CCNP TSHOOT 642-832 Official Certification Guide Kevin Wallace, CCIE No 7945 Cisco Press 800 East 96th Street Indianapolis, IN 46240 ii CCNP TSHOOT 642-832 Official Certification Guide CCNP TSHOOT 642-832 Official Certification Guide Kevin Wallace, CCIE No 7945 Copyright © 2010 Pearson Education, Inc Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review Printed in the United States of America First Printing February 2010 Library of Congress Cataloging-in-Publication Data: Wallace, Kevin, CCNP CCNP TSHOOT 642-832 official certification guide / Kevin Wallace p cm Includes index ISBN-13: 978-1-58705-844-8 ISBN-10: 1-58705-844-8 Computer networks—Management—Examinations—Study guides Telecommunications engineers—Certification Cisco Systems, Inc.—Examinations—Study guides I Title TK5105.8.C57W35 2010 004.6076—dc22 Warning and Disclaimer This book is designed to provide information about the CCNP TSHOOT Exam (Exam 642-832) for the CCNP Routing and Switching certification Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied The information is provided on an “as is” basis The authors, Cisco Press, and Cisco Systems, Inc shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark Corporate and Government Sales The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales, which may include electronic versions and/or custom covers and content particular to your business, training goals, marketing focus, and branding interests For more information, please contact: U.S Corporate and Government Sales 1-800-382-3419 corpsales@pearsontechgroup.com For sales outside the United States please contact: International Sales international@pearsoned.com iii Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community Readers’ feedback is a natural continuation of this process If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com Please make sure to include the book title and ISBN in your message We greatly appreciate your assistance Publisher: Paul Boger Business Operation Manager, Cisco Press: Anand Sundaram Associate Publisher: Dave Dusthimer Manager Global Certification: Erik Ullanderson Executive Editor: Brett Bartow Copy Editors: Gill Editorial Services and Water Crest Publishing, Inc Managing Editor: Patrick Kanouse Technical Editor: Elan Beer Senior Project Editor: Tonya Simpson Proofreader: Williams Woods Publishing Services, LLC Senior Development Editor: Christopher Cleveland Editorial Assistant: Vanessa Evans Book Designer: Louisa Adair Composition: Mark Shirar Indexer: Tim Wright iv CCNP TSHOOT 642-832 Official Certification Guide About the Author Kevin Wallace, CCIE No 7945, is a certified Cisco instructor who holds multiple Cisco certifications, including CCSP, CCVP, CCNP, and CCDP, in addition to multiple security and voice specializations With Cisco experience dating back to 1989 (beginning with a Cisco AGS+ running Cisco IOS 7.x), Kevin has been a network design specialist for the Walt Disney World Resort, a senior technical instructor for SkillSoft/Thomson NETg/KnowledgeNet, and a network manager for Eastern Kentucky University Kevin holds a bachelor of science degree in electrical engineering from the University of Kentucky Kevin has authored multiple books for Cisco Press, including Routing Video Mentor and TSHOOT Video Mentor, both of which target the current CCNP Routing and Switching certification Kevin lives in central Kentucky with his wife (Vivian) and two daughters (Stacie and Sabrina) About the Technical Reviewer Elan Beer, CCIE No 1837, CCSI No 94008, is a senior consultant and Certified Cisco Instructor His internetworking expertise is recognized internationally through his global consulting and training engagements As one of the industry’s top internetworking consultants and Cisco instructors, Elan has used his expertise for the past 17 years to design, implement, and deploy multiprotocol networks for a wide international clientele As a senior instructor and course developer, Elan has designed and presented public and implementation-specific technical courses spanning many of today’s top technologies Elan specializes in MPLS, BGP, QoS, and other Internetworking technologies v Dedications This book is dedicated to my family To my beautiful wife Vivian, you have an unbelievably giving spirit To my daughter Sabrina, you have a keen business mind at only 12 years of age You’re destined for big things To my daughter Stacie, at the age of 14, you radiate happiness and are maturing into a wonderful young lady Acknowledgments My thanks go out to the team of professionals at Cisco Press I’m proud to be associated with such a respected organization My family is unbelievably supportive of my writing efforts Thank you to my wife, Vivian, and my daughters, Sabrina and Stacie You all have been very understanding when I seclude myself to write Also, I’m grateful to God for surrounding me with such quality people, both personally and professionally vi CCNP TSHOOT 642-832 Official Certification Guide Contents at a Glance Foreword xvii Introduction xviii Chapter Introduction to Network Maintenance Chapter Introduction to Troubleshooting Processes Chapter The Maintenance and Troubleshooting Toolbox Chapter Basic Cisco Catalyst Switch Troubleshooting Chapter Advanced Cisco Catalyst Switch Troubleshooting 107 Chapter Introduction to Troubleshooting Routing Protocols 139 Chapter OSPF and Route Redistribution Troubleshooting Chapter Troubleshooting BGP and Router Performance Issues Chapter Security Troubleshooting Chapter 10 IP Services Troubleshooting Chapter 11 IP Communications Troubleshooting Chapter 12 IPv6 Troubleshooting Chapter 13 Advanced Services Troubleshooting Chapter 14 Large Enterprise Network Troubleshooting Chapter 15 Final Preparation Appendix A Answers to the “Do I Know This Already?” Quizzes Glossary Index 27 51 79 167 225 267 299 327 373 419 445 473 483 497 CD-Only Appendixes Appendix B Memory Tables Appendix C Memory Tables Answer Key 479 vii Contents Foreword xvii Introduction Chapter xviii Introduction to Network Maintenance “Do I Know This Already?” Quiz Foundation Topics 3 Understanding Maintenance Methods Introducing Network Maintenance Proactive Versus Reactive Network Maintenance Well-Known Network Maintenance Models Adapting a Well-Known Network Maintenance Model Identifying Common Maintenance Procedures Routine Maintenance Tasks 10 Benefits of Scheduled Maintenance Managing Network Changes 10 11 Maintaining Network Documentation Restoring Operation After Failure 13 Measuring Network Performance 14 The Network Maintenance Toolkit Network Documentation Tools 14 21 22 Monitoring and Measuring Tools Exam Preparation Tasks 12 14 Basic Network Maintenance Tools Incident Recovery Tools 22 23 Review All the Key Topics 23 Complete the Tables and Lists from Memory Definition of Key Terms Chapter 23 23 Command Reference to Check Your Memory 24 Introduction to Troubleshooting Processes 27 “Do I Know This Already?” Quiz Foundation Topics 27 31 Troubleshooting Methods 31 Defining Troubleshooting 31 The Value of a Structured Troubleshooting Approach Popular Troubleshooting Methods The Top-Down Method 34 34 33 viii CCNP TSHOOT 642-832 Official Certification Guide Practice Exercise: Selecting a Troubleshooting Approach Using Troubleshooting Procedures Problem Report 38 39 40 Collect Information 40 Examine Collected Information Eliminate Potential Causes Hypothesize Underlying Cause Verify Hypothesis 40 41 42 42 Problem Resolution 43 Including Troubleshooting in Routine Network Maintenance 43 The Relationship Between Maintenance and Troubleshooting Tasks Maintaining Current Network Documentation Establishing a Baseline 44 45 Communicating Throughout the Troubleshooting Process Change Management 46 Exam Preparation Tasks 48 Review All the Key Topics 48 Complete the Tables and Lists from Memory Definition of Key Terms 48 48 Command Reference to Check Your Memory Chapter 48 The Maintenance and Troubleshooting Toolbox “Do I Know This Already?” Quiz Foundation Topics 51 51 53 Cisco IOS Diagnostic Tools 53 Filtering the Output of show Commands Troubleshooting Connectivity Troubleshooting Hardware Specialized Diagnostic Tools 53 58 60 61 Using Specialized Tools in the Troubleshooting Process Performing Packet Captures 62 Creating a Baseline with SNMP and NetFlow SNMP NetFlow 45 66 67 67 Providing Notifications for Network Events Exam Preparation Tasks 73 Review All the Key Topics 73 Complete Tables and Lists from Memory 74 70 62 43 ix Define Key Terms 74 Command Reference to Check Your Memory Chapter 74 Basic Cisco Catalyst Switch Troubleshooting “Do I Know This Already?” Quiz Foundation Topics 79 79 81 VLAN Troubleshooting 81 Reviewing Layer Switching 81 Layer Troubleshooting Techniques 88 Spanning Tree Protocol Troubleshooting Reviewing STP Operation 90 91 Collecting Information About an STP Topology STP Troubleshooting Issues 94 Troubleshooting EtherChannel Trouble Ticket: STP 96 97 Trouble Ticket #1 97 Suggested Solution 101 Exam Preparation Tasks 103 Review All the Key Topics 103 Complete Tables and Lists from Memory Define Key Terms 103 103 Command Reference to Check Your Memory Chapter 93 104 Advanced Cisco Catalyst Switch Troubleshooting 107 “Do I Know This Already?” Quiz Foundation Topics 107 110 Resolving InterVLAN Routing Issues 110 Contrasting Layer Switches with Routers 110 Control Plane and Data Plane Troubleshooting 111 Comparing Routed Switch Ports and Switched Virtual Interfaces 113 Router Redundancy Troubleshooting HSRP 115 116 Converging After a Router Failure 117 HSRP Verification and Troubleshooting VRRP 120 GLBP 121 Troubleshooting VRRP and GLBP 121 117 Appendix C: Memory Tables Answer Key Table 8-6 Commands for Troubleshooting a Router’s Packet Switching Modes Command Description show ip interface interface_id Displays multiple interface statistics, including information about the packet switching mode of an interface show ip cache Displays the contents of fast cache from a router if fast switching is enabled show processes cpu | include IP Input Displays information about the IP input process on a router The CPU utilization for this process might show a high value if the CPU of a router is actively engaged in process-switching traffic show ip cef Displays the contents of a router FIB show ip cef adjacency egressinterface-id next-hop-ip-address detail Displays destinations reachable via the combination of the specified egress interface and next-hop IP address show adjacency detail Provides information contained in the adjacency table of a router, including protocol and timer information show cef not-cef-switched Displays information about packets the router forwards using a packet switching mechanism other than CEF 61 62 CCNP TSHOOT 642-832 Official Certification Guide Chapter Table 9-2 Mitigations for Control Plane Threats Target Mitigations Routing protocols Authentication of routing protocols STP Root Guard BPDU Guard DHCP and ARP DHCP Snooping Dynamic ARP Inspection (DAI) Control Plane Resources Control Plane Policing (CoPP) Control Plane Protection (CPP) Table 9-3 Types of Cisco IOS Firewalls Target Mitigations Classic Cisco IOS Firewall This firewalling feature was previously known as ContextBased Access Control (CBAC) The Classic Cisco IOS Firewall inspects traffic flowing from a trusted network to an untrusted network, and returning flows from the untrusted network can be permitted into the trusted network However, if someone attempted to initiate a session from the untrusted network into the trusted network, that session would be denied Zone-Based Policy Firewall This firewalling feature allows various router interfaces to be assigned to a zone Interzone policies can then be configured to dictate what traffic is permitted between these defined zones Table 9-4 Contrasting the TACACS+ and RADIUS Protocols Characteristic TACACS+ RADIUS Transport Layer Protocol TCP UDP Modularity Provides separate services for authentication, authorization, and accounting Combines authentication and authorization functions Encryption Encrypts entire packet Only encrypts the password Appendix C: Memory Tables Answer Key Table 9-4 Contrasting the TACACS+ and RADIUS Protocols (Continued) Characteristic TACACS+ RADIUS Accounting Functionality Offers basic accounting features Offers robust accounting features Standardsbased No (Cisco proprietary) Yes Table 9-5 Sampling of Cisco IOS Security Troubleshooting Syntax Command Description Router(config-line)# exec-timeout minutes [seconds] Specifies how long the EXEC process running on a line waits for user input before timing out the connection (defaults to 10 minutes) Router(config)# access-list number {deny | permit} protocol source wildcard-mask destination wildcard-mask [eq portnumber] [log] Creates an extended IP access list, where the access list number is in the range 100–199 rommon> confreg 0x2142 Configures a router in ROM Monitor configuration mode to ignore its startup configuration when it boots rommon> reset Causes a router in ROM Monitor configuration mode to reboot Router(config)#config-register 0x2102 Configures a router to uses its startup configuration the next time the router boots Router(config)#enable secret password Configures a router’s privileged mode password Router# show access-lists Displays access lists configured on a router Router# show logging Displays output collected from logged access list entries 63 64 CCNP TSHOOT 642-832 Official Certification Guide Chapter 10 Table 10-2 Types of NAT Type of NAT Description Static NAT A one-to-one mapping of private internal IP addresses to public external IP addresses Dynamic NAT A dynamic mapping of private internal IP addresses to a pool of public external IP addresses NAT Overloading Allows multiple private internal IP addresses to use a single public external IP address by keeping track of Layer port numbers, which make each session unique (that is, Port Address Translation [PAT]) Overlapping NAT Used when private internal IP addresses at one location overlap destination private internal IP addresses at another location Table 10-3 Names of NAT IP Addresses Advantage Definition Inside Local A private IP address referencing an inside device Inside Global A public IP address referencing an inside device Outside Local A private IP address referencing an outside device Outside Global A public IP address referencing an outside device Table 10-4 Classifying the NAT IP Addresses in Figure 10-1 Advantage NAT IP Address Type Inside Local 10.1.1.1 Inside Global 172.16.1.1 Outside Local None Outside Global 192.168.1.1 Appendix C: Memory Tables Answer Key Table 10-5 NAT Troubleshooting Commands Command Description clear ip nat translation * Removes all dynamic entries from a router’s NAT translation table show ip nat translations Used to see all entries in a router’s NAT translation table show ip nat statistics Used to display NAT configuration and statistical information on a router, such as inside and outside interfaces, total translations, number of expired translations, inside address ACL, and outside address pool information debug ip nat Provides real-time information about NAT translations as they occur, including the IP address being translated and the IP identification number that can be used to match packets in the output with packets captured with a protocol analyzer ip nat pool pool-name startip end-ip {netmask subnetmask | prefix-length prefix-length} Global configuration mode command that defines a pool of inside global addresses into which inside local addresses can be translated ip nat inside source list access-list pool pool-name [overload] Global configuration mode command that associates an ACL defining an inside local address space with the specified pool of inside global addresses (Note: The overload keyword enables PAT, which allows multiple inside addresses to share a common outside address.) ip nat translation max-entries number Global configuration mode command that specifies the maximum number of entries permitted in a router’s NAT table ip nat {inside | outside} Interface configuration mode command that identifies an interface as an inside or outside NAT interface 65 66 CCNP TSHOOT 642-832 Official Certification Guide Table 10-6 DHCP Message Types DHCP Message Description DHCPDISCOVER A client sends this message in an attempt to locate a DHCP server This message is sent to a broadcast IP address of 255.255.255.255 using UDP port 67 DHCPOFFER A DHCP server sends this message in response to a DHCPDISCOVER message using UDP port 68 DHCPREQUEST This message is a request for IP configuration parameters sent from a client to a specific DHCP server DHCPDECLINE This message is sent from a client to a DHCP server to inform the server that an IP address is already in use on the network DHCPACK A DHCP server sends this message to a client and includes IP configuration parameters DHCPNAK A DHCP server sends this message to a client and informs the client that the DHCP server declines to provide the client with the requested IP configuration information DHCPRELEASE A client sends this message to a DHCP server and informs the DHCP server that the client has released its DHCP lease, thus allowing the DHCP server to reassign the client IP address to another client DHCPINFORM This message is sent from a client to a DHCP server and requests IP configuration parameters Such a message might be sent from an access server requesting IP configuration information for a remote client attaching to the access server Appendix C: Memory Tables Answer Key Table 10-7 DHCP Troubleshooting Commands Command Description show ip dhcp conflict Identifies any IP address conflicts a router identifies, along with the method the router used to identify the conflicts (this is, via ping or gratuitous ARP) show ip dhcp binding Displays IP addresses that an IOS DHCP server assigns, their corresponding MAC addresses, and lease expirations clear ip dhcp binding * Releases all current DHCP leases clear ip dhcp conflict * Clears all currently identified DHCP conflicts debug ip dhcp server events Provides real-time information about DHCP address assignments and database updates debug ip dhcp server packet Displays real-time decodes of DHCP packets ip helper-address ip-address Interface configuration mode command that causes an interface to forward specific received UDP broadcasts to the destination IP address, which can be either a specific IP address or a directed broadcast address ip dhcp excluded-address beginning-ip-address [endingip-address] Specifies a range of IP addresses not to be assigned to DHCP clients ip dhcp pool pool-name Creates a DHCP pool network network-address subnet-mask Identifies a subnet to be used by a DHCP pool default-router ip-address Specifies the IP address of a default gateway to be given to a DHCP client dns-server ip-address Configures the IP address of a DNS server to be given to a DHCP client netbios-name-server ip-address Defines the IP address of a WINS server to be given to a DHCP client lease {days hours minutes | infinite} Determines the duration of a DHCP lease given to a DHCP client 67 68 CCNP TSHOOT 642-832 Official Certification Guide Chapter 11 Table 11-2 Common Voice Troubleshooting Targets Voice Troubleshooting Target Recommended Solutions IP Services Check the configuration of the following IP services: CDP, DHCP, TFTP, NTP QoS Check QoS configurations on routers and switches to confirm that voice traffic is being correctly classified, is being allocated a minimum amount of bandwidth, and is given priority treatment Security Confirm voice and data VLAN separation Additionally, check the encryption and authentication configurations for voice media and voice signaling traffic Power In a modular Cisco Catalyst switch chassis (for example, a Cisco Catalyst 6500 chassis), the switch’s power supply might not be sufficient to provide PoE to all attached Cisco IP Phones Therefore, check the switch’s power capacity and current utilization level Table 11-3 MQC Verification Commands Command Description show class-map [class-map-name] Used to view what a class map is matching show policy-map [policy-map-name] Used to view the policy applied to the classes within a policy map show policy-map interface interfaceidentifier [input | output] Used to view policy map statistics for packets crossing a specific interface Table 11-4 AutoQoS Platform Support AutoQoS Version Platform Support AutoQoS VoIP Routers Catalyst Switches AutoQoS Enterprise Routers Appendix C: Memory Tables Answer Key Table 11-5 Recommended QoS Metrics for Video QoS Metric Cisco Unified Video Advantage Cisco TelePresence Video Surveillance One-Way Delay 200 ms maximum 150 ms maximum 500 ms maximum Jitter 10 ms maximum 10 ms maximum 10 ms maximum Packet Loss 0.05 percent maximum 0.05 percent maximum 0.5 percent maximum Table 11-6 Common Video Troubleshooting Targets Video Troubleshooting Target Recommended Solutions Bandwidth Video streams can be bursty in nature and consume large quantities of bandwidth Therefore, although sufficient bandwidth should be allocated for supported video applications, you should confirm that the video traffic is not consuming too much bandwidth (that is, an amount of bandwidth that would negatively impact other important traffic) Pervasiveness of Video Applications The volume of video traffic on a network might be somewhat unpredictable, because users might introduce their own video traffic on a network without the knowledge of network administrators Therefore, your policy for network use should address the types of traffic a user is allowed to send and receive Also, you might want to block video from portions of your network Security In addition to protecting the content of your network’s video streams, realize that security measures you have in place might be conflicting with your video applications For example, if a video stream cannot be established, you might check your firewalls and router ACLs to confirm they are not blocking video media (that is, RTP) packets, video maintenance (for example, RTCP) packets, or video-signaling packets (for example, H.323) continues 69 70 CCNP TSHOOT 642-832 Official Certification Guide Table 11-6 Common Video Troubleshooting Targets (Continued) Video Troubleshooting Target Recommended Solutions QoS Because video traffic is latency-sensitive, QoS mechanisms should be in place to ensure video packets are sent with priority treatment, and sufficient bandwidth should be allocated for your supported video applications Multicast Because many video applications rely on multicast technologies to transmit a video stream to a multicast group, much of your video troubleshooting might be focused on multicast troubleshooting For example, confirm that both routers and switches are properly configured with multicast protocols (for example, PIM-SM on a router and IGMP Snooping on a switch) Chapter 12 Table 12-2 IPv6 Configuration Commands Command Description ipv6 cef Global configuration mode command that configures Cisco Express Forwarding for IPv6 ipv6 unicast-routing Global configuration mode command that instructs a router to forward IPv6 traffic ipv6 address ipv6-address/prefix-length [eui-64] Interface configuration mode command that assigns an IPv6 address to an interface (NOTE: The eui-64 option allows a router to complete the low-order 64 bits of an address, based on an interface’s MAC address.) Appendix C: Memory Tables Answer Key Table 12-3 Commands Used to Tunnel IPv6 via IPv4 Command Description interface tunnel interface-id Global configuration mode command that creates a virtual IPv4 tunnel interface over which encapsulated IPv6 packets can flow tunnel source ipv4-address Interface configuration mode command that identifies the IPv4 address of the local end of a tunnel tunnel destination ipv4-address Interface configuration mode command that identifies the IPv4 address of the remote end of a tunnel tunnel mode ipv6ip Interface configuration mode command that configures an interface to act as a manual IPv6 tunnel ipv6 address ipv6-address/prefixlength Interface configuration mode command that specifies the IPv6 address assigned to a tunnel interface ipv6 ospf process-id area area-id Interface configuration mode command that allows the IPv6 address configured on a tunnel interface to participate in an OSPFv3 routing process Table 12-4 OSPFv3 Configuration Commands Command Description ipv6 ospf process-id area areaid Interface configuration mode command that allows the IPv6 address configured on an interface to participate in an OSPFv3 routing process ipv6 router ospf process-id Global configuration mode command that enables an OSPFv3 routing process on a router router-id ipv4-address Router configuration mode command that specifies an IPv4 address to be used by OSPFv3 as a router’s router ID 71 72 CCNP TSHOOT 642-832 Official Certification Guide Table 12-5 OSPFv3 Troubleshooting Commands Command Description show ipv6 ospf Displays OSPFv3 routing process, router ID, various timers, and information about each area on a router show ipv6 ospf interface Shows IPv6 link local address, area ID, process ID, router ID, and cost show ipv6 ospf neighbor Lists the state of a router’s adjacency with all configured OSPFv3 neighbors debug ipv6 ospf adj Displays information about OSPFv3 adjacencies debug ip ipv6 ospf hello Shows OSPFv3 HELLO packet information Table 12-6 RIPng Configuration Commands Command Description ipv6 rip process-name enable Interface configuration mode command that instructs an interface to participate in the specified RIPng routing process ipv6 rip process-name defaultinformation {only | originate} Interface configuration mode command that causes an interface to originate a default route advertisement (that is, an advertisement for network ::/0) and optionally suppress the advertisement of all other routes (using the only keyword) ipv6 router rip process-name Global configuration mode command that enters router configuration mode for the specified RIPng routing process maximum-paths number Interface configuration mode command that specifies the number of equal-cost paths across which RIPng can load balance (defaults to 16 with a valid range of 1-64) Appendix C: Memory Tables Answer Key Table 12-7 RIPng Troubleshooting Commands Command Description show ipv6 rip [process-name] [database | next-hops] Displays information about the specified RIPng routing process, and optionally the contents of the RIPng database and a listing of next-hop addresses show ipv6 route Shows the contents of the IPv6 routing table debug ipv6 rip Provides real-time information about RIPng messages Chapter 13 Table 13-2 ANS Network Components Component Description Cisco Application Velocity System (AVS) Enhances web applications (for example, by measuring response time and by managing application layer security) Cisco Global Site Selector (GSS) Optimizes distributed data center environments Cisco Content Switching Module (CSM) Performs load balancing across multiple devices (such as servers or firewalls) Cisco Application Control Engine (ACE) Performs intelligent load balancing and content switching to increase application availability Cisco Wide Area Application Engine (WAAE) Provides a platform on which users can run Cisco ACNS or Cisco WAAS software Cisco Wide Area Application Software (WAAS) Accelerates applications for remote office workers Cisco Application and Content Networking System (ACNS) Supports content distribution (for example, video streaming) to remote sites over an IP WAN 73 74 CCNP TSHOOT 642-832 Official Certification Guide Table 13-3 VLAN and Trunk Troubleshooting Commands for a Cisco Catalyst Switch Command Description show vlan Shows to which VLANs the ports of a switch belong show interfaces trunk Displays which VLANs are permitted on a switch’s trunk ports, and which switch ports are configured as trunks show interfaces switchport Displays summary information for the ports on a switch, including VLAN and trunk configuration information Table 13-4 DHCP Troubleshooting Commands Command Description show ip dhcp conflict Lists any IP address conflicts identified by a router, along with the method the router used to identify the conflicts (this is, via ping or gratuitous ARP) show ip dhcp binding Displays IP addresses assigned by an IOS DHCP server, their corresponding MAC addresses, and lease expirations clear ip dhcp binding * Releases all current DHCP leases clear ip dhcp conflict * Clears all currently identified DHCP conflicts debug ip dhcp server events Provides real-time information about DHCP address assignments and database updates debug ip dhcp server packet Displays real-time decodes of DHCP packets Chapter 14 Table 14-3 VPN Troubleshooting Commands Command Description show crypto ipsec sa Displays IPsec security association settings show crypto engine connections active Displays configuration information for all active IPsec sessions Appendix C: Memory Tables Answer Key Table 14-3 VPN Troubleshooting Commands (Continued) Command Description show crypto map Displays the crypto map configuration of a router (for example, information about ACLs being referenced by the crypto map, the IP address of the IPsec peer, the security association lifetime, and the name of the crypto map transform set) show ip route Displays routes injected into a router’s IP routing table, including next-hop IP address or exit interface information for IP routes show ip protocols Displays information about the active IP routing processes of a router show interfaces tunnel number Displays status and configuration information for a specified tunnel interface on a router Table 14-4 OSI Layers of Various Networking Technologies Technology Layer Layer Layer Layer Layer Layer Layer Security X X X X X Performance X X X X X Packet Forwarding X Routing Protocols X Mapping Layer QoS Markings to Layer X Spanning Tree Protocol X Frame Forwarding X EtherChannel X Physical Interfaces X Cabling X X X X X 75