Overview of Network Troubleshooting
Network fault diagnosis, starting from the fault phenomenon, uses network diagnostic tools as a means to obtain diagnostic information, determine network fault points, find the root cause of the problem, troubleshoot faults, and restore normal network operation. Network failures usually have the following possibilities: failure to connect physical devices in the physical layer or problems with the hardware and the line itself; problems with the interface configuration of network devices at the data link layer; errors in network protocol configuration or operation of network layer; problems with device performance or communication congestion in the transmission layer; errors in upper layer three or network applications. The process of diagnosing network failures should proceed upward from the physical layer along the OSI layer seven model. First check the physical layer, then the data link layer, and so on, try to determine the failure point of communication failure until the system communication is normal.
Network diagnostics can be used with a variety of tools: router diagnostic commands, network management tools, and other troubleshooting tools including LAN or WAN analyzers. Viewing the routing table is a good way to start looking for network failures. ICMP's ping, trace commands, Cisco's show commands and debug commands are network tools for obtaining useful information for troubleshooting. How to monitor the operating details and failures of the network under normal conditions, and what content should be monitored? The show interface command can be used to obtain information about each interface to be checked very easily. The show buffer command provides periodic display of buffer size, purpose and usage status. The show proc command and the show proc mem command can be used to track processor and memory usage. This data can be collected regularly and used for diagnostic references when a fault occurs.
Troubleshooting steps
The first step is to determine the specific phenomenon of the fault and analyze the type of cause of this fault phenomenon. For example, the host does not respond to a customer request for service. Possible failure causes are host configuration problems, interface card failure, or router configuration commands lost.
The second step is to collect the information needed to help isolate the cause of possible failures. Gather useful information from network management systems, protocol analysis tracking, output reports of router diagnostic commands, or software manuals.
The third step is to consider possible causes of failure based on the collected situation and troubleshoot some causes of failure. For example, hardware failures can be troubleshooted based on certain data and focus on software reasons.
Step 4: Establish a diagnostic plan based on the final possible cause of the failure. Begin to perform diagnostic activities with only one of the most likely cause of failure, which can easily restore to the original state of the failure. If multiple failure causes are considered at once, it will be much more difficult to try to return to the original state of the failure.
Step 5: Implement the diagnostic plan, carefully carry out every step of testing and observation, and confirm the results of each parameter change. Analyze the results to determine whether the problem is solved. If it is not solved, continue until the fault disappears.
Network layered diagnostic technology
The failure of the physical layer is mainly reflected in whether the physical connection method of the device is appropriate; whether the connection cable is correct; whether the configuration and operation of Modem, CSU/DSU and other devices are correct. The best way to determine whether the physical connection of the router port is to use the show interface command, check the status of each port, explain the screen output information, and view the port status, protocol establishment status, and EIA status.
To find and troubleshoot data link layer failures, you need to check the router configuration and check the encapsulation status of the same data link layer shared by the connection port. Each pair of interfaces is to have the same package as other devices that communicate with them. Check the encapsulation by checking the router's configuration, or use the show command to view the encapsulation status of the corresponding interface.
The basic method to troubleshoot network layer failures is to view the router routing table along the path from the source to the destination, and also check the IP address of the router interface. If the route does not appear in the routing table, check to determine whether the appropriate static route, default route, or dynamic route has been entered. Then manually configure some missing routes, or troubleshoot some dynamic routing process, including failures caused by RIP or IGRP routing protocols. For example, for IGRP routing, the selection information only exchanges data between systems with the same autonomous system number (AS) to view the matching of the autonomous system number configured by the router.
Troubleshooting the router interface
Troubleshooting of serial ports
When a serial port connectivity problem occurs, in order to troubleshoot serial port failures, it is generally based on the show interface serial command to analyze its screen output report content to find out the problem. The beginning of the serial port report provides the interface status and line protocol status. There are several possible combinations of interface and line protocols:
1. Serial port operation and line protocol operation are complete working conditions. The serial port and line protocol have been initialized and are exchanging the survival information of the protocol.
2. The serial port is running and the line protocol is closed. This display indicates that the router is connected to the device that provides the carrier detection signal, indicating that the carrier signal appears between the local and remote modems, but the protocol survival information at both ends is not correctly exchanged. Possible failures occur when router configuration problems, modem operation problems, rental line interference or remote router failures, digital modem clock problems, and this report will appear when the two serial ports connected through the link are not on the same subnet. 3. Both the serial port and line protocol are closed, which may be a line failure in the telecommunications department, a cable failure or a modem failure.
4. Serial port management shutdown and line protocol shutdown are used in this case, when the shutdown command is entered in the interface configuration. Turn on Administrative Close by typing the no shutdown command.
When both the interface and line protocol are running, although basic communications of the serial link are established, many potential failure problems may still occur due to packet loss and packet errors. During normal communication, the interface input or output packets should not be lost, or the amount of loss is very small and will not increase. If packet loss increases regularly, it means that the traffic transmitted through the interface exceeds the traffic that the interface can handle. The solution is to increase the line capacity. Find packet loss that occurs other reasons, and view the input and output keep queue status in the output report of the show interface serial command. When it is found that the number of packets in the hold queue reaches the maximum allowable value of the information, the size of the hold queue setting can be increased.
Troubleshooting Ethernet interfaces
Typical failure problems with Ethernet interfaces are: over-utilization of bandwidth; frequent collisions; and use of incompatible frame types. Use the show interface ethernet command to view the interface's throughput, collision collision, packet loss, and frame type related content.
1. By viewing the throughput of the interface, you can detect the bandwidth utilization of the network. If the percentage of network broadcast packets is high, network performance begins to decline. Packets converted to Ethernet segments of fiber optic networks may flood the Ethernet port. This can be done in the Internet to optimize the interface, i.e. use the no ip route-cache command on the Ethernet interface, disable fast conversion, and adjust the buffer and keep queue settings.
2. A collision occurs when two interfaces attempt to transmit packets to the Ethernet cable at the same time. Ethernet requires very few conflicts, and different network requirements are different. Generally, if you find that there are three or five conflicts per second, you should find the cause of the conflict. Collision conflicts create congestion, and the causes of collision conflicts are usually due to the cable laid out, overuse, or “deaf” nodes. Ethernet networks should consider physical design and cable laying system management, and cable laying beyond standardization may cause more conflicts. 3. If the interface and line protocol report the operating status and the node's physical connection is intact, communication cannot be done. The cause of the problem may also be that the two nodes use incompatible frame types. The solution to the problem is to reconfigure using the same frame type. If two devices on the same network using different frame types are required to communicate with each other, you can use a sub-interface on the router interface and specify a different encapsulation type for each sub-interface.
Troubleshooting asynchronous communication ports
During the operation of the interconnected network, the task of the asynchronous communication port is to provide users with reliable services, but it is also a part that is frequently encountered. Asynchronous communication port failures are generally external factors: poor dial-up link performance; connection quality problems of telephone network switches; modem settings. Check the modems used on both ends of the link: There are not many problems with connecting to the remote PC port modem, because the modem is usually initialized every time a new dial is generated, and most communication programs can send appropriate setting strings before issuing dialing commands; there are many problems with connecting to the router port, and this modem usually waits for a connection from the remote modem, and does not receive the setting string before connecting. If the modem loses its setup, a method should be used to initialize the remote modem. The simple way is to use a modem that can be configured through the front panel; another way is to connect the modem to the asynchronous interface of the router, establish a reverse telnet, and send a setting command to configure the modem.
The show interface async command and the show line command are the most commonly used tools to diagnose asynchronous communication port failures. The only case in which the interface status report is closed in the show interface async command output report is that the interface does not have a package type set. The line protocol status display is the same as the serial port line protocol display. The show line command displays interface reception and transmission speed settings and EIA status display. The show line command can be considered an extension of the show interface async command. Check the EIA signal output by the show line command to determine the network status.
To determine the fault of the asynchronous communication port, the following steps are generally available: check the quality of the cable line; check the parameter settings of the modem; check the connection speed of the modem; check whether the rxspeed and txspeed match the modem configuration; check the communication status of the port through the show interface async command and the show line command; check the EIA status display from the report of the show line command; check the interface packaging; check the packet loss and buffer loss.