Download CCNA4E_CH8_STUDY_GUIDE_KEY

CCNA EXPLORATION
ACCESSING THE WAN
Study Guide
Chapter 8: Network Troubleshooting
8.1.1
Describe network baseline.
Network documentation should include what
components?
Describe the Network Configuration Table.
What data set should be included for all
components?
Describe the End-system Configuration Table.
For troubleshooting purposes, what information
should be documented?
Describe the Network Topology Diagram.
CCNA EXP 4
To efficiently diagnose and correct network problems, a
network engineer needs to know how a network has been
designed and what the expected performance for this
network should be under normal operating conditions. It is
captured in documentation such as configuration tables and
topology diagrams.
Network configuration table
End-system configuration table
Network topology diagram
Contains accurate, up-to-date records of the hardware and
software used in a network.
 Type of device, model designation
 IOS image name
 Device network hostname
 Location of the device (building, floor, room, rack,
panel)
 If it is a modular device, include all module types and
in which module slot they are located
 Data Link layer addresses
 Network layer addresses
 Any additional important information about physical
aspects of the device
Contains baseline records of the hardware and software used
in end-system devices such as servers, network management
consoles, and desktop workstations.
 Device name (purpose)
 Operating system and version
 IP address
 Subnet mask
 Default gateway, DNS server, and WINS server
addresses
 Any high-bandwidth network applications that the
end-system runs
Graphical representation of a network, which illustrates how
each device in a network is connected and its logical
architecture. A topology diagram shares many of the same
components as the network configuration table. Each
network device should be represented on the diagram with
CH.8 Network Troubleshooting
APRIL 2009
At a minimum, the topology diagram should
include what?
8.1.2
What are some of the commands that are
useful to the network documentation process?
8.1.3
Why is establishing a network performance
baseline important?
8.1.4
What are the recommended steps for planning
the first baseline?
8.2.1
What is some network management software
often used to baseline networks?
What are the 2 extreme approaches to
CCNA EXP 4
consistent notation or a graphical symbol. Also, each logical
and physical connection should be represented using a
simple line or other appropriate symbol. Routing protocols
can also be shown.
 Symbols for all devices and how they are connected
 Interface types and numbers
 IP addresses
 Subnet masks
 The ping command is used to test connectivity with
neighboring devices before logging in to them.
Pinging to other PCs in the network also initiates the
MAC address auto-discovery process.
 The telnet command is used to log in remotely to a
device for accessing configuration information.
 The show ip interface brief command is used to
display the up or down status and IP address of all
interfaces on a device.
 The show ip route command is used to display the
routing table in a router to learn the directly
connected neighbors, more remote devices (through
learned routes), and the routing protocols that have
been configured.
 The show cdp neighbor detail command is used to
obtain detailed information about directly connected
Cisco neighbor devices.
Measuring the initial performance and availability of critical
network devices and links allows a network administrator to
determine the difference between abnormal behavior and
proper network performance as the network grows or traffic
patterns change. The baseline also provides insight into
whether the current network design can deliver the required
policies. Without a baseline, no standard exists to measure
the optimum nature of network traffic and congestion levels.
Step 1. Determine what types of data to collect
Start by selecting a few variables that represent the defined
policies. It is good to include interface utilization and CPU
utilization
Step 2. Identify devices and ports of interest
Devices and ports of interest include Network device ports
that connect to other network devices, Servers, Key users,
Anything else considered critical to operations
Step 3. Determine the baseline duration
It is important that the length of time and the baseline
information being gathered are sufficient to establish a
typical picture of the network. This period should be at least
seven days to capture any daily or weekly trends. Weekly
trends are just as important as daily or hourly trends.
Fluke Network SuperAgent
Rocket Scientist Approach—theorist
CH.8 Network Troubleshooting
APRIL 2009
8.2.2
troubleshooting?
Describe using layered models for
troubleshooting.
Describe using the OSI reference model for
troubleshooting.
Describe using the TCP/IP reference model for
troubleshooting.
8.2.3
Describe the stages of the general
troubleshooting process.
Why is a troubleshooting policy a good idea?
8.2.4
What are the three main methods for
troubleshooting networks?
Describe the bottom up approach.
CCNA EXP 4
Caveman Approach—Brute Force
Logical networking models, such as the OSI and TCP/IP
models, separate network functionality into modular layers.
When troubleshooting, these layered models can be applied
to the various network layers to isolate the problems.
The OSI reference model describes how information from a
software application in one computer moves through a
network medium to a software application in another
computer. The upper layers (5-7) of the OSI model deal with
application issues and generally are implemented only in
software. The lower layers (1-4) of the OSI model handle
data-transport issues. Layers 3 and 4 are generally
implemented only in software. The Physical layer (Layer 1)
and Data Link layer (Layer 2) are implemented in hardware
and software.
Similar to the OSI networking model, the TCP/IP networking
model also divides networking architecture into modular
layers. The Application layer in the TCP/IP suite actually
combines the functions of the three OSI model layers:
Session, Presentation, and Application. The Application layer
provides communication between applications such as FTP,
HTTP, and SMTP on separate hosts.
The Transport layers of TCP/IP and OSI directly correspond in
function. The Transport layer is responsible for exchanging
segments between devices on a TCP/IP network.
The TCP/IP Internet layer relates to the OSI Network layer.
The Internet layer is responsible for placing messages in a
fixed format that allows devices to handle them.
The TCP/IP network access layer corresponds to the OSI
physical and Data Link layers. The network access layer
communicates directly with the network media and provides
an interface between the architecture of the network and the
Internet layer.
Stage 1 Gather symptoms - Troubleshooting begins with the
process of gathering and documenting symptoms from the
network, end systems, and users.
Stage 2 Isolate the problem - The problem is not truly
isolated until a single problem, or a set of related problems,
is identified.
Stage 3 Correct the problem - Having isolated and identified
the cause of the problem, the network administrator works
to correct the problem by implementing, testing, and
documenting a solution.
A policy provides a consistent manner in which to perform
each stage. Part of the policy should include documenting
every important piece of information.
Bottom up
Top down
Divide and conquer
In bottom-up troubleshooting you start with the physical
components of the network and move up through the layers
of the OSI model until the cause of the problem is identified.
CH.8 Network Troubleshooting
APRIL 2009
When would the bottom up approach be the
approach to use?
What would be a disadvantage of the bottom
up approach?
Describe the top down approach.
When would the top down approach be the
approach to use?
What would be a disadvantage of the top down
approach?
Describe the divide-and-conquer approach.
8.2.5
When would the top down approach be the
approach to use?
What are the steps to determine the scope of
the problem gather (document) the symptoms?
Why is the use of the debug command not
always the best choice when gathering
symptoms?
What are some effective questioning
techniques to use with end users?
CCNA EXP 4
When the problem is suspected to be a physical one or the
problem seems limited in scope.
It requires that you check every device and interface on the
network until the possible cause of the problem is found.
Remember that each conclusion and possibility must be
documented so there can be a lot of paper work associated
with this approach. A further challenge is to determine which
devices to start examining first.
In top-down troubleshooting you start with the end-user
applications and move down through the layers of the OSI
model until the cause of the problem has been identified.
Use this approach for simpler problems or when you think
the problem is with a piece of software.
It requires checking every network application until the
possible cause of the problem is found. Each conclusion and
possibility must be documented. And the challenge is to
determine which application to start examining first.
You select a layer and test in both directions from the
starting layer.
When user experience of the problem give a good indication
as to what & where the problem may be.
Step 1. Analyze existing symptoms - Analyze symptoms
gathered from the trouble ticket, users, or end systems
affected by the problem to form a definition of the problem.
Step 2. Determine ownership - If the problem is within your
system, you can move onto the next stage. If the problem is
outside the boundary of your control, for example, lost
Internet connectivity outside of the autonomous system, you
need to contact an administrator for the external system
before gathering additional network symptoms.
Step 3. Narrow the scope - Determine if the problem is at the
core, distribution, or access layer of the network. At the
identified layer, analyze the existing symptoms and use your
knowledge of the network topology to determine which
pieces of equipment are the most likely cause.
Step 4. Gather symptoms from suspect devices - Using a
layered troubleshooting approach, gather hardware and
software symptoms from the suspect devices. Start with the
most likely possibility, and use knowledge and experience to
determine if the problem is more likely a hardware or
software configuration problem.
Step 5. Document symptoms - Sometimes the problem can
be solved using the documented symptoms. If not, begin the
isolating phase of the general troubleshooting process.
It generates a large amount of console message traffic and
the performance of a network device can be noticeably
affected.
CH.8 Network Troubleshooting
APRIL 2009
8.2.6
Describe NMS tools.
(Swr)
Network management system (NMS) tools include devicelevel monitoring, configuration, and fault management tools.
Examples of commonly used network management tools are
CiscoView, HP Openview, Solar Winds, and What's Up Gold.
Describe Knowledge bases.
It contains troubleshooting procedures, implementation
(Swr)
guides, and original white papers on most aspects of
networking technology.
Describe Baselining Tools.
Baselining tools help you with common baseling
(Swr)
documentation tasks. For example they can help you draw
network diagrams, help you to keep network software and
hardware documentation up-to-date and help you to costeffectively measure baseline network bandwidth use.
Describe Protocol Analyzers.
A protocol analyzer decodes the various protocol layers in a
(swr)
recorded frame and presents this information in a relatively
easy to use format. The information displayed by a protocol
analyzer includes, the physical, data link, protocol and
descriptions for each frame. Most protocol analyzers can
filter traffic that meets certain criteria.
Describe Network Analysis Module.
A network analysis module (NAM) can be installed in Cisco
(Hdw)
Catalyst 6500 series switches and Cisco 7600 series routers to
provide a graphical representation of traffic from local and
remote switches and routers. The NAM is a embedded
browser-based interface that generates reports on the traffic
that consumes critical network resources.
Describe Digital Multimeters.
Digital multimeters (DMMs) are test instruments that are
(Hdw)
used to directly measure electrical values of voltage, current,
and resistance. In network troubleshooting, most of the
multimedia tests involve checking power-supply voltage
levels and verifying that network devices are receiving
power.
Describe Cable Testers
They are specialized, handheld devices designed for testing
(Hdw)
the various types of data communication cabling. Cabling
testers can be used to detect broken wires, crossed-over
wiring, shorted connections, and improperly paired
connections. These devices can be inexpensive continuity
testers, moderately priced data cabling testers, or expensive
time-domain reflectometers (TDRs).
Describe TDRs.
TDRs (time-domain reflectometers) are used to pinpoint the
(Hdw)
distance to a break in a cable.
Describe Cable Analyzers.
Cable analyzers are multifunctional handheld devices that are
(Hdw)
used to test and certify copper and fiber cables for different
CCNA EXP 4
CH.8 Network Troubleshooting
APRIL 2009
8.3.1
Describe WAN communications.
8.3.2
What are the steps in WAN design?
8.3.3
Why are WAN traffic considerations important?
8.3.4
Designing a WAN topology essentially consists
of what?
services and standards. The more sophisticated tools include
advanced troubleshooting diagnostics that measure distance
to performance defect (NEXT, RL), identify corrective actions,
and graphically display crosstalk and impedance behavior.
Portable devices that are used for troubleshooting switched
networks and VLANs. By plugging the network analyzer in
anywhere on the network, a network engineer can see the
switch port to which the device is connected and the average
and peak utilization. The analyzer can also be used to
discover VLAN configuration, identify top network talkers,
analyze network traffic, and view interface details.
A communications provider or a common carrier normally
owns the data links that make up a WAN. The links are made
available to subscribers for a fee and are used to
interconnect LANs or connect to remote networks. WAN data
transfer speed (bandwidth) is considerably slower than the
common LAN bandwidth. WANs carry a variety of traffic
types, such as data, voice, and video. Today's WANs connect
geographically separated LANs. WAN technologies function
at the lower three layers of the OSI reference model. Enduser stations, servers, and routers communicate across LANs,
and the WAN data links terminate at local routers.
Step 1. Locate LANs - Establish the source and destination
endpoints that will connect through the WAN.
Step 2. Analyze traffic - Know what data traffic must be
carried, its origin, and its destination. WANs carry a variety of
traffic types with varying requirements for bandwidth,
latency, and jitter. For each pair of endpoints and for each
traffic type, information is needed on the various traffic
characteristics.
Step 3. Plan the topology - The topology is influenced by
geographic considerations but also by requirements such as
availability. A high requirement for availability requires extra
links that provide alternative data paths for redundancy and
load balancing.
Step 4. Estimate the required bandwidth - Traffic on the links
may have varying requirements for latency and jitter.
Step 5. Choose the WAN technology - Suitable link
technologies must be selected.
Step 6. Evaluate costs - When all the requirements are
established, installation and operational costs for the WAN
can be determined and compared with the business need
driving the WAN implementation.
Because the wide variety of traffic types and their varying
requirements of bandwidth, latency, and jitter that WAN
links are required to carry are important to the network.
Selecting an interconnection pattern or layout for the links
between the various locations
What are the types of WAN topologies?
Selecting the technologies for those links to meet the
enterprise requirements at an acceptable cost
Star—As the enterprise grows and new branches are added,
Describe Portable Network Analyzers.
(Hdw)
CCNA EXP 4
CH.8 Network Troubleshooting
APRIL 2009
When is a three-layer hierarchy often used?
Describe the connection technologies a typical
private WAN uses.
the branches are connected back to the head office,
producing a traditional star topology.
Mesh or partially meshed—Star endpoints are sometimes
cross-connected, creating a mesh or partial mesh topology.
This provides for many possible combinations for
interconnections.
Hierarchical—When many locations must be joined. Group
the LANs in each area and interconnected them to form a
region, interconnect the regions to form the core of the
WAN.
When the network traffic mirrors the enterprise branch
structure and is divided into regions, areas, and branches. It
is also useful when there is a central service to which all
branches must have access but traffic levels are insufficient
to justify direct connection of a branch to the service.
A combination of technologies that are usually chosen based
on traffic type and volume. ISDN, DSL, Frame Relay, or leased
lines are used to connect individual branches into an area.
Frame Relay, ATM, or leased lines are used to connect
external areas back to the backbone. ATM or leased lines
form the WAN backbone. Technologies that require the
establishment of a connection before data can be
transmitted, such as basic telephone, ISDN, or X.25, are not
suitable for WANs that require rapid response time or low
latency.
Describe the various WAN connection
technologies.
Describe the Internet as related WANs.
8.3.5
Describe bandwidth considerations as related
WANs.
CCNA EXP 4
Many enterprise WANs have connections to the Internet.
Although the Internet may pose a security problem it does
provides an alternative for inter-branch traffic. Part of the
traffic that must be considered during design is going to or
coming from the Internet. Common implementations are to
have each network in the company connect to a different ISP,
or to have all company networks connect to a single ISP from
a core layer connection.
Many companies rely on the high-speed transfer of data
between remote locations. Consequently, higher bandwidth
is crucial because it allows more data to be transmitted in a
given time. When bandwidth is inadequate, competition
CH.8 Network Troubleshooting
APRIL 2009
between various types of traffic causes response times to
increase, which reduces employee productivity and slows
down critical web-based business processes.
8.3.6
Describe some common WAN implement issues
8.3.7
What are the components an ISP needs to verify
when support receives a call from a customer
that says their network is running slowly?
8.4.1
Describe the use of a physical network diagram
in troubleshooting.
CCNA EXP 4
Individual PC host - A large number of user applications
open on the PC at the same time may be responsible for the
slowness that is being attributed to the Network.
LAN - If the customer has network monitoring software on
their LAN, the network manager should be able to tell them
whether the bandwidth on the LAN is frequently reaching
100 percent utilization.
Link from the edge of the user network to the edge of the
ISP - Test the link from the customer edge router to the edge
router of the ISP by asking the customer to log in to their
router and send a hundred 1500 byte pings (stress pings) to
the IP address of the ISP edge router.
Backbone of the ISP - The ISP customer service
representative can run stress pings from the ISP edge router
to the edge router of the customer. They can also run stress
pings across each link that customer traffic traverses. By
isolating and testing each link, the ISP can determine which
link is causing the problem.
Server being accessed - In some cases the slowness, being
attributed to the network, may be caused by server
congestion.
It shows the physical layout of the devices connected to the
network. Knowing how devices are physically connected is
necessary for troubleshooting problems at the Physical layer,
such as cabling or hardware problems. Information recorded
on the diagram typically includes:
Device type
Model and manufacturer
Operating system version
Cable type and identifier
Cable specification
Connector type
Cabling endpoints
CH.8 Network Troubleshooting
APRIL 2009
Describe the use of a logical network diagram in
troubleshooting.
8.4.2
What are some common symptoms of network
problems at the Physical layer?
CCNA EXP 4
It shows how data is transferred on the network. Symbols
are used to represent network elements such as routers,
servers, hubs, hosts, VPN concentrators, and security
devices. Information recorded on a logical network diagram
may include:
Device identifiers
IP address and subnet
Interface identifiers
Connection type
DLCI for virtual circuits
Site-to-site VPNs
Routing protocols
Static routes
Data-link protocols
WAN technologies used
Performance lower than baseline - If performance is
unsatisfactory all the time, the problem is probably related
to a poor configuration, inadequate capacity somewhere, or
some other systemic problem. If performance varies and is
not always unsatisfactory, the problem is probably related to
an error condition or is being affected by traffic from other
sources. The most common reasons for slow or poor
performance include overloaded or underpowered servers,
unsuitable switch or router configurations, traffic congestion
on a low-capacity link, and chronic frame loss.
Loss of connectivity - If a cable or device fails, the most
obvious symptom is a loss of connectivity between the
devices that communicate over that link or with the failed
device or interface, as indicated by a simple ping test.
Intermittent loss of connectivity could indicate a loose or
oxidized connection.
High collision counts - Collision domain problems affect the
local medium and disrupt communications to Layer 2 or
Layer 3 infrastructure devices, local servers, or services.
Collision-based problems may often be traced back to a
single source. It may be a bad cable to a single station, a bad
uplink cable on a hub or port on a hub, or a link that is
exposed to external electrical noise. A noise source near a
cable or hub can cause collisions even when there is no
apparent traffic to cause them. If collisions get worse in
direct proportion to the level of traffic, if the amount of
collisions approaches 100 percent, or if there is no good
traffic at all, the cable system may have failed.
Network bottlenecks or congestion - If a router, interface,
or cable fails, routing protocols may redirect traffic to other
routes that are not designed to carry the extra capacity. This
can result in congestion or bottlenecks in those parts of the
network.
High CPU utilization rates - High CPU utilization rates are a
symptom that a device, such as a router, switch, or server, is
operating at or exceeding its design limits. If not addressed
quickly, CPU overloading can cause a device to shut down or
CH.8 Network Troubleshooting
APRIL 2009
What are some common causes of physical layer
problems?
CCNA EXP 4
fail.
Console error messages - Error messages reported on the
device console indicate a Physical layer problem.
Power-related-- If a power-related issue is suspected, a
physical inspection of the power module is often carried out.
Check the operation of the fans, and ensure that the chassis
intake and exhaust vents are clear. If other nearby units have
also powered down, suspect a power failure at the main
power supply.
Hardware faults—Faulty network interface cards (NICs) can
be the cause of network transmission errors due to late
collisions, short frames, and jabber. Other likely causes of
jabber are faulty or corrupt NIC driver files, bad cabling, or
grounding problems.
Cabling faults—Many problems can be corrected by simply
reseating cables that have become partially disconnected.
When performing a physical inspection, look for damaged
cables, improper cable types, and poorly crimped RJ-45s.
Suspect cables should be tested or exchanged with a known
functioning cable. Problems with fiber-optic cables may be
caused by dirty connectors, excessively tight bends, and
swapped RX/TX connections when polarized. Problems with
coaxial cable often occur at the connectors.
Attenuation—An attenuated data bitstream is when the
amplitude of the bits is reduced while traveling across a
cable. If attenuation is severe, the receiving device cannot
always successfully distinguish the component bits of the
stream from each other. This ends in a garbled transmission
and results in a request from the receiving device for
retransmission of the missed traffic by the sender.
Attenuation can be caused if a cable length exceeds the
design limit for the media (for example, an Ethernet cable is
limited to 100 meters (328 feet) for good performance), or
when there is a poor connection resulting from a loose cable
or dirty or oxidized contacts.
Noise—Local electromagnetic interference (EMI) is
commonly known as noise. There are four types of noise that
are most significant to data networks:
 Impulse noise that is caused by voltage fluctuations
or current spikes induced on the cabling.
 Random (white) noise that is generated by many
sources, such as FM radio stations, police radio,
building security, and avionics for automated
landing.
 Alien crosstalk, which is noise induced by other
cables in the same pathway.
 Near end crosstalk (NEXT), which is noise originating
from crosstalk from other adjacent cables or noise
from nearby electric cables, devices with large
electric motors, or anything that includes a
transmitter more powerful than a cell phone.
Interface configuration errors—Examples of configuration
CH.8 Network Troubleshooting
APRIL 2009
errors that affect the Physical layer include:
 Serial links reconfigured as asynchronous instead of
synchronous
 Incorrect clock rate
 Incorrect clock source
 Interface not turned on
Exceeding design limits—A component may be operating
sub optimally at the Physical layer because it is being utilized
at a higher average rate than it is configured to operate.
When troubleshooting this type of problem, it becomes
evident that resources for the device are operating at or
near the maximum capacity and there is an increase in the
number of interface errors.
CPU overload—Symptoms include processes with high CPU
utilization percentages, input queue drops, slow
performance, router services such as Telnet and ping are
slow or fail to respond, or there are no routing updates. One
of the causes of CPU overload in a router is high traffic.
What are the steps to isolate problems at the
1. Check for bad cables or connections.
Physical layer?
2. Check that the correct cabling standard is adhered to
throughout the network
3. Check that devices are cabled correctly.
4. Verify proper interface configurations.
5. Check operational statistics and data error rates.
8.4.3 What are some common symptoms of network
No functionality or connectivity at the Network layer or
problems at the Data Link layer?
above—Some Layer 2 problems can stop the exchange of
frames across a link, while others only cause network
performance to degrade.
Network is operating below baseline performance levels—
There are two distinct types of suboptimal Layer 2 operation
that can occur in a network:
 Frames take an illogical path to their destination but
do arrive. An example of a problem which could
cause frames to take a suboptimal path is a poorly
designed Layer 2 spanning-tree topology. In this
case, the network might experience high-bandwidth
usage on links that should not have that level of
traffic.
 Some frames are dropped. These problems can be
identified through error counter statistics and
console error messages that appear on the switch or
router. In an Ethernet environment, an extended or
continuous ping also reveals if frames are being
dropped.
Excessive broadcasts—Where excessive broadcasts are
observed, it is important to identify the source of the
broadcasts. Generally, excessive broadcasts result from one
of the following situations:
 Poorly programmed or configured applications
 Large Layer 2 broadcast domains
 Underlying network problems, such as STP loops or
route flapping.
CCNA EXP 4
CH.8 Network Troubleshooting
APRIL 2009
What are some common causes of data link
layer problems?
What are the steps to troubleshooting PPP
problems at the Data Link layer?
CCNA EXP 4
Console messages—In some instances, a router recognizes
that a Layer 2 problem has occurred and sends alert
messages to the console. Typically, a router does this when it
detects a problem with interpreting incoming frames
(encapsulation or framing problems) or when keepalives are
expected but do not arrive. The most common console
message that indicates a Layer 2 problem is a line protocol
down message.
Encapsulation errors—An encapsulation error occurs
because the bits placed in a particular field by the sender are
not what the receiver expects to see. This condition occurs
when the encapsulation at one end of a WAN link is
configured differently from the encapsulation used at the
other end.
Address mapping errors—When using static maps in Frame
Relay, an incorrect map is a common mistake. Simple
configuration errors can result in a mismatch of Layer 2 and
Layer 3 addressing information.
In a dynamic environment, the mapping of Layer 2 and Layer
3 information can fail for the following reasons:
 Devices may have been specifically configured not to
respond to ARP or Inverse-ARP requests.
 The Layer 2 or Layer 3 information that is cached
may have physically changed.
 Invalid ARP replies are received because of a
misconfiguration or a security attack.
Framing errors—A framing error occurs when a frame does
not end on an 8-bit byte boundary. When this happens, the
receiver may have problems determining where one frame
ends and another frame starts. Depending on the severity of
the framing problem, the interface may be able to interpret
some of the frames. Too many invalid frames may prevent
valid keepalives from being exchanged. These errors can be
caused by a noisy serial line, an improperly designed cable
(too long or not properly shielded), or an incorrectly
configured channel service unit (CSU) line clock.
STP failures or loops—Most STP problems revolve around
these issues:
 Forwarding loops that occur when no port in a
redundant topology is blocked and traffic is
forwarded in circles indefinitely.
 Excessive flooding because of a high rate of STP
topology changes.
 Slow STP convergence or reconvergence, which can
be caused by a mismatch between the real and
documented topology, a configuration error, such as
an inconsistent configuration of STP timers, an
overloaded switch CPU during convergence, or a
software defect.
Most of the problems that occur with PPP involve link
negotiation.
CH.8 Network Troubleshooting
APRIL 2009
Step 1. Check that the appropriate encapsulation is in use at
both ends, using the show interfaces serial command. In the
figure for Step 1, the command output reveals that R2 has
been incorrectly configured to use HDLC encapsulation.
Step 2. Confirm that the Link Control Protocol (LCP)
negotiations have succeeded by checking the output for the
LCP Open message.
Step 3. Verify authentication on both sides of the link using
the debug ppp authentication command.
What are the steps to troubleshooting Frame
Step 1. Verify the physical connection between the CSU/data
Relay problems at the Data Link layer?
service unit (DSU) and the router.
Step 2. Verify that the router and Frame Relay provider are
properly exchanging LMI information by using the show
frame-relay lmi command.
Step 3. Verify that the PVC status is active by using the show
frame-relay pvc command.
Step 4. Verify that the Frame Relay encapsulation matches
on both routers with the show interfaces serial command.
What are the steps to troubleshooting STP Loops Step 1. Identify that an STP loop is occurring.
problems at the Data Link layer?
Step 2. Discover the topology (scope) of the loop. The show
interface command displays the utilization for each
interface. Make sure that you record this information before
proceeding to the next step. Otherwise, it could be difficult
later on to determine the cause of the loop.
Step 3. Break the loop. Shut down or disconnect the involved
ports one at a time. After you disable or disconnect each
port, check whether the switch backplane utilization is back
to a normal level. Document your findings.
Step 4. Find and fix the cause of the loop. For every switch
on the redundant path, check for these issues:
 Does the switch know the correct STP root?
 Is the root port identified correctly?
 Are Bridge Protocol Data Units (BPDUs) received
regularly on the root port and on ports that are
supposed to be blocking?
 Are BPDUs sent regularly on non-root, designated
ports?
Step 5. Restore the redundancy. vAfter the device or link
that is causing the loop has been found and the problem has
been resolved, restore the redundant links that were
disconnected.
8.4.4 What are some common causes of network
Problems at the Network layer can cause network failure or
layer problems?
suboptimal performance. Network failure is when the
network is nearly or completely nonfunctional, affecting all
users and applications using the network.
What are the steps to troubleshooting problems
 Check for Network topology changes—Has anything
at the network layer?
in the network changed recently? Is there anyone
currently working on the network infrastructure
 Connectivity issues--- Check for any equipment and
connectivity problems, including power problems
such as outages and environmental problems such
as overheating. Also check for Layer 1 problems,
CCNA EXP 4
CH.8 Network Troubleshooting
APRIL 2009
8.4.5
What are some common symptoms of network
problems at the transport layer?
8.4.6
What are the most widely known and
implemented TCP/IP Application layer
protocols?
CCNA EXP 4
such as cabling problems, bad ports, and ISP
problems.
 Neighbor issues—If the routing protocol establishes
an adjacency with a neighbor, check to see if there
are any problems with the routers forming neighbor
relationships.
 Topology database—If the routing protocol uses a
topology table or database, check the table for
anything unexpected, such as missing entries or
unexpected entries.
 Routing table—Check the routing table for anything
unexpected, such as missing routes or unexpected
routes. Use debug commands to view routing
updates and routing table maintenance.
Issues with ACLs & NAT cause the most problems at the
transport layer.
Common Access List Issues—two of the most commonly
implemented Transport layer security technologies. They are
access control lists (ACLs) and Network Address Translation
(NAT). The most common issues with ACLs are caused by
improper configuration. There are eight areas where
misconfigurations commonly occur:
 Selection of traffic flow
 Order of access control elements
 Implicit deny all
 Addresses and wildcard masks
 Selection of Transport layer protocol
 Source and destination ports
 Use of the established keyword
 Uncommon protocols
Common NAT Issues—The biggest problem with all NAT
technologies is interoperability with other network
technologies, especially those that contain or derive
information from host network addressing in the packet.
Some of these technologies include:
 BOOTP and DHCP
 DNS and WINS
 SNMP
 Tunneling and encryption protocols
One of the more common NAT configuration errors is
forgetting that NAT affects both inbound and outbound
traffic. Improperly configured timers can also result in
unexpected network behavior and suboptimal operation of
dynamic NAT.
Telnet - Enables users to establish terminal session
connections with remote hosts.
HTTP - Supports the exchanging of text, graphic images,
sound, video, and other multimedia files on the web.
FTP - Performs interactive file transfers between hosts.
TFTP - Performs basic interactive file transfers typically
between hosts and networking devices.
CH.8 Network Troubleshooting
APRIL 2009
SMTP - Supports basic message delivery services.
POP - Connects to mail servers and downloads e-mail.
Simple Network Management Protocol (SNMP) - Collects
management information from network devices.
DNS - Maps IP addresses to the names assigned to network
devices.
Network File System (NFS) - Enables computers to mount
drives on remote hosts and operate them as if they were
local drives. Originally developed by Sun Microsystems, it
combines with two other Application layer protocols,
external data representation (XDR) and remote-procedure
call (RPC), to allow transparent access to remote network
resources.
What are some symptoms of Application Layer
 Application layer problems prevent services from
problems?
being provided to application programs. It is possible
to have full network connectivity, but the application
simply cannot provide data.
 Another type of problem at the Application layer
occurs when the physical, data link, network, and
Transport layers are functional, but the data transfer
and requests for network services from a single
network service or application do not meet the
normal expectations of a user.
 A problem at the Application layer may cause users
to complain that the network or the particular
application that they are working with is sluggish or
slower than usual when transferring data or
requesting network services.
What are the steps to troubleshooting problems Step 1. Ping the default gateway.
at the application layer?
If successful, Layer 1 and Layer 2 services are functioning
properly.
Step 2. Verify end-to-end connectivity.
Use an extended ping if attempting the ping from a Cisco
router. If successful, Layer 3 is operating correctly. If Layers
1-3 are functioning properly, the issue must exist at a higher
layer.
Step 3. Verify access list and NAT operation.
To troubleshoot access control lists, use the following steps:
 Use the show access-list command. Are there any
ACLs that could be stopping traffic? Notice which
access lists have matches.
 Clear the access-list counters with the clear accesslist counters command and try to establish a
connection again.
 Verify the access-list counters. Have any increased?
Should they increase?
To troubleshoot NAT, use the following steps:
 Use the show ip nat translations command. Are
there any translations? Are the translations as
expected?
 Clear the NAT translations with the clear ip nat
translation * command and try to access the
CCNA EXP 4
CH.8 Network Troubleshooting
APRIL 2009
What are the steps for correcting Application
layer problems?
CCNA EXP 4
external resource again.
 Use the debug ip nat command and examine the
output.
 Look at the running configuration file. Are the ip nat
inside and ip nat outside commands located on the
right interfaces? Is the NAT pool correctly
configured? Is the ACL correctly identifying the
hosts?
If the ACLs and NAT are functioning as expected, the
problem must lie in a higher layer.
Step 4. Troubleshoot upper layer protocol connectivity. Even
though there may be IP connectivity between a source and a
destination, problems may still exist for a specific upper
layer protocol, such as FTP, HTTP, or Telnet. These protocols
ride on top of the basic IP transport but are subject to
protocol-specific problems relating to packet filters and
firewalls. It is possible that everything except mail works
between a given source and destination.
Troubleshooting an upper layer protocol connectivity
problem requires understanding the process of the protocol.
This information is usually found in the latest RFC for the
protocol or on the developer web page.
Step 1: Make a backup.
Step 2: Make an initial hardware or software configuration
change.
Step 3: Evaluate and document each change and its results.
Step 4: Determine if the change solves the problem.
Step 5: Stop when the problem is solved.
Step 6: If necessary, get assistance from outside resources.
Step 7: Document.
CH.8 Network Troubleshooting
APRIL 2009