Troubleshooting TCP IP – Show and Debug (PDF)

Document Sample
Troubleshooting TCP IP – Show and Debug (PDF) Powered By Docstoc
					Lab 4.6.3: Troubleshooting TCP/IP – Show and Debug



                SanJose1         S0/0                                   S0/0    SanJose2




                  #1     192.168.1.10                            192.168.2.10      #2
Objective

      There are many commands that are useful for troubleshooting TCP/IP. It is likely
      that you have used some of them in earlier classes. In this exercise you will look
      at some options, but we will save most commands for later chapters when you
      are looking at specific protocols. This lab covers:
      •    show commands
      •    debug commands
      Warning: The debug command because of its heavy use of CPU cycles can be
      devastating to a production router’s performance. It is possible that a command
      such as debug IP packet running, during a moderate to heavy traffic period
      could literally consume all CPU cycles and effectively stop routing, resulting in
      discarded frames. This discussion is included primarily as a tool to help you
      visualize how and why certain network processes occur. We will also look at
      options that can reduce the impact of the debug commands.

Scenario

      You have been asked to consult on a small network and offer suggestions on
      how performance might be improved. You are gathering information about the
      network.
      Note: The configuration file used for this lab will be used for other module 4 labs,
      so please do not change any configuration settings. The configuration contains
      several components for testing purposes and is not intended to represent a good
      production configuration.



1-1   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3           Copyright  2001, Cisco Systems, Inc.
      If the lab is done in pairs, each person can run the lab steps each may get
      slightly different results. It might be beneficial to coordinate your efforts and
      compare results.

Step 1

      Cable the lab as shown in the diagram.
      Load the configuration files Lab4-6-3-SanJose1Config.txt and Lab4-6-3-
      SanJose2Config.txt into the appropriate routers.
      Configure the workstations as follows (same as the last lab):
      Host #1                                              Host #2
      IP Address: 192.168.1.10                             IP Address: 192.168.2.10
      Subnet mask: 255.255.255.0                           Subnet mask: 255.255.255.0
      Default Gateway: 192.168.1.1                         Default Gateway: 192.168.2.1

Step 2

      The show ip access-list and clear ip access-list counters
      commands
      On either router type show ip access-list and look over the results. You
      may notice a message indicating matches after some entries like those
      highlighted below:
        SanJose1#show ip access-list
        Standard IP access list 50
            deny   192.168.60.0, wildcard bits 0.0.0.255
            deny   192.168.70.0, wildcard bits 0.0.0.255
            deny   192.168.80.64, wildcard bits 0.0.0.31
            permit any
        Extended IP access list 100
            deny tcp any 192.168.90.0 0.0.0.255 eq www
            deny tcp any 192.168.90.0 0.0.0.255 eq ftp
            deny tcp any 192.168.91.0 0.0.0.255 eq www
            deny tcp any 192.168.91.0 0.0.0.255 eq ftp
            deny icmp any host 192.168.60.1
            permit ip any any (8571 matches)
        Extended IP access list protect_acctg_servers
            deny tcp 192.168.60.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            deny tcp 192.168.70.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            deny tcp 192.168.80.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            deny tcp 192.168.90.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            deny tcp 192.168.91.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            permit ip any any (44294 matches)
        SanJose1#

      These “matches” messages indicate the results of the access list since the last
      time the counters were cleared or the router rebooted. The clear ip
      access-list counters command can be used to clear the counters. Try it.
      You may find that like the following example a routing update or some other
      activity immediately started the counters again.
        SanJose1#clear ip access-list counters

        SanJose1#show ip access-list




2-2   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3             Copyright  2001, Cisco Systems, Inc.
        Standard IP access list 50
            deny   192.168.60.0, wildcard bits 0.0.0.255
            deny   192.168.70.0, wildcard bits 0.0.0.255
            deny   192.168.80.64, wildcard bits 0.0.0.31
            permit any
        Extended IP access list 100
            deny tcp any 192.168.90.0 0.0.0.255 eq www
            deny tcp any 192.168.90.0 0.0.0.255 eq ftp
            deny tcp any 192.168.91.0 0.0.0.255 eq www
            deny tcp any 192.168.91.0 0.0.0.255 eq ftp
            deny icmp any host 192.168.60.1
            permit ip any any
        Extended IP access list protect_acctg_servers
            deny tcp 192.168.60.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            deny tcp 192.168.70.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            deny tcp 192.168.80.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            deny tcp 192.168.90.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            deny tcp 192.168.91.0 0.0.0.255 192.168.10.0         0.0.0.7   eq   www
            permit ip any any (5 matches)
        SanJose1#

Step 3

      The show ip arp command.
      Type the show ip arp command and look over the results. Notice that only the
      LAN interfaces and any hosts connected to them appear in the ARP table. You
      also get the MAC address, encapsulation type, and the local interface to which
      the address has been mapped. There is a show arp command that seems to
      yield the same result.
        SanJose1#show ip arp
        Protocol Address              Age (min)   Hardware Addr    Type       Interface
        Internet 192.168.1.10                1    00a0.cc23.fe40   ARPA       Ethernet0
        Internet 192.168.1.1                 -    0010.7b3a.3f60   ARPA       Ethernet0
        Internet 192.168.4.1                 -    0010.7b3a.3f60   ARPA       Ethernet0
        SanJose1#

      Type the show appletalk arp command and look over the results. You
      should only get a single entry unless you have attached some Mac hosts.
        SanJose1#show appletalk arp
        Address      Age (min)     Type           Hardware Addr         Encap         Interface
        57.76         -          Hardware         0010.7b3a.3f60.0000   SNAP          Ethernet0
        SanJose1#

      An attempt to type the show ipx arp command will remind you that IPX does
      not use ARP.

Step 4

      The show ip route command.
      Type the show ip route command to display the IP route table. Because of a
      series of loopback addresses and a variety of protocols configured on both
      routers, you should see a pretty extensive display. Note that on SanJose1 there
      are some EX - EIGRP external and IA - OSPF inter area routes.
        SanJose1#show ip route
        Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
               D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
               N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
               E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
               i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area



3-3   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3             Copyright  2001, Cisco Systems, Inc.
                 * - candidate default, U - per-user static route, o - ODR
                 P - periodic downloaded static route

        Gateway of last resort is not set

        R    192.168.91.0/24 [120/1] via 192.168.0.2, 00:00:21, Serial0
        R    192.168.90.0/24 [120/1] via 192.168.0.2, 00:00:21, Serial0
        C    192.168.30.0/24 is directly connected, Loopback2
        D EX 192.168.60.0/24 [170/2297856] via 192.168.0.2, 05:49:49, Serial0
        C    192.168.10.0/24 is directly connected, Loopback0
        C    192.168.40.0/24 is directly connected, Loopback3
             192.168.95.0/32 is subnetted, 1 subnets
        O IA    192.168.95.1 [110/65] via 192.168.0.2, 05:49:49, Serial0
        C    192.168.4.0/24 is directly connected, Ethernet0
        D    192.168.80.0/24 [90/2297856] via 192.168.0.2, 05:49:49, Serial0
        C    192.168.20.0/24 is directly connected, Loopback1
             192.168.96.0/32 is subnetted, 1 subnets
        O IA    192.168.96.1 [110/65] via 192.168.0.2, 05:49:50, Serial0
        C    192.168.0.0/24 is directly connected, Serial0
        C    192.168.50.0/24 is directly connected, Loopback4
        C    192.168.1.0/24 is directly connected, Ethernet0
        R    192.168.2.0/24 [120/1] via 192.168.0.2, 00:00:24, Serial0
        D EX 192.168.70.0/24 [170/2297856] via 192.168.0.2, 05:49:51, Serial0
        R    192.168.3.0/24 [120/1] via 192.168.0.2, 00:00:24, Serial0
        SanJose1#

      Type the show ip route summary command to see the routes summarized
      plus overhead and bytes used. Note that it also provides an additional summary
      of OSPF network information.
        SanJose1#show ip route summary
        IP routing table name is Default-IP-Routing-Table(0)
        Route Source    Networks    Subnets     Overhead    Memory (bytes)
        connected       8           0           416         1120
        static          0           0           0           0
        eigrp 90        3           0           156         420
        ospf 100        0           2           104         280
          Intra-area: 0 Inter-area: 2 External-1: 0 External-2: 0
        rip             4           0           208         560
        igrp 90         0           0           0           0
        internal        2                                   2320
        Total           17          2           884         4700

      Type the show ip route ? command to see the parameter options available.
      Adding parameters like connected, static, or the routing protocols filters the
      output.
        SanJose1#show ip route ?
          bgp                    Border Gateway Protocol (BGP)
          connected              Connected
          egp                    Exterior Gateway Protocol (EGP)
          eigrp                  Enhanced Interior Gateway Routing Protocol (EIGRP)
          igrp                   Interior Gateway Routing Protocol (IGRP)
          isis                   ISO IS-IS
          list                   IP Access list
          mobile                 Mobile routes
          odr                    On Demand stub Routes
          ospf                   Open Shortest Path First (OSPF)
          profile                IP routing table profile
          rip                    Routing Information Protocol (RIP)
          static                 Static routes
          summary                Summary of all routes
          supernets-only         Show supernet entries only
          traffic-engineering    Traffic engineered routes
          vrf                    Display routes from a VPN Routing/Forwarding instance
          |                      Output modifiers
          <cr>




4-4   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3    Copyright  2001, Cisco Systems, Inc.
      Type the following commands: show ip route eigrp, show ip route
      ospf, and show ip route rip to see that you can be selective about what is
      displayed.
        SanJose1#show ip route eigrp
        D EX 192.168.60.0/24 [170/2297856] via 192.168.0.2, 05:55:25, Serial0
        D    192.168.80.0/24 [90/2297856] via 192.168.0.2, 05:55:25, Serial0
        D EX 192.168.70.0/24 [170/2297856] via 192.168.0.2, 05:55:25, Serial0
        SanJose1#
        SanJose1#show ip route ospf
             192.168.95.0/32 is subnetted, 1 subnets
        O IA    192.168.95.1 [110/65] via 192.168.0.2, 05:55:38, Serial0
             192.168.96.0/32 is subnetted, 1 subnets
        O IA    192.168.96.1 [110/65] via 192.168.0.2, 05:55:38, Serial0
        SanJose1#
        SanJose1#show ip route rip
        R    192.168.91.0/24 [120/1] via 192.168.0.2, 00:00:23, Serial0
        R    192.168.90.0/24 [120/1] via 192.168.0.2, 00:00:23, Serial0
        R    192.168.2.0/24 [120/1] via 192.168.0.2, 00:00:23, Serial0
        R    192.168.3.0/24 [120/1] via 192.168.0.2, 00:00:23, Serial0
        SanJose1#

      Type the show ip route address command for a host or network address
      on the other router to see the source and detail information about that route.
        SanJose1#show ip route 192.168.2.51
        Routing entry for 192.168.2.0/24
          Known via "rip", distance 120, metric 1
          Redistributing via rip
          Last update from 192.168.0.2 on Serial0, 00:00:01 ago
          Routing Descriptor Blocks:
          * 192.168.0.2, from 192.168.0.2, 00:00:01 ago, via Serial0
              Route metric is 1, traffic share count is 1
        SanJose1#

Step 5

      The show ip interface command.
      Type the show ip interface command to display the IP interfaces. While the
      command displays all interfaces, let’s look at the LAN interface. Not only can we
      see the IP address, but we see that a second IP address has been assigned to
      the interface (192.168.4.1/24). We can see that there are both inbound and
      outbound access lists implemented – we would refer back to our show ip
      access-list to see what they do. Finally, the Multicast reserved group
      (224.0.0.9) tells us that this interface participates in RIP version 2 routing
      updates.
        SanJose1#show ip interface
        Ethernet0 is up, line protocol is up
          Internet address is 192.168.1.1/24
          Broadcast address is 255.255.255.255
          Address determined by setup command
          MTU is 1500 bytes
          Helper address is not set
          Directed broadcast forwarding is disabled
          Secondary address 192.168.4.1/24
          Multicast reserved groups joined: 224.0.0.9
          Outgoing access list is 50
          Inbound access list is 100
          Proxy ARP is enabled
          Security level is default
          Split horizon is enabled
          ICMP redirects are always sent
          ICMP unreachables are always sent



5-5   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3   Copyright  2001, Cisco Systems, Inc.
          ICMP mask replies are never sent
          IP fast switching is enabled
          IP fast switching on the same interface is disabled
          IP Flow switching is disabled
          IP Feature Fast switching turbo vector
          IP multicast fast switching is enabled
          IP multicast distributed fast switching is disabled
          Router Discovery is disabled
          IP output packet accounting is disabled
          IP access violation accounting is disabled
          TCP/IP header compression is disabled
          RTP/IP header compression is disabled
          Probe proxy name replies are disabled
          Policy routing is disabled
          Network address translation is disabled
          WCCP Redirect outbound is disabled
          WCCP Redirect exclude is disabled
          BGP Policy Mapping is disabled
        SanJose1#

      Using the same skills, we can see that Loopback 2 is participating in OSPF while
      Loopback 3 is participating in EIGRP. SanJose2 should have a similar variety of
      routing protocols.
        Loopback2 is up, line protocol is up
          Internet address is 192.168.30.1/24
          Broadcast address is 255.255.255.255
          Address determined by setup command
          MTU is 1514 bytes
          Helper address is not set
          Directed broadcast forwarding is disabled
          Multicast reserved groups joined: 224.0.0.5 224.0.0.6

        Loopback3 is up, line protocol is up
          Internet address is 192.168.40.1/24
          Broadcast address is 255.255.255.255
          Address determined by setup command
          MTU is 1514 bytes
          Helper address is not set
          Directed broadcast forwarding is disabled
          Multicast reserved groups joined: 224.0.0.10
          Outgoing access list is not set

      Make sure that you know the difference between the show ip interface
      command and the show interface command. As you saw in the examples the
      show ip interface command displays the status of features and options on
      the interface. The show interface command includes the MAC address and a
      variety of performance counters that can be used to gauge the device’s usage.
      For example, the sample data below shows both the input and output statistics. It
      also shows that the queuing strategy is FIFO (first in / first out).
        SanJose1#show interface
        Ethernet0 is up, line protocol is up
          Hardware is Lance, address is 0010.7b3a.3f60 (bia 0010.7b3a.3f60)
          Internet address is 192.168.1.1/24
          MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
             reliability 255/255, txload 1/255, rxload 1/255
          Encapsulation ARPA, loopback not set
          Keepalive set (10 sec)
          ARP type: ARPA, ARP Timeout 04:00:00
          Last input 00:00:12, output 00:00:04, output hang never
          Last clearing of "show interface" counters never
          Queueing strategy: fifo
          Output queue 0/40, 0 drops; input queue 0/75, 0 drops
          5 minute input rate 0 bits/sec, 0 packets/sec
          5 minute output rate 0 bits/sec, 0 packets/sec
             413 packets input, 98679 bytes, 0 no buffer




6-6   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3    Copyright  2001, Cisco Systems, Inc.
              Received 294 broadcasts, 0 runts, 0 giants, 0 throttles
              0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
              0 input packets with dribble condition detected
              766 packets output, 73002 bytes, 0 underruns
              0 output errors, 0 collisions, 4 interface resets
              0 babbles, 0 late collision, 0 deferred
              0 lost carrier, 0 no carrier
              0 output buffer failures, 0 output buffers swapped out

Step 6

      The show ip protocols command.
      Type the show ip protocols command to display the supported protocols.
      While the command displays all protocols, let’s look at the OSPF. The command
      displays the process ID (100), the networks using OSPF and the Administrative
      Distance.
        SanJose1#show ip protocols
        Routing Protocol is "ospf 100"
          Sending updates every 0 seconds
          Invalid after 0 seconds, hold down 0, flushed after 0
          Outgoing update filter list for all interfaces is
          Incoming update filter list for all interfaces is
          Redistributing: ospf 100
          Routing for Networks:
            192.168.0.0
            192.168.10.0
            192.168.20.0
            192.168.30.0
          Routing Information Sources:
            Gateway         Distance      Last Update
            192.168.96.1         110      06:20:51
          Distance: (default is 110)

      The IGRP output displays the AS number (90), the network using IGRP, that it is
      redistributing EIGRP, the various timers and the Administrative Distance. The
      IGRP metric weights show that the metric has not been modified.
        Routing Protocol is "igrp 90"
          Sending updates every 90 seconds, next due in 28 seconds
          Invalid after 270 seconds, hold down 280, flushed after 630
          Outgoing update filter list for all interfaces is
          Incoming update filter list for all interfaces is
          Default networks flagged in outgoing updates
          Default networks accepted from incoming updates
          IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
          IGRP maximum hopcount 100
          IGRP maximum metric variance 1
          Redistributing: igrp 90, eigrp 90
          Routing for Networks:
            192.168.50.0
          Routing Information Sources:
            Gateway         Distance      Last Update
          Distance: (default is 100)

      The EIGRP output displays the AS number (90), the networks using EIGRP, that
      it is redistributing IGRP, that automatic address summarization is on, the various
      timers and both Administrative Distance. The IGRP metric weights show that the
      metric has not been modified.
        Routing Protocol is "eigrp 90"
          Outgoing update filter list for all interfaces is
          Incoming update filter list for all interfaces is
          Default networks flagged in outgoing updates
          Default networks accepted from incoming updates




7-7   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3    Copyright  2001, Cisco Systems, Inc.
           EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
           EIGRP maximum hopcount 100
           EIGRP maximum metric variance 1
           Redistributing: igrp 90, eigrp 90
           Automatic network summarization is in effect
           Automatic address summarization:
             192.168.0.0/24 for Ethernet0, Loopback0, Loopback1
               Loopback2, Loopback3, Loopback4
             192.168.40.0/24 for Ethernet0, Loopback0, Loopback1
               Loopback2, Loopback4, Serial0
           Routing for Networks:
             192.168.0.0
             192.168.40.0
           Routing Information Sources:
             Gateway         Distance      Last Update
             192.168.0.2           90      06:20:55
           Distance: internal 90 external 170

      The RIP output displays the networks using RIP, that version 2 is being used, the
      various timers and the Administrative Distance. The IGRP metric weights show
      that the metric has not been modified.
        Routing Protocol is "rip"
          Sending updates every 30 seconds, next due in 24 seconds
          Invalid after 180 seconds, hold down 180, flushed after 240
          Outgoing update filter list for all interfaces is
          Incoming update filter list for all interfaces is
          Redistributing: rip
          Default version control: send version 2, receive version 2
            Interface        Send Recv Triggered RIP Key-chain
            Ethernet0        2     2
            Serial0          2     2
          Routing for Networks:
            192.168.0.0
            192.168.1.0
            Interface        Send Recv Triggered RIP Key-chain
            192.168.4.0
          Routing Information Sources:
            Gateway         Distance      Last Update
            192.168.0.2          120      00:00:25
          Distance: (default is 120)

      Note there is no similar command for either AppleTalk or IPX.

Step 7

      The show protocols command.

      Type the show protocols command to summarize each interface and the
      network protocols associated with them. There is a Global values: summary of
      all network protocols enabled on the router.
        SanJose1#show protocols
        Global values:
          Internet Protocol routing is enabled
          Appletalk routing is enabled
          IPX routing is enabled
        Ethernet0 is up, line protocol is up
          Internet address is 192.168.1.1/24
          AppleTalk address is 57.76, zone A
          IPX address is 30.0010.7b3a.3f60
        Loopback0 is up, line protocol is up
          Internet address is 192.168.10.1/24
          IPX address is 31.0000.1111.1111
        Loopback1 is up, line protocol is up
          Internet address is 192.168.20.1/24
          IPX address is 32.0000.1111.1111



8-8   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3     Copyright  2001, Cisco Systems, Inc.
        Loopback2 is up, line protocol is up
          Internet address is 192.168.30.1/24
          IPX address is 33.0000.1111.1111
        Loopback3 is up, line protocol is up
          Internet address is 192.168.40.1/24
        Loopback4 is up, line protocol is up
          Internet address is 192.168.50.1/24
        Serial0 is up, line protocol is up
          Internet address is 192.168.0.1/24
          AppleTalk address is 18.153, zone A
          IPX address is 20.0000.1111.1111
        Serial1 is administratively down, line protocol is down
        SanJose1#

Step 8

      The show ip traffic command.
      Type the show ip traffic command to summarize IP protocol activity since
      the last clear command or the router rebooted. The IP statistics summarizes the
      broadcast and multicast activity as well as revealing that there were
      encapsulation failures.
        SanJose1#show ip traffic
        IP statistics:
          Rcvd: 50588 total, 20545 local destination
                 0 format errors, 0 checksum errors, 1 bad hop count
                 0 unknown protocol, 0 not a gateway
                 0 security failures, 0 bad options, 0 with options
          Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
                 0 timestamp, 0 extended security, 0 record route
                 0 stream ID, 0 strict source route, 0 alert, 0 cipso
                 0 other
          Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
                 0 fragmented, 0 couldn't fragment
          Bcast: 2403 received, 378 sent
          Mcast: 13923 received, 15700 sent
          Sent: 21297 generated, 26539 forwarded
          Drop: 10 encapsulation failed, 0 unresolved, 0 no adjacency
                 555 no route, 0 unicast RPF, 0 forced drop

      Type the ICMP statistics will vary depending on whether you did the ping and
      trace exercises during this session..
        ICMP statistics:
          Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 4 unreachable
                2891 echo, 15 echo reply, 16 mask requests, 0 mask replies, 0 quench
                0 parameter, 0 timestamp, 0 info request, 0 other
                8 irdp solicitations, 0 irdp advertisements
          Sent: 0 redirects, 262 unreachable, 22 echo, 2831 echo reply
                0 mask requests, 0 mask replies, 0 quench, 0 timestamp
                0 info reply, 0 time exceeded, 0 parameter problem
                0 irdp solicitations, 0 irdp advertisements

        UDP statistics:
          Rcvd: 3051 total, 1263 checksum errors, 1787 no port
          Sent: 2723 total, 0 forwarded broadcasts

        TCP statistics:
          Rcvd: 1343 total, 0 checksum errors, 0 no port
          Sent: 2104 total

        Probe statistics:
          Rcvd: 0 address requests, 0 address replies
                0 proxy name requests, 0 where-is requests, 0 other
          Sent: 0 address requests, 0 address replies (0 proxy)
                0 proxy name replies, 0 where-is replies




9-9   Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3    Copyright  2001, Cisco Systems, Inc.
        EGP statistics:
          Rcvd: 0 total, 0 format errors, 0 checksum errors, 0 no listener
          Sent: 0 total

        IGRP statistics:
          Rcvd: 0 total, 0 checksum errors
          Sent: 303 total

        OSPF statistics:
          Rcvd: 2508 total, 0 checksum errors
                2446 hello, 3 database desc, 0 link state req
                14 link state updates, 14 link state acks

           Sent: 2477 total

        IP-IGRP2 statistics:
          Rcvd: 10577 total
          Sent: 10580 total

        PIMv2 statistics: Sent/Received
          Total: 0/0, 0 checksum errors, 0 format errors
          Registers: 0/0, Register Stops: 0/0, Hellos: 0/0
          Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
          Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0

        IGMP statistics: Sent/Received
          Total: 0/0, Format errors: 0/0, Checksum errors: 0/0
          Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 00
          DVMRP: 0/0, PIM: 0/0

        ARP statistics:
          Rcvd: 351 requests, 0 replies, 0 reverse, 0 other
          Sent: 0 requests, 10 replies (0 proxy), 29 reverse
        SanJose1#

Step 9

      The show cdp neighbor [detail] command.
      Type the show cdp neighbor command to use the Cisco Discovery Protocol
      to gather information on adjacent devices. The lab output should show a router
      on one side and a switch on the other. Keep in mind that only Cisco devices will
      be detected.
        SanJose1# show cdp neighbors
        Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                          S - Switch, H - Host, I - IGMP, r - Repeater

        Device ID      Local Intrfce       Holdtme     Capability   Platform Port ID
        Switch         Eth 0                143          T S        WS-C2924M-Fas 0/22
        SanJose2       Ser 0                164           R         2524      Ser 0
        SanJose1#

      Type the show cdp neighbor detail command to get a more in depth view
      of the neighbor devices. In the following output we see that the unnamed switch
      is a model 2924M-XL running version 12.0(5) of the IOS. The router SanJose2 is
      a 2524 running version 12.0(5)T of the IOS and is configured to support IP,
      Novell, and Appletalk. We also have one interface address for each protocol.
        SanJose1# show cdp neighbors detail
        -------------------------
        Device ID: Switch
        Entry address(es):
        Platform: cisco WS-C2924M-XL, Capabilities: Trans-Bridge Switch
        Interface: Ethernet0, Port ID (outgoing port): FastEthernet0/22
        Holdtime : 136 sec




10-10 Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3          Copyright  2001, Cisco Systems, Inc.
        Version :
        Cisco Internetwork Operating System Software
        IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE
         (fc1)
        Copyright (c) 1986-2000 by cisco Systems, Inc.
        Compiled Mon 03-Apr-00 16:37 by swati

        advertisement version: 2
        Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=0000000
        0FFFFFFFF010121FF000000000000000216A7E140FF0001
        VTP Management Domain: 'test'

        -------------------------
        Device ID: SanJose2
        Entry address(es):
          IP address: 192.168.0.2
          Novell address: 20.0000.2222.2222
          Appletalk address: 18.185
        Platform: cisco 2524, Capabilities: Router
        Interface: Serial0, Port ID (outgoing port): Serial0
        Holdtime : 152 sec

        Version :
        Cisco Internetwork Operating System Software
        IOS (tm) 2500 Software (C2500-D-L), Version 12.0(5)T,    RELEASE SOFTWARE (fc1)
        Copyright (c) 1986-1999 by cisco Systems, Inc.
        Compiled Fri 23-Jul-99 03:53 by kpma

        advertisement version: 2
        SanJose1#

Step 10

      The show tcp commands.
      Type the show tcp ? command to see TCP activity. Particularly the show
      tcp statistics command gives a good summary of TCP traffic sent and
      received.
        SanJose1#show    tcp ?
          <0-6>          Line number
          aux            Auxiliary line
          brief          Brief display
          console        Primary terminal line
          statistics     TCP protocol statistics
          tcb            TCB address
          vty            Virtual terminal
          |              Output modifiers
          <cr>

        SanJose1#show tcp statistics
        Rcvd: 60 Total, 0 no port
              0 checksum error, 0 bad offset, 0 too short
              47 packets (459 bytes) in sequence
              0 dup packets (0 bytes)
              0 partially dup packets (0 bytes)
              0 out-of-order packets (0 bytes)
              0 packets (0 bytes) with data after window
              0 packets after close
              0 window probe packets, 0 window update packets
              0 dup ack packets, 0 ack packets with unsend data
              54 ack packets (85 bytes)
        Sent: 100 Total, 0 urgent packets
              2 control packets (including 0 retransmitted)
              55 data packets (83 bytes)
              0 data packets (0 bytes) retransmitted
              43 ack only packets (40 delayed)
              0 window probe packets, 0 window update packets
        1 Connections initiated, 0 connections accepted, 1 connections established




11-11 Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3    Copyright  2001, Cisco Systems, Inc.
        1 Connections closed (including 0 dropped, 0 embryonic dropped)
        0 Total rxmt timeout, 0 connections dropped in rxmt timeout
        0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepalive
        SanJose1#show tcp brief

Step 11

      The debug ip rip command.
      Type the debug ip rip command to see the result of RIP routing activities.
      The timestamp on the left side shows the frequency of the updates is about 30
      seconds, as we would expect (11:15:15 and 11:15:42 entries). The v2 indicates
      version 2 RIP.
      Notice that you can see the source of received updates and the details of each
      route, including the hop count. The outgoing updates are sent to a multicast
      address (224.0.0.9)
        SanJose1#debug ip rip
        RIP protocol debugging is on
        SanJose1#
        11:15:15: RIP: received v2 update from 192.168.0.2 on Serial0
        11:15:15:      192.168.2.0/24 via 0.0.0.0 in 1 hops
        11:15:15:      192.168.3.0/24 via 0.0.0.0 in 1 hops
        11:15:15:      192.168.90.0/24 via 0.0.0.0 in 1 hops
        11:15:15:      192.168.91.0/24 via 0.0.0.0 in 1 hops
        SanJose1#
        11:15:20: RIP: sending v2 update to 224.0.0.9 via Ethernet0 (192.168.1.1)
        11:15:20: RIP: build update entries
        11:15:20:       192.168.0.0/24 via 0.0.0.0, metric 1, tag 0
        11:15:20:       192.168.2.0/24 via 0.0.0.0, metric 2, tag 0
        11:15:20:       192.168.3.0/24 via 0.0.0.0, metric 2, tag 0
        11:15:20:       192.168.90.0/24 via 0.0.0.0, metric 2, tag 0
        11:15:20:       192.168.91.0/24 via 0.0.0.0, metric 2, tag 0
        11:15:20: RIP: sending v2 update to 224.0.0.9 via Ethernet0 (192.168.4.1)
        11:15:20: RIP: build update entries
        11:15:20:       192.168.0.0/24 via 0.0.0.0, metric 1, tag 0
        11:15:20:       192.168.2.0/24 via 0.0.0.0, metric 2, tag 0
        11:15:20:       192.168.3.0/24 via 0.0.0.0, metric 2, tag 0
        11:15:20:       192.168.90.0/24 via 0.0.0.0, metric 2, tag 0
        11:15:20:       192.168.91.0/24 via 0.0.0.0, metric 2, tag 0
        11:15:20: RIP: sending v2 update to 224.0.0.9 via Serial0 (192.168.0.1)
        11:15:20: RIP: build update entries
        11:15:20:       192.168.1.0/24 via 0.0.0.0, metric 1, tag 0
        11:15:20:       192.168.4.0/24 via 0.0.0.0, metric 1, tag 0
        SanJose1#
        11:15:42: RIP: received v2 update from 192.168.0.2 on Serial0
        11:15:42:      192.168.2.0/24 via 0.0.0.0 in 1 hops

      Try the debug ip rip ? command to see the optional parameters. There are
      three options. Try the debug ip rip database command to see the actual
      entries as they are added to the RIP database.
        SanJose1#debug ip rip ?
          database RIP database events
          events    RIP protocol events
          trigger   RIP trigger extension
          <cr>

        SanJose1#debug ip rip database
        RIP database events debugging is on
        SanJose1#
        11:30:05: RIP-DB: network_update with 192.168.2.0/24 succeeds
        11:30:05: RIP-DB: adding 192.168.2.0/24 (metric 1) via 192.168.0.2 on Serial0 to
         RIP database
        11:30:05: RIP-DB: network_update with 192.168.3.0/24 succeeds




12-12 Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3   Copyright  2001, Cisco Systems, Inc.
        11:30:05: RIP-DB:    adding 192.168.3.0/24 (metric 1) via 192.168.0.2 on Serial0 to
         RIP database
        11:30:05: RIP-DB:    network_update with 192.168.90.0/24 succeeds
        11:30:05: RIP-DB:    adding 192.168.90.0/24 (metric 1) via 192.168.0.2 on Serial0 t
        o RIP database
        11:30:05: RIP-DB:    network_update with 192.168.91.0/24 succeeds
        11:30:05: RIP-DB:    adding 192.168.91.0/24 (metric 1) via 192.168.0.2 on Serial0 t
        o RIP database
        SanJose1#

      Try the debug ip rip events command to see a summary of the routing
      updates without the individual route entries. The first nine lines (sample below)
      log the individual transmissions, which is followed by a three-line summary
      (highlighted). The received updates are logged (11:35:39 entries).
        SanJose1#debug ip rip events
        RIP event debugging is on
        SanJose1#
        11:35:38: RIP: sending v2 update to 224.0.0.9 via Ethernet0 (192.168.1.1)
        11:35:38: RIP: Update
        contains 5 routes
        11:35:38: RIP: Update queued
        11:35:38: RIP: sending v2 update to 224.0.0.9 via Ethernet0 (192.168.4.1)
        11:35:38: RIP: Update contains 5 routes
        11:35:38: RIP: Update queued
        11:35:38: RIP: sending v2 update to 224.0.0.9 via Serial0 (192.168.0.1)
        11:35:38: RIP: Update contains 2 routes
        11:35:38: RIP: Update queued
        11:35:38: RIP: Update sent via Ethernet0
        11:35:38: RIP: Update sent via Ethernet0
        11:35:38: RIP: Update sent via Serial0
        11:35:39: RIP: received v2 update from 192.168.0.2 on Serial0
        11:35:39: RIP: Update contains 4 routes
        SanJose1#
        11:36:04: RIP: sending v2 update to 224.0.0.9 via Ethernet0 (192.168.1.1)

      Try the debug ip rip trigger command to see a log of when routing
      updates are sent without any detail information. Notice the variation in time
      intervals which reduces the likelihood of multiple devices repeatedly updating at
      the same time.
        SanJose1#debug ip rip trigger
        RIP trigger debugging is on
        SanJose1#
        11:41:38: RIP-TIMER: periodic timer expired
        SanJose1#
        11:42:07: RIP-TIMER: periodic timer expired
        SanJose1#
        11:42:35: RIP-TIMER: periodic timer expired
        SanJose1#
        11:43:02: RIP-TIMER: periodic timer expired
        SanJose1#un all
        All possible debugging has been turned off
        SanJose1#

Step 12

      The debug ip ospf command.
      Type the debug ip ospf ? command to see the options for debugging OSPF
      routing activity. The debug ip ospf events command logs each OSPF
      activity with route, area, source interface, and source address information.
        SanJose1#debug ip ospf ?
          adj             OSPF adjacency events
          database-timer OSPF database timer




13-13 Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3     Copyright  2001, Cisco Systems, Inc.
           events            OSPF   events
           flood             OSPF   flooding
           lsa-generation    OSPF   lsa generation
           packet            OSPF   packets
           retransmission    OSPF   retransmission events
           spf               OSPF   spf
           tree              OSPF   database tree

        SanJose1#debug ip ospf events
        OSPF events debugging is on
        SanJose1#
        11:50:35: OSPF: Rcv hello from 192.168.96.1 area 0 from Serial0 192.168.0.2
        11:50:35: OSPF: End of hello processing
        SanJose1#
        11:50:45: OSPF: Rcv hello from 192.168.96.1 area 0 from Serial0 192.168.0.2
        11:50:45: OSPF: End of hello processing
        SanJose1#

      Remember that OSPF routing updates are triggered events, so you may need to
      trigger a link change to see anything but Hello packets.

Step 13

      The debug ip eigrp ? command.
      Type the debug ip eigrp ? command to see the options for debugging
      EIGRP routing activity. As with OSPF, EIGRP routing updates are triggered
      events, so you may need to trigger a link or database change to see anything
      happen. In the following example, after waiting several minutes during which time
      nothing happened, I cleared the Neighbor database. Try the steps shown below.
      You should see both sent and received updates.

        SanJose1#debug ip eigrp ?
          <1-65535>      AS number
          neighbor       IP-EIGRP neighbor debugging
          notifications IP-EIGRP event notifications
          summary        IP-EIGRP summary route processing
          <cr>

        SanJose1#debug ip eigrp
        IP-EIGRP Route Events debugging is on

        SanJose1#clear ip eigrp neighbor
        SanJose1#
        12:06:39: IP-EIGRP: 192.168.0.0/24 - do advertise out Serial0
        12:06:39: IP-EIGRP: 192.168.50.0/24 - do advertise out Serial0
        12:06:39: IP-EIGRP: Ext 192.168.50.0/24 metric 128256 - 256 128000
        12:06:39: IP-EIGRP: 192.168.40.0/24 - do advertise out Serial0
        12:06:39: IP-EIGRP: Int 192.168.40.0/24 metric 128256 - 256 128000
        SanJose1#
        12:06:41: IP-EIGRP: 192.168.0.0/24 - do advertise out Serial0
        12:06:41: IP-EIGRP: 192.168.50.0/24 - do advertise out Serial0
        12:06:41: IP-EIGRP: Ext 192.168.50.0/24 metric 128256 - 256 128000
        12:06:41: IP-EIGRP: 192.168.40.0/24 - do advertise out Serial0
        12:06:41: IP-EIGRP: Int 192.168.40.0/24 metric 128256 - 256 128000
        SanJose1#
        12:06:42: IP-EIGRP: Processing incoming UPDATE packet
        12:06:42: IP-EIGRP: Ext 192.168.60.0/24 M 2297856 - 1657856 640000 SM 128256 - 2
        56 128000
        12:06:42: IP-EIGRP: Ext 192.168.70.0/24 M 2297856 - 1657856 640000 SM 128256 - 2
        56 128000
        12:06:42: IP-EIGRP: Int 192.168.80.0/24 M 2297856 - 1657856 640000 SM 128256 - 2
        56 128000
        12:06:44: IP-EIGRP: 192.168.0.0/24 - do advertise out Serial0
        12:06:44: IP-EIGRP: 192.168.50.0/24 - do advertise out Serial0



14-14 Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3   Copyright  2001, Cisco Systems, Inc.
        12:06:44: IP-EIGRP: Ext 192.168.50.0/24 metric 128256 - 256 128000
        12:06:44: IP-EIGRP: 192.168.40.0/24 - do advertise out Serial0
        12:06:44: IP-EIGRP: Int 192.168.40.0/24 metric 128256 - 256 128000
        12:06:44: IP-EIGRP: Ext 192.168.60.0/24 metric 2297856 - 1657856 640000
        12:06:44: IP-EIGRP: Ext 192.168.70.0/24 metric 2297856 - 1657856 640000
        12:06:44: IP-EIGRP: Int 192.168.80.0/24 metric 2297856 - 1657856 640000
        12:06:44: IP-EIGRP: Processing incoming UPDATE packet
        12:06:44: IP-EIGRP: ExtS 192.168.50.0/24 M 4294967295 - 1657856 4294967295 SM 42
        94967295 - 1657856 4294967295
        12:06:44: IP-EIGRP: Int 192.168.40.0/24 M 4294967295 - 1657856 4294967295 SM 429
        4967295 - 1657856 4294967295
        SanJose1#un all

      Try other EIGRP options.

Step 14

      The debug ip igrp ? command.
      Type the debug ip igrp ? command to see the options for debugging IGRP
      routing activity. As a distance vector protocol the updates are regular, but at a
      90-second interval, so be patient. The debug ip igrp events command
      shows a summary of activity while the debug ip igrp transactions
      command shows the details.
        SanJose1#debug ip igrp ?
          events        IGRP protocol events
          transactions IGRP protocol transactions

        SanJose1#debug ip igrp events
        IGRP event debugging is on
        SanJose1#
        12:20:43: IGRP: sending update to 255.255.255.255 via    Loopback4 (192.168.50.1)
        12:20:43: IGRP: Update contains 0 interior, 5 system,    and 0 exterior routes.
        12:20:43: IGRP: Total routes in update: 5
        SanJose1#un all
        All possible debugging has been turned off
        SanJose1#debug ip igrp transactions
        IGRP protocol debugging is on
        SanJose1#
        12:22:05: IGRP: sending update to 255.255.255.255 via    Loopback4 (192.168.50.1)
        12:22:05:       network 192.168.60.0, metric=8976
        12:22:05:       network 192.168.40.0, metric=501
        12:22:05:       network 192.168.80.0, metric=8976
        12:22:05:       network 192.168.0.0, metric=8476
        12:22:05:       network 192.168.70.0, metric=8976
        SanJose1#
        12:23:24: IGRP: sending update to 255.255.255.255 via    Loopback4 (192.168.50.1)
        12:23:24:       network 192.168.60.0, metric=8976
        12:23:24:       network 192.168.40.0, metric=501
        12:23:24:       network 192.168.80.0, metric=8976
        12:23:24:       network 192.168.0.0, metric=8476
        12:23:24:       network 192.168.70.0, metric=8976
        SanJose1#un all

      There probably shouldn’t be any incoming updates on either router because
      EIGRP is used on the serial link.

Step 15

      The debug ip icmp command.
      Type the debug ip icmp command to see the results of ping and trace activity.
      The Cisco trace and TCP/IP tracert commands both use the TTL feature in a


15-15 Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3     Copyright  2001, Cisco Systems, Inc.
       rather clever way. The trace (or tracert) command sends three IP packets to
       the destination with the TTL set to 1, three with the TTL set to 2, etc.
       When the three with the TTL set to 1 reach the first router, the 1 is decremented
       to 0 and the packet is discarded. A “Time Exceeded” message is sent to the
       source. The source now knows the IP address of the first router from the
       message IP header. The packets with the TTL set to 2 are discarded by the
       second router and an ICMP message sent. This continues until there is a trail to
       the destination device.
       The final router returns an ICMP destination unreachable reply.
       The following is an example. After running the debug ip icmp command, ping
       the host on the other router to confirm its existence and connectivity. Then run a
       trace command to the same host and look over the results.
        SanJose1#debug ip icmp
        ICMP packet debugging is on
        SanJose1#ping 192.168.2.10

        Type escape sequence to abort.
        Sending 5, 100-byte ICMP Echos to 192.168.2.10, timeout is 2 seconds:
        !!!!!
        Success rate is 100 percent (5/5), round-trip min/avg/max = 36/39/40 ms
        SanJose1#
        12:35:22: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.0.1
        12:35:22: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.0.1
        12:35:22: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.0.1
        12:35:22: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.0.1
        12:35:22: ICMP: echo reply rcvd, src 192.168.2.1, dst 192.168.0.1
        SanJose1#
        SanJose1#trace 192.168.2.10

        Type escape sequence to abort.
        Tracing the route to 192.168.2.10

          1 192.168.0.2 20 msec * 20 msec
        SanJose1#
        12:36:37: ICMP: dst (192.168.0.1) port unreachable rcv from 192.168.0.2
        SanJose1#
        12:36:40: ICMP: dst (192.168.0.1) port unreachable rcv from 192.168.0.2
        SanJose1#

Note

       Other debug and show commands will be covered in detail in later chapters
       where their usage can be tied to a troubleshooting activity.




16-16 Semester 8 Internetwork Troubleshooting v1.0 - Lab 4.6.3   Copyright  2001, Cisco Systems, Inc.

				
DOCUMENT INFO
Description: Troubleshooting TCP/IP – Show and Debug There are many commands that are useful for troubleshooting TCP/IP. It is likely that you have used some of them in earlier classes. In this exercise you will look at some options, but we will save most commands for later chapters when you are looking at specific protocols.