12-6. Packet Tracing The ping (Packet Internet Groper) command can be used to test end-to-end connectivity from a switch to a remote host. The IP ping uses ICMP type 8 requests and ICMP type 0 replies. The traceroute or Layer 3 traceroute command can be used to discover the routers along the path that packets are taking to a destination. An IP traceroute uses UDP probe packets on port 33434. The l2trace or Layer 2 traceroute command can be used to discover the physical path that a packet will take through a switched network. l2trace looks up the destination in the forwarding table, and then contacts the next neighboring switch via CDP. Each switch hop is queried in a similar fashion. l2trace is only supported on Catalyst 4000, 5000, and 6000 (COS only) switches. If other switches are encountered along the path to the destination, they won't know how to respond to the l2trace request, and the l2trace will time out.
Configuration 1. | Use ping packets to check reachability:
COS | ping -s host [packet-size] [packet-count]
| IOS | (exec) ping [host]
|
The IP ping sends ICMP type 8 (echo request) packets to the target host (IP address or host name), and ICMP echo replies are expected in return. A COS switch sends a single ping packet unless the s option is used, causing ping packets to be continually sent until the switch is interrupted with a ^-C (control-C) key sequence. The ping packet size, packet-size (bytes), and the number of packets, packet-count, can also be specified.
An IOS switch sends five ping packets toward the destination, by default. Each ping is displayed by one of these characters: ! (successful reply packet received), . (no reply seen within the timeout period, 2 seconds), U (a destination unreachable error was received), M (a could-not-fragment message was received), C (a congestion-experienced packet was received), I (the ping test was interrupted on the switch), ? (an unknown packet type was received), or & (the packet lifetime or time-to-live [TTL] was exceeded).
When the test completes, the success rate is reported along with a summary of the round-trip minimum, average, and maximum in milliseconds.
NOTE For the regular ping command, only the destination address can be given. The source address used in the ping packets comes from the switch management interface. The IOS switch also provides a more flexible echo test called an extended ping. The EXEC-level command ping is given, with no options. You will be prompted for all available ping options, including the source address to be used. You can specify the following options:
- Protocol (default ip) Can also be appletalk, clns, novell, apollo, vines, decnet, or xns on Catalyst 6000 IOS and other Layer 3 switches.
Target address. - Repeat count (default 5 packets) The number of echo packets to send.
- Datagram size (default 100 bytes) The size of the echo packet; choose a size larger than the maximum transfer unit (MTU) to test packet fragmentation.
- Timeout (default 2 seconds) The amount of time to wait for a reply to each request packet.
Extended commands. - - Source address or interface Any source address can be given; however, the address must be the address of the management interface on the switch if the reply packets are to be seen.
- Type of service (default 0). - - Set DF bit in IP header (default no) If set, the packet is not fragmented for a path with a smaller MTU; you can use this to detect the smallest MTU in the path.
- - Validate reply data (default no) The data sent in the echo request packet is compared to the data echoed in the reply packet.
- - Data pattern (default 0xABCD) The data pattern is a 16-bit field that is repeated throughout the data portion of the packet; this can prove useful for testing data integrity with CSU/DSUs and cabling.
- - Loose, strict, record, timestamp, verbose (default none) loose (loose source route with hop addresses), strict (strict source route with hop addresses), record (record the route with a specified number of hops), timestamp (record time stamps at each router hop), and verbose (toggle verbose reporting). The record option can be useful to see a record of the router addresses traversed over the round-trip path.
- Sweep range of sizes (default no) Sends echo requests with a variety of packet sizes.
- Sweep min size (default 36) - Sweep max size (default 18024) - Sweep interval (default 1)
| 2. | (Optional) Use Layer 3 traceroute to discover routers along a path:
COS | [View full width] traceroute [-n] [-w wait-time] [-i initial-ttl]  [-m max-ttl] [-p dest-port] [-q nqueries] [-t tos] host [data-size]
| IOS | (exec) traceroute [protocol] [host]
|
The traceroute command sends successive probe packets to host (either a network address or a host name). The protocol field can be appletalk, clns, ip, or vines on Catalyst 6000 IOS and other Layer 3 switches.
For IP, the first set of packets (default 3) is sent with a TTL of one. The first router along the path decrements the TTL, detects that it is zero, and returns ICMP TTL-exceeded error packets. Successive sets of packets are then sent out, each one with a TTL value incremented by one. In this fashion, each router along the path responds with an error, allowing the local router to detect successive hops.
The following fields are output as a result of traceroute probes:
- Probe sequence number The current hop count.
Host name of the current router. IP address of the current router. Round-trip times (in milliseconds) of each of the probes in the set. - * The probe timed out.
- U Port unreachable message was received.
- H Host unreachable message was received.
- P Protocol unreachable message was received.
- N Network unreachable message was received.
- ? An unknown packet type was received.
- Q Source quench was received.
The traceroute probes continue to be sent until the maximum TTL value (30 by default for IP) is exceeded or until you interrupt the router with the escape sequence (Ctrl-Shift-6).
You can also invoke traceroute with no options. This allows the switch to prompt for the parameters from the following list:
- Protocol (default IP) Can also be appletalk, clns, or vines on Catalyst 6000 IOS and other layer 3 switches.
Target address. - Source address An IP address of a router interface; if not specified, the interface closest to the destination is used.
- Numeric display (default no) By default, both the host name and IP address of each hop display; if set to yes, only the IP addresses display. This is handy if DNS is not available.
- Timeout in seconds (default 3) The amount of time to wait for a response to a probe.
- Probe count (default 3) The number of probes to send to each TTL (or hop) level.
- Minimum TTL (default 1) The default of one hop can be overridden to begin past the known router hops.
- Maximum TTL (default 30) The maximum number of hops to trace; traceroute ends when this number of hops or the destination is reached.
- Port number (default 33434) The UDP destination port for probes.
- Loose, strict, record, timestamp, verbose (default none) loose (loose source route with hop addresses), strict (strict source route with hop addresses), record (record the route with a specified number of hops), timestamp (record time stamps at each router hop), and verbose (toggle verbose reporting). The record option can be useful to see a record of the router addresses traversed over the round-trip path.
NOTE Some routers do not respond to traceroute probes correctly. In this case, some or all of the probes sent are reported with asterisks (*) in the display. | 3. | (Optional) Use Layer 2 traceroute to discover switches along a path:
COS | l2trace src-mac dest-mac [vlan] [detail]
-OR- l2trace src-ip dest-ip [detail]
| IOS | N/A |
NOTE The l2trace command is currently available only on the Catalyst 4000, 5000, and 6000 COS switch families. You can use l2trace to trace a path containing other types of switches. However, these switches do not know how to interpret and reply to the CDP l2trace message. At these switch hops, l2trace timeouts display. Layer 2 traces are performed from the source MAC address src-mac (in dash-separated hexadecimal pairs) to the destination MAC address dest-mac. Both source and destination must be present in the address table on the switch. As well, both source and destination must be in the same VLAN. If the hosts belong to more than one VLAN, you can specify the desired VLAN number as vlan. The detail keyword displays additional information about the switch port media at each hop along the path.
If the MAC addresses are not readily known, you can give the source and destination as IP addresses src-ip and dest-ip. However, both hosts must be present in the switch's ARP table so that their MAC addresses can be found.
|
Packet-Tracing Example On a Catalyst 4000 switch, a Layer 2 trace is performed from source 00-b0-d0-40-01-d1 to destination 00-10-a4-c6-b4-b7. These two hosts are on the same VLAN and are both present in the switch's address table. The source address is found on port 2/12 of the local switch. The first Layer 2 hop is at IP address 192.168.1.16, where the destination address is found in the address table for port 3/1 on that switch. Notice that the second Layer 2 hop is the switch at 192.168.1.253, which was identified via CDP. However, either the switch model or its OS does not support the l2trace protocol. As a result, the Layer 2 traces time out and no response is returned from the neighboring switch at 192.168.1.253: COS | [View full width] cat4000 (enable) l2trace 00-b0-d0-40-01-d1 00-10-a4-c6-b4-b7 Starting L2 Trace 2/12 : 192.168.1.16 : 3/1 l2trace: no response from neigh 192.168.1.253 l2trace: no response from neigh 192.168.1.253 Error in l2trace. cat4000 (enable)
| IOS | N/A |
This time, a Layer 2 trace is performed on a Catalyst 6000 switch running COS. All switches in the path to the destination are l2trace-capable. The source is 00-05-9b-fb-b8-80, and the destination is 00-04-9b-57-3c-c0. During the first trace, the source is found on port 6/3 of the local switch, 192.168.1.4. The first Layer 2 hop is the local switch, departing on ports 1/1-2,2/1-2 (a four-port Fast EtherChannel bundle). The second hop is found entering on ports 3/1-2,4/1-2 (the other end of the FEC bundle), at switch 192.168.1.252. The third hop is found departing on port 3/3 of 192.168.1.252, and arriving at port 7/1 on switch 192.168.1.7. The fourth hop is the destination at port 7/3 on 192.168.1.7. Next, the same Layer 2 trace is performed again, with the detail keyword added. Notice how this provides added information at each hop. The hardware platform, host name (if available), and the IP address of each switch hop is shown. As well, each link to the next hop is shown with its port number and media type.
|
