CHAPTER 12 : Network Troubleshooting Methodology 586 FIGURE 12.3 Windows Vista Device Manager. FIGURE 12.4 Updating the Device Driver. Troubleshooting the Physical Layer 587 Click 3. Update Driver and follow the prompts to update the driver to the latest version. Click 4. OK when you’re finished, and reboot your PC. Problems with Cables and Other Network Media Another type of problem that can mimic TCP/IP protocol configuration problems is damaged, defective, or improperly installed cables or other network media. Broken or shorted cables can be detected with a cable tester. Some of the more sophisticated and expensive local area network (LAN) testers will even pinpoint the exact location of the break. As a network administrator, you may have other personnel who handle hardware and cabling. It is important, however, that you are able to recognize the symptoms of physical layer problems so that you will know when to call in the technicians, rather than spend your time attempting to fix what isn’t broken. Damage to the media is not the only factor when considering physical layer problems. All network architectures, such as Ethernet, Token Ring, and AppleTalk, include specifications that must be met concerning networking equipment and media. If those rules are ignored, connectivity may be lost completely or you may experience intermittent problems. Some instances in which ignoring these specifications can result in difficulties in establishing or maintaining a connection include cable type and grade. Following the guidelines surrounding the maximum allowable segment length for various network/cable types is also important. Be sure that the cabling for your network meets specifications for the particular architecture. For instance, a 10Base2 network requires not just thin coaxial cable, but a particular type of thin coax: RG-58 A/U (the cable grade is usually indicated on the side of the cable itself). Don’t try to substitute something else that is close or looks similar; you will be setting yourself up for connectivity problems if you do. You may even run into a situation where a cable technician, or perhaps an administrator with little hardware experience, attempts to replace a broken or bad length of thin coax cable with RG-58 U or even RG-59. These cable types are the cable types used for cable TV and are not appropriate in a networking environment. So just remember when checking the physical layer components for the source of a connectivity problem, be certain to check that the cable is connected and appears to be undamaged, but also that the cable type meets the necessary specifications. Another example of improper cable type would be substituting Category 3 twisted-pair for Category 5 on a 100 Mbps CHAPTER 12 : Network Troubleshooting Methodology 588 (100BaseT) or Gigabit Ethernet network. An easy way to avoid making this mistake is to verify that the proper cable type is in use. The cable type is generally printed on the cable itself. Cable Length Issues Copper cable is susceptible to attenuation, or signal loss over distance. Because of these different network specifications, place limits on the acceptable length of a segment of cable depending on the architecture and cable type. Violating the length specifications may be tempting, especially if you only need to go “a tiny bit further” to get the cable to a specific office or other location. If you choose to exceed the cable length you may even get by with it for awhile since typically a cable does not just automatically stop working when you exceed the specified distance, but going beyond these limitations runs the risk of causing connectivity problems. Typically, the problems manifest as intermittent and may even cause you to easily mistake issues as being derived from software or the network protocol in use when in reality the trouble lies at the physical level. Troubleshooting Physical Layer Devices Usually the type of device we associate with an internetwork is the router, which does not actually function at the physical layer of OSI. Routing functions occur at the network layer in the OSI model. A good thing to keep in mind is that there are other devices which function at a lower- level within OSI that may exist on a network. Examples of these include devices such as hubs and repeaters that can provide key functionality. The following are some examples of the functionality offered by hubs and repeaters: Extending the distance limitations of network cable. Connecting network segments that use different media types, for  instance, thin coax and unshielded twisted-pair (UTP). Segmenting the network to reduce traffic without dividing the  network into separate IP subnets. Because repeaters and hubs operate at the physical layer, problems affecting these devices will be physical problems or hardware problems. This layer is not concerned with higher-level protocols like TCP and IP, and problems with these physical layer devices will cause interference with communications regardless of the protocols being used. Troubleshooting the Physical Layer 589 Something to keep in mind is that physical layer device problems can often mimic TCP/IP protocol configuration problems. Because of this, you should always consider the physical layer and be sure to rule it out as a root cause when troubleshooting connectivity problems. If the hardware itself doesn’t work, all the software reconfiguration in the world won’t solve the problem. Locate the Source of the Problem If you are unable to establish a connection between computers, you need to first take some basic steps to help you identify the source of a problem. A good first step to rule out physical issues is to quickly verify the configuration and operability of the NIC as we discussed earlier in this section. Next confirm that there are no visible breaks or other prob- lems with the cable. If any physical problems are detected, correct the issue and then attempt connectivity again. If all looks good after a quick check of the physical components, and connectivity is still failing, then proceed to the next logical component required for connectivity: the protocol. First, we need to verify that the TCP/IP stack is properly installed. A simple way to do this is to ping the loopback address of 127.0.0.1. If this resolves successfully, then the protocol stack is in place and successfully loaded. If this fails, that indicates there is a problem with the protocol installation that must be corrected. If the ping is successful and you still are unable to connect to any other devices, there may be a problem with the configuration of the protocol. Verify that all the proper addressing is in place for the network card in use. If any issues are discovered in the TCP/IP addressing configuration of the machine correct the issue and then reattempt connectivity to another node on the same segment. If connectivity still fails you would next want to take a look at your connectivity devices on the network, such as repeaters and hubs: Ensure that the device has power. Ensure that the computers’ NICs are communicating  with the device (by checking status lights). Ensure that devices are installed in accordance with the  Institute of Electrical and Electronic Engineers (IEEE) specifications for that particular network architecture. CHAPTER 12 : Network Troubleshooting Methodology 590 Ensure that all ports on the device are functional by checking that  the green light emitting diode (LED) lights when you attach a com- puter to the port via a network cable. The final step in ruling out physical layer problems includes validating compliance with any distance limitations for the media being used and, for coax networks, the restrictions imposed by the 5-4-3 rule. This rule states that on a 10Base2 or 10Base5 network (using coax cable and a bus configuration), you should have no more than five segments, connected by no more than four repeaters, and that only three of those segments should be populated. A populated node is one that has nodes (computers or other network devices) attached to it. In this context, a network segment is the length of the cable between repeaters. Troubleshooting the hubs that connect a 10BaseT network will depend in part on the type of hub being used. Two types of hubs exist: passive hubs and active hubs. Passive hubs are simply connection points and give you few clues as to whether they are operating correctly. Fortunately, because it is a simple, non-powered device, not much can go wrong with a passive hub. The pins and wiring inside the hub or a damaged female RJ-45 jack could create connection problems. This can be prevented by ensuring that the hubs are handled properly, because most such damage is caused by human mistreatment. An active hub is sometimes called a multiport repeater, and it will often give you a few clues to help you in troubleshooting connectivity problems. The flashing lights that indicate network communication and collisions on each port are a starting point. By observing the status lights, you can ascertain if one port is unlit, and therefore not transmitting any data. Typically this can indicate either a problem with the jack or cable at that port or a problem originating with the computer attached to it. The intelligent or smart hub that is also called a managed hub is even a bit more helpful. This type of hub runs software that allows you to communicate with the hub from a terminal or across the network. In this case, the software program will provide information about port status, and in some cases will run diagnostic applications to assist you in troubleshooting connectivity problems. Test Day Tip You can also use some of the tools discussed in previous chapters, such as the oscilloscope and the cable tester, to perform testing at the physical layer. Troubleshooting the Data Link Layer 591 TROUBLESHOOTING THE DATA LINK LAYER The data link layer primary function is to take the datagram passed down to it from the network layer and repackage it into a unit called a frame. This frame includes error checking information, which is processed by the data link layer on the receiving computer when the frame reaches its destination. The data link layer is responsible for error-free delivery of the data frames. It’s also responsible for maintaining the reliability of the physical link between two computers. The physical link between computers is handled by the physical layer just below the data link layer. The data link layer is the only layer of the OSI model that is divided into sublayers: the logical link control (LLC) and the MAC. We will look at each of these individually. The LLC sublayer is charged with ensuring the reliability of the link or the connection. IEEE 802.2 is an LLC standard that operates using both CSMA/CD and Token Ring media access standards. Point-to-Point Protocol (PPP) also operates at the LLC level. The MAC sublayer deals with the logical topology of the network, which may or may not be the same as the physical topology or layout. For instance, IBM Token Ring networks use a physical star topology where all computers connect to a central hub (called an MSAU or Multistation Access Unit). However, the logical topology is a ring, because inside the MSAU, the wiring is set up such that the data travels in a circle. A 10BaseT network connecting to an Ethernet hub, on the other hand, uses a physical star configuration, but is logically a bus (which is why it is sometimes called a star bus). The IEEE has developed a number of standards to govern the transmissions that take place at the data link and physical layers. When preparing for the Network+ exam, you should be aware of the following standards: 802.2 establishes standards for the implementation of the LLC  sublayer of the data link layer. 802.3 sets specifications for an Ethernet network using CSMA/CD,  a linear or star bus topology, and baseband transmission. 802.5 sets standards for a token passing network using a physical  star/logical ring topology such as Token Ring. 802.7 establishes criteria for networks using broadband  transmission. CHAPTER 12 : Network Troubleshooting Methodology 592 802.8 sets specifications for using fiber optic as a network medium. 802.11 establishes standards for wireless networking. Understanding Data Link Access Control Methods MAC-level protocols govern the access control method, or how the data accesses the transmission media. The popular methods are grouped in three categories as follows: Contention methods Token passing Polling methods Contention methods include CSMA/CD, used in Ethernet networks, and Carrier Sense Multiple Access Collision Avoidance (CSMA/CA), used in AppleTalk networks. In both cases, computers that want to transmit data on the network must compete for the use of the wire or other media. A collision occurs if two stations attempt to send at the same time. CSMA/CD and CSMA/CA differ how they address this collision problem. With CSMA/CD, data collisions are detected and the data is sent again after a random amount of time. With CSMA/CA, an “intent to transmit” message is put out before the computer transmits the actual data. Token passing methods eliminate the possibility of collision using a circulating signal called a token to determine which computer is allowed to transmit information across the wire, where only one computer (the computer that has the token) is allowed to transmit at any given time. So a computer on a token passing network is more polite than one on a network using contention methods. Rather than blurting out its transmission whenever it has something to say, it waits patiently for its turn which occurs Test Day Tip Be sure to remember the difference between Collision Detection and Collision Avoidance. Here is an analogy that may help: with CSMA/CD, you want to cross a busy street. So you start to walk across the street, and if you get hit by a car you wait for a little while and then try again. With CSMA/CA, you want to cross that same busy street, so you send a remote controlled car across the street before you start walking. If the little toy car makes it across safely, you decide that it’s safe to cross yourself. If the toy car gets hit, you wait a little while and then try to send the toy across again. Troubleshooting the Data Link Layer 593 when the token gets to it, and sends data only when it has the token in its possession. Polling methods are similar in some ways to token passing, except that instead of the group of computers policing themselves by passing around a token, there is a central unit that acts as a chairperson. The presiding unit asks members of the committee, which are the nodes on the network, in turn whether they have something to say. Because all computers follow these rules of parliamentary procedure, data transmission occurs in an orderly fashion governed by the central device. Understanding MAC Addressing Although the permanent address burned into the NIC is sometimes called the physical address, its proper name is the Media Access Control address. The MAC sublayer of the data link layer also handles MAC addressing functions. MAC addresses on Ethernet cards are expressed as 12-digit hexadecimal numbers, which represent 4-bit (6-byte) binary numbers. The first three bytes contain a manufacturer code, which is assigned by the IEEE. The last three bytes are assigned by the manufacturer and represent that particular card. Each computer must have a MAC address that is unique on the network. Higher-level protocols will translate IP addresses into MAC addresses. IP addresses are logical addresses, whereas MAC addresses represent the physical network location of a particular device. Because lower-level protocols cannot recognize or use IP addresses to transmit data a MAC address is required. To facilitate both logical and physical addressing needs on a network, a MAC to IP address mapping protocol is required. Address Resolution Protocol (ARP) serves this function. When trying to understand the differences between physical and logical addressing consider this: a city or county may assign a street name and house number to a building; this value functions as the building’s logical address. Logical addresses can be readily changed. For instance, a neighborhood group may petition to have a street renamed, or the city council will change the numbering scheme to facilitate emergency response or to accommodate new construction. A physical address is not as readily adjustable. The physical location where the building stands also has an address as well: its geographic coordinates. Longitude and latitude values for the building cannot be changed and will remain constant regardless of changes to the street name and number. The physical address is similar to a NIC card’s MAC address; it will typically remain the same. CHAPTER 12 : Network Troubleshooting Methodology 594 Recognizing Data Link Layer Devices The two types of devices that operate at the data link layer of the OSI model are switches and bridges. Bridges can separate a network into segments, but they don’t subnet the network as routers do. In other words, if you use a bridge to physically separate two areas of the network, it will still appear to be all one network to higher-level protocols. Bridges can cut down on network congestion because they can do some basic filtering of data traffic based on the MAC address of the destination computer. When a transmission reaches the bridge, the bridge will not pass it across to the other side of the network if the MAC address of the destination computer is known to be on the same side of the network as the sending computer. The bridge builds tables indicating which addresses are on which side, and uses them to determine whether to let the transmission across. Sometimes even experienced network administrators become confused about network bridges. This confusion comes in because there are different types of bridges. Although all of them operate at the data link layer, some operate at the lower MAC sublayer and others at the higher LLC sublayer. There are some important differences. One practical question is whether you can use a bridge to connect network segments that use different media access methods (for instance, an Ethernet segment and a Token Ring segment). The answer is, unfortunately, “It depends.” Specifically, this depends on which type of bridge you’re referring to. A bridge that operates at the LLC sublayer, sometimes called a translation bridge, can connect segments using different access methods. However, a lower-level bridge (one that operates at the MAC sublayer) cannot perform this type of translation. But both types of bridges can connect segments that use different physical media, like a segment cabled with thin coax and a segment running on UTP. CONFIGURING AND IMPLEMENTING … Changing a MAC Address Some network card manufacturers have made NICs that allow you to change the MAC address by flashing the card with a special software program. This is a precaution in case you have duplicate MAC addresses on a network because those manufacturers have begun to recycle their addresses. This is typically done through a software utility that will automate the change process, rather than forcing you to enter many different complicated commands. Being able to access and edit MAC addresses is also useful from a security standpoint, as it is possible for a hacker to spoof MAC addresses on a network. Spoofing refers to the technique of masquerading as a legitimate host, in this case a l egitimate MAC address, to gain access to a network. Many wireless networks are restricted based on the MAC address of legitimate NICs, and hackers will attempt to spoof a legitimate MAC address to gain access to a wireless network. Troubleshooting the Data Link Layer 595 Another device that operates at the data link layer is the switch, or switching hub, which has become very popular on Ethernet networks. Like the hubs that operate at the physical layer, these switches are multiport devices that you can plug numerous devices into. Like bridges, a switch will maintain a table of MAC addresses, showing which computer is connected to which port. When data comes into the switch, instead of just sending it back out to all the attached computers as a hub does, the switch examines the destination address in the header, consults the table, and sends it only out the port to which the corresponding computer is attached. This cuts down overall network traffic considerably, and helps to prevent collisions. Some types of switches are even more sophisticated than this and can perform basic routing functions like dividing networks into virtual LANs (VLANs), in addition to the type of switching described here. As you saw in the previous section, this is also the layer where WAPs reside, and so it is the layer at which you’ll start troubleshooting wireless connectivity issues. This includes verifying the Service Set Identifier (SSID), which is the network name for a given WAP, and ensuring that your wireless hardware all supports the same 802.11 specification – 802.11a, 802.11b and/or 802.11g. Layer 2 Troubleshooting Bridges and switches are useful devices for segmenting a network and controlling the amount of traffic. However, they introduce an extra layer of complexity and thus the potential for several different types of problems. The primary reason for using a bridge or a switch to divide your network is to increase network performance. However, it is possible that bridging or switching itself can have the opposite effect if it is not implemented correctly. You will find that bridging or switching a network, while cutting down on overall traffic, will also slightly increase latency for those communications that must cross the bridge or switch. This term refers to delays in transmission of the data in route to the destination computer. The reason for this is the way in which the bridge or switch decides whether to forward traffic across the network; it must first analyze the header information in the data frame to find out the destination computer’s MAC address, and then it must look up that address in its routing table. This takes some time, although in most cases the performance hit will not be significant and will be offset by the overall reduction in network traffic. By following a few simple guidelines, you can prevent any noticeable performance degradation from being created. One popular networking guideline pertaining to the use of bridges and switches is the 80/20 rule. This states that 80 percent of network traffic . the guidelines surrounding the maximum allowable segment length for various network/cable types is also important. Be sure that the cabling for your network meets specifications for the particular. network traffic. By following a few simple guidelines, you can prevent any noticeable performance degradation from being created. One popular networking guideline pertaining to the use of bridges. accordance with the  Institute of Electrical and Electronic Engineers (IEEE) specifications for that particular network architecture. CHAPTER 12 : Network Troubleshooting Methodology 590 Ensure that