3.5 Troubleshoot a Device as Part of a Working Network 257 IP address: 172.16.10.2 Platform: cisco 2500, Capabilities: Router Interface: Serial0, Port ID (outgoing port): Serial0 Holdtime : 154 sec Version : Cisco Internetwork Operating System Software IOS (tm) 3000 Software (IGS-J-L), Version 11.1(5), RELEASE SOFTWARE (fc1)Copyright (c) 1986-1996 by cisco Systems, Inc.Compiled Mon 05-Aug-03 11:48 by mkamson Todd2509# What are you being shown here? Well first, you’re given the hostname and IP address of all directly connected devices. In addition to the same information displayed by the show cdp neighbor command (see Table 3.4), the show cdp neighbor detail command also gives you the IOS version of the neighbor device. The show cdp entry * command displays the same information as the show cdp neighbor details command. Here’s an example of the router output using the show cdp entry * command: Todd2509#sh cdp entry * Device ID: 1900Switch Entry address(es): IP address: 0.0.0.0 Platform: cisco 1900, Capabilities: Trans-Bridge Switch Interface: Ethernet0, Port ID (outgoing port): 2 Holdtime : 223 sec Version : V9.00 Device ID: 2501B Entry address(es): IP address: 172.16.10.2 Platform: cisco 2500, Capabilities: Router Interface: Serial0, Port ID (outgoing port): Serial0 Holdtime : 151 sec Version : Cisco Internetwork Operating System Software IOS (tm) 3000 Software (IGS-J-L), Version 11.1(5), RELEASE SOFTWARE (fc1)Copyright (c) 1986-1996 by cisco Systems, Inc.Compiled Mon 05-Aug-03 11:48 by mkamson Todd2509# 4309c03.fm Page 257 Thursday, October 23, 2003 4:48 PM 258 Chapter 3  Troubleshooting Gathering Interface Traffic Information The show cdp traffic command displays information about interface traffic, including the number of CDP packets sent and received and the errors with CDP. The following output shows the show cdp traffic command used on the 2509 router. Todd2509#sh cdp traffic CDP counters: Packets output: 13, Input: 8 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 Todd2509# This is not really the most important information you can gather from a router, but it does show how many CDP packets are sent and received on a device. Gathering Port and Interface Information The show cdp interface command (sh cdp inter for short) gives you the CDP status on router interfaces or switch ports. And as I said earlier, you can turn off CDP completely on a router by using the no cdp run command. But did you know that you can also turn off CDP on a per interface basis with the no cdp enable command? You can. You enable a port with the cdp enable command. All ports and interfaces default to cdp enable. On a router, the show cdp interface command displays information about each interface using CDP, including the encapsulation on the line, the timer, and the holdtime for each inter- face. Here’s an example of this command’s output on the 2509 router: Todd2509#sh cdp interface Ethernet0 is up, line protocol is up Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial1 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds 4309c03.fm Page 258 Thursday, October 23, 2003 4:48 PM 3.5 Troubleshoot a Device as Part of a Working Network 259 To turn off CDP on one interface on a router, use the no cdp enable command from inter- face configuration mode: Todd2509#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int s0 Router(config-if)#no cdp enable Router(config-if)#^Z Verify the change with the show cdp interface command: Todd2509#sh cdp int Ethernet0 is up, line protocol is up Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial1 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds Todd2509# Notice above that serial 0 isn’t listed in the router output. To get that, you’d have to perform a cdp enable on Serial 0. It would then show up in the output. Name Resolution Have you memorized every IP address in your enterprise? What if you have 5,000 routers? Think you can memorize those? Hostnames and DNS can greatly simplify troubleshooting by allowing you to access devices based on names rather than IP addresses. It is much easier to ping la than to try and remember the IP address of the LA router. In order to use a hostname rather than an IP address to connect to a remote device, the device that you are using to make the con- nection must be able to translate the hostname to an IP address. There are two ways to resolve hostnames to IP addresses: building a host table on each router or building a Domain Name System (DNS) server, which is kind of like a dynamic host table. Building a Host Table A host table provides name resolution on the router that it was built upon only. The command to build a host table on a router is ip host name tcp_port_number ip_address 4309c03.fm Page 259 Thursday, October 23, 2003 4:48 PM 260 Chapter 3  Troubleshooting The default is TCP port number 23, but you can create a session using Telnet with a different TCP port number if you want. You can also assign up to eight IP addresses to a hostname. Here’s an example of configuring a host table with two entries to resolve the names for the 2501B router and the switch: Todd2509#config t Enter configuration commands, one per line. End with CNTL/Z. Todd2509(config)#ip host ? WORD Name of host Todd2509(config)#ip host 2501B ? <0-65535> Default telnet port number A.B.C.D Host IP address (maximum of 8) Todd2509(config)#ip host 2501B 172.16.10.2 ? A.B.C.D Host IP address (maximum of 8) <cr> Todd2509(config)#ip host 2501B 172.16.10.2 Todd2509(config)#ip host 1900Switch 192.168.0.148 Todd2509(config)#^Z And to see the newly built host table, just use the show hosts command: Todd2509#sh hosts Default domain is not set Name/address lookup uses domain service Name servers are 255.255.255.255 Host Flags Age Type Address(es) 2501B (perm, OK) 0 IP 172.16.10.2 1900Switch (perm, OK) 0 IP 192.168.0.148 Todd2509# You can see the two hostnames plus their associated IP addresses in this output. The perm in the Flags column means that the entry is manually configured. If it said temp, it would be an entry that was resolved by DNS. To verify that the host table resolves names, try typing the hostnames at a router prompt. Remember that if you don’t specify the command, the router assumes you want to telnet. In the following example, I used the hostnames to telnet into the remote devices, then pressed Ctrl+Shift+6 and then X to return to the main console of the Todd2509 router: Todd2509#2501b Trying 2501B (172.16.10.2) Open 4309c03.fm Page 260 Thursday, October 23, 2003 4:48 PM 3.5 Troubleshoot a Device as Part of a Working Network 261 User Access Verification Password: 2501B> Todd2509#[Ctrl+Shift+6, then x] Todd2509#1900switch Trying 1900switch (192.168.0.148) Open Catalyst 1900 Management Console Copyright (c) Cisco Systems, Inc. 1993-1999 All rights reserved. Enterprise Edition Software Ethernet Address: 00-B0-64-75-6B-C0 PCA Number: 73-3122-04 PCA Serial Number: FAB040131E2 Model Number: WS-C1912-A System Serial Number: FAB0401U0JQ Power Supply S/N: PHI033108SD PCB Serial Number: FAB040131E2,73-3122-04 1 user(s) now active on Management Console. User Interface Menu [M] Menus [K] Command Line Enter Selection:[Ctrl+Shift+6, then x] Todd2509# I successfully used the host table to create a session to two devices, and used the names to tel- net into both devices. Notice that the entries in the show sessions output below now display the hostnames and IP addresses instead of just the IP addresses. Todd2509#sh sess Conn Host Address Byte Idle Conn Name 1 1900switch 192.168.0.148 0 0 switch * 2 2501b 172.16.10.2 0 0 2501b Todd2509# 4309c03.fm Page 261 Thursday, October 23, 2003 4:48 PM 262 Chapter 3  Troubleshooting If you want to remove a hostname from the table, just use the no ip host command like this: RouterA(config)#no ip host routerb The problem with the host table method is that you would need to create a host table on each router to be able to resolve names. And if you have a whole bunch of routers and want to resolve names, using DNS is a much better choice! Using DNS to Resolve Names So if you have a lot of devices and don’t want to create a host table in each device, you can use a DNS server to resolve hostnames. Any time a Cisco device receives a command it doesn’t understand, it tries to resolve it through DNS by default. Watch what happens when I type the special command todd at a Cisco router prompt: Todd2509#todd Translating "todd" domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address Todd2509# It doesn’t know my name or what command I am trying to type, so it tries to resolve this through DNS. This is really annoying for two reasons: first, because it doesn’t know my name (grin), and second, because I need to hang out and wait for the name lookup to time out. You can get around this nasty little habit and prevent a time-consuming DNS lookup by using the no ip domain-lookup command on your router from global configuration mode. If you have a DNS server on your network, you need to add a few commands to make DNS name resolution work:  The first command is ip domain-lookup, and it’s turned on by default. It only needs to be entered if you previously turned it off (with the no ip domain-lookup command).  The second command is ip name-server. This sets the IP address of the DNS server. You can enter the IP addresses of up to six servers.  The last command is ip domain-name. Although this command is optional, it really should be set. It appends the domain name to the hostname you type in. Since DNS uses a fully qualified domain name (FQDN) system, you must have a full DNS name, in the form domain.com. Here’s an example that uses these three commands: Todd2509#config t Enter configuration commands, one per line. End with CNTL/Z. Todd2509(config)#ip domain-lookup Todd2509(config)#ip name-server ? A.B.C.D Domain server IP address (maximum of 6) 4309c03.fm Page 262 Thursday, October 23, 2003 4:48 PM 3.5 Troubleshoot a Device as Part of a Working Network 263 Todd2509(config)#ip name-server 192.168.0.70 Todd2509(config)#ip domain-name lammle.com Todd2509(config)#^Z Todd2509# After the DNS configurations are set, you can test the DNS server by using a hostname to ping or telnet a device, like this: Todd2509#ping 2501b Translating "2501b" domain server (192.168.0.70) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.10.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 ms Notice that the router uses the DNS server to resolve the name. After a name is resolved using DNS, use the show hosts command to see that the device cached this information in the host table: Todd2509#sh hosts Default domain is lammle.com Name/address lookup uses domain service Name servers are 192.168.0.70 Host Flags Age Type Address(es) 2501b.lammle.com (temp, OK) 0 IP 172.16.10.2 1900switch (perm, OK) 0 IP 192.168.0.148 Todd2509# The entry that was resolved is shown as temp, but the 1900 switch device is still perm, meaning it’s a static entry. Notice that the hostname is a full domain name. If I hadn’t used the ip domain-name lammle.com command, I would have needed to type in ping 2501b.lammle.com, which is a pain. Telnet Telnet is probably the most fundamental troubleshooting tool you will use. After all, you are probably not going to run from device to device in a routed network to check out problems. You are going to telnet from device to device and use the troubleshooting commands included in this chapter to check out the operation of devices. Telnet is a virtual terminal protocol that uses the TCP/IP protocol suite; it allows you to make connections to remote devices, gather information, and run programs. 4309c03.fm Page 263 Thursday, October 23, 2003 4:48 PM 264 Chapter 3  Troubleshooting After your routers and switches are configured, you can use the Telnet program to reconfigure and/or check up on your routers and switches without using a console cable. You run the Telnet program by typing telnet at any command prompt (DOS or Cisco). You have to have VTY pass- words set on the routers for this to work. Remember—when you are working on reachability issues with remote devices, you can’t use CDP to gather information about routers and switches that aren’t directly connected to your device. However, you can use the Telnet application to connect to your neighbor devices, then run CDP on those remote devices to get the skinny on them, and eventually reach those remote routers and switches. You can issue the telnet command from any router prompt, like this: Todd2509#telnet 172.16.10.2 Trying 172.16.10.2 Open Password required, but none set [Connection to 172.16.10.2 closed by foreign host] Todd2509# Oops! Ummm, I guess I didn’t set my passwords—how embarrassing! Note to self (and you)— the VTY ports on a router are configured as login, meaning we have to either set the VTY pass- words, or use the no login command. On a Cisco router, you don’t need to use the telnet command, you can just type in an IP address from a command prompt, and the router will assume that you want to telnet to the device. Here’s how that looks: Todd2509#172.16.10.2 Trying 172.16.10.2 Open Password required, but none set [Connection to 172.16.10.2 closed by foreign host] Todd2509# Okay—at this point, it would be a great idea to set those VTY passwords on the router you want to telnet into. Here’s what I did on the remote router: 2501B#config t Enter configuration commands, one per line. End with CNTL/Z. 2501B(config)#line vty 0 4 2501B(config-line)#login 2501B(config-line)#password todd 2501B(config-line)#^Z 4309c03.fm Page 264 Thursday, October 23, 2003 4:48 PM 3.5 Troubleshoot a Device as Part of a Working Network 265 2501B# %SYS-5-CONFIG_I: Configured from console by console Now, let’s try this again—here, I’m connecting to the router from the 2509’s console: Todd2509#172.16.10.2 Trying 172.16.10.2 Open User Access Verification Password: 2501B> Remember that the VTY password is the user mode password, not the enable mode password. Watch what happens when I try to go into privileged mode after telnetting into router 2501B: 2501B>en % No password set 2501B> It says “no way!” This is a really good security feature. Why? Because you don’t want bad guys telnetting into your device and being able to just type the enable command to get into privileged mode, now do you? Nope! You’ve got to set your enable mode password or enable secret pass- word to use Telnet to configure remote devices. Telnetting into Multiple Devices Simultaneously Sometimes when working on a complicated problem, you want to see what multiple devices are seeing. For example, you may want to do a show ip route command on several routers to see if a route is propagating correctly or not. If you telnet to a router or switch, you can end the con- nection by typing exit at any time, but what if you want to keep your connection to a remote device but still come back to your original router console? To do that, you can press the Ctrl+Shift+6 key combination, release it, and then press X. Here’s an example of connecting to multiple devices from my Todd2509 router console: Todd2509#telnet 172.16.10.2 Trying 172.16.10.2 Open User Access Verification Password: 2501B>[Cntl+Shift+6, then x] Todd2509# 4309c03.fm Page 265 Thursday, October 23, 2003 4:48 PM 266 Chapter 3  Troubleshooting In this example, I telnetted to the 2501B router, then typed the password to enter user mode. I then pressed Ctrl+Shift+6 and then X, but you can’t see that because it doesn’t show on the screen output. Notice my command prompt is now back at the Todd2509 router. You can also telnet into a Catalyst 1900 switch, but to get away with that, you must set the enable mode password level 15 or the enable secret password on the switch before you can gain access via the Telnet application. In the following example, I telnetted into a 1900 switch that responded by giving me the console output of the switch: Todd2509#telnet 192.168.0.148 Trying 192.168.0.148 Open Catalyst 1900 Management Console Copyright (c) Cisco Systems, Inc. 1993-1999 All rights reserved. Enterprise Edition Software Ethernet Address: 00-B0-64-75-6B-C0 PCA Number: 73-3122-04 PCA Serial Number: FAB040131E2 Model Number: WS-C1912-A System Serial Number: FAB0401U0JQ Power Supply S/N: PHI033108SD PCB Serial Number: FAB040131E2,73-3122-04 1 user(s) now active on Management Console. User Interface Menu [M] Menus [K] Command Line Enter Selection: At this point, I pressed Ctrl+Shift+6, then X, which took me back to my Todd2509 router console. Todd2509# 4309c03.fm Page 266 Thursday, October 23, 2003 4:48 PM [...]... input pkts 5097 787 6 output pkts 4 182 289 2 in bytes 3137403144 out bytes 34 080 47602 dropped pkts 5 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 9393 out DE pkts 0 pvc create time 7w3d, last time pvc status changed 7w3d DLCI = 18, DLCI USAGE =LOCAL,PVC STATUS =ACTIVE, INTERFACE = Serial0.3 input pkts 30572401 output pkts 3113 983 7 in bytes 1797291100 out bytes 3227 181 474 dropped... made from your router to a remote device, use the show sessions command Todd2509#sh sessions Conn Host Address Byte Idle Conn Name 1 172.16.10.2 172.16.10.2 0 0 172.16.10.2 * 2 192.1 68. 0.1 48 192.1 68. 0.1 48 0 0 192.1 68. 0.1 48 Todd2509# See that asterisk (*) next to connection 2? It means that session 2 was your last session You can return to your last session by pressing Enter twice You can also return... sessions a few different ways—typing exit or disconnect is probably the easiest and quickest 2 68 Chapter 3 Troubleshooting To end a session from a remote device, use the exit command: Todd2509#[Enter] and again [Enter] [Resuming connection 2 to 192.1 68. 0.1 48 ] 1900Switch>exit [Connection to 192.1 68. 0.1 48 closed by foreign host] Todd2509# Since the 1900Switch was my last session, I just pressed Enter... horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is disabled IP fast switching on the same interface is disabled IP Null turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting... without knowing about it! You can list all active consoles and VTY ports in use on your router with the show users command: Todd2509#sh users Line User * 0 con 0 Host(s) 172.16.10.2 192.1 68. 0.1 48 Idle Location 00:07:52 00:07: 18 In the command’s output, the con represents the local console In this example, the console is connected to two remote IP addresses, or in other words, two devices In the next example,... frame relay DTE Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 83 9294 The show interface command displays line, protocol, DLCI, and LMI information The show frame map Command The show frame map command displays the Network layer–to–DLCI mappings: RouterB#show frame map Serial0 (up): ipx 20.0007. 784 2.3575 dlci 16(0x10,0x400), dynamic, broadcast,, status defined, active Serial0 (up):... both reliably and quickly The only purpose of the network’s core layer is to switch traffic as fast as possible The traffic transported across the core is common to a majority of users However, remember that user data is processed at the distribution layer, which forwards the requests to the core if needed  284 Chapter 4 Technology A failure in the core is a very big deal—every user can be affected Therefore,... the core for high reliability Consider data-link technologies that facilitate both speed and redundancy like FDDI, Fast Ethernet (with redundant links), or even ATM Design with speed in mind The core should have very little latency Select routing protocols with lower convergence times Fast and redundant data-link connectivity is no help if your routing tables are shot! The Distribution Layer The distribution... are prime examples Many network applications provide services that allow you to communicate over enterprise networks, but for present and future internetworking, these communication needs are Chapter 4 288 Technology beginning to fall short; such needs are quickly developing to reach beyond the limits of current physical networking As a result, today, transactions and information exchanges between organizations... DLCI numbers Remember the commands for troubleshooting PPP and ISDN In addition to standard show interface and IP troubleshooting tools, there are debug and show commands specific to each technology 2 78 Chapter 3 Troubleshooting Review Questions 1 Protocol data units (PDUs) at the Network layer of the OSI are called what? A Transport B Frames C Packets D Segments 2 Segmentation of a data stream happens . Address Byte Idle Conn Name 1 172.16.10.2 172.16.10.2 0 0 172.16.10.2 * 2 192.1 68. 0.1 48 192.1 68. 0.1 48 0 0 192.1 68. 0.1 48 Todd2509# See that asterisk (*) next to connection 2? It means that session. console: Todd2509#172.16.10.2 Trying 172.16.10.2 Open User Access Verification Password: 2501B> Remember that the VTY password is the user mode password, not the enable mode password. Watch what happens when I try to go. that responded by giving me the console output of the switch: Todd2509#telnet 192.1 68. 0.1 48 Trying 192.1 68. 0.1 48 Open Catalyst 1900 Management Console Copyright (c) Cisco Systems, Inc. 1993-1999 All