Need to Know More?
Spurgeon, Charles E. Ethernet, The Definitive Guide . O'Reilly & Associates, 2000. ISBN: 1565926609.
Nassar, Daniel J. Ethernet and Token Ring Optimization . iUniverse.com, 2000. ISBN: 1583482199.
McDysan, David E. and Darren L. Spohn. ATM Theory and Applications , McGraw-Hill Osborne Media, 1998. ISBN: 0070453462
Cisco CCO Web site, Ethernet Protocols, http://www.cisco.com/en/US/customer/tech/tk389/tk214/tech_protocols_list.html
Chapter 4. Troubleshooting TCP/IP
Terms you'll need to understand:
Techniques you'll need to master:
Transmission Control Protocol/Internet Protocol
) addressing is the foundation of almost every modern network today. IP Addresses are used to route data across the Internet and the world. Virtually every PC connected to the Internet is assigned an IP address; even the Palm Pilot I have in my
This chapter begins with an overview of the TCP/IP suite and its applications, and
You should have already learned the basics of the DoD Reference model while
In previous chapters, we have discussed the seven layers of the OSI Reference model. The DoD model, with four layers, is a condensed version of the OSI Reference Model's seven layers (see Figure 4.1). These four
Figure 4.1. The four-layer DoD Model compared to the seven-layer OSI Reference Model.
These layers match up to the OSI Reference Layer as shown in Figure 4.1.
TCP Versus UDP
Let's start with Transmission Control Protocol (TCP) which, in combination with UDP, is defined at the DoD model's Host-To-Host layer. TCP is a reliable, connection-oriented transfer protocol residing at the Transport layer of the OSI model. TCP breaks down large blocks of data into segments; it
All of this error-checking and re-sending (if necessary) causes this
UDP is an unreliable, connectionless transport protocol running on top of IP. It does not make a connection with the destination host before it delivers a datagram, nor does it require an acknowledgement that the message has been received at the other end (the message may get lost). UDP receives blocks of data from the upper layers and breaks them down into segments, numbering them for reassembly. However, UDP itself is not responsible for
TCP Port Numbers
TCP uses port numbers to identify connections to
Ephemeral port numbers
are known as ports that can be used as
and are selected for a particular connection on a temporary basis. These ports are reused after the connection is freed. These ports typically are numbered higher than the well-known port numbers, but not always. When the host
You may find many other connections originating from other source IP addresses to this same destination IP and destination port, but that host will have a different source IP address and probably a different source port. When you
Troubleshooting and Configuring Address Resolution Protocol (ARP)
ARP is used by the Cisco IOS software to provide dynamic mapping of 32-bit IP addresses and 48-bit MAC (hardware) addresses. The
is a table of these listings and is checked every time communication is initiated between machines (you learn more about the ARP cache and its purpose in the later section of this chapter titled "show ip arp Command"). If the required hardware address cannot be found in the cache, a broadcast is sent out to resolve it. The broadcast address (FFFFFFFF) is already stored, although not visible in the table. After the previously unknown address is found, it is entered in the cache and is readily available the
Sometimes you may find the need to statically define an ARP cache. This means that you are making permanent entries to the table of listings. You can do so globally by using the arp ip-address hardware-address type command. The router will then use the entries you've added to resolve the IP address to the associated hardware address. Let's walk through the process of using this command and the options available for each syntax.
First, type the
command followed by a question mark, which will display the possible syntaxes. The question mark
RTR(config)# arp ? A.B.C.D IP address of ARP entry vrf Configure static ARP for a VPN Routing/Forwarding instance
The output above shows the required syntaxes available for the arp command. Next, type in the IP address that you want to map, followed by a question mark (used to find out the next syntax to enter):
RTR(config)# arp 10.1.1.1 ? H.H.H 48-bit hardware address of ARP entry RTR(config)#arp 10.1.1.1 0000.8029.5981 ? arpa ARP type ARPA sap ARP type SAP (HP's ARP type) smds ARP type SMDS snap ARP type SNAP (FDDI and TokenRing) srp-a ARP type SRP (side A) srp-b ARP type SRP (side B)
The output above shows the available syntaxes for the arp 10.1.1.1 command. Now, statically map the IP address of 10.1.1.1 to the MAC address of 0000.8029.5981 and put in the interface type. Then, use the question mark again to ask the router for the available syntaxes:
RTR(config)# arp 10.1.1.1 0000.8029.5981 arpa ? Async Async interface BVI Bridge-Group Virtual Interface CTunnel CTunnel interface Dialer Dialer interface Ethernet IEEE 802.3 FastEthernet FastEthernet IEEE 802.3 Lex Lex interface Loopback Loopback interface MFR Multilink Frame Relay bundle interface Multilink Multilink-group interface Null Null interface Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual-Template Virtual Template interface Virtual-TokenRing Virtual TokenRing alias Respond to ARP requests for the IP address <cr>
The output above shows the available syntaxes for the arp 10.1.1.1 arpa command.
The next syntax binds the mapping to the Interface connected to the device by creating a static mapping of the IP address to the MAC address. In this case it is the Fast Ethernet 0 interface.
RTR(config)# arp 10.1.1.1 0000.8029.5981 arpa fastEthernet ? <0-0> FastEthernet interface number RTR(config)# arp 10.1.1.1 0000.8029.5981 arpa fastEthernet 0 RTR(config)#
The above output shows that the IP address was mapped successfully to the network interface using the MAC address of 0000.8029.5981 .
To learn the encapsulation type and the current timeout value, you can use the show interfaces command. Here is an example of using the command on a Cisco 1720 router's Ethernet interface:
RTR# show interfaces Ethernet0 is up, line protocol is up Hardware is PQUICC Ethernet, address is 0007.eb32.d6a3 (bia 0007.eb32.d6a3) Internet address is 220.127.116.11/29 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10BaseT ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 51 drops 5 minute input rate 12000 bits/sec, 4 packets/sec 5 minute output rate 2000 bits/sec, 4 packets/sec 5759966 packets input, 4271546097 bytes, 0 no buffer Received 186 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 5493207 packets output, 775247573 bytes, 0 underruns 2213 output errors, 3551 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out
The above output shows that the interface is up and the layer 3 protocol and addressing assigned to the interface are also working correctly. It also shows that the interface is running at 10Mbps, and that there have been 2,213 output errors, 3,551 collisions, and 2 interface resets.
To see the current view of what is currently in the routers ARP table, use the show arp command. Here is an example of that command used on a Cisco 3725 router:
RTR# show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.2.10 4 0030.4851.cee0 ARPA FastEthernet0 Internet 10.1.1.2 - 0007.eb32.d6a2 ARPA FastEthernet0 Internet 10.1.1.1 - 0000.8029.5981 ARPA FastEthernet0
The above output shows that the router is aware of three addresses and all of them are accessible out of the FastEthernet 0 interface.
The show ip arp displays all IP to MAC address entries in the ARP table with a similar output to the show arp command. Let's take a look at the output:
RTR# show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.2.10 2 0030.4851.cee0 ARPA FastEthernet0 Internet 10.1.2.1 0 0002.a5ab.06b3 ARPA FastEthernet0 Internet 10.1.1.2 - 0007.eb32.d6a2 ARPA FastEthernet0 Internet 10.1.1.1 - 0000.8029.5981 ARPA FastEthernet0
The above is similar to the show arp command. However, this time the router knows about four addresses accessible on the FastEthernet 0 interface.
Sometimes the router needs to have the ARP cache cleared in order to rediscover a reconfigured device or to allow for
RTR# clear arp-cache RTR#
Static ARP cache entries are not removed.