To successfully diagnose and troubleshoot network problems, network engineering technicians must master two basic skills. SPOTO has collected this knowledge and I hope that is helpful for you.
The first is a clear understanding of network technologies and protocols. It is the basis for diagnosing and troubleshooting network problems. Without proper knowledge and experience, troubleshooting tools such as router diagnostic commands and network analyzers do not work.
The second skill that network engineering technicians must master is to apply the knowledge they have acquired in a structured way to diagnose and troubleshoot network problems. Although this article only describes some diagnostic commands, it should be emphasized that fault diagnosis and elimination is a structured approach. Many engineers and technicians believe that troubleshooting and troubleshooting programs are not as important as research and application technology itself. In fact, the right plan often plays a decisive role in troubleshooting and troubleshooting. During the troubleshooting process, an accidental behavior may resolve the fault, but it is not a substitute for structured troubleshooting and troubleshooting.
The elimination of network failures is a systematic project. It should be through defining problems, collecting facts, considering facts based on facts, establishing action plans, implementing plans, observing results and cyclic processes. This process is like the waterfall model of the software development process. Its importance is self-evident.
Error message format
The system error message format is as follows:
%Facility - sub-facility - Severity - Mnemonic: Message Text
Facility It indicates the name of the device involved in the error message. This value can be a protocol, a hardware device, or a system software module.
Subfacility It is only related to the Channel Interface Processor (CIP) card. Detailed information can be found in the relevant sections of the Cisco documentation.
Severity It is a number between 0 and 7. The smaller the value of the number, the higher the severity.
Mnemonic A single-valued code that uniquely identifies an error message. This code can usually imply the type of error.
Message Text This is a short description of the error message, including the router hardware and software information involved.
Below are examples of some error messages. Users can refer to the System Error Messages section of the CCO ISO documentation for a description of these error messages.
%DUAL-3-SIA: Route 22.214.171.124/26 stuck-in-active state in IP-EIGP 211. Cleaning up
%LANCE-3-OWNERR: Unit 0, buffer ownership error
It should be noted that not all messages involve a fault or problem condition. Some messages show information about status. For example, the following message only indicates that the ISDN BRI 0 interface is connected to a specific remote data.
%ISDN-6-CONNECT: Interface BRI0 is now connected to 95551212
Some error messages related to router internal errors contain traceback information. When reporting an error to Cisco TAC, you should include this information in the error description.
Log of error messages and event information
Based on the importance and validity of the error message, Cisco error messages can be logged to the following locations:
& #61550; ;; console
& #61550; ;; virtual terminal
& #61550; ;; Syslog Server
& #61550; ;; internal buffer
The logging on command causes the output of the log message to go to the above location. For Syslog servers, the following global configuration commands must be used to indicate the server's IP address:
By using this command repeatedly, you can create a list of servers. When managing large networks, you usually need to set up a redundant server.
The logging buffered command is used to send log information to the internal buffer. The size of the buffer must be above 4096 bytes. The default values vary depending on the system platform. The user needs to choose a buffer size that is appropriate for the environment. If the buffer is too small, the new message will overwrite the old one. This can cause problems. However, if the buffer size is too large, the system cache will be wasted. The no logging buffered command will prevent messages from being written to the internal cache.
Users can use the show logging command to display the contents of the internal buffer. If the user needs information for a certain period of time, first use NTP or manually set the clock. The specific operation is as follows:
YH-Router#clock set 11:37:00 December 2000
11:37:03.596 PST Fri Dec 11, 2000
The timestamp and debug information for log messages can use the following global configuration commands:
YH-Router (config)#service timestamps log datetime
YH-Router (config)#service timestamps debug datetime
The terminal monitor command will display the log information during debugging on the current terminal. This command is not a configuration command. Instead, it can be used in command line mode when telneting to the router.
In most cases, users may need to display a certain level of log information. Therefore, the log information is divided into eight different levels, ranked according to the degree of importance from high to low:
& #61550; ;; Emergencies
& #61550; ;; Alerts
& #61550; ;; Critical
& #61550; ;; Errors
& #61550; ;; Warnings
& #61550; ;; Notifications
& #61550; ;; Informational
& #61550; ;; Debugging
For example, you need to display all log information on the console with a severity equal to or greater than Warning. You can use the following global configuration commands:
Logging console warning
Similarly, when sending some type of log information to the current terminal, use
Logging monitor level
Or use when sending information to the Syslog server
Logging trap level
Unlike the terminal monitor command, the logging monitor command is part of the router configuration. The former command does not allow execution at different security levels.
It should be noted that when logging logs to different locations, the system overhead varies greatly. The overhead of logging to the console is relatively large, but the overhead of logging to a virtual terminal is small. The overhead is smaller when using a Syslog server. The least expensive way to write logs is to write to the internal buffer.
In order to find out the cause of the router crash, we can use a lot of commands to get valid information. We have already explained the usage of the show stacks command. A core dump is a copy of the system memory image that can be written to a TFTP server. From this binary, we can get information about router crashes or serious misoperations, which can be used to rule out possible failures.
The following configuration command writes the core dump to the TFTP server corresponding to the IP address in the command:
Exception dump IP-address
The write core command is typically used to save a core image when a serious misoperation occurs on the router but does not completely crash.
Core dumps are only available for servers running IOS v 9.0 or higher. However, it is important to note that when using core dumps, it is best to get support from experienced engineers or Cisco TAC.