solving the Problem 191
Troubleshooting VLANs 192
TINC Garbage Disposal Trouble Ticket 2 193
Troubleshooting GW1’s OSPF Neighbor Relation Problem with Router
R1 194
Verifying the Problem 194
Gathering Information 194
Analyzing Information, Eliminating Possibilities, and Proposing a
Hypothesis 199
Testing the Hypothesis and Solving the Problem 199
Troubleshooting OSPF Adjacency 201
Troubleshooting Secure Shell Version 2 Access to Router R2 from
PC4 202
Verifying the Problem 202
Gathering Information 203
Proposing a Hypothesis and Testing the Hypothesis 204
Solving the Problem 205
Troubleshooting SSH and Telnet 206
Troubleshooting Duplicate Address Problem Discovered Through R1 and
R2’s Log Messages 207
Verifying the Problem 207
Gathering Information 207
Analyzing the Information and Proposing a Hypothesis 210
Testing the Hypothesis and Solving the Problem 210
Troubleshooting HSRP 211
TINC Garbage Disposal Trouble Ticket 3 212
Troubleshooting Sporadic Internet Connectivity Problem Experienced by
Users of PC1 and PC2 212
Verifying and Defining the Problem 213
Gathering Information 213
Analyzing Information and Proposing a Hypothesis 215
Testing the Hypothesis and Solving the Problem 217
Troubleshooting Erroneous Routing Information 218
Troubleshooting Multiple Masters within a VRRP 220
Verifying and Defining the Problem 220
Gathering Information 221
xii Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide

Analyzing the Information and Proposing a Hypothesis 222

Testing the Hypothesis, and Solving the Problem 222
Troubleshooting VRRP 224
Troubleshooting EtherChannel Between ASW4 and ASW3 224
Verifying the Problem 224
Defining the Problem 225
Gathering Information 225
Proposing a Hypothesis and Testing the Hypothesis 227
Solving the Problem 228
Troubleshooting EtherChannel 229
TINC Garbage Disposal Trouble Ticket 4 231
Troubleshooting Inconsistent and Sporadic Internet Connectivity Problem
Experienced By Users of PC1 and PC2 231
Verifying and Defining the Problem 232
Gathering Information 233
Analyzing Information and Proposing a Hypothesis 235
Testing the Hypotheses 235
Solving the Problem 239
Troubleshooting FHRPs 241
Troubleshooting Sporadic Loss of Connectivity on PC4 242
Verifying the Problem and Making a Troubleshooting Plan 242
Gathering Information 242
Analyzing the Information and Gathering Further Information 244
Proposing a Hypothesis and Testing the Hypothesis 245
Solving the Problem 246
The Cisco IOS DHCP Snooping Feature 248
Cisco Technical Assistance Center 248
Troubleshooting SSH Connection from PC4 to Router GW2 249
Verifying the Problem and Making a Troubleshooting Plan 249
Gathering Information 250
Proposing a Hypothesis and Testing the Hypothesis 251
Solving the Problem 252
Summary 252
Review Questions 255

Chapter 8 Troubleshooting Case Study: PILE Forensic Accounting 257

PILE Forensic Accounting Trouble Ticket 1 258
Troubleshooting PILE’s Branch Connectivity to HQ and the Internet 258
Verifying and Defining the Problem 258
Gathering Information 260
 xiii

Analyzing Information 264

Proposing a Hypothesis and Testing the Hypothesis 264
Solving the Problem 265
Troubleshooting EIGRP Adjacency 266
Troubleshooting PILE’s Secondary Internet Connection Through ISP2 267
Verifying and Defining the Problem 267
Gathering Information 268
Analyzing Information and Proposing a Hypothesis 270
Testing the Hypothesis 271
Solving the Problem 273
PILE Forensic Accounting Trouble Ticket 2 274
Troubleshooting Telnet Problem: From PC3 to BR 274
Gathering Information 275
Troubleshooting PILE Network’s Internet Access Problem 275
Verifying and Defining the Problem 276
Gathering Information 276
Analyzing Information, Eliminating Causes, and Gathering Further
Information 278
Proposing and Testing a Hypothesis 280
Solving the Problem 281
Troubleshooting BGP 281
Troubleshooting PILE Network’s NTP Problem 282
Verifying the Problem 283
Gathering Information 283
Analyzing the Gathered Information and Gathering Further
Information 284
Proposing a Hypothesis and Testing the Hypothesis 285
Solving the Problem 286
Troubleshooting NTP 286
PILE Forensic Accounting Trouble Ticket 3 287
Troubleshooting PC3’s Lack of Internet Connectivity After the Disaster
Recovery 287
Verifying the Problem 288
Gathering Information (First Run) 288
Analyzing Information, Proposing, and Testing the First
Hypothesis 289
Proposing and Testing the Second Hypothesis 290
Gathering Further Information (Second Run) 292
Proposing and Testing the Third Hypothesis 293
Solving the Problem 294
xiv Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide

Disaster Recovery Best Practices 294

Troubleshooting Inter-VLAN Routing 296
Troubleshooting PC4’s Problem Accessing Cisco.com 297
Verify the Problem and Select an Approach 297
Gather Information and Analyze the Information 298
Proposing and Testing a Hypothesis 299
Solve the Problem 299
Troubleshooting DNS 300
Remote Device Management Notes 301
PILE Forensic Accounting Trouble Ticket 4 302
Troubleshooting Branch Site Internet Connectivity Problem After EIGRP
Reconfiguration 302
Verifying the Problem 302
Gathering Information 303
Gathering Further Information and Analyzing Information 303
Proposing a Hypothesis and Testing the Hypothesis 305
Solving the Problem 307
The EIGRP Stub Configuration 308
The New EIGRP Named Configuration 309
Troubleshooting Management Access to ASW2 310
Verifying the Problem 310
Gathering Information 310
Proposing a Hypothesis and Testing the Hypothesis 311
Solving the Problem 312
Providing a Default Route on Layer 2 And Multilayer Devices 313
PILE Forensic Accounting Trouble Ticket 5 313
Troubleshooting the Redundant Internet Access Path Through the New
HQ0 Edge Router 314
Verifying and Defining the Problem 314
Gathering Information 315
Proposing a Hypothesis and Testing the Hypothesis 318
Solving the Problem 319
Troubleshooting BGP Route Selection 321
Troubleshooting Unauthorized Telnet Access 322
Verifying the Problem 322
Gathering Information 322
Gathering Further Information and Analysis Information 323
Proposing a Hypothesis and Testing the Hypothesis 324
Solving the Problem 325
Securing the Management Plane 325
 xv

Summary 326
Review Questions 329

Chapter 9 Troubleshooting Case Study: Bank of POLONA 333

Bank of POLONA Trouble Ticket 1 334
Troubleshooting PC3’s Lack of Connectivity to SRV2 335
Verifying the Problem 335
Gathering Information 336
Analyzing Information and Proposing a Hypothesis, and Testing the
Hypothesis 338
Solving the Problem 339
Troubleshooting Redistribution 339
Troubleshooting VRRP with Interface Tracking 340
Verifying the Problem 340
Gathering Information 341
Analyzing the Information 342
Proposing and Testing a Hypothesis 342
Solving the Problem 343
FHRP Tracking Options 344
Troubleshooting IP SLA Test Not Starting 345
Verifying the Problem 345
Gathering Information 346
Proposing and Testing a Hypothesis 347
Solving the Problem 348
Troubleshooting IP SLA 349
Bank of POLONA Trouble Ticket 2 349
Troubleshooting Summarization Problem on BR3 350
Verifying the Problem 350
Gathering Information 350
Analyzing Information 351
Proposing and Testing a Hypothesis 351
Solving the Problem 352
Troubleshooting EIGRP Summarization 353
Troubleshooting PC0’s IPv6 Internet Connectivity 353
Verifying the Problem 353
Gathering Information 354
Analyzing Information 356
Proposing and Testing a Hypothesis 356
Solving the Problem 357
Troubleshooting RIPng 357
xvi Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide

Troubleshooting Branch 3’s IPv6 Internet Connectivity 358

Verifying the Problem 358
Gathering Information 359
Analyzing Information 361
Proposing and Testing a Hypothesis 361
Solving the Problem 362
Troubleshooting Access Control Lists 362
Bank of POLONA Trouble Ticket 3 364
Troubleshooting Branch 1’s IP Connectivity to the Headquarters 364
Verifying the Problem 364
Gathering Information 365
Proposing and Testing a Hypothesis 366
Gathering Further Information 367
Proposing and Testing Another Hypothesis 367
Solving the Problem 368
Troubleshooting GRE Tunnels 368
Troubleshooting Branch 3’s Route Summarization 369
Verifying the Problem and Choosing an Approach 369
Gathering Information 370
Analyzing the Information and Proposing a Hypothesis 373
Testing the Hypothesis and Solving the Problem 373
OSPF Summarization Tips and Commands 374
Troubleshooting AAA Authentication on the Branch 1 Router 375
Verifying the Problem and Choosing an Approach 375
Gathering Information 375
Proposing a Hypothesis 376
Testing the Hypothesis and Solving the Problem 376
Troubleshooting AAA 377
Bank of POLONA Trouble Ticket 4 378
Troubleshooting PC0’s Connectivity to IPv6 Internet 378
Verifying the Problem and Choosing an Approach 378
Gathering Information 379
Analyzing the Information and Proposing and Testing a
Hypothesis 381
Gathering Further Information 382
Analyzing Information and Proposing and Testing Another
Hypothesis 383
Solving the Problem 384
Troubleshooting OSPF for IPv6 385
 xvii

Troubleshooting the Dysfunctional Totally Stubby Branch Areas 386

Verifying the Problem and Choosing an Approach 386
Gathering Information 387
Analyzing Information 389
Proposing and Testing a Hypothesis 389
Solving the Problem 390
OSPF Stub Areas 391
Summary 391
Review Questions 394

Chapter 10 Troubleshooting Case Study: RADULKO Transport 397

RADULKO Transport Trouble Ticket 1 398
Mitigating Unauthorized Switches Added by Employees 398
Gathering Information 399
Analyzing Information 400
Proposing a Hypothesis and Solving the Problem 400
Troubleshooting Spanning Tree Protocol 401
Troubleshooting Policy-Based Routing 403
Verifying and Defining the Problem 404
Gathering Information 404
Analyzing the Information 405
Proposing and Testing a Hypothesis 405
Solving the Problem 406
Troubleshooting PBR 407
Troubleshooting Neighbor Discovery 407
Verifying and Defining the Problem 408
Gathering Information 408
Proposing and Testing a Hypothesis 409
Solving the Problem 409
Troubleshooting CDP and LLDP 410
RADULKO Transport Trouble Ticket 2 411
Troubleshooting VLANs and PCs Connectivity Problems 411
Verifying the Problem 412
Gathering Information 412
Analyzing the Information 413
Proposing and Testing a Hypothesis 413
Solving the Problem 414
Troubleshooting VTP 415
xviii Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide

Troubleshooting Branch Router’s IPv6 Problems 416

Verifying the Problem 416
Gathering Information 417
Proposing and Testing a Hypothesis 418
Solving the Problem 418
Troubleshooting EIGRP for IPv6 419
Troubleshooting MP-BGP Session Problem 420
Verifying the Problem 420
Gathering Information 420
Analyzing the Information and Proposing a Hypothesis 421
Solving the Problem 422
Troubleshooting MP-BGP 423
RADULKO Transport Trouble Ticket 3 424
Troubleshooting PC1’s Problem Accessing the SRV Server at the
Distribution Center 424
Verifying and Defining the Problem 424
Gathering Information 425
Analyzing Information 428
Proposing and Testing a Hypothesis 428
Solving the Problem 429
Troubleshooting the OSPFv3 Address Families Feature 429
Troubleshooting OSPFv3 Authentication 430
Verifying the Problem 430
Gathering Information 431
Analyzing Information 432
Proposing and Testing a Hypothesis 432
Solving the Problem 433
RADULKO Transport Trouble Ticket 4 433
Troubleshooting Undesired External OSPF Routes in DST’s Routing
Table 434
Verifying and Defining the Problem 434
Gathering Information 435
Analyzing Information 436
Proposing and Testing a Hypothesis 437
Solving the Problem 439
 xix

Troubleshooting PCs IPv6 Internet Access 440

Verifying the Problem 440
Gathering Information 440
Analyzing Information 442
Proposing and Testing a Hypothesis 443
Solving the Problem 444
Summary 444
Review Questions 448

Appendix A Answers to Review Questions 451

Index 453
xx Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide

Icons Used in This Book

File/Application
Router Laptop
Server

Workgroup
Terminal Secure Server
Switch

Network User
Cloud

PIX Firewall Multilayer Switch

Access Point WLAN Controller

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions
used in the IOS Command Reference. The Command Reference describes these
conventions as follows:

Q Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).

Q Italic indicates arguments for which you supply actual values.

Q Vertical bars (|) separate alternative, mutually exclusive elements.

Q Square brackets ([ ]) indicate an optional element.

Q Braces ({ }) indicate a required choice.

Q Braces within brackets ([{ }]) indicate a required choice within an optional element.
 xxi

Introduction
This book is based on the Cisco Systems TSHOOT course, which was recently
introduced as part of the CCNP curriculum. It provides troubleshooting and
maintenance information and examples that relate to Cisco routing and switching. It
is assumed that readers know and understand as much Cisco routing and switching
background as covered in the Cisco ROUTE and SWITCH courses. The book is enough
to prepare you for the TSHOOT exam, too.

Teaching troubleshooting is not an easy task. This book introduces you to many
troubleshooting methodologies and identifies the benefits of different techniques.
Technical routing and switching topics are briefly reviewed, but the emphasis
is on troubleshooting commands, and most important, this book presents many
troubleshooting examples. Chapter review questions will help you evaluate how well you
absorbed material within each chapter. The questions are also an excellent supplement
for exam preparation.

Who Should Read This Book?

Those individuals who want to learn about modern troubleshooting methodologies and
techniques and want to see several relevant examples will find this book very useful. This
book is most suitable for those who have some prior routing and switching knowledge
but would like to learn more or otherwise enhance their troubleshooting skill set.
Readers who want to pass the Cisco TSHOOT exam can find all the content they need
to successfully do so in this book. The Cisco Networking Academy CCNP TSHOOT
course students will use this book as their official textbook.

Cisco Certifications and Exams

Cisco offers four levels of routing and switching certification, each with an increasing
level of proficiency: Entry, Associate, Professional, and Expert. These are commonly
known by their acronyms CCENT (Cisco Certified Entry Networking Technician),
CCNA (Cisco Certified Network Associate), CCNP (Cisco Certified Network
Professional), and CCIE (Cisco Certified Internetworking Expert). There are others, too,
but this book focuses on the certifications for enterprise networks.

For the CCNP certification, you must pass exams on a series of CCNP topics, including
the SWITCH, ROUTE, and TSHOOT exams. For most exams, Cisco does not publish
the scores needed for passing. You need to take the exam to find that out for yourself.
To see the most current requirements for the CCNP certification, go to Cisco.com and
click Training and Events. There you can find out other exam details such as exam
topics and how to register for an exam.
xxii Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide

The strategy you use to prepare for the TSHOOT exam might differ slightly from strategies
used by other readers, mainly based on the skills, knowledge, and experience you have
already obtained. For instance, if you have attended the TSHOOT course, you might take a
different approach than someone who learned troubleshooting through on-the-job training.
Regardless of the strategy you use or the background you have, this book is designed to help
you get to the point where you can pass the exam with the least amount of time required.

How This Book Is Organized

Although this book can be read cover to cover, it is designed to be flexible and allow you
to easily move between chapters to cover only the material for which you might need
additional remediation. The chapters can be covered in any order, although some chapters
are related to and build upon each other. If you do intend to read them all, the order in
the book is an excellent sequence to follow.

Each core chapter covers a subset of the topics on the CCNP TSHOOT exam. The
chapters cover the following topics:

Q Chapter 1 introduces the troubleshooting principles and discusses the most common
troubleshooting approaches.

Q Chapter 2 defines structured troubleshooting and analyzes all the subprocesses of

structured troubleshooting.

Q Chapter 3 introduces structured network maintenance and discusses network mainte-

nance processes and procedures. Network maintenance services and tools, along with
how you can integrate troubleshooting into the network maintenance process, are
also presented in this chapter.

Q Chapter 4 reviews the Layer 2 switching and Layer 3 routing processes and shows
how to do selective information gathering using the IOS show command, debug
command, ping, and Telnet.

Q Chapter 5 discusses troubleshooting tools: traffic-capturing features and tools, infor-

mation gathering with SNMP, information gathering with NetFlow, and network
event notification with EEM.

Q Chapters 6 through 10 are all troubleshooting cases. Each chapter is about a differ-
ent network with many different problems. Each problem is dealt with in the form
of a real-life trouble ticket, and it is fixed following the structured troubleshooting
methodology using the appropriate approach. All stages of troubleshooting, includ-
ing fact gathering, are presented with output from Cisco IOS routers and switches.
The network diagrams for Chapters 6 through 10 appear at the beginning and end
of each chapter. For easier reference, a PDF of these network diagrams is avail-
able to download and print out or read on your e-device. Go to ciscopress.com/
title/9781587204555 and click on the Downloads tab.

There is also an appendix that has answers to the review questions found at the end of each
chapter.
 Chapter 1

Troubleshooting Methods

This chapter covers the following topics:

Q Troubleshooting principles

Q Common troubleshooting approaches

Q Troubleshooting example using six different approaches

Most modern enterprises depend heavily on the smooth operation of their network
infrastructure. Network downtime usually translates to loss of productivity, revenue, and
reputation. Network troubleshooting is therefore one of the essential responsibilities of
the network support group. The more efficiently and effectively the network support
personnel diagnose and resolve problems, the lower impact and damages will be to
business. In complex environments, troubleshooting can be a daunting task, and the
recommended way to diagnose and resolve problems quickly and effectively is by
following a structured approach. Structured network troubleshooting requires well-
defined and documented troubleshooting procedures.

This chapter defines troubleshooting and troubleshooting principles. Next, six different
troubleshooting approaches are described. The third section of this chapter presents a
troubleshooting example based on each of the six troubleshooting approaches.

Troubleshooting Principles
Troubleshooting is the process that leads to the diagnosis and, if possible, resolution of a
problem. Troubleshooting is usually triggered when a person reports a problem. In mod-
ern and sophisticated environments that deploy proactive network monitoring tools and
techniques, a failure/problem may be discovered and even fixed/resolved before end
users notice or business applications get affected by it.

Some people say that a problem does not exist until it is noticed, perceived as a problem,
and reported as a problem. This implies that you need to differentiate between a problem,
2 Chapter 1: Troubleshooting Methods

as experienced by the user, and the actual cause of that problem. The time a problem is
reported is not necessarily the same time at which the event causing the problem happened.
Also, the reporting user generally equates the problem to the symptoms, whereas the trou-
bleshooter often equates the problem to the root cause. For example, if the Internet con-
nection fails on Saturday in a small company, it is usually not a problem, but you can be sure
that it will turn into a problem on Monday morning if it is not fixed before then. Although
this distinction between symptoms and cause of a problem might seem philosophical, you
need to be aware of the potential communication issues that might arise from it.

Generally, reporting of a problem triggers the troubleshooting process. Troubleshooting

starts by defining the problem. The second step is diagnosing the problem, during which
information is gathered, the problem definition is refined, and possible causes for the prob-
lem are proposed. Eventually, this process should lead to a hypothesis for the root cause of
the problem. At this time, possible solutions need to be proposed and evaluated. Next, the
best solution is selected and implemented. Figure 1-1 illustrates the main elements of a struc-
tured troubleshooting approach and the transition possibilities from one step to the next.

Define Gather
Analyze
Problem Information

Eliminate

Solve Test Propose

Problem Hypothesis Hypothesis

Figure 1-1 Flow Chart of a Structured Troubleshooting Approach

Note It is noteworthy, however, that the solution to a network problem cannot always
be readily implemented and an interim workaround might have to be proposed. The
difference between a solution and a workaround is that a solution resolves the root cause
of the problem, whereas a workaround only alleviates the symptoms of the problem.

Although problem reporting and resolution are definitely essential elements of the trou-
bleshooting process, most of the time is spent in the diagnostic phase. One might even
believe that diagnosis is all troubleshooting is about. Nevertheless, within the context
of network maintenance, problem reporting and resolution are indeed essential parts of
troubleshooting. Diagnosis is the process of identifying the nature and cause of a prob-
lem. The main elements of this process are as follows:

Q Gathering information: Gathering information happens after the problem has been
reported by the user (or anyone). This might include interviewing all parties (user)
involved, plus any other means to gather relevant information. Usually, the problem
report does not contain enough information to formulate a good hypothesis without
first gathering more information. Information and symptoms can be gathered direct-
ly, by observing processes, or indirectly, by executing tests.
 Troubleshooting Principles 3

Q Analyzing information: After the gathered information has been analyzed, the trou-
bleshooter compares the symptoms against his knowledge of the system, processes,
and baselines to separate normal behavior from abnormal behavior.

Q Eliminating possible causes: By comparing the observed behavior against expected

behavior, some of the possible problem causes are eliminated.

Q Formulating/proposing a hypothesis: After gathering and analyzing information

and eliminating the possible causes, one or more potential problem causes remain.
The probability of each of these causes will have to be assessed and the most likely
cause proposed as the hypothetical cause of the problem.

Q Testing the hypothesis: The hypothesis must be tested to confirm or deny that it is
the actual cause of the problem. The simplest way to do this is by proposing a solu-
tion based on this hypothesis, implementing that solution, and verifying whether
this solved the problem. If this method is impossible or disruptive, the hypothesis
can be strengthened or invalidated by gathering and analyzing more information.

All troubleshooting methods include the elements of gathering and analyzing information,
eliminating possible causes, and formulating and testing hypotheses. Each of these steps has
its merits and requires some time and effort; how and when one moves from one step to the
next is a key factor in the success level of a troubleshooting exercise. In a scenario where
you are troubleshooting a complex problem, you might go back and forth between differ-
ent stages of troubleshooting: Gather some information, analyze the information, eliminate
some of the possibilities, gather more information, analyze again, formulate a hypothesis,
test it, reject it, eliminate some more possibilities, gather more information, and so on.

If you do not take a structured approach to troubleshooting and do troubleshooting in

an ad hoc fashion, you might eventually find the solution; however, the process in gen-
eral will be very inefficient. Another drawback of ad hoc troubleshooting is that handing
the job over to someone else is very hard to do; the progress results are mainly lost. This
can happen even if the troubleshooter wants to resume his own task after he has stopped
for a while, perhaps to take care of another matter. A structured approach to trouble-
shooting, regardless of the exact method adopted, yields more predictable results in the
long run. It also makes it easier to pick up where you left off or hand the job over to
someone else without losing any effort or results.

A troubleshooting approach that is commonly deployed both by inexperienced and

experienced troubleshooters is called shoot-from-the-hip. After a very short period of
gathering information, taking this approach, the troubleshooter quickly makes a change
to see if it solves the problem. Even though it may seem like random troubleshooting on
the surface, it is not. The reason is that the guiding principle for this method is prior and
usually vast knowledge of common symptoms and their corresponding causes, or simply
extensive relevant experience in a particular environment or application. This technique
might be quite effective for the experienced troubleshooter most times, but it usually
does not yield the same results for the inexperienced troubleshooter. Figure 1-2 shows
how the “shoot-from-the-hip” approach goes about solving a problem, spending almost
no effort in analyzing the gathered information and eliminating possibilities.
4 Chapter 1: Troubleshooting Methods

Define Gather
Analyze
Problem Information

Eliminate

Solve Test Propose

Problem Hypothesis Hypothesis

Figure 1-2 Shoot-from-the-Hip

Assume that a user reports a LAN performance problem and in 90 percent of the past
cases with similar symptoms, the problem has been caused by duplex mismatch between
users’ workstations (PC or laptop) and the corresponding access switch port. The solu-
tion has been to configure the switch port for 100-Mbps full duplex. Therefore, it
sounds reasonable to quickly verify the duplex setting of the switch port to which
the user connects and change it to 100-Mbps full duplex to see whether that fixes the
problem. When it works, this method can be very effective because it takes very little
time. Unfortunately, the downside of this method is that if it does not work, you have
not come any closer to a possible solution, you have wasted some time (both yours and
users’), and you might possibly have caused a bit of frustration. Experienced trouble-
shooters use this method to great effect. The key factor in using this method effectively
is knowing when to stop and switch to a more methodical (structured) approach.

Structured Troubleshooting Approaches

Troubleshooting is not an exact science, and a particular problem can be diagnosed and
sometimes even solved in many different ways. However, when you perform structured
troubleshooting, you make continuous progress, and usually solve the problem faster
than it would take using an ad hoc approach. There are many different structured trou-
bleshooting approaches. For some problems, one method might work better, whereas
for others, another method might be more suitable. Therefore, it is beneficial for the
troubleshooter to be familiar with a variety of structured approaches and select the best
method or combination of methods to solve a particular problem.

A structured troubleshooting method is used as a guideline through a troubleshooting pro-

cess. The key to all structured troubleshooting methods is systematic elimination of hypo-
thetical causes and narrowing down on the possible causes. By systematically eliminating
possible problem causes, you can reduce the scope of the problem until you manage to
isolate and solve the problem. If at some point you decide to seek help or hand the task
over to someone else, your findings can be of help to that person and your efforts are not
wasted. Commonly used troubleshooting approaches include the following:

Q The top-down approach: Using this approach, you work from the Open Systems
Interconnection (OSI) model’s application layer down to the physical layer. The OSI
seven-layer networking model and TCP/IP four-layer model are shown side by side
in Figure 1-3 for your reference.
 Structured Troubleshooting Approaches 5

OSI 7-Layer Model TCP/IP 4-Layer Networking Model

7. Application Layer

6. Presentation Layer Application Layer

5. Session Layer

4. Transport Layer Transport Layer

3. Network Layer Internet Layer

2. Data Link Layer

Network Interface Layer
1. Physical Layer

Figure 1-3 The OSI and TCP/IP Networking Models

Q The bottom-up approach: This approach starts from the OSI model’s physical layer
and moves up toward the application layer.

Q The divide-and-conquer approach: Using this approach, you start in the middle of
the OSI model’s stack (usually the network layer), and then, based on your findings,
you move up or down the OSI stack.

Q The follow-the-path approach: This approach is based on the path that packets take
through the network from source to destination.

Q The spot-the-differences approach: As the name implies, this approach compares

network devices or processes that are operating correctly to devices or processes
that are not operating as expected and gathers clues by spotting significant differ-
ences. In case the problem occurred after a change on a single device was imple-
mented, the spot-the differences approach can pinpoint the problem cause by
focusing on the difference between the device configurations, before and after the
problem was reported.

Q The move-the-problem approach: The strategy of this troubleshooting approach is

to physically move components and observe whether the problem moves with the
moved components.

The sections that follow describe each of these methods in more detail.
6 Chapter 1: Troubleshooting Methods

The Top-Down Troubleshooting Approach

The top-down troubleshooting method uses the OSI model as a guiding principle. One
of the most important characteristics of the OSI model is that each layer depends on the
underlying layers for its operation. This implies that if you find a layer to be operational,
you can safely assume that all underlying layers are fully operational as well.

Let’s assume that you are researching a problem of a user that cannot browse a particu-
lar website and you find that you can establish a TCP connection on port 80 from this
host to the server and get a response from the server (see Figure 1-4). In this situation,
it is reasonable to conclude that the transport layer and all layers below must be fully
functional between the client and the server and that this is most likely a client or server
problem (most likely at application, presentation, or session layer) and not a network
problem. Be aware that in this example it is reasonable to conclude that Layers 1 through
4 must be fully operational, but it does not definitively prove this. For instance, nonfrag-
mented packets might be routed correctly, whereas fragmented packets are dropped.
The TCP connection to port 80 might not uncover such a problem.

The user can establish a TCP connection

to this server (on port 80).

IP Network
Providing a Redundant Data Path
Between the Client Workstation
and the Server

The user cannot open a particular

website on a particular server.

Figure 1-4 Application Layer Failure

Essentially, the goal of the top-down approach is to find the highest OSI layer that is
still working. All devices and processes that work on that layer or layers below are then
eliminated from the scope of the troubleshooting. It might be clear that this approach
is most effective if the problem is on one of the higher OSI layers. It is also one of the
most straightforward troubleshooting approaches, because problems reported by users
are typically defined as application layer problems, so starting the troubleshooting pro-
cess at that layer is a natural thing to do. A drawback or impediment to this approach is
 Structured Troubleshooting Approaches 7

that you need to have access to the client’s application layer software to initiate the trou-
bleshooting process, and if the software is only installed on a small number of machines,
your troubleshooting options might be limited.

The Bottom-Up Troubleshooting Approach

The bottom-up troubleshooting approach also uses the OSI model as its guiding prin-
ciple with the physical layer (bottom layer of the OSI seven-layer network model) as the
starting point. In this approach, you work your way layer by layer up toward the appli-
cation layer and verify that relevant network elements are operating correctly. You try
to eliminate more and more potential problem causes so that you can narrow down the
scope of the potential problems.
Let’s assume that you are researching a problem of a user that cannot browse a particular
website and while you are verifying the problem, you find that the user’s workstation is
not even able to obtain an IP address through the DHCP process (see Figure 1-5). In this
situation it is reasonable to suspect lower layers of the OSI model and take a bottom-up
troubleshooting approach.

The server’s web page is successfully

accessed by many other users.

IP Network
Providing a Redundant Data Path
Between the Client Workstation
During problem verification
and the Server
it is noticed that the user
workstation cannot obtain
an IP address.

The user cannot open a particular

website on a particular server.

Figure 1-5 Failure at Lower OSI Layers

A benefit of the bottom-up approach is that all the initial troubleshooting takes place
on the network, so access to clients, servers, or applications is not necessary until a very
late stage in the troubleshooting process. In certain environments, especially those where
many old and outdated devices and technologies are still in use, many network problems
8 Chapter 1: Troubleshooting Methods

are hardware related. The bottom-up approach is very effective under those circumstanc-
es. A disadvantage of this method is that, in large networks, it can be a time-consuming
process because a lot of effort will be spent on gathering and analyzing data and you
always start from the bottom layer. The best bottom-up approach is to first reduce
the scope of the problem using a different strategy and then switch to the bottom-up
approach for clearly bounded parts of the network topology.

The Divide-and-Conquer Troubleshooting Approach

The divide-and-conquer troubleshooting approach strikes a balance between the top-
down and bottom-up troubleshooting approaches. If it is not clear which of the top-
down or bottom-up approaches will be more effective for a particular problem, an alter-
native is to start in the middle (usually from the network layer) and perform some tests
such as ping and trace. Ping is an excellent connectivity testing tool. If the test is success-
ful, you can assume that all lower layers are functional, and so you can start a bottom-up
troubleshooting starting from the network layer. However, if the test fails, you can start
a top-down troubleshooting starting from the network layer.

Let’s assume that you are researching a problem of a user who cannot browse a particular
website and that while you are verifying the problem you find that the user’s worksta-
tion can successfully ping the server’s IP address (see Figure 1-6). In this situation, it is
reasonable to assume that the physical, data link, and network layers of the OSI model
are in good working condition, and so you examine the upper layers, starting from the
transport layer in a bottom-up approach.

The server’s web page is successfully

accessed by many other users.

IP Network
Providing a Redundant Data Path
Between the Client Workstation
During problem verification
and the Server
the network engineer
successfully pings the
server’s IP address.

The user cannot open a particular

website on a particular server.

Figure 1-6 Successful Ping Shifts the Focus to Upper OSI Layers (Divide-and-Conquer
Approach)
 Structured Troubleshooting Approaches 9

Whether the result of the initial test is positive or negative, the divide-and-conquer
approach usually results in a faster elimination of potential problems than what you
would achieve by implementing a full top-down or bottom-up approach. Therefore, the
divide-and-conquer method is considered highly effective and possibly the most popular
troubleshooting approach.

The Follow-the-Path Troubleshooting Approach

The follow-the-path approach is one of the most basic troubleshooting techniques, and it
usually complements one of the other troubleshooting methods such as the top-down or
the bottom-up approach. The follow-the-path approach first discovers the actual traffic path
all the way from source to destination. Next, the scope of troubleshooting is reduced to just
the links and devices that are actually in the forwarding path. The principle of this approach
is to eliminate the links and devices that are irrelevant to the troubleshooting task at hand.
Let’s assume that you are researching a problem of a user who cannot browse a particular
website and that while you are verifying the problem you find that a trace (tracert) from
the user’s PC command prompt to the server’s IP address succeeds only as far as the first
hop, which is the L3 Switch v (Layer 3 or Multilayer Switch v) in Figure 1-7. Based on
your understanding of the network link bandwidths and the routing protocol used on
this network, you mark the links on the best path between the user workstation and the
server on the diagram with numbers 1 through 7, as shown in Figure 1-7.

The server’s web page is successfully

IP Network
accessed by many other users.
Providing a Redundant Data Path
7 Between the Client Workstation
L2 Switch y and the Server

6
5
L3 Switch g L3 Switch w
R2

4 R3
R4
3
L3 Switch j L3 Switch v
R1
2
L2 Switch x

1
A tracert from the user’s workstation
toward the server’s IP address
reaches only as far as L3 Switch v.

The user cannot open a particular

website on a particular server.

Figure 1-7 The Follow-the-Path Approach Shifts the Focus to Link 3 and Beyond
Toward the Server
10 Chapter 1: Troubleshooting Methods

In this situation it is reasonable to shift your troubleshooting approach to the L3 Switch

v and the segments beyond, toward the server along the best path. The follow-the-path
approach can quickly lead you to the problem area. You can then try and pinpoint the
problem to a device, and ultimately to a particular physical or logical component that is
either broken, misconfigured, or has a bug.

The Compare-Configurations Troubleshooting Approach

Another common troubleshooting approach is called the compare-configurations
approach, also referred to as the spotting-the-differences approach. By comparing
configurations, software versions, hardware, or other device properties between work-
ing and nonworking situations and spotting significant differences between them, this
approach attempts to resolve the problem by changing the nonoperational elements to
be consistent with the working ones. The weakness of this method is that it might lead
to a working situation, without clearly revealing the root cause of the problem. In some
cases, you are not sure whether you have implemented a solution or a workaround.

Example 1-1 shows two routing tables; one belongs to Branch2’s edge router, experienc-
ing problems, and the other belongs to Branch1’s edge router, with no problems. If you
compare the content of these routing tables, as per the compare-configurations (spot-
ting-the-differences) approach, a natural deduction is that the branch with problems is
missing a static entry. The static entry can be added to see whether it solves the problem.

Example 1-1 Spot-the-Differences: One Malfunctioning and One Working Router

------------- Branch1 is in good working order ----------

Branch1# show ip route
<...output omitted...>
10.0.0.0/24 is subnetted, 1 subnets
C 10.132.125.0 is directly connected, FastEthernet4
C 192.168.36.0/24 is directly connected, BVI1
S* 0.0.0.0/0 [254/0] via 10.132.125.1
------------- Branch2 has connectivity problems ----------
Branch2# show ip route
<...output omitted...>
10.0.0.0/24 is subnetted, 1 subnets
C 10.132.126.0 is directly connected, FastEthernet4
C 192.168.37.0/24 is directly connected, BVI1

The compare-configurations approach (spotting-the-differences) is not a complete

approach; it is, however, a good technique to use undertaking other approaches. One
benefit of this approach is that it can easily be used by less-experienced troubleshooting
staff to at least shed more light on the case. When you have an up-to-date and accessible
set of baseline configurations, diagrams, and so on, spotting the difference between the
current configuration and the baseline might help you solve the problem faster than any
other approach.
 Structured Troubleshooting Approaches 11

The Swap-Components Troubleshooting Approach

Also called move-the-problem, the swap-components approach is a very elementary
troubleshooting technique that you can use for problem isolation: You physically swap
components and observe whether the problem stays in place, moves with the compo-
nent, or disappears entirely. Figure 1-8 shows two PCs and three laptops connected to a
LAN switch, among which laptop B has connectivity problems. Assuming that hardware
failure is suspected, you must discover whether the problem is on the switch, the cable,
or the laptop. One approach is to start gathering data by checking the settings on the
laptop with problems, examining the settings on the switch, comparing the settings of all
the laptops, and the switch ports, and so on. However, you might not have the required
administrative passwords for the PCs, laptops, and the switch. The only data that you
can gather is the status of the link LEDs on the switch and the laptops and PCs. What
you can do is obviously limited. A common way to at least isolate the problem (if it is
not solved outright) is cable or port swapping. Swap the cable between a working device
and laptop B (the one that is having problems). Move the laptop from one port to anoth-
er using a cable that you know for sure is good. Based on these simple moves, you can
isolate whether the problem is cable, switch, or laptop related.

5 1

E A
2
4 ?
3

D B

Figure 1-8 Swap-the-Component: Laptop B Is Having Network Problems

Just by executing simple tests in a methodical way, the swap-components approach

enables you to isolate the problem even if the information that you can gather is mini-
mal. Even if you do not solve the problem, you have scoped it to a single element, and
you can now focus further troubleshooting on that element. Note that in the previous
example if you determine that the problem is cable related, it is unnecessary to obtain
the administrative password for the switch, PCs, and laptops. The drawbacks of this
method are that you are isolating the problem to only a limited set of physical elements
and not gaining any real insight into what is happening, because you are gathering only
very limited indirect information. This method assumes that the problem is with a single
component. If the problem lies within multiple devices, you might not be able to isolate
the problem correctly.
12 Chapter 1: Troubleshooting Methods

Troubleshooting Example Using Six Different

Approaches
An external financial consultant has come in to help your company’s controller with an
accounting problem. He needs access to the finance server. An account has been created
for him on the server, and the client software has been installed on the consultant’s lap-
top. You happen to walk past the controller’s office and are called in and told that the
consultant can’t connect to the finance server. You are a network support engineer and
have access to all network devices, but not to the servers. Think about how you would
handle this problem, what your troubleshooting plan would be, and which method or
combination of methods you would use.

What possible approaches can you take for this troubleshooting task? This case lends
itself to many different approaches, but some specific characteristics can help you
decide an appropriate approach:

Q You have access to the network devices, but not to the server. This implies that you
will likely be able to handle Layer 1–4 problems by yourself; however, for Layer
5–7, you will probably have to escalate to a different person.

Q You have access to the client device, so it is possible to start your troubleshooting
from it.

Q The controller has the same software and access rights on his machine, so it is pos-
sible to compare between the two devices.

What are the benefits and drawbacks of each possible troubleshooting approach for this
case?

Q Top-down: You have the opportunity to start testing at the application layer. It is
good troubleshooting practice to confirm the reported problem, so starting from
the application layer is an obvious choice. The only possible drawback is that you
will not discover simple problems, such as the cable being plugged in to a wrong
outlet, until later in the process.

Q Bottom-up: A full bottom-up check of the whole network is not a very useful
approach because it will take too much time and at this point, there is no reason to
assume that the network beyond the first access switch would be causing the issue.
You could consider starting with a bottom-up approach for the first stretch of the
network, from the consultant’s laptop to the access switch, to uncover potential
cabling problems.

Q Divide-and-conquer: This is a viable approach. You can ping from the consultant’s
laptop to the finance server. If that succeeds, the problem is most likely at upper
layers. For example, a firewall or access control list could be the culprit. If the ping
fails, assuming that ping is not blocked in the network, it is safe to assume that the
problem is at network or lower layers and you are responsible for fixing it. The
advantage of this method is that you can quickly decide on the scope of the prob-
lem and whether escalation is necessary.
 Summary 13

Q Follow-the-path: Similar to the bottom-up approach, a full follow-the-path

approach is not efficient under the circumstances, but tracing the cabling to the first
switch can be a good start if it turns out that the link LED is off on the consultant’s
PC. This method might come into play after other techniques have been used to
narrow the scope of the problem.

Q Compare-configurations: You have access to both the controller’s PC and the con-
sultant’s laptop; therefore, compare-configurations is a possible strategy. However,
because these machines are not under the control of a single IT department, you
might find many differences, and it might therefore be hard to spot the significant
and relevant differences. The compare-configurations approach might prove useful
later, after it has been determined that the problem is likely to be on the client.

Q Swap-components: Using this approach alone is not likely to be enough to solve the
problem, but if following any of the other methods indicates a potential hardware
issue between the consultant’s PC and the access switch, this method might come
into play. However, merely as a first step, you could consider swapping the cable
and the jack connected to the consultant’s laptop and the controller’s PC, in turn, to
see whether the problem is cable, PC, or switch related.

Many combinations of these different methods could be considered here. The most
promising methods are top-down or divide-and-conquer. You will possibly switch to
follow-the-path or compare-configurations approach after the scope of the problem has
been properly reduced. As an initial step in any approach, the swap-components method
could be used to quickly separate client-related issues from network-related issues. The
bottom-up approach could be used as the first step to verify the first stretch of cabling.

Summary
The fundamental elements of a troubleshooting process are as follows:

Q Defining the problem

Q Gathering information

Q Analyzing information

Q Eliminating possible causes

Q Formulating a hypothesis

Q Testing the hypothesis

Q Solving the problem

Some commonly used troubleshooting approaches are as follows:

Q Top-down

Q Bottom-up
14 Chapter 1: Troubleshooting Methods

Q Divide-and-conquer

Q Follow-the-path

Q Compare-configurations

Q Swap-components

Review Questions
1. Which three of the following processes are subprocesses or phases of a trouble-
shooting process?
a. Solve the problem
b. Eliminate
c. Compile
d. Report the problem
e. Define the problem

2. Which three of the following approaches are valid troubleshooting methods?

a. Swap-components
b. Ad Hoc
c. Compare-configurations
d. Follow-the-path
e. Hierarchical

3. Which three of the following troubleshooting approaches use the OSI reference
model as a guiding principle?
a. Top-down
b. Bottom-up
c. Divide-and-conquer
d. Compare-configurations
e. Swap-components

4. Which of the following troubleshooting methods would be most effective when

the problem is with the Ethernet cable connecting a workstation to the wall RJ-45
jack?
a. Top-down
b. Divide-and-conquer
c. Compare-configurations
d. Swap-components
e. Follow-the-path
Index

compare-configurations approach,
Symbols 10, 13
divide-and-conquer approach, 5,
! (exclamation point), 84
8-9, 12
& (packet lifetime exceeded), 84
follow-the-path approach, 5, 9-10, 13
. (period), 84
move-the-problem approach, 5
| (pipe), 78
spot-the-differences approach, 5
? (unknown packet type), 84
swap-components approach, 11, 13
top-down approach, 4, 6-7, 12
A ASW2, management access to
ASW2, 310-313
AAA, troubleshooting, 377-378
authentication
AAA authentication, 375-378
AAA authentication, 375-378
ABR (OSPF Area Border Router), 372
OSPFv3 authentication, RADULKO
access ports, 400 Transport, 430-433
access switches, 290
ACL (access control lists), 361
troubleshooting, 362-364
B
addressing schemes, documentation, 48 BA (Bridge Assurance), 403
analyzing information, 3, 20-21 backup servers, 39
append, 79-80 backups, 32
approaches to troubleshooting, 4-5 performing, 42-47
bottom-up approach, 5, 7-8, 12 Bank of POLONA, 333-334
trouble ticket 1, 334
454 Bank of POLONA

IP SLA test not starting, BR (branch router), 274

345-349 branch connectivity to HQ and
lack of connectivity to SRV2, the Internet, PILE Forensic
335-340 Accounting, 258-267
VRRP with interface tracking, branch router's IPv6 problems,
340-345 RADULKO Transport, 416-420
trouble ticket 2, 349-350 branch site Internet connectivity
IP connectivity to headquar- problems after EIGRP reconfigu-
ters, 364-369 ration, 302-309
IPv6 connectivity problems, Bridge Assurance (BA), 403
353-364 brief, 345
summarization problems,
350-353
trouble ticket 3, 364
C
AAA authentication, 375-378 cables, labeling, 48
route summarization, 369-374 capacity planning, 33
trouble ticket 4, 378 caret (^) character, 79
dysfunctional stubby branch case studies
areas, 386-391 Bank of POLONA. See Bank of
troubleshooting PC0's connec- POLONA
tivity to IPv6 Internet, PILE Forensic Accounting. See PILE
378-386 Forensic Accounting
baselines, network maintenance RADULKO Transport. See
processes, 48-50 RADULKO Transport
begin keyword, 78 SECHNIK Networking. See
best practices, disaster recovery, SECHNIK Networking
294-296 TINC Garbage Disposal. See TINC
BGP Garbage Disposal
redistribution, 340 categories of troubleshooting tools,
troubleshooting, 281-282 100-101
BGP neighbor relationships, 272- CDP (Cisco Discovery Protocol),
273, 278 410-411
troubleshooting, 181-182 CEF (Cisco Express Forwarding), 73,
75, 139
BGP neighbor status, 269
switching methods, 141
BGP route selection, troubleshooting,
321-322 CEF FIB table, displaying content, 140
bottom-up approach, 5, 7-8, 12 change control, network maintenance
processes, 53
BPDU Guard, 152
BPDUFilter, 402-403
 commands 455

change-control procedures, formal- debug ip packet, 85-86

izing, 34 debug ipv6 eigrp, 420
Cisco Discovery Protocol (CDP), debug ipv6 rip, 358
410-411
debug lldp, 411
Cisco Express Forwarding (CEF),
debug ospfv3 events, 430
73, 75
debug spanning-tree bpdu receive, 85
Cisco IOS DHCP snooping feature,
248 debug tunnel, 369
Cisco Technical Assistance Center, debug vrrp all, 224
248-249 debug vrrp authentication, 224
Cisco.com, problems accessing, debug vrrp error, 224
297-302 debug vrrp events, 224
clear bgp ipv6 unicast *, 423 debug vrrp packets, 224
CLI (command-line interface), 301 debug vrrp state, 224
collecting real-time information, distribute-list access-list, 281
debug commands, 85-86
distribute-list prefix-list, 282
collectors, exporting NetFlow infor-
eigrp stub, 306
mation to, 107-108
eigrp stub connected, 308
command-line device management, 38
eigrp stub receive-only, 308
commands
eigrp stub redistribute, 308
clear bgp ipv6 unicast *, 423
eigrp stub static, 308
configure replace, 46
eigrp stub summary, 308
configure replace url time seconds,
301 filter-list as-path-ACL-number, 282
debug bgp ipv6 unicast updates, 423 ip config/all, 296
debug cdp, 411 ip default-gateway ip-address, 313
debug eigrp packets hello, 85 ip default-network network-number,
313
debug glbp [packets | events | terse |
error | all], 241 ip helper-address, 159
debug interface interface-slot/ ip route 0.0.0.0.0.0.0.0 {ip-address |
number, 85 interface-type interface-number
[ip-address]}, 313
debug ip bgp, 182
passive-interface, 161-162
debug ip bgp events, 85
passive-interface default, 161
debug ip bgp updates, 85, 282
passive-interface interface command,
debug ip eigrp packets, 267
161
debug ip icmp, 85
reload in [hh:]mm [text], 301
debug ip ospf adjacency, 85
route-map route-map-name, 282
debug ip ospf events, 85
running-config, 305
456 commands

show, filtering/redirecting output, show ip bgp neighbors neighbor-

76-80 ip-address [routes | advertised-
show access-list, 363 routes], 282
show archive, 45 show ip bgp summary, 182, 282
show bgp ipv6 unicast, 423 show ip cache flow, 109
show bgp ipv6 unicast summary, 423 show ip cef exact-route source
destination, 75, 140
show cdp, 410
show ip cef ip-address, 74, 140
show cdp entry, 410
show ip cef network mask, 75, 140
show cdp interface, 411
show ip eigrp interfaces, 267
show cdp neighbors, 411
show ip eigrp neighbors, 267
show cdp neighbors detail, 411
show ip eigrp topology, 309
show cdp traffic, 411
show ip interface brief, 296
show controllers, 91
show ip interface interface-type
show diag, 92
interface-number, 363
show eigrp address-family {ipv4 |
show ip nat translations, 128
ipv6} [autonomous-system-
number] [multicast] accounting, show ip ospf neighbor, 215, 366
309 show ip protocols, 264
show eigrp address-family interfaces show ip route, 77, 311
detail [interface-type interface- show ip route ip-address, 74, 139
number], 309
show ip route longer-prefixes, 77
show eigrp address-family topology
show ip route network mask, 74, 139
route-type summary, 309
show ip route network mask longer-
show eigrp plugins, 309
prefixes, 74, 140
show etherchannel group_number
show ip route ospfv3, 430
detail, 230
show ip sla application, 345
show etherchannel summary, 230
show ip ssh, 204
show frame-relay map, 141
show ipv6 access-list, 363
show glbp brief, 241
show ipv6 eigrp interfaces, 420
show glbp interface type number
[brief], 241 show ipv6 eigrp neighbors, 419
show interfaces, 91 show ipv6 eigrp topology, 420
show interfaces switchport, 69 show ipv6 interface interface-type
interface-number, 364
show interfaces trunk, 69, 296
show ipv6 ospf process-id, 386
show inventory, 92
show ipv6 protocols, 419
show ip access-list, 363
show ipv6 protocols | section rip, 358
show ip arp, 140
show ipv6 rip [name] [database], 358
show ip bgp, 282
 connectivity problems 457

show ipv6 route [rip], 358 show vrrp interface, 224

show ipv6 route ospf, 430 summary, 352
show lldp, 410 traceroute mac, 69
show lldp entry, 410 common maintenance tasks, 32-33
show lldp interface, 411 communication
show lldp neighbors, 411 establishing network maintenance, 35
show lldp neighbors detail, 411 network maintenance processes,
show lldp traffic, 411 50-53
show mac-address-table, 68-69, 187 compare-configurations approach,
10, 13
show memory, 89
configuration archives, setting up, 45
show ospfv3, 430
configuration errors, 86
show ospfv3 interface, 430
configure replace, 46
show ospfv3 neighbor, 430
configure replace url time seconds, 301
show platform, 91
configuring, SSH, 44
show platform forward
interface-id, 69 connection documentation, 35
show processes cpu, 76, 87 connectivity problems
show running-config, 304 branch site Internet connectivity
problems after EIGRP reconfigu-
show running-config | include [ACL-
ration, 302-309
number| ACL-name|], 364
information gathering, SECHNIK
show running-config | include
Networking, 124-126
interface|access-group, 363
Internet connectivity problems,
show running-config | include
SECHNIK Networking, 153-162
interface|traffic-filter, 363
IP connectivity to headquarters,
show running-config | include
364-369
line|access-class, 363
IP SLA test not starting, 345-349
show running-config | section inter-
face, 430 IPv6 connectivity problems, Bank of
POLONA, 353-364
show running-config | section router
ospfv3, 430 lack of backup Internet connectivity
through GW2, 174-182
show spanning-tree, 402
lack of connectivity to SRV2,
show spanning-tree mst configura-
335-340
tion, 402
OSPF neighbor relation problems
show spanning-tree summary, 402
with router R1, 194-202
show vlan, 69
PC0's connectivity to IPv6 Internet,
show vlan [brief], 296 378-386
show vlan vlan-id, 296
show vrrp brief, 224
458 connectivity problems

PILE Forensic Accounting, branch PC2's connectivity problems,

connectivity to HQ and the 187-193
Internet, 258-267 sporadic Internet connectivity,
RADULKO Transport 242-249
branch router's IPv6 problems, SSH (Secure Shell), 249-252
416-420 unauthorized Telnet access, 322-326
IPv6 Internet access, 440-444 conventions, standardizing, 36
VLANs and PCs, 411-416 cost-effectiveness, 31
redundant Internet connectivity test, CPU utilization, checking, 87-88
314-322
SECHNIK Networking, 118-119,
123-128 D
analyzing information, elimi-
debug bgp ipv6 unicast updates, 423
nating causes, 119-120
debug cdp, 411
information gathering, 119
debug commands, 85-86
Internet connectivity problems,
134-141 information gathering, 142-143
IPv6 connectivity problems, debug eigrp packets hello, 85
131-134 debug glbp [packets | events | terse |
PC2's connectivity problems, error | all], 241
123-128 debug interface interface-slot/
PC3's connectivity problem, number, 85
128-130 debug ip bgp, 182
proposing hypotheses, 121 debug ip bgp events, 85
proposing/testing hypothesis, debug ip bgp updates, 85, 282
126-127 debug ip eigrp packets, 267
SSH (Secure Shell), 128-130 debug ip icmp, 85
testing hypothesis, 121 debug ip ospf adjacency, 85
troubleshooting Ethernet debug ip ospf events, 85
trunks, 122-123
debug ip packet, 85-86
troubleshooting NAT, 127-128
debug ipv6 eigrp, 420
troubleshooting network device
debug ipv6 rip, 358
interfaces, 130
debug lldp, 411
sporadic Internet connectivity,
212-220, 231-241 debug ospfv3 events, 430
SSH (Secure Shell), 141-146 debug spanning-tree bpdu receive, 85
TINC Garbage Disposal debug tunnel, 369
PC1's connectivity problems, debug vrrp all, 224
182-187 debug vrrp authentication, 224
 EIGRP named configuration 459

debug vrrp error, 224 distribute-list access-list, 281

debug vrrp events, 224 distribute-list prefix-list, 282
debug vrrp packets, 224 divide-and-conquer approach, 5,
debug vrrp state, 224 8-9, 12
default routes DNS (Domain Name System), trou-
bleshooting, 300
Layer 2 and multilayer devices, 313
documentation
redundant default routes, 179-180
network documentation, 48-50
defining problems, 17-18
network documentation procedures,
design documentation, 35, 48
establishing, 34-35
device configurations,
updating, 49
documentation, 48
documenting work, 24
devices
network maintenance, 33
failed devices, 32
Domain Name System (DNS), trou-
replacing, 32
bleshooting, 300
installing, 32
duplicate address problems discov-
df-bit, ping, 82 ered through log messages, TINC
DHCP (Dynamic Host Configuration Garbage Disposal, 207-212
Protocol), 288 dysfunctional stubby branch areas,
information gathering, 154-155 Bank of POLONA, 386-391
troubleshooting, 160
DHCP address problems, SECHNIK
Networking, 146-152
E
DHCP server configuration, 299 EEM (Embedded Event Manager),
DHCP snooping, 152, 248 110-112
diagnosing hardware issues, 86-87 egress interface, 75
checking CPU utilization, 87-88 EIGRP
checking interfaces, 89-92 branch site Internet connectivity
problems after EIGRP reconfigu-
checking memory utilization, 88-89
ration, 302-309
diagnosis, 2
for IPv6, troubleshooting, 419-420
diagrams, network documentation, 48
redistribution, 340
disaster recovery
summarization, 353
best practices, 294-296
EIGRP adjacency, troubleshooting,
lack of Internet connectivity after 266-267
disaster recovery, 287-297
EIGRP autonomous system configu-
planning for, 36-37 ration, 309
displaying EIGRP Debug, 263
CEF FIB table content, 140 EIGRP named configuration, 309
IP routing tables, content, 139-140
460 eigrp stub

eigrp stub, 306 FHRP (first-hop routing protocol), 344

EIGRP stub configuration, 308 tracking options, 344-345
eigrp stub connected, 308 troubleshooting, 241
eigrp stub receive-only, 308 FIB, 139
eigrp stub redistribute, 308 filter-list as-path-ACL-number, 282
eigrp stub static, 308 filtering, show command output,
eigrp stub summary, 308 76-80
eliminating possible causes, 3, 21 follow-the-path approach, 5, 9-10, 13
Embedded Event Manager formalizing change-control proce-
(EEM), 110 dures, 34
equipment lists, 35 formulating hypothesis, 3
erroneous routing information, trou- forwarding packets, 138
bleshooting, 218-220 frame header address fields, Layer 3
Eth0/2 configuration, 184 routing processes, 72
EtherChannel FTP, performing backup with FTP, 43
misconfigurations, 152
TINC Garbage Disposal, 224-231 G
troubleshooting, 229-231
gathering information, 2, 18-20
Ethernet frame forwarding (Layer 2
data plane), 62-67 GOLD (Generic Online
Diagnostics), 92
Ethernet interface status, checking,
276 graphical user interface-based device
management, 39
Ethernet trunks, troubleshooting,
122-123 GRE tunnels, troubleshooting,
368-369
examples, troubleshooting processes,
25-26
exclude, 78 H
exporting, NetFlow information, to
collectors, 107-108 hardware failures, 86
external route summarization, 374 HSRP, troubleshooting, 211-212
external routing status, 268-269 HSRP interface tracking, 344-345
hub-and-spoke topology, 308

F hypothesis
formulating/proposing, 3
failed devices, 32 proposing, 21-22
replacing, 32 SECHNIK Networking, 121,
fault notification, 109 126-127
 IP SLA, troubleshooting 461

testing, 3, 23-24 interface tracking, VRRP, 340-345

SECHNIK Networking, 121, interfaces
126-127 checking, 89-92
labeling, 48
I interior routing protocols (IGP), 161
Internet access problems, PILE
IGP (interior routing protocols), 161 Forensic Accounting, 275-282
incident-driven work, reducing, 30 Internet connectivity problems,
include, 78 SECHNIK Networking, 134-141,
information 153-162
analyzing, 3, 20-21 IPv6 connectivity problems, 162-166
gathering, 2, 18-20 Internet reachability, checking,
277-278
information gathering, 76, 99
inter-VLAN routing, troubleshooting,
collecting real-time information,
296-297
debug commands, 85-86
IOS commands, IP packet forward-
connectivity problems, SECHNIK
ing (Layer 3 data plane), verifying,
Networking, 124-126
73-75
DHCP, 154-155
IP address administration, 35
diagnosing hardware issues, 86-87
ip config/all, 296
checking CPU utilization, 87-88
IP connectivity to headquarters,
checking interfaces, 89-92 364-369
checking memory utilization, ip default-gateway ip-address, 313
88-89
ip default-network network-number,
IP traceroute, 135 313
NetFlow, 107-109 ip flow ingress interface, 107
SECHNIK Networking, 119-120 ip helper-address, 159
connectivity problems, 119 IP Input, show processes cpu, 78
show command, filtering/redirecting IP packet forwarding (Layer 3 data
output, 76-80 plane), 70-73
SNMP (Simple Network verifying, 73-75
Management Protocol), 105-107
ip route, 345
source-specific ping, 155-156
ip route 0.0.0.0.0.0.0.0 {ip-address |
testing network connectivity interface-type interface-number
ping, 81-84 [ip-address]}, 313
Telnet, 84 IP routing tables, displaying content,
installing devices, 32 139-140
interarea route summarization, 374 IP security option (IPSO), 85
interface, 345 IP SLA, troubleshooting, 349
462 IP SLA test not starting

IP SLA test not starting, 345-349 lack of connectivity to SRV2,

IP traceroute, 135 335-340
IPSO (IP security option), 85 lack of Internet connectivity after
disaster recovery, 287-297
IPv6
Layer 2, default routes, 313
OSPF, troubleshooting, 385-386
Layer 2 data plane (Ethernet frame
overview, 166
forwarding), 62-67
IPv6 connectivity problems
Layer 2 switching process, 61-62
Bank of POLONA, 353-364,
Ethernet frame forwarding (Layer 2
378-386
data plane), 62-67
EIGRP, 419-420
verification, 67-69
RADULKO Transport, branch
Layer 3 data plane (IP packet
routers, 416-420
forwarding), 70-73
SECHNIK Networking, 162-166
Layer 3 routing processes, 69-70
troubleshooting, 131-134
IP packet forwarding (Layer 3 data
address assignments on clients, plane), 70-73
133-134
verifying, 73-75
IPv6 Internet access, RADULKO
Link Layer Discovery Protocol
Transport, 440-444
(LLDP), 410-411
link-local address, 385
K LLDP (Link Layer Discovery
Protocol), 410-411
keywords
local prefix advertisement, 279
append, 79-80
log messages, duplicate addresses,
begin, 78 207-212
exclude, 78 log servers, 39
include, 78 logging services, 40-41
longer-prefixes, 77 logging severity levels, 56
redirect, 79-80 longer-prefixes, 77
tee, 79-80 Loop Guard, 403

L M
labeling M (could not fragment), 84
cables, 48 Mac address, Layer 2 switching, 68
interfaces, 48 MAC addresses, port security,
lack of backup Internet connectivity 186-187
through GW2, 174-182
 NMS (SNMP network management station) 463

maintenance network device interfaces, trouble-

network maintenance toolkit. See shooting, 130
network maintenance toolkit network diagrams, 48
scheduling, 33-34 network documentation, 48-50
management access to ASW2, network documentation procedures,
310-313 establishing, 34-35
management planes, securing, network drawings, 35
325-326 network event notification, 109-112
maximum transmission unit (MTU), network maintenance, 29-31
81, 83
incident-driven work, reducing, 30
memory, checking utilization, 88-89
processes and procedures, 31-32
misconfigurations, EtherChannel, 152
common maintenance tasks,
mitigating unauthorized switches 32-33
added by employees, 398-403
planning. See planning
monitoring, networks, 32 network maintenance
move-the-problem approach, 5 network maintenance processes,
MP-BGP, troubleshooting, 423 47-48
MP-BGP sessions, RADULKO baselines, 48-50
Transport, 420-423 change control, 53
MSTP (Multiple Spanning Tree communication, 50-53
Protocol), 401
network documentation, 48-50
MTU (maximum transmission unit),
network maintenance toolkit, 37-39
81, 83
backup servers, 39
multilayer devices, default routes, 313
command-line device management, 38
multiple masters within VRRP, TINC
Garbage Disposal, 220-224 graphical user interface-based device
management, 39
Multiple Spanning Tree Protocol
(MSTP), 401 log servers, 39
logging services, 40-41

N network time services, 39-40

performing backup and restore,
NAT (Network Address 42-47
Translation), 125 timer servers, 39
troubleshooting, 127-128 network time services, 39-40
NAT Virtual Interface (NVI), 127 network traffic, accounting of, 50
neighbor reachability, 269 network troubleshooting process, 16
neighbor relationships, 278 networking monitoring, 32
RADULKO Transport, 407-411 NMS (SNMP network management
NetFlow, 107-109 station), 106
464 notifications, network event notification

notifications, network event notifica- passive-interface interface

tion, 109-112 command, 161
NTP (Network Time Protocol), 39-40 passwords, 325
troubleshooting, 286-287 patching, software, 32
NTP (Network Time Protocol) prob- PBR (policy-based routing),
lems, PILE Forensic Accounting, troubleshooting, 407
282-287 PCs, connectivity problems,
NTP packet debugging, 284 RADULKO Transport, 411-416
NVI (NAT Virtual Interface), 127 PC1's connectivity problems, TINC
Garbage Disposal, 182-187

O PC1's problem accessing SRV

server at the distribution center,
RADULKO Transport, 424-430
OSPF
PC2's connectivity problems, TINC
redistribution, 340
Garbage Disposal, 187-193
summarization, 374
performance measurement, 33
OSPF adjacency, troubleshooting,
performing backup and restore,
201-202
42-47
OSPF Area Border Router (ABR), 372
PILE Forensic Accounting, 257-258
OSPF for IPv6, troubleshooting,
trouble ticket 1, 258
385-386
branch connectivity to HQ and
OSPF neighbor list, 365
the Internet, 258-267
OSPF neighbor relation problems
troubleshooting secondary
with router R1, TINC Garbage
Internet connection through
Disposal, 194-202
ISP2, 267-274
OSPF stub areas, 391
trouble ticket 2, 274
OSPFv3 address families feature,
Internet access problems,
429-430
275-282
OSPFv3 authentication, RADULKO
NTP problems, 282-287
Transport, 430-433
Telnet problems, 274-275
trouble ticket 3, 287
P lack of Internet connectivity
after disaster recovery,
packet header address fields, Layer 3
287-297
routing processes, 72
problems accessing Cisco.com,
packet sniffers, 101
297-302
packets, forwarding, 138
trouble ticket 4, 302
passive-interface, 161-162
branch site Internet connectiv-
passive-interface default, 161 ity problems after EIGRP
reconfiguration, 302-309
 protocols 465

management access to ASW2, problems

310-313 defining, 17-18
trouble ticket 5, 313-314 solving, 24
redundant Internet access path problems accessing Cisco.com,
through the new HQ0 edge 297-302
router, 314-322
procedures, standardizing, 36
unauthorized Telnet access,
processes
322-326
Layer 2 switching process. See Layer
ping
2 switching process
symbols, 84
Layer 3 routing processes. See Layer
testing network connectivity, 81-84 3 routing processes
pipe (|), 78 network maintenance, 31-32
planning for disaster recovery, 36-37 common maintenance tasks,
planning network maintenance, 33 32-33
communication, establishing, 35 planning. See planning network
defining templates/procedures/con- maintenance
ventions, 36 processes of troubleshooting, 2-3,
disaster recovery, 36-37 16-17
establishing network documentation analyzing information, 20-21
procedures, 34-35 defining problems, 17-18
formalizing change-control proce- eliminating possible causes, 21
dures, 34 examples, 25-26
scheduling maintenance, 33-34 gathering information, 18-20
point-to-point egress interfaces, 138 network maintenance processes. See
policy-based routing network maintenance processes
RADULKO Transport, 403-407 proposing, hypothesis, 21-22
troubleshooting, 407 solving problems and documenting
port security, 151-152 work, 24
troubleshooting, 186-187 testing hypothesis, 23-24
verifying, 150-151 proposing hypothesis, 3, 21-22
port-to-VLAN, 69 SECHNIK Networking, 121,
126-127
PortFast, 402
protocols
PortFast BPDU Guard, 402
CDP (Cisco Discovery Protocol),
preferred NTP servers, 285-286
410-411
prefixes local prefix advertisement,
FHRP (first-hop routing protocol),
279
344
principles of troubleshooting, 1-4
LLDP (Link Layer Discovery
problem reports, 17 Protocol), 410-411
466 protocols

NTP (Network Time Protocol), undesired external OSPF

39-40 routes in DST's routing
SNMP (Simple Network Management table,
Protocol), 105-107, 110 434-439
syslog, 110 Rapid PVST+, 401
VLAN Trunking Protocol (VTP), redirect, 79-80
415-416 | redirect option, 80
PVRST+, 401 redirecting, show command output,
PVST+, 401 76-80
redistribution, troubleshooting,
339-340
Q reducing, incident-driven work, 30
Q (source quench), 84 redundant default routes, 179-180
redundant Internet connectivity test,
273-274, 314-322
R reload in [hh:]mm [text], 301
RADULKO Transport, 397 remote device management, 301-302
trouble ticket 1, 398 Remote Monitoring (RMON), 50
mitigating unauthorized repeat repeat-count, 81
switches added by employ- replacing, failed devices, 32
ees, 398-403 resolution, 345
neighbor discovery, 407-411 restore, performing, 42-47
policy-based routing, 403-407 RIB (Routing Information Base), 139
trouble ticket 2, 411 RIPng, troubleshooting, 357-358
branch router's IPv6 problems, RIPv2, 161
416-420
RMON (Remote Monitoring), 50
MP-BGP sessions, 420-423
Root Guard, 403
VLANs and PCs connectivity
route summarization, 369-374
problems, 411-416
route-map route-map-name, 282
trouble ticket 3, 424
routing, erroneous routing informa-
OSPFv3 authentication,
tion, 218-220
430-433
Routing Information Base (RIB), 139
PC1's problem accessing SRV
server at the distribution cen- routing tables, 138
ter, 424-430 RSPAN (Remote Switched Port
trouble ticket 4, 433 Analyzer), 103-105
IPv6 Internet access, 440-444 VLANs, 103-105
running-config, 301, 305
 show interfaces Tunnel tunnel-id 467

shoot-from-the-hip, 3
S show access-list, 363
scheduling maintenance, 33-34 show archive, 45
SECHNIK Networking, 117-118 show bgp ipv6 unicast, 423
trouble ticket 1, 118 show bgp ipv6 unicast summary, 423
PC1's connectivity problems, show cdp, 410
118-123 show cdp entry, 410
PC2's connectivity problems, show cdp interface, 411
122-123 show cdp neighbors, 411
PC3's connectivity problem, show cdp neighbors detail, 411
128-130
show cdp traffic, 411
PC4's IPv6 connectivity prob-
lems, 131-134 show command, filtering/redirecting
output, 76-80
trouble ticket 2, 134-152
show commands, information
DHCP address problems, gathering, 143
146-152
show controllers, 91
Internet connectivity problems,
134-141 show diag, 92
SSH connectivity problems, show eigrp address-family {ipv4 | ipv6}
141-146 [autonomous-system-
number] [multicast]
trouble ticket 3, 152-166 accounting, 309
Internet connectivity problems, show eigrp address-family interfaces
162-166 detail [interface-type interface-
secondary Internet connections number], 309
through ISP2, troubleshooting, show eigrp address-family topology
267-274 route-type summary, 309
section option, 79 show eigrp plugins, 309
securing, management planes, show etherchannel group_number
325-326 detail, 230
security, port security, 151-152 show etherchannel summary, 230
verifying, 150-151 show frame-relay map, 141
servers show glbp brief, 241
backup servers, 39 show glbp interface type number
log servers, 39 [brief], 241
timer servers, 39 show interfaces, 91
services show interfaces switchport, 69
logging services, 40-41 show interfaces trunk, 69, 296
network time services, 39-40 show interfaces Tunnel tunnel-id, 369
468 show inventory

show inventory, 92 show ipv6 interface interface-type

show ip access-list, 363 interface-number, 364
show ip arp, 140 show ipv6 ospf process-id, 386
show ip bgp, 282 show ipv6 protocols, 419
show ip bgp neighbors neighbor- show ipv6 protocols | section rip, 358
ip-address [routes | advertised- show ipv6 rip [name] [database], 358
routes], 282 show ipv6 route [rip], 358
show ip bgp summary, 182, 282 show ipv6 route ospf, 430
show ip cache flow, 109 show lldp, 410
show ip cef exact-route source desti- show lldp entry, 410
nation, 75, 140
show lldp interface, 411
show ip cef ip-address, 74, 140
show lldp neighbors, 411
show ip cef network mask, 75, 140
show lldp neighbors detail, 411
show ip eigrp interfaces, 267
show lldp traffic, 411
show ip eigrp neighbors, 267
show mac-address-table, 68-69, 187
show ip eigrp topology, 309
show memory, 89
show ip interface brief, 296
show ospfv3, 430
show ip interface interface-type
show ospfv3 interface, 430
interface-number, 363
show ospfv3 neighbor, 430
show ip interface Tunnel tunnel-id, 369
show platform, 91
show ip nat translations, 128
show platform forward interface-id,
show ip ospf neighbor, 215, 366
69
show ip protocols, 264
show processes cpu, 76, 87
show ip route, 77, 311
IP Input, 78
show ip route ip-address, 74, 139
show running-config, 304
show ip route longer-prefixes, 77
show running-config | include [ACL-
show ip route network mask, 74, 139 number| ACL-name|], 364
show ip route network mask longer- show running-config | include
prefixes, 74, 140 interface|access-group, 363
show ip route ospfv3, 430 show running-config | include
show ip sla application, 345 interface|traffic-filter, 363
show ip ssh, 204 show running-config | include
show ipv6 access-list, 363 line|access-class, 363
show ipv6 eigrp interfaces, 420 show running-config | section
interface, 430
show ipv6 eigrp neighbors, 419
show running-config | section
show ipv6 eigrp topology, 420
router, 79
 switches, mitigating unauthorized switches added by employees 469

show running-config | section router SSH (Secure Shell) version 2 access,

ospfv3, 430 troubleshooting, 202-206
show spanning-tree, 402 SSH connections, TINC Garbage
show spanning-tree mst configura- Disposal, 249-252
tion, 402 SSH connectivity problems, 141-146
show spanning-tree summary, 402 standardizing templates/procedures/
show vlan, 69 conventions, 36
show vlan [brief], 296 static routes, correcting, 319
show vlan vlan-id, 296 storing FTP, HTTP usernames and
passwords, 43
show vrrp brief, 224
STP (Spanning Tree Protocol),
show vrrp interface, 224
troubleshooting, 401-403
size datagram-size, 81
structured network maintenance,
SNMP (Simple Network Management 29-31
Protocol), 105-107, 110
structured troubleshooting method,
SNMP network management system 4, 16
(NMS), 106
bottom-up approach, 5, 7-8, 12
SNMP traps, 110
compare-configurations approach,
software, upgrading, 32 10, 13
software failures, 86 divide-and-conquer approach, 5,
solving, problems, 24 8-9, 12
source [address | interface], ping, 81 examples, 12-13, 25-26
source-specific ping, information follow-the-path approach, 5, 9-10, 13
gathering, 155-156 move-the-problem approach, 5
SPAN (Switched Port Analyzer), spot-the-differences approach, 5
102-103
swap-components approach, 11, 13
spanning tree, 399
top-down approach, 4, 6-7, 12
Spanning Tree Protocol (STP), trou-
summarization, 350-353
bleshooting, 401-403
EIGRP, 353
spanning-tree BPDU Guard, 152
OSPF, 374
spanning-tree mode, 400
route summarization, 369-374
sporadic Internet connectivity,
212-220 summary, 352
TINC Garbage Disposal, 231-241, swap-components approach, 13
242-249 sweep range of sizes, ping, 83
spot-the-differences approach, 5 Switched Port Analyzer (SPAN),
SSH (Secure Shell), 128-130 102-103
configuring, 44 switches, mitigating unauthorized
switches added by employees,
troubleshooting, 206
398-403
470 switching methods, CEF (Cisco Express Forwarding)

switching methods, CEF (Cisco trouble ticket 2, 193-194

Express Forwarding), 141 duplicate address problems
symbols, ping, 84 discovered through log mes-
syslog, 110 sages, 207-212
OSPF neighbor relation prob-
lems with router R1, 194-202
T SSH version 2 access, 202-206
TAC (Technical Assistance Center), trouble ticket 3, 212
248-249 EtherChannel, 224-231
TCP sporadic Internet connectivity,
connection setup procedures, 212-220
145-146 trouble ticket 4, 231
three-way handshake, 145-146, 270 sporadic Internet connectivity,
TDR (Time Domain Reflectometer), 92 231-249
tee, 79-80 SSH connections, 249-252
| tee option, 80 TINC Garbage Disposal trouble ticket
3 multiple masters within VRRP,
Telnet
220-224
information gathering, 142
tools
PILE Forensic Accounting, 274-275
traffic-capturing, 101-102
testing network connectivity, 84
troubleshooting tools. See trouble-
troubleshooting, 206 shooting tools
templates, standardizing, 36 top-down approach to troubleshoot-
testing network connectivity ing, 4, 6-7, 12
ping, 81-84 totally stubby areas
Telnet, 84 Bank of POLONA, 386-391
three-way handshake, TCP, 145-146, OSPF, 391
270 traceroute mac, 69
Time Domain Reflectometer (TDR), 92 tracking options, FHRP (first-hop
timer servers, 39 routing protocol), 344-345
timers, 345 traffic-capturing, 101-102
TINC Garbage Disposal, 173 RSPAN (Remote Switched Port
trouble ticket 1, 174 Analyzer), 103-105
lack of backup Internet connec- SPAN (Switched Port Analyzer),
tivity through GW2, 174-182 102-103
PC1's connectivity problems, trap receivers, 111
182-187 troubleshooting
PC2's connectivity problems, AAA, 377-378
187-193 ACL (access control lists), 362-364
 troubleshooting tools 471

BGP, 281-282 SSH (Secure Shell), 206

BGP neighbor relationships, 181-182 SSH (Secure Shell) version 2 access,
BGP route selection, 321-322 202-206
DHCP, 160 STP (Spanning Tree Protocol),
401-403
DNS (Domain Name System), 300
Telnet, 206
EIGRP adjacency, 266-267
VLANs, 192-193
EIGRP summarization, 353
VRRP, 224
erroneous routing information,
218-220 troubleshooting approaches, 4-5
error-disabled ports, 151-152 bottom-up approach, 5, 7-8, 12
EtherChannel, 229-231 compare-configurations approach,
10, 13
Ethernet trunks, SECHNIK
Networking, 122-123 divide-and-conquer approach, 5,
8-9, 12
FHRP (first-hop routing protocol),
241 examples, 12-13
GRE tunnels, 368-369 follow-the-path approach, 5,
9-10, 13
HSRP, 211-212
move-the-problem approach, 5
inter-VLAN routing, 296-297
spot-the-differences approach, 5
IP SLA, 349
swap-components approach, 11, 13
IPv6 address assignment on clients,
133-134 top-down approach to troubleshoot-
ing, 4, 6-7, 12
MP-BGP, 423
troubleshooting principles, 1-4
NAT (Network Address Translation),
SECHNIK Networking, 127-128 troubleshooting processes, 2-3,
16-17
network device interfaces, 130
analyzing information, 20-21
network layer connectivity, 138-141
communication, 51-52
NTP (Network Time Protocol),
286-287 defining problems, 17-18
OSPF adjacency, 201-202 eliminating possible causes, 21
OSPF for IPv6, 385-386 examples, 25-26
OSPFv3 address families feature, gathering information, 18-20
429-430 proposing, hypothesis, 21-22
policy-based routing, 407 solving problems and documenting
port security, 186-187 work, 24
redistribution, 339-340 testing hypothesis, 23-24
RIPng, 357-358 troubleshooting tools
secondary Internet connections categories of, 100-101
through ISP2, 267-274 network event notification, 109-112
472 troubleshooting tools

traffic-capturing, 101-102 VRRP

RSPAN (Remote Switched Port interface tracking, 340-345
Analyzer), 103-105 multiple masters within VRRP,
SPAN (Switched Port 220-224
Analyzer), 102-103 troubleshooting, 224
VTP (VLAN Trunking Protocol),
U 415-416
vty lines, 322
U, symbols in ping, 84
UDLD (unidirectional link
detection), 152
unauthorized Telnet access, 322-326
undesired external OSPF routes in
DST's routing table, RADULKO
Transport, 434-439
unidirectional link detection
(UDLD), 152
updating documentation, 49
upgrading software, 32

V-W-X-Y-Z
verifying
IP packet forwarding (Layer 3 data
plane), 73-75
Layer 2 switching, 67-69
port security, 150-151
VLAN Trunking Protocol (VTP),
415-416
VLANs
connectivity problems, RADULKO
Transport, 411-416
RSPAN (Remote Switched Port
Analyzer), 103-105
troubleshooting, 192-193
 Pearson IT Certification
Articles & Chapters
THE LEADER IN IT CERTIFICATION LEARNING TOOLS
Blogs

Visit pearsonITcertification.com today to find: Books

Cert Flash Cards Online

IT CERTIFICATION EXAM information and guidance for
eBooks

Mobile Apps
Pearson is the official publisher of Cisco Press, IBM Press,
VMware Press and is a Platinum CompTIA Publishing Partner— Newsletters

CompTIA’s highest partnership accreditation

Podcasts

EXAM TIPS AND TRICKS from Pearson IT Certification’s Question of the Day

expert authors and industry experts, such as

Rough Cuts
• Mark Edward Soper – CompTIA
• David Prowse – CompTIA Short Cuts

• Wendell Odom – Cisco

Software Downloads
• Kevin Wallace – Cisco and CompTIA
• Shon Harris – Security Videos

• Thomas Erl – SOACP

CONNECT WITH PEARSON
IT CERTIFICATION
Be sure to create an account on
pearsonITcertification.com
and receive members-only
SPECIAL OFFERS – pearsonITcertification.com/promotions
offers and benefits
REGISTER your Pearson IT Certification products to access
additional online material and receive a coupon to be used
on your next purchase
NEW Complete Video Courses for CCNP
Routing & Switching 300 Series Exams
These unique products include multiple types of video presentations, including:
• Live instructor whiteboarding • Doodle videos
• Real-world demonstrations • Hands-on command-line interface
• Animations of network activity (CLI) demonstrations
• Dynamic KeyNote presentations • Review quizzes

CCNP Routing and Switching v2.0 — Complete Video Course Library

Specially priced library including ALL THREE Complete Video Courses: CCNP Routing
and Switching ROUTE 300-101, CCNP Routing and Switching SWITCH 300-115,
and CCNP Routing and Switching TSHOOT 300-135.

CCNP Routing and Switching ROUTE 300-101 — Complete Video Course

9780789754493 149 VIDEOS with 12+ HOURS of video instruction from best-selling author, expert
instructor, and double CCIE Kevin Wallace walk you through the full range of topics on
the CCNP Routing and Switching ROUTE 300-101 exam, including fundamental routing
concepts; IGP routing protocols including RIPng, EIGRP, and OSPF; route distribution
and selection; BGP; IPv6 Internet connectivity; router security; and routing protocol
authentication.

CCNP Routing and Switching SWITCH 300-115 — Complete Video Course

9780789753731
10+ HOURS of unique video training walks you through the full range of topics on the
CCNP SWITCH 300-115 exam. This complete video course takes you from the design
and architecture of switched networks through the key technologies vital to implementing
a robust campus network. You will learn, step-by-step, configuration commands for
configuring Cisco switches to control and scale complex switched networks.

CCNP Routing and Switching TSHOOT 300-135 — Complete Video Course

9780789754073
10+ HOURS of unique video instruction from expert instructors and consultants
Elan Beer and Chris Avants walks you through the full range of topics on the CCNP
TSHOOT 300-135 exam. This complete video course teaches you the skills you need
to plan and perform regular maintenance on complex enterprise routed and switched
networks and how to use technology-based practices and a systematic ITIL-compliant
approach to perform network troubleshooting commands for configuring Cisco
switches to control and scale complex switched networks.
9780789754295

SAVE ON ALL NEW

CCNP R&S 300 Series Products
www.CiscoPress.com/CCNP