CCIE Written Blueprint: 1.3.a Use IOS troubleshooting tools

1.3.a Use IOS troubleshooting tools

1.3.a (i) debug, conditional debug

Debugs can be used on a wide range of functions (debug ?). Some debugs can be very noisy. Debug conditions can be set to filter out some of the noise – for example debug condition interface fa0/0 will limit the debug information to things using that interface. Undebug all does not remove conditions, they must be specifically removed with the undebug condition command. Debugs can be quite processor intensive, so it is wise to check whether the device can handle it, and cancel it when it isn't required.

1.3.a (ii) ping, traceroute with extended options

The extended ping / traceroute allow the use of specific IP headers to test different network scenarios. Options are:

Ping

+--------------------------------------+--------------------------------------+ | Field | Description | +--------------------------------------+--------------------------------------+ | Protocol [ip]: | Prompts for a supported protocol. | | | Enter appletalk, clns, ip, novell, | | | apollo, vines, decnet, or xns. The | | | default is ip. | +--------------------------------------+--------------------------------------+ | Target IP address: | Prompts for the IP address or host | | | name of the destination node you | | | plan to ping. If you have specified | | | a supported protocol other than IP, | | | enter an appropriate address for | | | that protocol here. The default is | | | none. | +--------------------------------------+--------------------------------------+ | Repeat count [5]: | Number of ping packets that are sent | | | to the destination address. The | | | default is 5. | +--------------------------------------+--------------------------------------+ | Datagram size [100]: | Size of the ping packet (in bytes). | | | Default: 100 bytes. | +--------------------------------------+--------------------------------------+ | Timeout in seconds [2]: | Timeout interval. Default: 2 | | | (seconds). The ping is declared | | | successful only if the ECHO REPLY | | | packet is received before this time | | | interval. | +--------------------------------------+--------------------------------------+ | Extended commands [n]: | Specifies whether or not a series of | | | additional commands appears. The | | | default is no. | +--------------------------------------+--------------------------------------+ | Source address or interface: | The interface or IP address of the | | | router to use as a source address | | | for the probes. The router normally | | | picks the IP address of the outbound | | | interface to use. The interface can | | | also be mentioned, but with the | | | correct syntax as shown here:Source | | | address or interface: ethernet 0 | | | | | | | | | Note: This is a partial output | | | of the extended pingcommand. The | | | interface cannot be written as e0. | +--------------------------------------+--------------------------------------+ | Type of service [0]: | Specifies the Type of Service (ToS). | | | The requested ToS is placed in each | | | probe, but there is no guarantee | | | that all routers process the ToS. It | | | is the Internet service's quality | | | selection. The default is 0. | +--------------------------------------+--------------------------------------+ | Set DF bit in IP header? [no]: | Specifies whether or not the Don't | | | Fragment (DF) bit is to be set on | | | the ping packet. If yes is | | | specified, the Don't Fragment option | | | does not allow this packet to be | | | fragmented when it has to go through | | | a segment with a smaller maximum | | | transmission unit (MTU), and you | | | will receive an error message from | | | the device that wanted to fragment | | | the packet. This is useful for | | | determining the smallest MTU in the | | | path to a destination. The default | | | is no. | +--------------------------------------+--------------------------------------+ | Validate reply data? [no]: | Specifies whether or not to validate | | | the reply data. The default is no. | +--------------------------------------+--------------------------------------+ | Data pattern [0xABCD] | Specifies the data pattern. | | | Different data patterns are used to | | | troubleshoot framing errors and | | | clocking problems on serial lines. | | | The default is [0xABCD]. | +--------------------------------------+--------------------------------------+ | Loose, Strict, Record, Timestamp, | IP header options. This prompt | | Verbose[none]: | offers more than one option to be | | | selected. They are: | | | | | | - Verbose is automatically | | | selected along with any other | | | option. | | | - Record is a very useful | | | option because it displays the | | | address(es) of the hops (up to | | | nine) the packet goes through. | | | - Loose allows you to | | | influence the path by specifying | | | the address(es) of the hop(s) | | | you want the packet to go | | | through. | | | - Strict is used to specify | | | the hop(s) that you want the | | | packet to go through, but no | | | other hop(s) are allowed to be | | | visited. | | | - Timestamp is used to measure | | | roundtrip time to particular | | | hosts. | | | | | | | | | The difference between using | | | the Record option of this | | | command and using | | | the traceroute command is that, | | | theRecord option of this command | | | not only informs you of the hops | | | that the echo request (ping) went | | | through to get to the destination, | | | but it also informs you of the hops | | | it visited on the return path. With | | | the traceroute command, you do | | | not get information about the path | | | that the echo reply takes. | | | Thetraceroute command issues | | | prompts for the required fields. | | | Note that the traceroute command | | | places the requested options in each | | | probe. However, there is no | | | guarantee that all routers (or end | | | nodes) process the options. The | | | default is none. | +--------------------------------------+--------------------------------------+ | Sweep range of sizes [n]: | Allows you to vary the sizes of the | | | echo packets that are sent. This is | | | used to determine the minimum sizes | | | of the MTUs configured on the nodes | | | along the path to the destination | | | address. Performance problems caused | | | by packet fragmentation is thus | | | reduced. The default is no. | +--------------------------------------+--------------------------------------+ | !!!!! | Each exclaimation point (!) denotes | | | receipt of a reply. A period (.) | | | denotes that the network server | | | timed out while waiting for a reply. | | | Refer to ping | | | characters for | | | a description of the remaining | | | characters. | +--------------------------------------+--------------------------------------+ | Success rate is 100 percent | Percentage of packets successfully | | | echoed back to the router. Anything | | | less than 80 percent is usually | | | considered problematic. | +--------------------------------------+--------------------------------------+ | round-trip min/avg/max = 1/2/4 ms | Round-trip travel time intervals for | | | the protocol echo packets, including | | | minimum/average/maximum (in | | | milliseconds). | +--------------------------------------+--------------------------------------+

Traceroute

Field Description
Protocol [ip]: Prompts for a supported protocol. Enter appletalk, clns, ip, novell, apollo, vines, decnet, or xns. The default is ip.
Target IP addres You must enter a host name or an IP address. There is no default.
Source address: The interface or IP address of the router to use as a source address for the probes. The router normally picks the IP address of the outbound interface to use.
Numeric display [n]: The default is to have both a symbolic and numeric display; however, you can suppress the symbolic display.
Timeout in seconds [3]: The number of seconds to wait for a response to a probe packet. The default is 3 seconds.
Probe count [3]: The number of probes to be sent at each TTL level. The default count is 3.
Minimum Time to Live [1]: The TTL value for the first probes. The default is 1, but it can be set to a higher value to suppress the display of known hops.
Maximum Time to Live [30]: The largest TTL value that can be used. The default is 30. The traceroute command terminates when the destination is reached or when this value is reached.
Port Number [33434]: The destination port used by the UDP probe messages. The default is 33434.
Loose, Strict, Record, Timestamp, Verbose[none]: IP header options. You can specify any combination. Thetraceroute command issues prompts for the required fields. Note that the traceroute command will place the requested options in each probe; however, there is no guarantee that all routers (or end nodes) will process the options.

1.3.a (iii) Embedded packet capture

Can be used to monitor packets flowing to, through and from the device. They can be analysed on the device, or exported to a PCAP file for opening in Wireshark. Full command reference is here: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/configuration/15-mt/epc-15-mt-book/nm-packet-capture.html

  1. Set a buffer: monitor capture buffer MYCAPTURE size 256 max-size
    1. Size is the size of the buffer, and max-size is the maximum size per element. Access-lists, packet limits etc can be included in this command.
  2. Set a capture point: monitor capture point ip cef MYPOINT fa0/1 both.
  3. Associate the capture point and buffer: monitor capture point associate MYPOINT MYCAPTURE
  4. Start the capture: monitor capture point start MYPOINT

1.3.a (iv) Performance monitor

Configured in a similar way to netflow, using flow record collectors, Cisco Performance Monitoring can be used to monitor for packet loss, delay, jitter, etc. It is able to export these records, and generate SNMP alerts based on thresholds.

Share this post

  • Share to Facebook
  • Share to Twitter
  • Share to Google+
  • Share to LinkedIn
  • Share by Email