C H A P T E R 10 Ethernet Switch Troubleshooting This chapter has two main goals. First, it covers the remaining Ethernet-oriented topics for this book—specifically, some of the commands and concepts related to verifying that a switched Ethernet LAN works. If the network doesn’t work, this chapter suggests tools you can use to find out why. Additionally, this chapter suggests some troubleshooting methods and practices that might improve your troubleshooting skills. Although the troubleshooting processes explained in this book are not directly tested on the exams, they can help you prepare to correctly answer some of the more difficult exam questions. “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz allows you to assess whether you should read the entire chapter. If you miss no more than one of these eight self-assessment questions, you might want to move ahead to the “Exam Preparation Tasks” section. Table 10-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those sections. This helps you assess your knowledge of these specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A. Table 10-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping Foundation Topics Section Questions Perspectives on Network Verification and Troubleshooting — Verifying the Network Topology with Cisco Discovery Protocol 1, 2 Analyzing Layer 1 and 2 Interface Status 3–6 Analyzing the Layer 2 Forwarding Path with the MAC Address Table 7, 8 1828xbook.fm Page 267 Thursday, July 26, 2007 3:10 PM 268 Chapter 10: Ethernet Switch Troubleshooting 1. Imagine that a switch connects via an Ethernet cable to a router, and the router’s hostname is Hannah. Which of the following commands could tell you information about the IOS version on Hannah without establishing a Telnet connection to Hannah? a. show neighbor Hannah b. show cdp c. show cdp neighbor d. show cdp neighbor Hannah e. show cdp entry Hannah f. show cdp neighbor detail 2. Which of the following CDP commands could identify a neighbor’s model of hardware? a. show neighbors b. show neighbors Hannah c. show cdp d. show cdp interface e. show cdp neighbors f. show cdp entry hannah 3. The output of the show interfaces status command on a 2960 switch shows interface Fa0/1 in a “disabled” state. Which of the following is true about interface Fa0/1? a. The interface is configured with the shutdown command. b. The show interfaces fa0/1 command will list the interface with two status codes of administratively down and down. c. The show interfaces fa0/1 command will list the interface with two status codes of up and down. d. The interface cannot currently be used to forward frames. e. The interface can currently be used to forward frames. 4. Switch SW1 uses its gigabit 0/1 interface to connect to switch SW2’s gigabit 0/2 interface. SW2’s Gi0/2 interface is configured with the speed 1000 and duplex full commands. SW1 uses all defaults for interface configuration commands on its Gi0/1 interface. Which of the following is true about the link after it comes up? a. The link works at 1000 Mbps (1 Gbps). b. SW1 attempts to run at 10 Mbps because SW2 has effectively disabled IEEE standard autonegotiation. 1828xbook.fm Page 268 Thursday, July 26, 2007 3:10 PM “Do I Know This Already?” Quiz 269 c. The link runs at 1 Gbps, but SW1 uses half duplex, and SW2 uses full duplex. d. Both switches use full duplex. 5. The following line of output was taken from a show interfaces fa0/1 command: Full-duplex, 100Mbps, media type is 10/100BaseTX Which of the following is/are true about the interface? a. The speed was definitely configured with the speed 100 interface subcommand. b. The speed may have been configured with the speed 100 interface subcommand. c. The duplex was definitely configured with the duplex full interface subcommand. d. The duplex may have been configured with the duplex full interface subcommand. 6. Switch SW1, a Cisco 2960 switch, has all default settings on interface Fa0/1, the speed 100 command configured on Fa0/2, and both the speed 100 and duplex half commands on Fa0/3. Each interface is cabled to a 10/100 port on different Cisco 2960 switches, with those switches using all default settings. Which of the following is true about the interfaces on the other 2960 switches? a. The interface connected to SW1’s Fa0/1 runs at 100 Mbps and full duplex. b. The interface connected to SW1’s Fa0/2 runs at 100 Mbps and full duplex. c. The interface connected to SW1’s Fa0/3 runs at 100 Mbps and full duplex. d. The interface connected to SW1’s Fa0/3 runs at 100 Mbps and half duplex. e. The interface connected to SW1’s Fa0/2 runs at 100 Mbps and half duplex. 7. A frame just arrived on interface Fa0/2, source MAC address 0200.2222.2222, destination MAC address 0200.2222.2222. (The frame was created as part of a security attack; it is not normal to see frames with the same source and destination MAC address.) Interface Fa0/2 is assigned to VLAN 2. Consider the following command output: SW2#ss ss hh hh oo oo ww ww mm mm aa aa cc cc aa aa dd dd dd dd rr rr ee ee ss ss ss ss tt tt aa aa bb bb ll ll ee ee dd dd yy yy nn nn aa aa mm mm ii ii cc cc Mac Address Table Vlan Mac Address Type Ports 1 0200.1111.1111 DYNAMIC Gi0/2 1 0200.2222.2222 DYNAMIC Fa0/13 Total Mac Addresses for this criterion: 2 1828xbook.fm Page 269 Thursday, July 26, 2007 3:10 PM 270 Chapter 10: Ethernet Switch Troubleshooting Which of the following describes how the switch will forward the frame if the destination address is 0200.2222.2222? a. The frame will likely be flooded on all other interfaces in VLAN 2, unless the switch has a static entry for 0200.2222.2222, VLAN 2, in the MAC address table. b. The frame will be flooded out all other interfaces in VLAN 2. c. The switch will add an entry to its MAC address table for MAC address 0200.2222.2222, interface Fa0/2, and VLAN 2. d. The switch will replace the existing entry for 0200.2222.2222 with an entry for address 0200.2222.2222, interface Fa0/2, and VLAN 2. 8. Which of the following commands list the MAC address table entries for MAC addresses configured by port security? a. show mac address-table dynamic b. show mac address-table c. show mac address-table static d. show mac address-table port-security 1828xbook.fm Page 270 Thursday, July 26, 2007 3:10 PM Perspectives on Network Verification and Troubleshooting 271 Foundation Topics This chapter contains the first specific coverage of topics related to verification and troubleshooting. Verification refers to the process of examining a network to confirm that it is working as designed. Troubleshooting refers to examining the network to determine what is causing a particular problem so that it can be fixed. As mentioned in the Introduction to this book, over the years, the CCNA exams have been asking more and more questions related to verification and troubleshooting. Each of these questions typically uses a unique topology. They typically require you to apply networking knowledge to unique problems, rather than just being ready to answer questions about lists of facts you’ve memorized. (For more information and perspectives on these types of exam questions, go back to the Introduction to this book, in the section titled “Format of the CCNA Exams.”) To help you prepare to answer questions that require troubleshooting skills, this book and the CCNA ICND2 Official Exam Certification Guide devote several chapters, plus sections of other chapters, to verification and troubleshooting. This chapter is the first such chapter in either book, so this chapter begins with some perspectives on troubleshooting networking problems. Following this coverage, the chapter examines three major topics related to troubleshooting networks built with LAN switches. Perspectives on Network Verification and Troubleshooting You need several skills to be ready to answer the more challenging questions on today’s CCNA exams. However, the required skills differ when comparing the different types of questions. This section starts with some perspectives on the various question types, followed by some general comments on troubleshooting. Attacking Sim Questions Sim questions provide a text description of a network, a network diagram, and software that simulates the network. Regardless of the details, sim questions can be reduced to the following: “The network is not working completely, so either complete the configuration, NOTE The information in this section is a means to help you learn troubleshooting skills. However, the specific processes and comments in this section, up to the next major heading (“Verifying the Network Topology with Cisco Discovery Protocol”), do not cover any specific exam objective for any of the CCNA exams. 1828xbook.fm Page 271 Thursday, July 26, 2007 3:10 PM 272 Chapter 10: Ethernet Switch Troubleshooting or find a problem with the existing configuration and fix it.” In short, the solution to a sim question is by definition a configuration change. One plan of attack for these problems is to use a more formalized troubleshooting process in which you examine each step in how data is forwarded from the sending host to the destination host. However, studies and experience show that when engineers think that the configuration might have a problem, the first troubleshooting step is to look at the various configuration files. To find and solve Sim questions on the exam, quickly comparing the router and/or switch configuration to what you remember about the normal configuration needed (based on the question text) might be all you require. Sim questions do allow you to have more confidence about whether your answer is correct, at least for the technologies covered on the CCNA exams. The correct answer should solve the original problem. For example, if the sim question essentially states “Router R1 cannot ping router R2; fix it,” you can use pings to test the network and confirm that your configuration changes solved the problem. If you cannot find the problem by looking at the configuration, a more detailed process is required, mainly using show commands. The troubleshooting chapters and sections in this book and in the CCNA ICND2 Official Exam Certification Guide combine to provide the details of the more complex processes for examining different types of problems. Simlet Questions Simlet questions can force the exam taker to interpret the meaning of various show and debug commands. Simlet questions might not tell you the enable password, so you cannot even look at the configuration, removing the option to simply look at the configuration to find the root cause of a problem. In that case, the question text typically states the details of the scenario, requiring you to remember or find the right show commands, use them, and then interpret the output. Also, because simlet questions might not allow you to change the configuration, you do not get the positive feedback that your answer is correct. For example, a simlet question may show a diagram of a switched LAN, stating that PC1 can ping PC2 but not PC3. You would need to remember the correct show commands to use (or take the time to find the commands using the ? key) to find the root cause of the problem. You can use several different approaches to attack these types of problems; no single way is necessarily better than another. The first step is to think about what should normally occur in the network, based on any network diagram and information in the question. Then, many people start by trying the show commands (that they remember) that are somehow related to the question. The question text probably gives some hints as to the problem area. For example, maybe the problem is related to port security. Many people then just try the 1828xbook.fm Page 272 Thursday, July 26, 2007 3:10 PM Perspectives on Network Verification and Troubleshooting 273 commands they know that are related to that topic, such as show port-security, just to see if the answer jumps out at them—and that’s a reasonable plan of attack. This plan uses common sense, and intuition to some degree, and it can work well and quickly. If the answer does not become obvious when you look at the most obvious commands, a more organized approach may be useful. The troubleshooting chapters in this book, and large troubleshooting sections of other chapters, review technology and suggest a more organized approach to each topic—approaches that may be useful when the answer does not quickly become obvious. Multiple-Choice Questions Like simlets, multiple-choice questions can force the exam taker to interpret the meaning of various show and debug commands. Multiple-choice questions might simply list the output of some commands, along with a figure, and ask you to identify what would happen. For example, a multiple-choice question might show the show mac address-table dynamic command that lists a switch’s dynamically learned MAC table entries. The question may then require you to predict how that switch would forward a frame sent by one device, destined for another device. This would require you to apply the concepts of LAN switching to the output shown in the command. Multiple-choice questions that list show and debug command output require much of the same thinking as simlet questions. As with simlet questions, the first step for some multiple- choice questions is to think about what should normally occur in the network, based on any network diagram and information in the question. Next, compare the information in the question text, including the sample command output, to see if it confirms that the network is working normally, or if there is a problem. (The network might be working correctly, and the question is designed to confirm that you know why a particular command confirms that a particular part of the network is working well.) The big difference in this case, however, is that the multiple-choice questions do not require you to remember the commands to use. The command output is either supplied in the question, or it is not. Approaching Questions with an Organized Troubleshooting Process If the answer to a sim, simlet, or multiple-choice question is not obvious after you use the more obvious and quicker options just discussed, you need to implement a more thorough and organized thought process. This more organized process may well be what a typical network engineer would do when faced with more complex real-world problems. NOTE Refer to http://www.cisco.com/web/learning/wwtraining/certprog/training/ cert_exam_tutorial.html for a tutorial about the various types of CCNA exam questions. 1828xbook.fm Page 273 Thursday, July 26, 2007 3:10 PM 274 Chapter 10: Ethernet Switch Troubleshooting Unfortunately, the exams are timed, and thinking through the problem in more detail requires more time. By thinking through the troubleshooting process as you prepare for the exam, you can be better prepared to attack problems on the exam. To that end, this book includes many suggested troubleshooting processes. The troubleshooting processes are not ends unto themselves, so you do not need to memorize them for the exams. They are a learning tool, with the ultimate goal being to help you correctly and quickly find the answers to the more challenging questions on the exams. This section gives an overview of a general troubleshooting process. As you progress through this book, the process will be mentioned occasionally as it relates to other technology areas, such as IP routing. The three major steps in this book’s organized troubleshooting process are as follows: Step 1 Analyzing/predicting normal operation: Predict the details of what should happen if the network is working correctly, based on documentation, configuration, and show and debug command output. Step 2 Problem isolation: Determine how far along the expected path the frame/packet goes before it cannot be forwarded any further, again based on documentation, configuration, and show and debug command output. Step 3 Root cause analysis: Identify the underlying causes of the problems identified in the preceding step—specifically, the causes that have a specific action with which the problem can be fixed. Following this process requires a wide variety of learned skills. You need to remember the theory of how networks should work, as well as how to interpret the show command output that confirms how the devices are currently behaving. This process requires the use of testing tools, such as ping and traceroute, to isolate the problem. Finally, this approach requires the ability to think broadly about everything that could affect a single component. For example, imagine a simple LAN with two switches connected to each other, and two PCs (PC1 and PC2) each connected to one of the switches. Originally, PC1 could ping PC2 successfully, but the ping now fails. You could examine the documentation, as well as show command output, to confirm the network topology and predict its normal working behavior based on your knowledge of LAN switching. As a result, you could predict where a frame sent by PC1 to PC2 should flow. To isolate the problem, you could look in the switch MAC tables to confirm the interfaces out which the frame should be forwarded, possibly then finding that the interface connected to PC2 has failed. However, knowing that the interface has failed does not identify the root cause of the problem. So you would then need to broaden your thinking to any and all reasons why an interface might fail—from an 1828xbook.fm Page 274 Thursday, July 26, 2007 3:10 PM Perspectives on Network Verification and Troubleshooting 275 unplugged cable, to electrical interference, to port security disabling the interface. show commands can either confirm that a specific root cause is the problem, or at least give some hints as to the root cause. Isolating Problems at Layer 3, and Then at Layers 1 and 2 Before moving to the specific topics on Ethernet LAN troubleshooting, it is helpful to consider the larger picture. Most troubleshooting in real IP networks today begins with what the end user sees and experiences. From there, the analysis typically moves quickly to an examination of how well Layer 3 is working. For example, imagine that the user of PC1 in Figure 10-1 can usually connect to the web server on the right by entering www.example.com in PC1’s web browser, but the connection to the web server currently fails. The user calls the help desk, and the problem is assigned to a network engineer to solve. Figure 10-1 Layer 3 Problem Isolation After knowing about the problem, the engineer can work to confirm that PC1 can resolve the hostname (www.example.com) into the correct IP address. At that point, the Layer 3 IP problem isolation process can proceed, to determine which of the six routing steps shown in the figure has failed. The routing steps shown in Figure 10-1 are as follows: Step 1 PC1 sends the packet to its default gateway (R1) because the destination IP address is in a different subnet. Step 2 R1 forwards the packet to R2 based on R1’s routing table. Step 3 R2 forwards the packet to the web server based on R2’s routing table. Step 4 The web server sends a packet back toward PC1 based on the web server’s default gateway setting (R2). Step 5 R2 forwards the packet destined for PC1 by forwarding the packet to R1 according to R2’s routing table. Step 6 R1 forwards the packet to PC1 based on R1’s routing table. R2 SW3 PC1 R1 SW1 SW2 1 2 3 6 5 4 Example.com Web Server 1828xbook.fm Page 275 Thursday, July 26, 2007 3:10 PM 276 Chapter 10: Ethernet Switch Troubleshooting Chapter 15, “Troubleshooting IP Routing,” examines this process in much greater detail. For now, consider what happens if the Layer 3 problem isolation process discovers that Step 1, 3, 4, or 6 is the step that fails. Further isolating the problem would require more Layer 3 analysis. However, at some point, all the potential problems at Layer 3 might be ruled out, so the next problem isolation step would be to figure out why the Layer 1 and 2 details at that routing step do not work. For example, imagine that the Layer 3 analysis determined that PC1 cannot even send a packet to its default gateway (R1), meaning that Step 1 in Figure 10-1 fails. To further isolate the problem and find the root causes, the engineer would need to determine the following: ■ The MAC address of PC1 and of R1’s LAN interface ■ The switch interfaces used on SW1 and SW2 ■ The interface status of each interface ■ The expected forwarding behavior of a frame sent by PC1 to R1 as the destination MAC address By gathering and analyzing these facts, the engineer can most likely isolate the problem’s root cause and fix it. Troubleshooting as Covered in This Book This book has three main troubleshooting chapters or sections, plus a few smaller troubleshooting sections interspersed in other chapters. The main coverage is as follows: ■ Chapter 10, “Ethernet Switch Troubleshooting” ■ Chapter 15, “Troubleshooting IP Routing” ■ Chapter 17, “WAN Configuration” Essentially, Chapter 15 covers the analysis of problems related to Layer 3, as generally shown in Figure 10-1. This chapter covers some of the details of how to attack problems as soon as you know that the problem may be related to a LAN. Chapter 17 covers the troubleshooting steps in cases where the problem might be with a WAN link. These three troubleshooting chapters spend some time on the more formalized troubleshooting process, but as a means to an end—focusing on predicting normal behavior, isolating problems, and determining the root cause. The end goal is to help you know the tools, concepts, configuration commands, and how to analyze a network based on show commands to solve a problem. 1828xbook.fm Page 276 Thursday, July 26, 2007 3:10 PM [...]... a-full 10 10 /100 BaseTX Fa0/12 connected 1 half 100 10/ 100BaseTX Fa0/13 connected 1 a-full a -1 00 10/ 100BaseTX Fa0/14 disabled 1 auto auto 10/ 100BaseTX Fa0/15 notconnect 3 auto auto 10/ 100BaseTX Fa0/16 notconnect 3 auto auto 10/ 100BaseTX Fa0/17 connected 1 a-full a -1 00 10/ 100BaseTX Fa0/18 notconnect 1 auto auto 10/ 100BaseTX Fa0/19 notconnect 1 auto auto 10/ 100BaseTX Fa0/20 notconnect 1 auto auto 10/ 100BaseTX... Type auto 10/ 100BaseTX Fa0/2 notconnect 1 auto auto 10/ 100BaseTX Fa0/3 notconnect 1 auto auto 10/ 100BaseTX Fa0/4 connected 1 a-full a -1 00 10/ 100BaseTX Fa0/5 connected 1 a-full a -1 00 10/ 100BaseTX Fa0/6 notconnect 1 auto auto 10/ 100BaseTX Fa0/7 notconnect 1 auto auto 10/ 100BaseTX Fa0/8 notconnect 1 auto auto 10/ 100BaseTX Fa0/9 notconnect 1 auto auto 10/ 100BaseTX Fa0 /10 notconnect 1 auto auto 10/ 100BaseTX... auto 10/ 100BaseTX 1828xbook.fm Page 285 Thursday, July 26, 2007 3 :10 PM Analyzing Layer 1 and 2 Interface Status Example 1 0-2 Displaying Speed and Duplex Settings on Switch Interfaces (Continued) Fa0/22 notconnect 1 auto auto 10/ 100BaseTX Fa0/23 notconnect 1 auto auto 10/ 100BaseTX Fa0/24 notconnect 1 auto auto 10/ 100BaseTX Gi0/1 connected trunk full 100 0 10/ 100 /100 0BaseTX Gi0/2 notconnect 1 auto auto 10/ 100 /100 0BaseTX... configured, SW1 would still recognize the speed (100 Mbps)—even though SW2 would not use IEEE-standard negotiation—and SW1 would also use a speed of 100 Mbps Example 1 0-3 shows the results of this specific case on SW1 Sample Network Showing Ethernet Autonegotiation Defaults Figure 1 0-3 Fa0/11 PC1 Gi0/1 Gi0/2 SW1 Fa0 /10 SW2 R1 0200. 0101 . 0101 0200.1111.1111 Example 1 0-3 Fa0/1 Displaying Speed and Duplex Settings... neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme SW1 Gig 0/2 173 Capability S I R1 Fas 0/13 139 R S I Platform Port ID WS-C296 0-2 Gig 0/1 1841 Fas 0/1 s SW2#show cdp neighbors detail Device ID: SW1 Entry address(es): Platform: cisco WS-C296 0-2 4TT-L, Interface: GigabitEthernet0/2,... frames Example 1 0-5 shows the MAC address tables on both switches from Figure 1 0-2 so that you can check your answers The next step in the troubleshooting process is to isolate any problems with forwarding frames Example 1 0-5 shows an example using the small network depicted in Figure 1 0-2 , with no problems occurring This example shows the MAC address table of both SW1 and SW2 Also, for this example,... speed {10 | 100 | 100 0} Interface subcommand that manually sets the interface speed duplex {auto | full | half} Interface subcommand that manually sets the interface duplex Table 1 0-8 lists and briefly describes the EXEC commands used in this chapter Table 1 0-8 Chapter 10 EXEC Command Reference Command Description show mac address-table [dynamic | static] [address hw-addr] [interface interface-id] [vlan... continues 279 1828xbook.fm Page 280 Thursday, July 26, 2007 3 :10 PM 280 Chapter 10: Ethernet Switch Troubleshooting Example 1 0-1 show cdp Command Examples: SW2 (Continued) Version : Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1) Copyright (c) 198 6-2 006 by Cisco Systems, Inc Compiled Fri 28-Jul-06 11:57 by yenanh advertisement version: 2 Protocol Hello:... 295 Thursday, July 26, 2007 3 :10 PM Command References Exam Preparation Tasks Review All the Key Topics Review the most important topics from this chapter, noted with the key topics icon Table 1 0-6 describes these key topics and where each is discussed Table 1 0-6 Key Topics for Chapter 10 Key Topic Element Description Page Number List Information gathered by CDP 278 Table 1 0-2 Three CDP show commands... neighboring devices 1828xbook.fm Page 279 Thursday, July 26, 2007 3 :10 PM Verifying the Network Topology with Cisco Discovery Protocol Figure 1 0-2 Small Network Used in CDP Examples Cisco 2960 Switch (WS-296 0-2 4TT-L) Gi0/1 Fa0/9 Fa0/12 Gi0/2 SW1 SW2 Fa0/13 Barney 0200.2222.2222 Fa0/1 0200.5555.55555 R1 Cisco 1841 Router Example 1 0-1 show cdp Command Examples: SW2 s SW2#show cdp ? entry Information for specific . auto auto 10/ 100BaseTX Fa0/2 notconnect 1 auto auto 10/ 100BaseTX Fa0/3 notconnect 1 auto auto 10/ 100BaseTX Fa0/4 connected 1 a-full a -1 00 10/ 100BaseTX Fa0/5 connected 1 a-full a -1 00 10/ 100BaseTX Fa0/6. connected 1 a-full 10 10 /100 BaseTX Fa0/12 connected 1 half 100 10/ 100BaseTX Fa0/13 connected 1 a-full a -1 00 10/ 100BaseTX Fa0/14 disabled 1 auto auto 10/ 100BaseTX Fa0/15 notconnect 3 auto auto 10/ 100BaseTX Fa0/16. auto auto 10/ 100BaseTX Fa0/17 connected 1 a-full a -1 00 10/ 100BaseTX Fa0/18 notconnect 1 auto auto 10/ 100BaseTX Fa0/19 notconnect 1 auto auto 10/ 100BaseTX Fa0/20 notconnect 1 auto auto 10/ 100BaseTX Fa0/21