Pages

Sunday, March 10, 2013

CCNP TSHOOT TIPS !!


IOS tools to monitor and maintain the network:
Show ip route 10.1.50.9
It does not show default route in output

Show  ip route 10.1.50.0 255.255.255.0 longer-prefixes
Show processes
Show processes cpu | include IP Input
Show proc cpu | excl 0.00%  0.00%  0.00%
Show ip int br | exclude unassigned
Show run | begin vty
Show run | section interface
Show run | section archive
Show processes cpu | include ^CPU|Ip Input
Show interfaces | include fastethernet | error
Show tech-support | redirect flash:showtech.txt
Dir flash:
More flash: showtech.txt
Show ip int br | tee flash: showipint.txt
Show version | append flash: show version.txt
Ping 4.4.4.4
Ping 4.2.2.2 source loopback 0
Ping 4.4.4.4 size 1500 repeat 10
Ping 4.2.2.2 size 1500 df-bit
Ping
Target address :
Repeat count :

telnet 3.3.3.3
telnet mail.ciscoblog.com 25

show memory
IOS bug leads memory leak in router
Show ip int br
Show int fa0/0
Show int fa0/0 | include drop|error
Late collision รจ cause duplex mismatch
Input drops : cause processor busy/utilization
Output drops : cause MTU size issue .its normal
Input and output errors are due to bad cablings and interfaces
Show inventory (to see models of cards installed)
Show diag (more detail information about each card)

SPAN: switch port analyzer
S(config)#monitor session 1(identify this instance) source int fa0/1
#monitor session 1 dest int fa0/4

RSPAN: Remote switch port analyzer
SYSLOG : allows u pipe the output to outside syslog server
R(config)# logging x.x.x.x (ip of syslog server)
#logging trap ?

SNMP
R(config)#snmp-server community cisco1  
#snmp-server ifindex persist (interface index will always remain the same even after reboot)

Netflow :
Traffic flows going in and out of device
To enable netflow
R(config)# int f0/0
#ip flow ingress
R#show ip cache flow
Netflow is kind of push system
R(config)# ip flow-export version 9
#ip flow-export destination 10.1.1.101 999 (some random UDP port)

EEM : Embedded event manager
Scripting language for your router
To sent message/notification in case somebody access your router.

VLAN and Spanning Tree Review:
Vlans are a constraint to the wiring clause. Cisco recommends of using local vlan instead of using vlan across the campus network. By doing this you are introducing the L3 device router and forwarding information through routing protocol is much faster compare to stp.
Show mac address-table
Show vlan
Show interface switchport
Show interface trunk
Traceroute mac

RSTP remembers the blocked port but STP doesn’t so once the port comes up , it puts that blocking port to forwarding state instead of going through listening, learning as in STP.

MST: grouping STP instances together.
If you have 50 vlan. one instance is running for 25 vlan and other instance is running for rest 25 vlan so we have 2 root bridge for each instance.
Show spanning-tree
Show spanning-tree interface detail
Show process cpu

TT:
Show interface status
Show vlan
Show run | inc cdp
Show run interface port-channel 1
Check both the switch are in same mode.
Show run int …

L3 switching and Redundancy protocols concepts:
In L2 :
Switch (config)# vlan 10
#name Sales

In L3 switching(router in a switch) we create the switch virtual interface
Switch (config)# interface vlan 10
# ip adddrerss 10.1.1.1
L3 Switching (vlan + routing)
Commands
Show standby brief (subst VRRP/GLBP)
Show standby (subst vrrp/glbp)
Debug standby terse (subst glbp) => shows everything except hello messages . not implemented for vrrp

L3 Switching and Redundancy protocols.
Show glbp
Show run | inc ip def
Show run | keychain
Show standby vlan 44

Route redistribution and ospf
-show ip ospf neighbors(to check routes)
-show ip ospf interface(for hello and dead timers)
-show ip ospf database(show link state database)
-Debug ip ospf adj/packets(neighbor forming process)
-Clear ip ospf proc
-debug ip routing
-seed metrics
-proper filtering
Show run | s router eigrp

Two scenarios in Ping:
1.      Request timedout: means your default gateway has forwarded the packet but some next hop router on the way doesn’t know path to a destination . So this router will drop the packet and sends icmp unreachable to default gateway but gateway never forwards it back to the sender .Hence occurs the request timed out .
2.      Icmp unreachable ie destination unreacheable: means your default gateway doesn’t know how to reach the destination so it will reply to sender with icmp unreachable message.So it is one hop story.

Basic issues that needs to be taken care while troubleshooting ospf
-          Area should match in both routers
-          Authentication key should match on both routers
-          There should not be passive-interface default
-          Be sure about the trailing spaces after the keys
-          Stub area flag should be matched
-          Network should present in the config
-          First apply the ospf authentication and then apply the key.

BGP concept overview :
-one of the slowest routing protocol
-routing protocol for internet
-meant for external use
-outbound traffic is simple and manageable but inbound traffic is complex
-used for controlling inbound and outbound traffic
-bgp runs on top of tcp (port 179)
-TCP used for reliability and keepalives
-Updates (of course) are incremental and triggered
-metric is the biggest you’ve ever seen.
-slowest routing protocol on the planet to converge.

Commands:
-show ip bgp summary
-show ip bgp
-show ip bgp neighbors
-debug ip bgp
-debug ip bgp upsates
No logging console (to get rid of console messgaes)
Show run | s prefix-list
Clear ip bgp *

Note: local pref is used for outgoing traffic and MED is used for incoming traffic.

Router Performance Issues :
Processor
Memory
Throughput

Key processes:
-          Arp input process
-          Net background process
-          Ip background process
-          Tcp timer process

Areas to check:
-Default route pointed to interface
-interface throttles, overruns, ignores
- show tcp statistics/brief
-show process cpu (history, excl 0.00%)

Troubleshooting Memory Overload
Key Symptoms:
-syslog message: sys-2-mallocfail
-show commands return blank output
-console: “unable to create exec – no memory or too many processes”
Areas to check:
-wrong IOS image (not enough memory to run)
-memory leak due to bad IOS Image (reload in)
-worm/virus focused on IOS
-BGP (show process memory)

Troubleshooting Interface utilization:
Key Symptoms:
-high cpu/memory utilization
-packet drops
- unreachable destinations

Areas to check :
-          Verify switching mode
-          Verify routing table
-          Verify cef/arp cache

Router performance:
Ping 10.1.1.1 –l 500 –t (increasing the byte size to 500) normal ping packets are 32 bytes
Show proc cpu
98%/23% means 98% is the cpu utilization out of which 23 % is caused by packets
no ip-route cache => disables fast switching
So better turn on ip-route cache under all interfaces
And enable ip cef too in global config mode.
Cef precache every destination in the routing table and makes the switching fast

Control plane-----data plane
Packets first arrives at data plane and they are moved to control plane. Router will do the processing and add a new headers and sent out of the interface.

How to summarize bgp routes
Router bgp 54000
Aggregate-address 10.16.0.0 255.240.0.0 summary-only
Access-list concept review :
Adding access list capabilities :
-          Standard
-          Extended
-          Dynamic (authentication based)
-          Established (reflexive): used specifically to restrict some traffic from internet
-          Time based: based on time period, traffic is filtered.
-          Context-based access control (CBAC) also known as IOS based firewall. It is same as reflexive but filter more specific traffic and works with UDP too.
Rules :
-list is read from top to bottom; stops at first match
-invisible implicit deny at the bottom
-ACL is applied to an interface inbound or outbound

ACL troubleshooting keys:
-show access-list
-show run interface
-know the security policy of the network
-temporarily disable security (if safe)
-verify security policy before making changes

Security TSHOOT:
To remove console session from getting terminated :
Line console 0
No exec-timeout
Show start | section line con
Not able to access the router due to authentication failed
Do the password recovery
Reload the router
Do break
Rommon 2 > confreg 0x2142
Rommon3 > reset
Would you go to initital dialog : no
Now restore original config
Copy start run
Do no shut on all the interfaces
And move back to previous config-register 0x2102
Now remove authentication on console :
Config# aaa authentication login CONSOLE none

Ipv6 tshoot:
Ipv6 addressing
-address size moved from 32 bit to 128bit (ipv6)
-to make addresses more manageable, divided into 8 groups of 4 hex characters each

Rule1 :
-eliminate groups of consecutive zeros 2001:0050::AB4:1E2B:98AA
-drop leading zeros 2001:50::AB4:1E2B:98AA

Types of Communication:
-unicast : one to one
- multicast : one to many
-anycast : one to closest

Link-local scope address : layer 2 domain
Unique /site-local scope address : organization
Global scope address : internet

Link Local address :
-assigned automatically as an IPv6 host comes online
-its similar to 169.254.X.X address of Ipv4 (when dhcp server is down, hosts will take this ip address )
This address is used to communicate with hosts in same subnets. Used in ospf neighbor discovery, cdp etc
Always begin with ‘FE80” (first 10 bits : 1111111010) followed by 54 bits of zeros
-last 64 bits is the 48-bit mac address with “FEEE” squeezed in the middle
(FE80)1111 1110 1000 0000 0000 0000 00.. |   0019.D1FF.FE22.DCF3
With Ipv6 we don’t have private ip address , all the address are global . Private address are known as site local but they it is removed as of now.

Global Address:
-have their high-level 3 bits set to 001 (2000::/3)
Nbits (global routing prefix 001..) + (64-Nbits) subnet id + 64 bits(interface id)
-global routing prefix is 48 bits or less
-subnet id is comprised of whatever bits are left over after global routing prefix
-the primary addresses expected to comprise the ipv6 internet form the 2001::/16 subnet

IPv6 static routes:
Turn on ipv6 routing by
-ipv6 unicast-routing

For static route :
-ipv6 route
IPv6 RIping:
Ipv6 unicast-routing
(global) ipv6 rip enable
(interface) ipv6 router rip
Here no need to go under rip routing mode . all the other commands are configured under interface.

OSPFv3:
Ipv6 unicast-routing
(global) ipv6 router ospf
(router) router-id
(interface) ipv6 ospf area

















No comments:

Post a Comment