Global debugging
When configuring a Cisco router, the boundaries between global and interface commands are very obvious. In this case, we use "global" to identify commands that cannot be used for interface debugging or for specific transmission media types and protocol debugging. For example, in a 2500 series router, the Cisco Discovery Protocol (CDP) can be analyzed using debug commands. We log in to the router remotely via telnet. By default, the output of the debug command is sent to the console. If it is in a telnet session, we can use the terminal monitor command to view the output.
Interface debugging
The debug serial interface command is a debug command that is directly related to the router interface and transmission media type. In the following example, the serial interface is in an HDLC package. End-to-end HDLC keeps active packets exchanged every 10 seconds. This indicates that the link is operating properly and the second layer is working properly. The show interface serial0 command indicates that the line protocol is started normally. Use the undebug all command to close all debugging.
YH-Router#debug serial interfaceSerial network interface debugging is on
YH-Router#
Jun 1 21:54:55 PDT:Serial0: HDLC myseq 171093, mineseen 171093*, yourseen 1256540,line up
Jun 1 21:55:05 PDT:Serial0: HDLC myseq 171094, mineseen 171094*, yourseen 1256541,line up
Jun 1 21:54:15 PDT:Serial0: HDLC myseq 171095, mineseen 171095*, yourseen 1256542,line up
YH-Router#undebug all
All possible debugging has been turned off
Protocol debugging
Below we give two examples of protocol debugging. Both examples are related to IP protocol. Of course, debug commands apply to all other protocols.
The first example (shown below) shows ARP debugging. ARP debugging starts, then clears the ARP cache, and generates both ARP requests and responses. First, we use the command to clear all ARP caches on the router, so every LAN segment connected to the router will generate ARP packets. Because we do not need to generate too many ARP packets, the selected router is only connected to one Ethernet segment.
YH-Router#debug arpARP packet debugging is on
YH-Router#clear arp
YH-Router#
*Jun 1 21:57:36 PDT: IP ARP: sent req src 171.136.10.1 00e0.
dst 171.136.10.34 00a0.24d1.5823 Ethernet0
*Jun 1 21:57:36 PDT: IP ARP: sent req src 171.136.10.1 00e0.
dst 171.136.10.10 0080.5f06.ca3d Ethernet0
......
*Jun 1 21:57:36 PDT: IP ARP: rcvd req src 171.136.10.10 0080.5f06.ca3d, dst 171.136.10.1 Ethernet0
*Jun 1 21:57:36 PDT: IP ARP: creating entry for IP address:171.136.10.10,hw: 0080.5f06.ca3d
......
The second example (shown below) shows IP RIP debugging. At the beginning of debugging, the router table was not cleared because the router automatically updates RIP every 30 seconds, so there is no need for forced updates. Similar to the first example, all debugging should be turned off after sufficient information is obtained.
YH-Router#debug ip rip events
RIP event debugging is on
YH-Router#
NOV 27 13:55:45 PST: RIP:
sending v1 update to 255.255.255.255 via TokenRing1/0 (165.48.65.136)
NOV 27 13:55:45 PST: RIP: Update contains 25 routes
NOV 27 13:55:45 PST: RIP: Update queued
NOV 27 13:55:45 PST: RIP: Update contains 6 routes
NOV 27 13:55:45 PST: RIP: Update queued
NOV 27 13:55:45 PST: RIP: Update sent via TokenRing1/0
......
YH-Router#undeb all
All possible debugging has been turned off
Ping command
Ping is the most commonly used troubleshooting and troubleshooting command. It consists of a set of ICMP response request messages, and if the network is running normally, a set of response response messages will be returned. ICMP messages are transmitted as IP packets, so receiving an ICMP response message can indicate that connections below the third layer are working properly.
Cisco's ping command not only supports IP protocol, but also supports most other desktop protocols, such as IPX and AppleTalk protocol ping commands. Let's first look at the situation where the ping commands that support IP protocol are executed in the user's EXEC mode, and then discuss the many powerful features that the extended ping commands contain in privileged mode.
User execution mode
IP PING Simple IP ping can be executed in user mode or in privileged mode. Under normal circumstances, the command will send back 5 response requests, and 5 exclamation marks indicate that all requests have successfully received the response. The output also includes information such as maximum, minimum and average round trip time.
Each "!" indicates that an echo response was successfully accepted. If it is not the "!" sign, it indicates that the echo response was not received:
! Response successfully received
· Request timeout
U Unreachable purpose
P Unreachable agreement
N Unreachable Internet
Q Source suppression
M Can't be segmented
? Agnostic message type
IPX PING The IPX ping command can only be executed on routers running IOS v 8.2 and above. IPX ping in user mode is usually only used to test the Cisco router interface. In privileged mode, users can ping a specific NOVELL workstation, and the command format is "ping ipx IPX address".
APPLETALE PING This command uses Apple Echo Protocol (AEP) to confirm connectivity between AppleTalk nodes. It should be noted that the current Cisco router only supports Apple Echo Protocol for Ethernet interfaces. The format of the command is "ping apple Appletalk address".
Privileged execution mode
In privileged execution mode, the extended ping command is applicable to any desktop protocol. It contains more functional properties, so more detailed information can be obtained. Through this information, we can analyze the reasons for network performance degradation, not just for service loss. The execution method of the extended ping command is also to type in the ping. The router then prompts for various different properties.
EXTENDED IP PING is used as follows:
YH-Router#ping
Protocol [ip]:
Target IP address: 165.48.183.12
Repeat count [5]: 10
Datagram size [100]: 1600
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 165.48.48.3
Type of service [0]:
Set DF bit in IP header? [no]:
Data pattern [0xABCD]:
Loose, Srict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 10, 1600-byte ICMP Echoes to 165.58.183.12, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 36/39/48 ms
First we discuss the various available properties of ping in privileged mode. The default values for each attribute are displayed in parentheses.
Protocol requires testing protocol.
Target address The target address for the test.
Repeat count If there is an intermittent failure or the response time is too slow, the number of pings will be repeated.
Datagram size If you suspect that the message is lost due to too long delay or segmentation failure, the size of the message can be increased. For example, we can use 1600 byte packets to force segmentation.
Timeout This value can be increased if the timeout is suspected to be due to a slow response rather than a packet loss.
Extended commands Answer OK to obtain the extended attribute.
Source address must be the address of the router interface.
Type of service According to the attributes specified by RFC 791 TOS, the default value is usually 0.
Set DF bit in IP header? Segmentation is prohibited by setting the DF bit, even if the packet exceeds the MTU defined by the router.
Data pattern [0xABCD] The noise of the line can be tested by changing the data mode.
Loose, Strict, Record, Timestamp, Verbose[none] These are all attributes of IP packet headers. Generally, only Record attributes and Verbose are used, and other attributes are rarely used. Record can be used to record the address of each hop of the message. The Verbose attribute gives the response time of each response. .
Sweep range of sizes [n] This property is mainly used to test failures such as large packets being lost, processing speed is too slow, or segmentation failure.
EXTEND IPX PING The extended IPX ping also allows users to modify parameters, such as packet size and number of repetitions. Another enhanced property for ping in user mode is the use of the NovellStandard echo property. Using this property, users can ping the workstation that loads IPX. If this property is disabled, Novell IPX devices will not respond to pings because they do not support the Cisco proprietary IPX ping protocol. Users can modify the properties of devices to support this feature.
EXTENDED APPLETALK PING The extended AppleTalk ping command is an enhancement to ping in user mode, which is similar to the extended IPX ping. Like IP and IPX extension ping, users can also choose attributes such as Verbose.
trace command
The trace command provides information about each hop from the router to the destination address. It is implemented by controlling the lifetime (TTL) field of IP packets. The ICMP response request message with TTL equal to 1 will be sent first. The first router on the path will discard the message and send back the message that identifies the error message. The error message is usually an ICMP timeout message, indicating that the message has successfully reached the next hop of the path, or the port is unreachable message, indicating that the message has been received by the destination address but cannot be uploaded to the IP protocol stack.
In order to obtain information on the round trip delay time, trace sends three messages and displays the average delay time. Then add 1 to the TTL field of the message and send 3 messages. These messages will arrive on the second router of the path and return a timeout error or port unreachable message. Repeat this method, continuously increasing the value of the TTL field of the message until a response message of the destination address is received.
In some cases, using the trace command may cause a failure. Because there are bugs related to the trace command in the IOS. Information about these bugs can be obtained from the CCO. Another problem is that some target sites do not respond to ICMP port unreachable messages. When the output of the command displays a series of asterisks (*), you may encounter such sites. Users can use Ctrl-Shift-6 to interrupt the execution of the command.
User Execution Mode The output of a simple trace command executed in user execution mode is shown below. The distance to reach the destination is 3 hops. The response messages of 3 packets with TTL value of 1 are ICMP timeout errors, and there are two IP addresses of the returned packets. Because router 1 and router 2 are in the same network segment, and their distance to router 3 is one hop, these routers all respond to packets.
Router3#trace 171.144.1.39
Type escape sequence to abort.
Tracing the route to Router9 (171.144.1.39)
1 Router2 (165.48.48.2) 0 msec
Router2 (165.48.48.2) 0 msec
Router1 (165.48.48.1) 0 msec
2 165.48.48.129 12 msec
Router6 (165.48.49.129) 12 msec 12 msec
3 Router4 (171.133.1.2) 12 msec 12 msec
Router9 (171.144.1.39) 12 msec 12 msec
Router3
Listed belowIP traceDifferent characters appearing in the output of the command and their meanings:
XY msec Round trip delay before receiving the response message(In milliseconds)
* Message timeout
? Message type cannot be recognized
U The port is unreachable
P Unreachable agreement
N Unreachable Internet
H The host is unreachable
Q ICMP Source suppression
Privileged Mode Extend Trace Many properties used to extend ping commands can be used to extend the functionality of trace commands. The special properties of the extended trace command are:
Numeric display By default, the output of the trace command includes both the IP address and its corresponding DNS domain name. This property can be used if the user does not need to display the DNS domain name.
The default value of Probe count is 3, and users can adjust it as needed.
TTL This value can vary between the maximum and minimum TTL values.
Port number This is a very useful property that allows engineers to track specific transport layer ports. Therefore, it is possible to confirm not only the IP connectivity between the source and destination, but also to confirm whether the high-level service is accessible.
Another problem related to the trace command is that if there are multiple paths to the destination, the source address of the return message may be different. In this case, the user needs to carefully compare the delay times of different return messages. If you still cannot get a clear result, you can remotely access one or more routers on the path and use the trace command to access the source and destination addresses. (