Need to Know More?

Spurgeon, Charles E. Ethernet, The Definitive Guide . O'Reilly & Associates, 2000. ISBN: 1565926609.

Nassar, Daniel J. Ethernet and Token Ring Optimization . iUniverse.com, 2000. ISBN: 1583482199.

McDysan, David E. and Darren L. Spohn. ATM Theory and Applications , McGraw-Hill Osborne Media, 1998. ISBN: 0070453462

Cisco CCO Web site, Ethernet Protocols, http://www.cisco.com/en/US/customer/tech/tk389/tk214/tech_protocols_list.html

Chapter 4. Troubleshooting TCP/IP

Terms you'll need to understand:

Address Resolution Protocol (ARP)
IP address
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Well-known Port Numbers
Ephemeral Port Numbers

Techniques you'll need to master:

ICMP Protocol Commands and the meanings of the characters displayed by the trace command output
How to find the valid subnets, valid hosts , and the broadcast address for each subnet
show ip commands and syntaxes
How and when to use Debug ip commands

TCP/IP ( Transmission Control Protocol/Internet Protocol ) addressing is the foundation of almost every modern network today. IP Addresses are used to route data across the Internet and the world. Virtually every PC connected to the Internet is assigned an IP address; even the Palm Pilot I have in my backpack has an IP address. Although you can use a number of other protocols on your Cisco router, most likely it is TCP/IP problems you will face when troubleshooting your Cisco router or switch problems.

This chapter begins with an overview of the TCP/IP suite and its applications, and follows with troubleshooting issues regarding those protocols. The LAN protocols covered in the Support Exam include TCP/IP and Novell IPX. The following sections give an overview of the TCP/IP protocol and what you need to know for the exam to troubleshoot this protocol suite.

This chapter covers a great deal of information, and it's critically important in your preparation for the CCNP Exam. You can expect that what you learn in this chapter will account for twenty five percent or more of the exam.

TCP/IP Overview

The name TCP/IP represents a suite of protocols designed for wide area networks (WANs). The U.S. Department of Defense Advanced Research Projects Agency began development of TCP/IP in 1969 for a resource-sharing experiment called ARPANET. The primary purpose behind the project was to provide high-speed communication to various government agencies. TCP/IP provides communication in heterogeneous environments. TCP is a connection-oriented protocol found at the Host-to-Host layer of the DoD (Department of Defense) Reference model. This protocol verifies the receipt of sent packets with acknowledgement packets. The IP address is a network address assigned to a node on a network to allow it to send and receive packets through an IP based network.

You should have already learned the basics of the DoD Reference model while studying for the CCNA Exam, which is a prerequisite to the Support exam. On the CCNP exam, you are expected to know how to troubleshoot TCP/IP. This means you need to have a good understanding of the differences between UDP (User Datagram Protocol) and TCP, and ARP (Address Resolution Protocol) . The following sections provide an overview of this information. You also must understand subnetting and know the commands used on a Cisco router to configure and troubleshoot TCP/IP and its related protocols, as described in later sections of the chapter.

DoD Model

In previous chapters, we have discussed the seven layers of the OSI Reference model. The DoD model, with four layers, is a condensed version of the OSI Reference Model's seven layers (see Figure 4.1). These four layers of the DoD model are as follows :

The Application layer, sometimes called the Process layer
The Host-to-Host layer
The Internet layer
The Network Access layer.

Figure 4.1. The four-layer DoD Model compared to the seven-layer OSI Reference Model.

graphics/04fig01.gif

These layers match up to the OSI Reference Layer as shown in Figure 4.1.

IP is a routed protocol using Layer 3 addresses with hierarchical addressing to get data from one point to another. Routers also use routing protocols to help map the network so the router knows where different networks reside. Although these protocols work with TCP/IP, they are covered later in this book.

TCP Versus UDP

Let's start with Transmission Control Protocol (TCP) which, in combination with UDP, is defined at the DoD model's Host-To-Host layer. TCP is a reliable, connection-oriented transfer protocol residing at the Transport layer of the OSI model. TCP breaks down large blocks of data into segments; it numbers and sequences the segments so that they can be reassembled by TCP running at the receiving end. Before a device starts transmitting information, it contacts the TCP protocol of the receiving host and establishes a connection. After this virtual circuit is established, both parties start negotiating the reliability factors, such as the amount of data that will be sent before receiving an acknowledgement from the destination host's TCP protocol. After sending the agreed-upon number of segments, TCP waits for the acknowledgement that states the segments have arrived and are intact. Missing segments (by number) will be re-sent.

All of this error-checking and re-sending (if necessary) causes this full-duplex transport protocol to have a large overhead; therefore, TCP should not be used for transmissions such as broadcasts, that don't require an acknowledgement. If every broadcast received were acknowledged back to the sender, the network would be clogged very quickly. Today's networks are much more reliable than networks used to be, which means the use of acknowledgements is not as important.

UDP is an unreliable, connectionless transport protocol running on top of IP. It does not make a connection with the destination host before it delivers a datagram, nor does it require an acknowledgement that the message has been received at the other end (the message may get lost). UDP receives blocks of data from the upper layers and breaks them down into segments, numbering them for reassembly. However, UDP itself is not responsible for putting the segments back into sequence. UDP simply leaves this task to the upper layers.

TCP Port Numbers

TCP uses port numbers to identify connections to hosts . TCP has what are known as well-known port numbers from 1 through 1023. Well-known port numbers are those port numbers assigned to protocols certain applications and services required by TCP/IP. Some good examples of TCP port numbers are port 80 for World Wide Web (WWW) browser access, ports 20 and 21 for File Transfer Protocol (FTP), port 25 for Simple Mail Transfer Protocol (SMTP), and port 23 for Telnet.

Ephemeral port numbers are known as ports that can be used as host ports and are selected for a particular connection on a temporary basis. These ports are reused after the connection is freed. These ports typically are numbered higher than the well-known port numbers, but not always. When the host tries to initiate the connection to the server, the host uses an ephemeral port. The host and the server will continue to exchange data on these two ports for the entirety of their session. If you are using TCP/IP for your connection to the Internet, your host connection will use this combination of source IP address and source port to connect to the destination IP address and destination port.

You may find many other connections originating from other source IP addresses to this same destination IP and destination port, but that host will have a different source IP address and probably a different source port. When you open two different Internet windows on the same host connecting to the same Web server, the ephemeral source ports involved keep the communications separated.

Troubleshooting and Configuring Address Resolution Protocol (ARP)

ARP is used by the Cisco IOS software to provide dynamic mapping of 32-bit IP addresses and 48-bit MAC (hardware) addresses. The ARP cache is a table of these listings and is checked every time communication is initiated between machines (you learn more about the ARP cache and its purpose in the later section of this chapter titled "show ip arp Command"). If the required hardware address cannot be found in the cache, a broadcast is sent out to resolve it. The broadcast address (FFFFFFFF) is already stored, although not visible in the table. After the previously unknown address is found, it is entered in the cache and is readily available the next time around. No broadcast will be necessary, which saves bandwidth. Every listing in the cache has a timestamp and a time-to-live ( TTL ) . When this time expires , the entry is deleted from the table.

Sometimes you may find the need to statically define an ARP cache. This means that you are making permanent entries to the table of listings. You can do so globally by using the arp ip-address hardware-address type command. The router will then use the entries you've added to resolve the IP address to the associated hardware address. Let's walk through the process of using this command and the options available for each syntax.

First, type the arp command followed by a question mark, which will display the possible syntaxes. The question mark tells the router that you would like a list of the available syntaxes:

RTR(config)#

arp ?

A.B.C.D  IP address of ARP entry
  vrf      Configure static ARP for a VPN Routing/Forwarding instance

The output above shows the required syntaxes available for the arp command. Next, type in the IP address that you want to map, followed by a question mark (used to find out the next syntax to enter):

RTR(config)#

arp 10.1.1.1 ?

H.H.H  48-bit hardware address of ARP entry
RTR(config)#arp 10.1.1.1  0000.8029.5981 ?
  arpa   ARP type ARPA
  sap    ARP type SAP (HP's ARP type)
  smds   ARP type SMDS
  snap   ARP type SNAP (FDDI and TokenRing)
  srp-a  ARP type SRP (side A)
  srp-b  ARP type SRP (side B)

The output above shows the available syntaxes for the arp 10.1.1.1 command. Now, statically map the IP address of 10.1.1.1 to the MAC address of 0000.8029.5981 and put in the interface type. Then, use the question mark again to ask the router for the available syntaxes:

RTR(config)#

arp 10.1.1.1 0000.8029.5981 arpa ?

Async              Async interface
  BVI                Bridge-Group Virtual Interface
  CTunnel            CTunnel interface
  Dialer             Dialer interface
  Ethernet           IEEE 802.3
  FastEthernet       FastEthernet IEEE 802.3
  Lex                Lex interface
  Loopback           Loopback interface
  MFR                Multilink Frame Relay bundle interface
  Multilink          Multilink-group interface
  Null               Null interface
  Tunnel             Tunnel interface
  Vif                PGM Multicast Host interface
  Virtual-Template   Virtual Template interface
  Virtual-TokenRing  Virtual TokenRing
  alias              Respond to ARP requests for the IP address
  <cr>

The output above shows the available syntaxes for the arp 10.1.1.1 arpa command.

The next syntax binds the mapping to the Interface connected to the device by creating a static mapping of the IP address to the MAC address. In this case it is the Fast Ethernet 0 interface.

RTR(config)#

arp 10.1.1.1 0000.8029.5981 arpa fastEthernet ?

<0-0>  FastEthernet interface number
RTR(config)#

arp 10.1.1.1 0000.8029.5981 arpa fastEthernet 0

RTR(config)#

The above output shows that the IP address was mapped successfully to the network interface using the MAC address of 0000.8029.5981 .

To learn the encapsulation type and the current timeout value, you can use the show interfaces command. Here is an example of using the command on a Cisco 1720 router's Ethernet interface:

RTR#

show interfaces

Ethernet0 is up, line protocol is up
  Hardware is PQUICC Ethernet, address is 0007.eb32.d6a3
                                (bia 0007.eb32.d6a3)
  Internet address is 207.212.78.110/29
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10BaseT
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/40, 0 drops; input queue 0/75, 51 drops
  5 minute input rate 12000 bits/sec, 4 packets/sec
  5 minute output rate 2000 bits/sec, 4 packets/sec
     5759966 packets input, 4271546097 bytes, 0 no buffer
     Received 186 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     5493207 packets output, 775247573 bytes, 0 underruns
     2213 output errors, 3551 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

The above output shows that the interface is up and the layer 3 protocol and addressing assigned to the interface are also working correctly. It also shows that the interface is running at 10Mbps, and that there have been 2,213 output errors, 3,551 collisions, and 2 interface resets.

To see the current view of what is currently in the routers ARP table, use the show arp command. Here is an example of that command used on a Cisco 3725 router:

RTR#

show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.2.10               4   0030.4851.cee0  ARPA   FastEthernet0
Internet  10.1.1.2                -   0007.eb32.d6a2  ARPA   FastEthernet0
Internet  10.1.1.1                -   0000.8029.5981  ARPA   FastEthernet0

The above output shows that the router is aware of three addresses and all of them are accessible out of the FastEthernet 0 interface.

The show ip arp displays all IP to MAC address entries in the ARP table with a similar output to the show arp command. Let's take a look at the output:

RTR#

show ip arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.2.10               2   0030.4851.cee0  ARPA   FastEthernet0
Internet  10.1.2.1                0   0002.a5ab.06b3  ARPA   FastEthernet0
Internet  10.1.1.2                -   0007.eb32.d6a2  ARPA   FastEthernet0
Internet  10.1.1.1                -   0000.8029.5981  ARPA   FastEthernet0

The above is similar to the show arp command. However, this time the router knows about four addresses accessible on the FastEthernet 0 interface.

Sometimes the router needs to have the ARP cache cleared in order to rediscover a reconfigured device or to allow for newer devices to enter the cache. Use clear arp-cache to remove all non-static entries from the ARP cache: