Basic Networking and troubleshooting

basic network connectivity troubleshooting and basic network troubleshooting guide
HartJohnson Profile Pic
HartJohnson,United States,Professional
Published Date:02-08-2017
Your Website URL(Optional)
Comment
9 monitoring and troubleshooting Listen to Your Network’s Troubles Listening to your network can save you lots of heartache Well, you have your network up and running. But like anything, it needs to be monitored and maintained. If it’s not, one day it will just stop working, and you will have no idea why. You will discover in this chapter various tools and techniques to help you listen to your network and understand what is going on with it, so you can deal with any problem before it becomes a bigger problem. this is a new chapter 329 Download at apajama death? really? Pajama Death are back on tour Punk band Pajama Death have a large and dedicated fan base, and they’ve just announced their latest world tour. Tickets go on sale in just two hours, and fans are already lining up to buy prized tickets. The ticket agency expects it to be a sell-out, but there’s just one problem: can their network cope with the strain? Guys, the network’s up and down like a freaking yo-yo. If you don’t get it sorted by the time the Pajama Death tickets go on sale, I’ll come around your houses and stomp on all your toys. Got it? So here’s your challenge... The ticket agency needs to be up and running in two hours time, which means that you need to troubleshoot the immediate problems. What’s more, you need to make sure that the network remains stable. You need to deal with network problems before they become bigger problems. Think you can do it? 330 Chapter 9 Download at amonitoring and troubleshooting So where would you start troubleshooting a misfiring network? Since you have made it this far in this book, you know there are many things that can go wrong on a network. Anything from bad or disconnected cables, switch and router issues, and even individual computer issues. Troubleshooting network issues requires a methodical approach. If you just start running around with your network analyzer, plugging and unplugging connections, you will find troubleshooting a very exhausting and frustrating endeavor. Getting information from your network is the key to successful troubleshooting. In the space below, write down a few things you would check in your network troubleshooting process. you are here 4 331 Download at ahow would you troubleshoot? In the space below, write down a few things you would check in your network troubleshooting process. Ask user to demonstrate the problem. Check for loose or disconnected cables on the computer with the problems. Ask around to other people. Is the problem just one person, one area, or the entire network? Check the router and switches to make sure they are on and running properly. See if you can ping various devices and clients on the network. 332 Chapter 9 Download at amonitoring and troubleshooting Start troubleshooting your network problems by checking in with your network devices You want to start troubleshooting network problems by gathering information from your devices. In chapter 5 and 6, you learned the ping command and how to communicate with a switch and a router. You can use those tools to troubleshoot your network. Start off by pinging the IP addresses of the computer’s 1 default gateway. If you can do this without the ping timing out, then you know that the network is working minimally. Connect a computer to the router with a serial cable or 2 via SSH or telnet. SSH is the preferred way to access your devices, although sometimes devices only support telnet. That way, you do not have to run all over the place with a cable. Besides, SSH is more secure than telnet. Use the appropriate commands (like show) to look at a 3 device’s status and counters. Routers and switches can collect lots of information that is very valuable in troubleshooting your network. The most common command is the show command. It shows you various counters and status information on your devices. Interpret the statistics to gain some insight on how your 4 network is behaving. This is the hardest part, how to interpret that data. You will want to start looking at the obvious things, like interfaces being down or ports with excessive errors. After that, you have to become more of a detective and look at traffic volume. Often you will have to look at information from multiple devices in order to form an opinion. you are here 4 333 Download at a As an example, ping 192.168.1.1 You did this back in chapter 6.The time here is how long it takes your ping to get to the device. It’s useful to know how long this should take. it all began with a big ping Troubleshoot network connectivity with the ping command The ping command is the best tool to get a quick read on the overall The ping command status of your network and individual devices on your network. It can tell you whether or not your network is functioning, or whether a particular can be used to ping device is on the network. anything with an IP If you can ping, you get timings address, including Here’s what the output of a successful ping looks like. It tells you how other computers. long it takes your device to respond to the ping. Comparing these times with what you’d expect to get can give you some useful diagnostics. But what if you can’t ping? If a ping command fails, this means that you can’t get to the device at the specified IP address. If you can’t ping anything, you’ve got BIG problems. If you just can’t ping one device, that really narrows down what you have to look at. 334 Chapter 9 Download at a Yikes If you get this sort of message, you need to do more investigating.Did a circuit breaker blow? Did a construction worker rip up a cable? network monitoring and troubleshooting If the ping fails, check the cables So what do you do if you can’t ping anything? The first thing to do is check your computer’s network cables and network configuration. Try the ping command from another computer. If your computer’s stuff checks out and the ping command on the other computer fails as well, then you need to physically go to the network devices. So what sorts of things do you need to look out for? These are all real things that happen to your network, so look out for them. What other tools on a computer could you use to help troubleshoot network problems (especially if the computer is connected to the network and still not working)? you are here 4 335 Download at a Did the janitor pull the plug? Is the computer even connected to the network? Did a critical network device fail? Did the power go out?investigate with ping Look at the ping output below and circle the devices that are causing problems on the network. File Edit Window Help PingIsYourFriend ping 192.168.1.2 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.590 ms ping 192.168.1.3 ping: sendto: Host is down ping 192.168.1.1 64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.290 ms ping 192.168.1.4 64 bytes from 192.168.1.4: icmp_seq=0 ttl=64 time=0.450 ms ping 192.168.1.5 ping: sendto: Host is down ping 192.168.1.6 64 bytes from 192.168.1.4: icmp_seq=0 ttl=64 time=0.560 ms ping 192.168.2.2 64 bytes from 192.168.1.4: icmp_seq=0 ttl=64 time=0.720 ms ping 192.168.2.3 ping: sendto: Host is down ping 192.168.2.4 ping: sendto: Host is down 336 Chapter 9 Download at amonitoring and troubleshooting 192.168.1.1 192.168.2.2 192.168.1.2 192.168.2.3 192.168.1.4 192.168.1.3 192.168.2.4 192.168.1.5 192.168.1.6 you are here 4 337 Download at a This is your admin workstation where the pings are coming fromdid you find the problem? Look at the ping output below and circle the devices that are causing problems on the network. File Edit Window Help PingIsYourFriend ping 192.168.1.2 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.590 ms ping 192.168.1.3 ping: sendto: Host is down ping 192.168.1.1 64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.290 ms ping 192.168.1.4 64 bytes from 192.168.1.4: icmp_seq=0 ttl=64 time=0.450 ms ping 192.168.1.5 ping: sendto: Host is down ping 192.168.1.6 64 bytes from 192.168.1.4: icmp_seq=0 ttl=64 time=0.560 ms ping 192.168.2.2 64 bytes from 192.168.1.4: icmp_seq=0 ttl=64 time=0.720 ms ping 192.168.2.3 ping: sendto: Host is down ping 192.168.2.4 ping: sendto: Host is down 338 Chapter 9 Download at aWe don’t know if this host is down or not because the switch in-between us and that host is down. monitoring and troubleshooting 192.168.1.1 192.168.2.2 192.168.1.2 192.168.2.3 192.168.1.4 192.168.1.3 192.168.2.4 192.168.1.5 192.168.1.6 you are here 4 339 Download at a This is your admin workstation where the pings are coming from.ping has limitations But what if we need more information than ping can give us? What then? Sometimes ping just doesn’t give you enough information to work with. The ping command is very effective in helping you with connectivity issues. But when it comes to network issues such as slowdowns or sporadic connectivity, ping does not help much. We need to pull out the big guns and talk to the switches and routers themselves. Q: Q: What kind of information can a Can computers give me this type Q: Can a computer block a ping? switch give me? of information? A: Yes, pings can be blocked by A:It can give you the number of frames A: Yes, they can. Most modern operating computers as well. The firewall can be going in and out of particular ports. It can systems can collect information. Some of it configured to just ignore ping requests and give error rates on its various ports. It can is easily accessible from the command line drop them without responding. tell you if a port has an active client or not. or from logs that the OS keeps. It is similar information to what a switch collects. Q: Why would you want to block Q: How about a router? pings? Q: Is the ping command available on all computer operating systems? A: A: A router is a whole other animal when One of the techniques that hackers it comes to information. Even a mid-range use is that of scanning a network for A: router will give you an incredible amount The ping command is available on hosts. One of the tools they use is the of information. This includes packet counts, just about every computer and router ping command or software that acts like a error rates, and interface status, just like a operating system out there. ping command. If your computer or router switch. But it can also give you the status of responds to a ping, then the hacker knows routing and even the status of other routers. that there is a device at a particular IP Q: Is there any time the ping address and can start figuring out a way to command will not work? get into the system. A: Yes, a router can be configured to block the ICMP packets. ICMP is the packet type that the ping command uses. If a router is blocking these, you will not see anything until the command times out, then you will get an error. 340 Chapter 9 Download at aInterface Speed Interface network statistics “Up” means it is physically connected to another device. Interface Identifier Interface IP Address monitoring and troubleshooting Get started with the show interface command The show interface command is the best command to get started with. It will give you the most concentrated information on the status of your device’s network connection. It works on most network devices, including switches and routers. The interface’s network statistics are a gold mine of troubleshooting information You can tell how busy the network connected to a particular interface is by looking at the number of packets being input and output from that interface. After looking at this a couple of times, you will be able to judge whether the number is of the correct magnitude. You can also see any errors. Some errors are normal, but high error counts should lead you to investigate the portion of your network connected to that particular interface. you are here 4 341 Download at a “Up” here means it is configured.show me your interface Cisco Show Command Exposed This week’s interview: Can you tell us all you know about the hardware you are running on? HeadFirst: It is great to get a chance to talk with Show Command: I can tell you about IP statistics you. How are you doing today? with the show ip traffic command. I’ll give you all sorts of information about the various IP protocols Show Command: What specific part of today are the device is running, including traffic amounts and you asking about? I can tell you about many aspects various errors. of my day. HeadFirst: Now I noticed that you like to have HeadFirst: OK, I was just trying to make some commands issued in a very certain way. Can you tell small talk. But to get started, what can you tell me me a little more about that? about the network device you are running on? Show Command: Sure, obviously you have to type Show Command: You need to be a little more “show” then follow it with what you are interested specific than that. I can tell you things about the in. For example, “show interface,” which we interfaces, the system itself, the software version, already talked about. But, you can get more specific the IP statistics, the TCP statistics, the IP routing information by adding modifiers after that initial statistics, the processor’s information and statistics, command. the SNMP statistics, the startup and running configurations, the... HeadFirst: Can you give me an example? HeadFirst: Whoa, whoa That is a lot of Show Command: OK, say you want to see the the information. What would you recommend if I EIGRP routes in the device route table. You would wanted to know how the devices’ interfaces are type “show ip route eigrp.” Then I would display all doing? the EIGRP routes that are in the table. Show Command: That would be “show HeadFirst: That’s cool So what if I don’t know interfaces.” With that command I will show you what command to type? whether the interface is connected to another device, Show Command: Easy, type show. I will display a whether it is configured or not, the interface’s IP list of commands with descriptions. Then if you find address and subnet, and network statistics about the a particular command, then you can type “show ip,” interface. and I will display the commands available under the HeadFirst: Will you tell me about all the interfaces? ip command. Show Command: If you just ask me to show HeadFirst: Thanks for the interview. You are interfaces, I will give all that information I just indeed a valuable command to learn. mentioned all the interfaces that are on the device— even if they are not configured. HeadFirst: Great, is there anything else that you can tell me that might help troubleshoot network problems? 342 Chapter 9 Download at astatus vlan arp eigrp monitoring and troubleshooting Show Command Magnets The show command from the Cisco IOS is a hierarchy command. You build a show command by walking down a tree until you get to the information you need. Arrange the magnets into the proper structure. show ip route startup- config you are here 4 343 Download at a FastEthernet0/0 counters running- config interfaceThis will show the router’s route table. yes, this was hard Show Command Magnets Solution The show command from the Cisco IOS is a hierarchy command. You build a show command by walking down a tree until you get to the information you need. Arrange the magnets into the proper structure. show ip running- startup- interface config config arp route eigrp FastEthernet0/0 vlan status counters 344 Chapter 9 Download at a This will show the router’s running configuration. This will show the router’s MAC address table. This will show this interface’s network statistics.monitoring and troubleshooting The ticket network’s still not fixed Time’s ticking on, and the ticket agency network still has problems. So what’s causing the hold up? This is really serious We can’t get to all of the network devices with SSH or telnet. That means I have to run round hooking my laptop up to each one of them to find out what’s wrong. It’s taking me forever, and the Pajama Death tickets go on sale soon. What can we do? How can we quickly troubleshoot networks without SSH or telnet? The trouble with SSH and telnet is that they’re not always available. While we could visit each network device and connect a laptop to it to get diagnostics, this approach is time-consuming and inefficient. So is there a better way of troubleshooting the network? you are here4 345 Download at asimple network management protocol SNMP to the rescue SNMP (Simple Network Management Protocol) is a way to talk to your The information network devices and get all kinds of information from them without having to connect each device to a laptop. You can use a database of an software program to automatically question any or all your network devices every so often. This allows you to check on their health and SNMP managed their workloads. The protocol uses simple commands to access a database of information on the target device. device is called the MIB (Management Information Base). SNMP Manager Wireless access point 1 SNMP Manager sends a request to a SNMP Agent for some information. 2 SNMP Agent responds with requested information. Switch 3 Router SNMP Agent can also send information called Traps, back to a SNMP Manager. Client computer The object identifier Server of information stored in the MIB is called the OID. 346 Chapter 9 Download at a The central server collects all the information in one place.monitoring and troubleshooting SNMP is a network admininistrator’s communication tool SNMP has been designed so simple software such as scripts can be used to query different information from a network device. It uses a simple set of commands to retrieve and set information. SNMP gets a bit complicated in the implementation of the MIBs. There are standardized sets of MIBs that are available to network equipment manufacturers to Did you know that implement in their devices. As long as a manufacturer has implemented the MIB properly, there usually isn’t a problem retrieving information via there are three SNMP. The problems occur when network devices have custom MIBs. Then in order to read this information, a network administrator has to versions of SNMP? include the modified SNMP template on the SNMP requester so it knows the correct OID to ask for from the SNMP agent. SNMP v1, SNMP v2, and SNMP v3. So what prevents just SNMP v2 is just an anybody from getting to that information? It is expanded version of secure, right? SNMP v1. SNMP does allow some access SNMP v3 is a whole control SNMP does have one feature allowing you to rewrite of the protocol. control access. When you setup SNMP on a network device, you can create a group name that It has authentication can have read-only access and a group name that can have read-write access. The problem is that built into the protocol. the group name is the password. That’s not a very good scheme, so that’s why SNMP version 3 has an authentication system built into it. Most devices default with public being the group to have read-only access. So how do we set up SNMP? you are here4 347 Download at asnmp on cisco How to configure SNMP on a Cisco device Let’s take a look at how to get a basic setup of SNMP on a Cisco device. You’ll need to type these commands at the device command line in A basic setup of config mode. SNMP is all you 1 need to access Start SNMP service on router. Actually, there’s no specific command for this. The first lots of handy snmp-server command you enter, regardless of the command, will enable the SNMP service on the device. information. 2 Create a community access control for SNMP. To do this, type the command: snmp-server community public ro This will give public read-only access. 3 Set some basic system info. To set up your contact information, type the command: snmp-server contact yourname To set up the location of the device, type the command: snmp-server location place 4 Save your setup. To save your config setup, type the commands: exit write memory 348 Chapter 9 Download at a Setting up SNMP on a non-Cisco is really similar to this. Other network devices are configured in a similar fashion—just check your device documentation for the specifics.