Join Telegram Study Group ▷
SPOTO put together the complete study guide of IT Certification to help you discover what type of learner you are and how to study smarter with study strategies.
Chapter 1 ▶
Troubleshooting method
First, the complexity of the network
General networks include routing, dialing, switching, video, WAN (ISDN, Frame Relay, ATM, ...), LAN, VLAN,...
Second, the fault handling model
1. Define the Problem
Describe the symptoms and potential causes of the failure in detail and accurately
2, collect detailed information (Gather Facts)
R>Information ">RIP failure
RIP is a distance vector routing protocol and the metric is the hop count. The maximum number of hops for RIP is 15. If the number of hops to the target exceeds 15, it is unreachable.
RIP V1 is a classful routing protocol, RIP V2 is a non-categorical routing protocol, supports CIDR, route induction, VLSM, and uses multicast (224.0.0.9) to send routing updates.
RIP related show command:
Show ip route rip ; display only RIP routing table
Show ip route ; show all IP routing tables
Show ip interface ; display IP interface configuration
Show running-config
Debug ip rip events ;
Common RIP failures: RIP versions are inconsistent, RIP uses UDP broadcast updates
Fourth, deal with IGRP failure
IGRP is a Cisco-specific routing protocol, a distance vector protocol.
The IGRP metric can be based on five elements: bandwidth, latency, load, reliability, MTU, and only bandwidth and latency are used by default.
IGRP related show command:
Show ip route igrp ; display IGRP routing table
Debug ip igrp events ;
Debug ip igrp transactions ;
Common IGRP failures: access lists, incorrect configuration, line down to neighboring routers
Fifth, deal with EIGRP failure
EIGRP is a link state protocol and distance vector hybrid protocol, and is a CISCO dedicated routing protocol. EIGRP uses the multicast address 224.0.0.10 to send routing updates and the DUAL algorithm to calculate routes.
EIGRP metrics can be based on bandwidth, latency, load, reliability, MTU, and only bandwidth and latency are used by default.
EIGRP uses three types of databases: routing databases, topology databases, and neighboring router databases.
EIGRP related show commands:
Show running-config
Show ip route
Show ip route eigrp ; only show EIGRP routes
Show ip eigrp interface ; displays the peer information of the interface
Show ip eigrp neighbors ;Show all EIGRP neighbors and their information
Show ip eigrp topology ; shows the contents of the EIGRP topology table
Show ip eigrp traffic ; shows the induction of EIGRP routing statistics
Show ip eigrp events ; show recent EIGRP protocol event records
EIGRP related debug commands:
Debug ip eigrp as
Debug ip eigrp neighbor
Debug ip eigrp notifications
Debug ip eigrp summary
Debug ip eigrp
Common EIGRP faults: loss of neighbor relationship, default gateway, etc., routing of old version IOS, stuck in active.
When processing EIGRP faults, first use show ip eigrp neighbors to view all neighboring routers, then use show ip route gigrp to view the router's routing table, then use show ip eigrp topology to view the router's topology table, or use show ip eigrp traffic to view Whether the route update is sent.
Sixth, dealing with OSPF faults
OSPF is a link state protocol that maintains three databases: a neighboring database, a topology database, and a routing table.
OSPF related show command:
Show running-config
Show ip route
Show ip route ospf ; only shows OSPF routes
Show ip ospf process-id ; displays information related to a specific process ID
Show ip ospf ; Display OSPF related information
Show ip ospf border-routers ; show border router
Show ip ospf database ; display OSPF inductive database
Show ip ospf interface ; Display OSPF information on the specified interface
Show ip ospf neighbor ; display OSPF neighbor information
Show ip ospf request-list ; display link status request list
Show ip ospf summary-address ; display repost information for inductive routes
Show ip ospf virtual-links ; display virtual link information
Show ip interface ; display the IP settings of the interface
OSPF related debug commands:
Debug ip ospf adj ;
Debug ip ospf events
Debug ip ospf flood
Debug ip ospf lsa-generation
Debug ip ospf packet
Debug ip ospf retransmission
Debug ip ospf spf
Debug ip ospf tree
Common OSPF faults: OSPF does not exceed 100 routers per domain, and the entire network does not exceed 700 routers; the wildcard mask is improperly configured;
Seven, dealing with BGP failure
The key configuration of BGP (including IBGP and EBGP) is the neighbor relationship. BGP uses TCP to establish the neighbor relationship.
BGP related show command:
Show ip bgp ; shows the routes learned by BGP
Show ip bgp network ; Display BGP information for a specific network
Show ip neighbors ; Display BGP neighbor information
Show ip bgp peer-group ; Display BGP treatment group information
Show ip bgp summary ; shows the induction of all BGP connections
Show ip route bgp ; Display BGP routing table
BGP related debug commands:
Debug ip bgp 192.1.1.1 updates
Debug ip bgp dampening
Debug ip bgp events
Debug ip bgp keepalives
Debug ip bgp updates
Eight, re-release routing protocol
Nine, TCP / IP symptoms and causes
Symptom cause
The local host cannot communicate with the remote host:
1) DNS is not working properly
2) There is no route to the remote host
3) Missing default gateway
4) Management Rejection (ACL)
An application is not working properly:
1) Management Rejection (ACL)
2) The network is not properly configured to process the application
Startup failed:
1) The entity that has no MAC address on the BootP server
2) Missing IP helper-address
3) ACL
4) Modify the NIC or MAC address
5) Duplicate IP address
6) Unusual IP configuration
Can't ping remote host:
1) ACL
2) There is no route to the remote host
3) No default gateway is set
4) Remote host down
Missing route:
1) The routing protocol is not configured correctly
2) Release list
3) Passive interface
4) Neighbors without advertised routes
5) The routing protocol version is inconsistent
6) Neighbor relationship has not been established
The neighbor relationship is not established:
1) Incorrect routing protocol configuration
2) Incorrect IP configuration
3) No network or neighbor statement configured
4) hello interval is inconsistent
5) Inconsistent area ID
High CPU utilization:
1) Unstable routing updates
2) did not close the debug
3) The process is too heavy
Route trigger active mode:
1) Inconsistent intervals
2) Hardware problems
3) Unstable links
X. TCP/IP Symptoms and Action Plan
DNS is not working properly:
1) Configure the DNS host configuration and DNS server, you can use nslookup to verify the DNS server's work.
There is no route to the remote host:
1) Check the default gateway with ipconfig /all
2) Use show ip route to check whether the corresponding route
3) If there is no such route, use show ip route to see if there is a default gateway.
4) If there is a gateway, check the next hop of the target; if there is no gateway, fix the problem
ACLs have separate issues related to ACLs:
The ACL must be analyzed, or the ACL must be rewritten and applied.
The network is not configured to process the application:
View router configuration
Booting failed:
1) Check the DHCP or BootP server and check if there is a MAC of the faulty machine.
2) Verify the packets received from the host using debug ip udp
3) Verify helper-address is correctly configured
4) Check if the ACL disables the package.
Missing route:
1) Use show ip route on the first router to view the learned routes.
2) Verify neighboring routers
3) Have the correct route network and neighbor statements
4) For OSPF, verify the wildcard mask
5) Check the distribute list applied to the interface
6) Verify the neighbor's IP configuration
7) If the route is redistributed, verify the metric
8) Verify that the route is re-released normally
Does not constitute an adjacent relationship:
1) Use the show ip protocol neighbors list to form the neighbor relationship
2) View the protocol configuration that does not form an adjacent relationship
3) Check the network statement in the routing configuration
4) Use show ip protocol/interface to view specific interface information, such as Hello interval
Chapter II ▶
Handling serial line and frame relay connection failures
First, handle serial line failure
1, HDLC package
High-level Data Link Control (HDLC) is a packaging method for serial links. HDLC is the default encapsulation method for Cisco router serial interfaces. The first step in dealing with a serial link failure is to look at the same package type at both ends of the link.
Common commands:
Show interface serial 1 : View interface information
Clear counters serial number: reset the counter of the interface to 0
Under normal circumstances, the interface and line are up.
Cable failures, carrier faults, and hardware failures can cause the interface to go down, verify cable connections, replace hardware (including cables), and check carrier signaling positioning issues.
Interface up, line down: CSU/DSU failure, router interface problem, CSU/DSU or carrier time inconsistency, no keepalive signaling received from the remote router, carrier problem. The configuration of the local and remote interfaces should be verified.
Reason for interface restart:
Packets queued in a few seconds are not sent;
Hardware issues (router interface, cable, CSU/DSU);
Clock signaling is inconsistent
Loop interface
Interface closed
The line protocol is down and the interface is periodically restarted.
Show controllers serial 0 ; display interface status, cable connection, clock rate
Show buffers ; view system buffer pool, interface buffer settings
Debug serial interface ; display HDLC or Frame Relay communication information
2, CSU / DSU loop test
There are four types of loop tests:
Test the local loop on the local CSU/DSU;
Test the local loop on the remote CSU/DSU;
Test the remote loop from the local NIU to the remote CSU/DSU;
Test the remote loop from the remote NIU to the local CSU/DSU;
On a serial link encapsulated in PPP, PPP uses the negotiated Magic Number to detect the loopback network.
3, summary in the serial line
1) Symptoms and problems:
Interface is administratively down; line protocol is down:
1) The interface is closed from the command line
2) Duplicate IP addresses are not allowed, and two interfaces using the same IP address will be down
Interface is down; line protocol is down:
1) Unqualified cable
2) No local provider signaling
3) Hardware failure (interface or CSU/DSU, cable)
4) Clock
Interface is up; line protocol is down:
1) Unconfigured interface: local or remote
2) Local provider issues
3) Keepalive serial number has not increased
4) Hardware failure (local or remote interface, CSU/DSU)
5) Line noise
6) Clock inconsistency
7) Layer 2 (eg LMI)
Interface is up; line protocol is up (looped) link in somewhere loop Incrementing carrier transition counter
1) Unstable signal from local provider
2) Cable failure
3) Hardware failure
Incrementing interface resets
1) Cable failure, resulting in CD signal loss
2) Hardware failure
3) Line congestion
Input drops,errors,CRC,and framing errors
1) Line rate exceeds interface capability
2) Local provider issues
3) Line noise
4) Cable failure
5) Unqualified cable
6) Hardware failure
Output drops: interface transmission capacity exceeds line rate
2) Problems and actions
Local provider issues:
1) Check the CSU/DSU CD signal and other signals to see if the link is sending and receiving information.
2) If there is no CD signal or other problems, contact the local provider to handle the fault.
Unqualified or faulty cable:
1) Use cables that meet the equipment requirements
2) Check using the breakout box
3) Exchange faulty cables
Unconfigured interface:
1) Verify the interface configuration with show running-config
2) Confirm that the same package type is used at both ends of the link
Keepalive question:
1) Verify that keepalive is sent
2) Configure keepalive send, debug keepalive
3) Verify that the serial number is increasing
4) If the serial number does not increase, run the loop test
5) CSU/DSU loop, the serial number is still not increased, then the hardware is faulty.
hardware malfunction:
1) Replace the hardware
The interface is in loop mode:
1) Check the interface configuration
2) If there is a loop on the interface, remove it
3) Clear the CSU/DSU loop mode if the interface configuration is cleared
4) If the CSU/DSU is not in loop mode, it may be the provider ring
Interface administratively down:
1) Check if there is a duplicate IP address
2) Perform interface configuration mode and execute no shutdown
Line rate is greater than interface capability:
1) Use hold-queue to reduce the size of the incoming queue
2) Increase the queue size of the output
The interface rate is greater than the line rate:
1) Reduce broadcast traffic
2) Increase the output queue
4) Use a queue algorithm if needed
Second, deal with frame relay failure
The DLCI is used to identify the virtual link in Frame Relay, the DLCI is only local signaling, and the DLCI is mapped to the Layer 3 IP address.
Steps to handle Frame Relay:
1) Check physical layer, cable or interface problems;
2) Check the interface package;
3) Check the LMI type;
4) Verify the mapping of DLCI to IP;
5) Verify the PVC of the Frame Delay;
6) Verify the LMI of the Frame Delay;
7) Verify the Frame Delay map;
8) verification loop test;
1, frame relay show command
Show interface
Show frame-relay lmi ; display LMI related information (LMI type, update, status)
Show frame-relay pvc ; output PVC information, LMI status of each DLCI, ...)
Show frame-relay map ; provides DLCI number information and encapsulation of all FR interfaces
2, frame relay debug command
Debug frame-relay lmi ; display LMI exchange information
Debug frame-relay events ; show details of protocols and applications using DLCI
3, frame relay
1) Symptoms and problems
Frame Realy link is down:
1) Cable failure
2) Hardware failure
3) Local service provider problem
4) LMI type is inconsistent
5) Keepalive is not sent
6) The package type is inconsistent
7) DLCI is inconsistent
Cannot ping remote host from Frame Delay network
1) DLCI specifies the wrong interface
2) The package type is inconsistent
3) ACL problem
4) Interface configuration error
Cable failure:
1) Check the cable and test the connector
2) Replace the cable
hardware malfunction:
1) Perform a loop test to separate the hardware
2) Connect the cable to another similarly configured interface of the router, such as OK, the hardware needs to be replaced.
Local service provider issues:
1) If the loop test makes the LMI state up, but cannot connect to the remote site, contact the local carrier.
2) Contains carrier problems, just like FR configuration errors, such as DLCI inconsistency or package inconsistency.
Inconsistent LMI types:
1) Verify that the LMI type of the router is the same as that of each device on the PVC.
2) If you are using a public provider network, you cannot access the LMI and contact the provider.
Keepalive question:
1) Use show interface to check if keepalive is disabled, or verify that keepalive is configured properly
2) If the keepalive setting is incorrect, enter configuration mode and specify the keepalive interval on the interface.
Package type:
1) Verify that the routers on both ends are encapsulated in the same way. If you have a non-Cisco router, you must use IETF. Display the package information with the show frame-relay command.
2) Replace the encapsulation mode with the encapsulation frame-relay ietf and set the encapsulation of a PVC with the available frame-relay map.
DLCI is inconsistent:
1) Display the DLCI number assigned to an interface with show running-config and show frame-relay pvc
2) If the DLCI number is configured properly, contact the vendor to verify that the FR switch has the same DLCI.
ACL problem:
1) Use the show ip interface to display the ACL applied to the interface.
2) Analyze the ACL and delete or modify it if necessary
