Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.
com
1 2
www.preplogic.com = 1-800-418-6789
Domain 1: Maintain and
Monitor Network Performance
What is Network Maintenance?
The rst thing you should learn about troubleshooting Cisco networks is how to
help avoid problems in the rst place.
A router or switch that is kept up to date with the latest general deployment IOS
image has the following advantages:
Stability
Fewer bugs
Easier and quicker to repair
Examples of network maintenance include:
Hardware and software installation/conguration according to best-practices
Troubleshooting network problems proactively and through trouble tickets
Monitoring using network tools such as syslog and SNMP
Tuning the network for additional performance
Planning for network expansion
Network documentation for both current and future needs
Compliance with legal regulations and organizational policies
Network security
As hinted earlier, there are two different troubleshooting triggers:
Proactive planned network maintenance base on general upkeep and
future expansion
Reactive unplanned maintenance commonly triggered by responding
to problems found by network monitoring tools or through trouble tickets
from end-users.
Network Maintenance Models
There are several, well-known network maintenance models that you need to know
Fault management, Conguration management (FCAPS) an ISO model
that species management for Accounting, Performance, and Security.
IT Infrastructure Library (ITIL) a United Kingdom developed model
that provides detailed checklists, tasks and processes that can be easily
tted into most businesses.
Telecommunications Management Network (TMN) an ITU-T
developed model for management of telecommunication networks. It is a
variation of FCAPS that focuses more on voice and telecom networks.
Cisco Lifecycle Services outlines a Cisco network according to the
technology lifecycle for the hardware. This is a cycle based plan that
denes the following phases:
y Preparation
y Planning
y Design
y Implementation
y Operation
www.preplogic.com
=
1-800-418-6789
PrepLogic
15-Minute Guide
=
TM
TSHOOT (642-832)
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
3 4
www.preplogic.com = 1-800-418-6789 CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
Network Administrator Responsibilities
The role of a Cisco network administrator is to handle the maintenance and
upkeep of the current network. This includes network related tasks such as:
MAC-D: Moves, Adds, Changes and Deletions
Writing network documentation related to the upkeep and future growth
of the network
Disaster Recovery (DR) planning and testing
Network monitoring
Troubleshooting hardware/software problems and incompatibility issues
from end-users
Scheduled maintenance including Change Control documentation
Fallback planning in the case of a maintenance failure
A Network Communications Plan is typically a shared spreadsheet used by the
organization that species the following when a network outage occurs:
Who should be contacted in the internal network department when a
specic outage occurs?
Denes the critical value of a piece of network equipment to
the organization. Based on this, the plan will specify the times that
people should be contacted depending on importance of the device.
Who the IT managers are in the case where an outage needs to be escalated.
Vendor names, numbers and email addresses in the case where external
help is required to x a problem.
Network Administrator Tools
Network maintenance tools vary widely both in terms of monetary cost to the
organization as well as their usefulness to the administrator.
CLI Tools
The Cisco IOS provides many useful tools to troubleshoot hardware and
software problems. Most administrators will nd that a large percentage of
their time will be spent troubleshooting from the CLI.
The show command is useful to view various statistics of an IOS device
including things such as interfaces, routing protocols, CPU/memory,
startup/running congurations and logging.
The debug command is enabled or disabled on an IOS device to provide
real-time information coming from the Cisco hardware.
The Cisco IOS can be used to create a Conguration History by copying
the changed congurations to a TFTP server and labeling them based on
the date the change was made.
Another great tool that can be used with troubleshooting devices
remotely using Telnet or SSH is the terminal monitor command.
An alternative is to use the logging buffered <severity> command.
This table shows the levels and names:
Logging Severity Number Logging Severity Name
0 Emergencies
1 Alerts
2 Critical
3 Errors
4 Warnings
5 Notications
6 Informational
7 Debugging
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
5 6
www.preplogic.com = 1-800-418-6789 CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
GUI Tools
Cisco also provides several free and add-on GUI tools for maintaining and
troubleshooting equipment. These tools include:
Cisco Works
The Cisco Conguration Professional (CCP)
The Cisco Conguration Assistant (CCA)
The Cisco Network Assistant (CNA)
The Cisco Security Device Manager (SDM)
Troubleshooting Methodology
The process of Troubleshooting can be broken down into the following steps:
1. Responding to a discovered problem.
2. Determining the root cause. AKA diagnosis.
3. Fixing the problem in the best method possible.
If you follow these diagnosis steps, it can make the root cause discover a
much easier process:
1. Collect information when a trouble ticket comes in, you will almost
always have to get additional information. This step requires that the
administrator either contact the customer to get the information or
possibly the use of network administration tools.
2. Examine the information once the administrator feels that enough
information has been collected, they must examine the information to see
if they can make coronations based on the ndings. Baseline information
can be very important in this step.
3. Eliminate potential causes the easiest way to narrow down the
possibilities of a failure is to rst eliminate things that WOULD NOT cause
the reported problem.
4. Hypothesize underlying cause this step is where the administrator
uses their skill to come up with a handful of possible causes.
These hypotheses can be determined using hard facts or even gut
feelings if the administrator is experienced enough.
5. Verify hypothesis the administrator then tests their hypothesis,
which will conrm or deny the theory of the root cause.
The Integration of Maintenance and Troubleshooting
Below is a network maintenance lifecycle that should be strictly followed to
insure that solutions to problems are completely resolved:
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
7 8
www.preplogic.com = 1-800-418-6789 CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
Domain 2: Troubleshoot Multi
Protocol System Networks
Potential Layer 2 Switch Problems
When a network administrator is troubleshooting a problem and has it narrowed
down to the data-link (layer 2) layer of the OSI model or lower, there are three poten-
tial problems that they should investigate:
Hardware Problems Hardware problems are considered to be a physical
(layer 1) layer issue. Common things to check are the endpoint hardware
network card, cabling and the Cisco switchport.
VLAN Conguration Problems a virtual LAN (VLAN) is a logical network
that allows a group of devices to act as if they are on the same physical
network. All devices within a VLAN share the same unicast, broadcast and
multicast domain.
Trunk Conguration Problems If you are troubleshooting a trunk link,
you will need to verify that the conguration settings are the same on both
switches. Settings like trunk encapsulation type (802.1q or ISL), native VLAN
and trunk modes are congured for proper operation.
Layer 2 Troubleshooting Techniques
Network administrators have multiple show command options when trouble-
shooting physical, VLAN and trunk problems.
The commands that you should familiarize yourself with include:
show interfaces
show interfaces counters
show interfaces errors
show mac-address-table (or show mac address depending on the IOS
version/hardware being used)
show mac-address-table <address>
clear mac-address-table dynamic
show vlan brief
show interfaces switchport
show interfaces trunk
traceroute mac
Show interfaces
The following table lists some of the show interface error counters and why they
might be incrementing:
Error Counter Common Problem
Align-Err Cabling problems or duplex mismatch
FCS-Err Cabling problems
Xmit-Err Bottleneck on the local switch
Undersize Giants Bad end-station network card
Single-Col Duplex mismatch
Multi-Col Duplex mismatch
Late-Col Duplex mismatch
Excess-Col Duplex mismatch
Show interfaces counters
A different method of viewing interface stats is the show interfaces
<interface> counters command. This command is useful for viewing
trafc that is broken into broadcast, unicast and multicast counters.
Show interfaces errors
Adding the keyword errors to the show interface counters command,
displays detailed descriptions of the types of errors that may be occurring on
your interface as shown here where there are incrementing Transmit errors
(Xmit-Err) which is likely due to a bottleneck when too much trafc from a larger
bandwidth port (such as Gigabit Ethernet).
Show mac-address-table
The content addressable memory (CAM) table holds the port to MAC address
mappings on a switch. This is useful when troubleshooting layer 2 problems or
when tracking bad network card that is malfunctioning. There are basically two
different types of CAM table entries. Static mappings are manually congured
on the switch and dynamic mappings are learned by the switch when a network
card begins transmitting data. By default, dynamic mappings are stored in the
CAM table for 4 hours. If no trafc is seen by the switch after the timer expires,
the entry is removed from the table.
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
9 10
www.preplogic.com = 1-800-418-6789 CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
Mobile Edition
Enjoy your
15-Minute Guide
the way it was
meant to be, on
your iPod, iPhone,
Blackberry and
more! Visit us at
preplogic.com/m
Show mac-address-table address
If a network administrator is looking for a specic MAC address on a switch
they can add the keyword address at the end of the command and enter the
specic MAC.
Clear mac-address-table dynamic
An administrator will come across times when they want to quickly purge
dynamic MAC address from the CAM table. This is just a simple matter of enter-
ing the command clear mac-address-table dynamic. This will clear
out all of the dynamic mappings on that particular switch. The table will then be
rebuilt when the connected devices begin attempting to communicate through
the switch port.
Show vlan brief
When an administrator is troubleshooting switch problems that might be
VLAN related, the most obvious piece of information that should be obtained on
the switch is what VLANs are actually congured on it.
Show interfaces switchport
If you want to get detail into both the administrative and operational status
of a switchport, use the show interfaces switchport command.
This command is very useful to provide quick insight into the administration
setup of trunk ports that carry multiple VLANs to other switches.
Show interfaces trunk
If the network engineer logs into a switch and wants to quickly view what
port(s) are congured as trunk ports, the show interfaces trunk command is a
great tool. This command displays VLANs that are allowed on specic trunk
ports and which VLANs are being forwarded as seen in this output.
Traceroute mac
Weve already covered the traceroute command at layer 3. You can also use this
command on a Cisco switch to perform a layer 2 trace. The traceroute mac
<source-MAC> <destination-MAC> can be used to see the layer 2 hop-
by-hop path a datagram takes.
Spanning-Tree Troubleshooting Techniques
There are several types of STP that can be congured on Cisco devices:
Common Spanning Tree (CST) this STP protocol provides a single
instance for the entire layer 2 network. All VLANs within the switched
network share the same instance.
Per VLAN Spanning Tree (PVST) this protocol maintains a separate
STP instance for every VLAN congured on the switched network.
One of the advantages of PVST is that it can load balance and separate
trafc across trunk links because one instance can block a port on a trunk
inside a particular VLAN while the other instance will forward their trafc
out the same trunk. This is the default mode on Cisco switches.
Multiple Instance Spanning Tree (MISTP) this is an IEEE 802.1S
protocol that allows engineers to map multiple VLANs to an
instance of STP.
Rapid Spanning Tree (RSTP) RSTP is an IEEE 802.1w standard that is the
evolution of STP over time. The protocol implements many new features
to allow for faster convergence after a topology change has occurred.
The features are the equivalent to PortFast, BackboneFast and UplinkFast
which can be congured with regular STP but are Cisco proprietary.
RSTP can converge in less than a second compared to up to 50 seconds
with standard STP.
Per VLAN Rapid Spanning Tree (PVRST) a combination of PVST+ and
Rapid spanning tree that allows for use of the rapid spanning tree features
on a per VLAN basis.
Spanning-Tree Stages
A network administrator must also understand the ve possible STP stages:
Disabled the disabled state means that the switch port is
administratively shutdown.
Blocking does not forward any frames but still listens to BPDUs from
other switches. The default timer is 20 seconds.
Listening this is the next stage after blocking. In the Listening mode,
the port will begin sending BPDUs out the port. The default timer
is 15 seconds.
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
11 12
www.preplogic.com = 1-800-418-6789 CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
Learning this stage is where the switch receives MAC address
information from connected devices on the switchport. No data trafc is
passed at this point of the process. The default timer is 15 seconds.
Forwarding this stage is where the port actually begins the
transmission and reception of data frames.
Show spanning-tree vlan
The rst command is show spanning-tree vlan <vlan-id>. This command dis-
plays information about the STP state of the local switch.
Show spanning-tree interface detail
The show spanning-tree <interface> detail command sheds light into what
information is contained within BPDUs. This is the information that this particu-
lar switchport is sending out. It also has counters as to the number of BPDUs
sent and received.
Common Spanning-Tree Problems
MAC Address Table Corruption
As we know, the CAM table is responsible for keeping track of MAC
address to switchport mappings on a local switch.
Sometimes things go wrong and for whatever reason, the CAM table
becomes corrupted.
What usually happens when the corruption occurs is that two copies of
the same Ethernet frame will be sent out onto the network.
The key to identifying this problem is by tracking the MAC address from
switch to switch, continuing to get closer to the source PC and ultimately
nding the problematic switch.
Broadcast Storm
Switches ood broadcasts out all interfaces in the same VLAN, except the
interface in which the frame arrived. If your layer 2 segment has a loop,
it will continuously forward datagrams from one switch to another in a
never-ending cycle.
Many times, a broadcast storm is not due to a failure within STP but rather,
a conguration error or adding a new switch/hub on the network can
cause the LAN segment to loop.
Symptoms of a broadcast storm include very slow network response
times and network operations ceasing to function. Eventually, a broadcast
storm can bring down a large portion of your network if you are spanning
VLANs across distribution blocks.
Ether-Channel Troubleshooting Techniques
There are several things that a network administrator must verify on a
problematic EtherChannel link:
All ports must be of the same type including
y Speed
y Duplex
y Access port or Trunk
y VLAN settings
Both ends of the channel must be congured for the same EtherChannel
type being LACP, PAgP or on with no negotiation. If only one side is
congured as an EtherChannel, the ports on the remote switch will be
placed into Err-disable mode and cannot function.
The channel might form, but trafc might still be traveling over primarily
one link. This is due to the distribution algorithm being used for load
balancing. If your trafc is primarily used by a small number of devices,
changing the load-balancing algorithm from source-based to destination-
based MAC addressing can help eliminate this problem.
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
13 14
www.preplogic.com = 1-800-418-6789 CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
Troubleshooting InterVLAN Routing (IVR)
When two devices on different VLANs need to talk to each other,
they require assistance from a routing device to communicate.
VLANs are logical broadcast segmentations of a network.
In order to send trafc from a device on VLAN A to a device on VLAN B,
the trafc must go through a layer 3 routed interface.
Previously, routers handled this task either using individual connections
for each broadcast segment or a trunked connection from a switch to a
router which is often referred to as a router-on-a-stick.
More recently, switches themselves have incorporated the ability to both
switch and route on a single device.
On the other hand, multilayer switches have these benets:
y MLS devices use hardware ASICs that can route trafc at wire speed.
This makes routing tasks much faster compared to routed methods.
y The backplane of a MLS device is much larger than most any inter-
face port. This helps to eliminate any bottlenecks on the network
when routing trafc from one VLAN to another.
y MLS devices provide many more software features to enhance the
performance and security of routed trafc that you cannot achieve
using standard routing methods.
The TSHOOT exam focuses mainly on troubleshooting IVR
on MLS switches.
The two most common commands used when troubleshooting IVR on
any layer 3 device is the show ip route and show ip arp commands.
Troubleshooting Gateway Redundancy Protocols
Gateway redundancy is also known as rst hop redundancy due to the fact
that it provides end-device redundancy from a default gateway standpoint.
The three main redundancy protocols that Cisco layer 3 devices utilize are Hot
Standby Routing Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP)
and the Gateway Load Balancing Protocol (GLBP).
Hot Standby Routing Protocol (HSRP)
There are three interface types that can be congured for HSRP:
1. Standard Routed Ports
2. MLS switched virtual interfaces (SVI)
3. Layer 3 EtherChannels
HSRP uses a priority conguration to determine which layer 3 interface
is primary. When HSRP is initially congured, the device has a default priority of
100. The highest priority becomes the primary interface. HSRP communicates
to its peers by sending multicast messages. These messages include:
Hello veries that the routers are still functioning properly.
Coup when a standby router becomes the active router.
Resign when a router that is the active router sends this message when
it is about to give up being the active due to another router with a higher
priority coming online.
show standby <group>
The show standby <group> command displays real-time information
about a congured standby group. This command displays detailed information
which is valuable for troubleshooting such as:
Last state change
Virtual IP address
Hello timer settings
Hold timer settings
Preemption enabled/disabled
Priority settings
Mobile Edition
Enjoy your
15-Minute Guide
the way it was
meant to be, on
your iPod, iPhone,
Blackberry and
more! Visit us at
preplogic.com/m
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
15 16
www.preplogic.com = 1-800-418-6789 CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
In addition, the State portion of the command lets you know what state the
local MLS switch is currently in. A standby group can be in one of these ve
possible states:
Active the current HSRP MLS.
Standby the MLS/router is next in line to be the active HSRP switch.
Speak the MLS/router is sending HSRP hellos to neighbor MLS/routers
in the same group to determine which switch will be active.
Listen the MLS/router is listening for HSRP messages from other MLS/
routers in the group.
Init or Disabled the MLS/router is not yet ready or able to participate in
HSRP, possibly because the associated interface (either physical or SVI) is
not up. The state is listed as Disabled if the standby ip command has
not been congured on the MLS/router.
show standby brief
Adding the keyword brief to the show standby command displays basic
information about all of the HSRP interfaces congured on your Router or MLS.
debug standby
The nal HSRP troubleshooting command a TSHOOT candidate should be
familiar with is the debug standby command. This command outputs HSRP
hello and State information to the command line. This can help a network
administrator to see if hellos are being properly sent and received as well as
possibly identifying what state in the HSRP process the MLS/router is failing at.
Virtual Router Redundancy Protocol (VRRP)
VRRP is an IETF standard gateway redundancy protocol.
Because its a standard, it can be used in multi-vendor environments.
VRRP conguration enables a group of layer 3 devices to form a single
virtual router.
The end devices then use the virtual router as their default gateway address.
VRRP works very much like HSRP but instead of creating a Virtual
IP address, VRRP uses the master interface physical IP address.
If for some reason, the master VRRP router fails, the backup VRRP router
takes over the IP address and applies it to its physical interface.
show vrrp brief
To view VRRP information, issue the show vrrp brief command.
This command displays the information found in the following table:
Field Description
Interface Interface or SVI used
Group VRRP group
Prio VRRP priority (higher is preferred)
Time Amount of time before backup takes over
Own Owner of the IP
Pre If preemption (P) is congured
State Role the interface or SVI is currently in
Master addr IP of the master virtual router
Group addr IP of the virtual router
Gateway Load Balancing Protocol (GLBP)
The main difference between GLBP and HSRP/VRRP is in its ability to load
balance by default.
With HSRP and VRRP, there are ways to design your network to load
balance at the VLAN level, but this can lead to an imbalance if one VLAN
utilizes the vast majority of trafc.
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
17 18
CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
www.preplogic.com = 1-800-418-6789
GLBP is a per-MAC address way to load balance while still providing
gateway redundancy.
GLBP routers congured in the same group communicate between each
other using multicast hello packets.
show glbp brief
Similar to both HSRP and VRRP, the show glbp brief command displays
information about the currently active glbp virtual gateways. Similar to
the others, the command output displays real-time information including:
Interface
Group
Priority
Address
Active Router
Standby Router
Troubleshooting Network Derogation Problems
Troubleshooting issues that are not conguration problems can often
times be the most difcult.
A decent amount of trial-and-error must go into the troubleshooting
process if you are fairly new network administrator.
After time, you will begin to have a sixth-sense about many problems
however and will have the ability to resolve them quickly.
Straight-through vs. crossover
There are two basic standards for Ethernet pinouts.
The rst is the straight-through cable.
This cable can be used to connect non-like devices together such as a PC
to a switch or a switch to a router.
If you needed to connect two of the same device together, you needed to
use whats known as a crossover cable which literally ips the Rx and Tx
wires on each end of the cable.
More recently, Cisco has implemented whats known as automatic
medium dependent interface crossover (auto-MDIX).
This switchport feature can be enabled so the switchport can detect
which pins to transmit and receive based on learning if the connected
device is another switch or a different device.
Speed/Duplex Mismatch
Network derogation on an Ethernet LAN is often times a simple speed and
duplex mismatch.
A duplex mismatch results in slow performance, dropped frames,
data link errors, and other issues:
One side of the connection is hard coded and the other is set
to auto-negotiate.
Switch Forwarding Processes
A second network derogation problem TSHOOT candidates should familiarize
themselves with is how to understand and troubleshoot the multilayer switch
packet forwarding processes when using TCAM memory.
There are several reasons why a packet might be punted from the TCAM to the
main CPU. These reasons include:
If a switchs TCAM has reached capacity and cannot process any more
packets, all packets that go over the TCAM limit will be punted to
themain CPU. An overtaxed MLS switch with too many routes or ACLs to
process can cause the TCAM to reach capacity. This is the most common
occurrence of punting on most networks.
Mobile Edition
Enjoy your
15-Minute Guide
the way it was
meant to be, on
your iPod, iPhone,
Blackberry and
more! Visit us at
preplogic.com/m
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
19 20
CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
www.preplogic.com = 1-800-418-6789
Routing protocols and data control plane protocols (Like STP)
communicate using either broadcast or multicast packets. This trafc will
be sent to the main CPU.
An administrator that remotely connects to the local switch using Telnet/
SSH or the web GUI will have their packets sent to the main CPU.
Packets using a feature that not supported in by hardware ASICs such as
trafc traversing a GRE tunnel are sent to the CPU.
Troubleshooting Switch Supervisor Redundancy
Modular switches such as the Catalyst 6500 series platform support supervisor
redundancy. Two supervisor cards can be placed into a switch. Only one super-
visor module will function at a time. If for some reason, the active supervisor
module were to fail, the second module would assume routing and switching
responsibilities. There are two types of supervisor redundancy currently avail-
able on Cisco switches, they are:
Route Processor Redundancy (RPR)
y Secondary supervisor module waits for a failure and then boots
and initializes. The process of taking over routing and switching is
between 2 and 4 minutes
Route Processor Redundancy Plus (RPR+)
y A newer supervisor redundancy method where the secondary
processor is online and fully initialized. The process of taking over
routing and switching is between 30 and 60 seconds.
y The IOS versions must be identical when using RPR+ otherwise an
error will occur and RPR+ will fall back to using standard RPR
Troubleshooting IP Routing Protocols
When troubleshooting any type of connectivity problems, many network
administrators choose to use the divide-and-conquer troubleshooting method
and begin working a problem at the network layer of the OSI model.
Basic Routing Concepts
Remember that when a PC residing on one subnet needs to communicate to
a PC residing on a different subnet, the PC must send the data to its default
gateway IP address.
For the sake of the TSHOOT exam, these routing methods include the following:
Static routes
EIGRP
OSPF
BGP
In addition to routing, a TSHOOT candidate must be familiar with the
following routing terms:
IP routing table a database that stores the routes and metrics to
remote networks. This information contains the topology of all connected
networks as well as any statically congured routes and routes learned
through dynamic routing protocols.
ARP table a table of MAC address to IP address mappings that are either
dynamically or statically learned by the local router.
Forwarding Information Base (FIB) similar to a routing table,
the FIB contains information regarding how to reach remote networks.
The difference between the FIB and a standard routing table is that the FIB
is optimized for very fast routing table lookups of destination addresses.
The FIB is used on CEF enabled routers.
Adjacency Table another table used by CEF enabled devices. This table
maintains layer 2 next-hop addresses for layer 3 FIB entries.
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
21 22
CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
www.preplogic.com = 1-800-418-6789
Administrative Distance
Method Distance
Connected 0
Static 1
EIGRP Summary 5
External BGP 20
Internal EIGRP 90
OSPF 110
RIP 120
External EIGRP 170
Internal BGP 200
Unknown 255
Basic Routing Concepts
When troubleshooting basic routing problems, dont forget to investigate both
the control AND data plane portions of the router/MLS.
Below are some of the best-practice troubleshooting commands used to
troubleshoot both the control and data planes:
Show ip route <network> <mask>
The show ip route <network <mask> command details the current
state of the routers IP routing table for a specic network.
Show ip route <network> <mask> longer-prexes
If we add the keyword longer-prexes for our supernet network, the com-
mand output displays that only routes matching the ip-address and mask pair
or any higher mask should be displayed.
Show ip cef <network> <mask>
If you are having routing difculties but your routing table looks ne, the next
place a network administrator should look is the FIB table.
Show ip cef exact-route <source_ip> <destination_ip>
An enhancement to the standard show ip cef command is to use the
exact-route keyword. The network administrator then species a specic
source and destination IP address to see the specic route a packet would take
given the source and destination Ips.
Show ip arp
The show ip arp command is one of the most frequently used commands in
a network administrators arsenal.
Show frame-relay map
If you have remote sites that utilize frame-relay circuits, a very common trouble-
shooting command is show frame-relay map. This command displays the
following information useful for troubleshooting:
Link status (up or down)
Layer 2 DLCI to IP address mappings
Dynamically or statically congured mapping
Frame-relay encapsulation type
If TCP/IP header compression is used
Show adjacency detail
The show adjacency detail command lists all of the local routers routing
protocol information and adjacencies with detailed timer information.
Debug ip routing
The debug ip routing command shows debug level routing information
for all IP routing protocols. It details information such as routing table and route
cache updates.
Troubleshooting EIGRP
The Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced dis-
tance vector protocol routing protocol.
Essential EIGRP Troubleshooting Commands
This next section describes the most important show and debug commands
that can be used to troubleshoot EIGRP networks.
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
www.preplogic.com = 1-800-418-6789
23 24
CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
Show ip eigrp interfaces
If an administrator wants to see which EIGRP interfaces are currently active,
a great command to use is the show ip eigrp interfaces command.
In addition, the command displays the following information regarding the
individual EIGRP interfaces:
Field Description
Interface Interface that EIGRP is active on
Peers Number of EIGRP peers on that interface
Xmit Queue Un/Reliable Number of packets in queues
Mean SRTT Mean smooth round-trip time (ms)
Pacing Time Un/Reliable Time used to pace EIGRP protocol packets
Multicast Flow Timer Maximum number of seconds the interface will
send multicast EIGRP packets
Pending Routes Number of routes in queued packets
Show ip eigrp neighbors
If an EIGRP network is suffering from stability issues, use the show ip eigrp
neighbors command to not only see what EIGRP neighbors the local router
has discovered but also to view the uptime of the neighbor connection.
Show ip eigrp topology
The show ip route command will show which EIGRP routes are placed
into the routing table. However, if you are troubleshooting EIGRP and need
to examine all the routes (successor and feasible successor) that the DUAL
algorithm has calculated, the show ip eigrp topology command will
give you the detail that you need.
Show ip eigrp trafc
One often overlooked eigrp troubleshooting command that nicely displays the
number of EIGRP messages sent and received on an EIGRP enabled router is the
show ip eigrp trafc command.
Troubleshooting OSPF
OSPF is an open standard routing protocol that has very fast convergence
similar to EIGRP.
Essential OSPF Troubleshooting Commands
Show ip route ospf
The show ip route ospf command is used to display the routing table for
only OSPF routes. If you have multiple routing protocols, this command helps to
lter out everything except for OSPF learned routes
Show ip ospf interface
The show ip ospf interface command details OSPF enabled interfaces.
This command species important information such as:
Area
Router ID
Network type
DR IP address
BDR IP address
Neighbor count
Timer settings
Show ip ospf neighbor
The show ip ospf neighbor command displays OSPF neighbor
information on an interface-by-interface basis. This is a quick way to check
your neighbors to see which ones are adjacent and which are DR/BDR if the
interfaces are of OSPF type Broadcast such as Ethernet connections.
Practice Exams = Video Training = Mega Guides = Printables = Audio Training 1-800-418-6789 = www.preplogic.com
Show ip ospf database
When a network has multiple areas congured on it, an excellent way to
view the router IDs congured in each area is to use the show ip ospf
database command. In addition, you can see the following information:
Field Description
Link ID Router ID IP address
ADV Router Advertising Router IP address
Age Age of the neighbor connection
Link count Number of interfaces detected
Show ip ospf virtual-links
The CCNP ROUTE exam details how to congure OSPF virtual-links when
needed on a network. Essentially, an OSPF virtual link is a tunnel for LSA
information when an OSPF area cannot directly connect to area 0. While it is
advisable to avoid OSPF virtual-links in production, sometimes it is necessary.
If a network administrator suspects that an OSPF virtual-link is not operat-
ing properly, the best command to verify functionality is to use the show ip
ospf virtual-links command. This will show information such as:
Current OSPF virtual-link status (up or down)
OSPF area that is being used to transit to area 0
OSPF circuit State
Timer settings
Adjacency State
25 26
www.preplogic.com = 1-800-418-6789 CCNP TSHOOT (642-832) PrepLogic
=
15-Minute Guide
=
Notes
