Show Commands for Troubleshooting TCPIP | CCNP CIT Exam Cram 2 (Exam Cram 642-831)

Show Commands for Troubleshooting TCP/IP

For the exam you should know the show commands that you can use to troubleshoot problems with TCP/IP. You should know the following commands:

show ip access-list
show ip arp
show controllers
show ip interface
show ip protocols
show ip route
show ip traffic

The following sections explain the use of these commands.

show ip access-list Command

The show ip access-list command provides information regarding a specific access list or all standard or extended access lists. In the following example, we look at an extended access list from a Cisco 3725 router.

 RTR#  show ip access-lists 101  Extended IP access list 101     deny ip 10.1.0.0 0.0.255.255 216.136.0.0 0.0.255.255 (4042 matches)     deny ip host 10.1.4.200 66.163.0.0 0.0.255.255 (9 matches)     deny ip host 10.1.4.200 64.58.0.0 0.0.255.255 (95 matches)     deny ip host 10.1.4.200 204.71.0.0 0.0.255.255     deny tcp any any eq www     deny tcp any any eq 5418 (5 matches)     permit ip any any (560764 matches)

The output above shows an IP extended access list numbered 101, configured on a Cisco 3725.

show ip arp Command

The show ip arp command provides information from the router's ARP cache. The ARP cache is responsible for keeping records of the known IP addresses and their learned MAC address. The ARP cache also keeps information on the encapsulation type, as well as the interface that learned the MAC to IP information. The following is an example of the ARP cache from a Cisco 1720.

 RTR#  show ip arp  Protocol  Address          Age (min)  Hardware Addr   Type   Interface Internet  10.1.2.10               0   0030.4851.cee0  ARPA   FastEthernet0 Internet  10.1.1.2                -   0007.eb32.d6a2  ARPA   FastEthernet0 Internet  10.1.2.1                0   0002.a5ab.06b3  ARPA   FastEthernet0 Internet  10.1.1.1               24   0000.8029.5981  ARPA   FastEthernet0

show controllers Command

The show controllers command's output shows the current state of the network's physical interface. This includes the number of transmitting errors and collisions. The following output is from a Cisco 1720 router's Fast Ethernet interface.

 RTR#  show controllers fa0  Interface FastEthernet0 Hardware is PQUICC MPC855T ADDR: 8130A608, FASTSEND: 800117F8 DIST ROUTE ENABLED: 0 Route Cache Flag: 0  ADDR_LOW =0x0007EB32, ADDR_HIGH =0x0000D6A2,                        HASH_HIGH =0x00200100, HASH_LOW =0 x00000000  R_DES_ST =0x01C4AB20, X_DES_ST  =0x01C4AD60,                        R_BUFF_SIZ=0x00000600, ECNTRL   =0 xF0000006  IEVENT   =0x00000000, IMASK     =0x0A000000,                        IVEC      =0xC0000000, R_DES_ACT=0 x01000000  X_DES_ACT=0x00000000, MII_DATA  =0x60524732,                        MII_SPEED =0x00000014, R_BOUND  =0 x00000600  R_FSTART =0x00000500, X_FSTART  =0x00000440,                        FUN_CODE  =0x7F000000, R_CNTRL  =0 x00000006  R_HASH   =0xEF0005F2  X_CNTRL  =0x00000000  HW filtering information:   Promiscuous Mode Disabled  Software MAC address filter(hash:length/addr/mask/hits):  pquicc_fec_instance=0x8130C318  rx ring entries=64, tx ring entries=32  rxring=0x1C4AB20, rxr shadow=0x8130C508, rx_head=27, rx_tail=0  txring=0x1C4AD60, txr shadow=0x8130C634, tx_head=2, tx_tail=2, tx_count=0  throttled=0, enabled=0, disabled=0  rx_framing_err=0, rx_overflow_err=0, rx_buffer_err=0  rx_no_enp=0, rx_discard=0  tx_one_col_err=41336, tx_more_col_err=84470, tx_no_enp=0, tx_deferred_err=0  tx_underrun_err=0, tx_late_collision_err=0, tx_loss_carrier_err=7  tx_exc_collision_err=0, tx_buff_err=0, fatal_tx_err=0 ...Output cut off

The output for the show controllers command is low-level memory information and error counters for every interface processor. Usually this output is only requested when receiving technical support from Cisco, where configuration settings for the IOS iteslf are neded.

show ip interface Command

The show ip interface command provides information on the selected interfaces status, the IP address configured, the subnet mask, broadcast address, any access lists that are applied to an interface, and any interface-specific rules configured on the network. If you do not specify an interface, all the interfaces on the router are displayed. The following output is from a Cisco 1720 router's Fast Ethernet interface.

 RTR#  show ip interface fa0  FastEthernet0 is up, line protocol is up   Internet address is 10.1.1.2/16   Broadcast address is 255.255.255.255   Address determined by non-volatile memory   MTU is 1500 bytes   Helper address is not set   Directed broadcast forwarding is disabled   Multicast reserved groups joined: 224.0.0.9   Outgoing access list is not set   Inbound  access list is not set   Proxy ARP is enabled   Security level is default   Split horizon is enabled   ICMP redirects are always sent   ICMP unreachables are always sent   ICMP mask replies are never sent   IP fast switching is disabled   IP fast switching on the same interface is disabled   IP Flow switching is disabled   IP Null turbo vector   IP multicast fast switching is disabled   IP multicast distributed fast switching is disabled   IP route-cache flags are None   Router Discovery is disabled   IP output packet accounting is disabled   IP access violation accounting is disabled   TCP/IP header compression is disabled   RTP/IP header compression is disabled   Probe proxy name replies are disabled   Policy routing is disabled   Network address translation is enabled, interface in domain inside   WCCP Redirect outbound is disabled   WCCP Redirect inbound is disabled   WCCP Redirect exclude is disabled   BGP Policy Mapping is disabled RTR#

The above output shows the Fast Ethernet 0 interface's configuration on a Cisco 3725 router that is functioning correctly.

show ip protocols

You need to remember that the show ip protocols command provides information about the IP routing protocols that run on the router. The following output shows Routing Information Protocol (RIP), which is the routing protocol configured on the Cisco 1720 router this output came from.

 RTR#  show ip protocols  Routing Protocol is "rip"   Sending updates every 30 seconds, next due in 16 seconds   Invalid after 180 seconds, hold down 180, flushed after 240   Outgoing update filter list for all interfaces is not set   Incoming update filter list for all interfaces is not set   Redistributing: rip   Default version control: send version 1, receive version 1     Interface             Send  Recv  Triggered RIP  Key-chain     Ethernet0             1     1     FastEthernet0         1     1   Automatic network summarization is in effect   Maximum path: 4   Routing for Networks:     10.0.0.0     207.212.78.0   Routing Information Sources:     Gateway         Distance      Last Update     10.1.1.1             120      00:00:03   Distance: (default is 120)

The above output shows the interfaces and protocols that are running on the Cisco 1710 router. Also shown are the networks for which the router's routing protocols are configured and the default gateway used for unknown hosts .

show ip route Command

The show ip route command displays information from the router's IP route table. The command shows all routes the router's routing table contains.

 RTR#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF    inter area   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA    external type 2   E1 - OSPF external type 1, E2 - OSPF external type 2,    E - EGP   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * -candidate default U - per-user static route, o - ODR Gateway of last resort is not set      10.0.0.0/0 is variably subnetted, 2 subnets, 2 masks D       10.1.0.0/16 [90/6541002] via 10.1.1.1, 00:00:23, Serial0 C       10.2.0.0/16 is directly connected, Serial1 RTR#

The above output shows all the routers that are manually configured or that the router has learned about. When a network is specified, the results of the show ip route command are displayed in more detail. The following output is from the same router, with the same configuration as the original output, but results from using the command with a specified network.

 RTR#  show ip route 10.0.0.0  Routing entry for 10.0.0.0/8, 5 known subnets   Attached (2 connections)   Variably subnetted with 2 masks   Redistributing via rip R       10.2.0.0/16 [120/2] via 10.1.1.1, 00:00:11, FastEthernet0 R       10.3.0.0/16 [120/2] via 10.1.1.1, 00:00:11, FastEthernet0 C       10.1.0.0/16 is directly connected, FastEthernet0 R       10.4.0.0/16 [120/3] via 10.1.1.1, 00:00:11, FastEthernet0 S       10.1.2.25/32 is directly connected, FastEthernet0 RTR#

Notice that the output above only shows the addresses learned or manually configured for the 10.0.0.0 network. The "S" character shows that the route is a static route, meaning it was manually configured.

You should know how to properly configure a static route as well as the gateway of last resort. This is covered in Chapter 11, " Troubleshooting Routing Protocols," in the section called "Static Routes."

show ip traffic Command

The show ip traffic command returns output regarding the router's IP traffic statistics, as sequenced by IP protocol. The following is output from a Cisco 1720 production router at Digital Crawl Spaces.

 RTR#  show ip traffic  IP statistics:   Rcvd:  7549856 total, 67433 local destination          0 format errors, 0 checksum errors, 0 bad hop count          13 unknown protocol, 0 not a gateway          0 security failures, 0 bad options, 13 with options   Opts:  0 end, 0 nop, 0 basic security, 0 loose source route          0 timestamp, 0 extended security, 0 record route          0 stream ID, 0 strict source route, 13 alert, 0 cipso, 0 ump          0 other   Frags: 12 reassembled, 0 timeouts, 0 couldn't reassemble          36 fragmented, 0 couldn't fragment   Bcast: 62529 received, 26572 sent   Mcast: 80 received, 0 sent   Sent:  35930 generated, 7455695 forwarded   Drop:  337 encapsulation failed, 0 unresolved, 0 no adjacency          12 no route, 0 unicast RPF, 0 forced drop ICMP statistics:   Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 8 unreachable         481 echo, 5 echo reply, 0 mask requests, 0 mask replies, 0 quench         0 parameter, 0 timestamp, 0 info request, 0 other         0 irdp solicitations, 765 irdp advertisements   Sent: 9 redirects, 7079 unreachable, 5 echo, 481 echo reply         0 mask requests, 0 mask replies, 0 quench, 0 timestamp         0 info reply, 0 time exceeded, 0 parameter problem         0 irdp solicitations, 0 irdp advertisements IGRP statistics:   Rcvd: 0 total, 0 checksum errors   Sent: 0 total IP-IGRP2 statistics:   Rcvd: 0 total   Sent: 0 total UDP statistics:   Rcvd: 64118 total, 0 checksum errors, 64019 no port   Sent: 26617 total, 0 forwarded broadcasts TCP statistics:   Rcvd: 2040 total, 0 checksum errors, 221 no port   Sent: 1745 total Probe statistics:   Rcvd: 0 address requests, 0 address replies         0 proxy name requests, 0 where-is requests, 0 other   Sent: 0 address requests, 0 address replies (0 proxy)         0 proxy name replies, 0 where-is replies OSPF statistics:   Rcvd: 0 total, 0 checksum errors         0 hello, 0 database desc, 0 link state req         0 link state updates, 0 link state acks   Sent: 0 total PIMv2 statistics: Sent/Received   Total: 0/0, 0 checksum errors, 0 format errors   Registers: 0/0, Register Stops: 0/0,  Hellos: 0/0   Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0   Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0   State-Refresh: 0/0 IGMP statistics: Sent/Received   Total: 0/0, Format errors: 0/0, Checksum errors: 0/0   Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0   DVMRP: 0/0, PIM: 0/0 ARP statistics:   Rcvd: 136349 requests, 264 replies, 2 reverse, 0 other   Sent: 785 requests, 5953 replies (78 proxy), 0 reverse RTR#

The above output is great when you need general information for the IP protocols running on the router. Its provided statistics include the ARP and ICMP protocol statistics, as well.