Cisco Diagnostic Commands


Diagnostic commands are built into Cisco IOS and provide information for diagnosing network problems. Some of the diagnostic commands are basic commands used for determining the version of Cisco devices and their configuration. Depending on the problem, this information may be very important for troubleshooting. Usually, troubleshooting is initiated by using these commands. Such functions are performed by the show commands. A more advanced command available with Cisco IOS is the debug command. It provides drill-down information about various network problems. The data collected by these commands is so vast that it adversely impacts the performance of the router. Cisco recommends that this command be used only for a specific purpose.

The ping and trace commands are used to identify connectivity and accessibility problems. Cisco supports these commands for AppleTalk and IPX environments. The Cisco Discovery Protocol (CDP) is a Cisco-proprietary protocol used for building network maps to manage the network. It provides valuable information about Cisco devices at the lower layers of the OSI model. You will need to decide the specific commands and options that help diagnose the network problem.

The Show Command

The show command can be executed in user and privilege modes. Cisco IOS provides a range of show commands that display information about the rate of utilization of router resources, network interface status, and router configurations. You can isolate problems and determine the exact cause of performance slowdown or failure using show commands.

The Show Version Command

The show version command provides the IOS version and its internal name. Using the internal name and IOS capabilities, it displays the hardware configuration such as, processor type, memory size, and existing controllers. In addition, it displays other nonstandard software options such as the bootstrap software in use. It also displays the system uptime, the status of the system when it was last started, and the name of the image file. This information is useful if the router crashes and has to be reloaded, because the command will display the reason for router reload. At the end of the output of the show version command, the configregister value is displayed in hexadecimal format. The output of the show version command is displayed in Figure 3.1.

click to expand
Figure 3.1: The output of the show version diagnostic command.

The Show Startup-config Command

The show startup-config command displays the router configuration stored in the NVRAM. This information is useful if the router configuration is changed during the session, and you need to determine the configuration of the router during bootup. The output of the show startup-config command is displayed in Figure 3.2.

click to expand
Figure 3.2: The output of the show startup-config diagnostic command.

The Show Running-config Command

The show running-config command displays the currently active router configuration. The show running-config command is used to isolate problems with the router or the reasons for a crash. The output of the show running-config command is displayed in Figure 3.3.

click to expand
Figure 3.3: The output of the show running-config diagnostic command.

The Show Interfaces Command

The show interfaces command displays the status of all the interfaces configured for a router or access server. The output of the show interfaces command depends on the version and type of router being used. The output of this command is displayed in Figure 3.4.

click to expand
Figure 3.4: The output of the show interfaces diagnostic command.

The Show Controllers Command

The show controllers command displays the interface card controller statistics. Depending upon the type of interface of the network, the output displays various details including the microcode of the card. For example, the show controllers cxbus command is used with Cisco 7x00 series. In addition, it provides statistics about the Channel Interface Processor (CIP) including the hardware and microcode version, CPU utilization, free and total static RAM (SRAM), and the total free and dynamic RAM (DRAM). This information is used by Cisco technical support to determine the problems related to interface controllers. The output of the show controllers command is displayed in Figure 3.5.

click to expand
Figure 3.5: The output of the show controllers diagnostic command.

The Show Flash Command

The show flash command displays the content and layout of the flash memory, which includes information about the IOS software engine. The output of the show flash command is displayed in Figure 3.6.

click to expand
Figure 3.6: The output of the show flash diagnostic command.

The Show Buffers Command

Routers consist of system buffers that are allocated from the shared system memory to store packets during process switching. At times, some parameters associated with these buffers require tuning to synchronize process switching and maintain a standard system performance. These parameters apply to each buffer size:

Permanent: Specifies the minimum number of buffers that need to be allocated for the system. In the event of buffer de-allocation, the number of de-allocated buffers cannot be reduced below the value specified in this parameter.

Max Free: Determines the maximum number of buffers that have been allocated but are not in use. If the number of free buffers exceeds the value specified for the Max Free parameter, de-allocation is performed using the trim command.

Min Free: Specifies the minimum number of buffers that can be free within the system. This parameter is the opposite of Max Free. If the number of free buffers is more than the value specified for this parameter, buffer allocation is triggered using the create command.

Initial: Specifies the number of buffers to be allocated during router initialization. The value of this parameter usually exceeds the Permanent parameter value.

Buffers need to be allocated and free when the packets arrive. If free buffers are not available, the packets are dropped. The show buffers command is useful when the network experiences a large number of missing packets for particular buffer sizes. After running the show buffers command, if there is a problem with the buffer size, you can modify the Permanent or Min Free values to recover the system. The output of the show buffers command is displayed in Figure 3.7.

click to expand
Figure 3.7: The output of the show buffers diagnostic command.

The Show Memory Command

The show memory command displays memory pool statistics and information about the activities of the system memory allocator. It displays a block-by-block list of the rate of memory usage. This command is useful when router performance is a problem area. The output of the show memory command is displayed in Figure 3.8.

click to expand
Figure 3.8: The output of the show memory diagnostic command.

The Show Process cpu Command

The show process cpu command displays the active processes on the router along with the corresponding process ID and status of the priority scheduler test. It displays the CPU utilization of the router, the CPU time used by the router, and the number of times it was invoked. While using this command, it is better to execute it several times with a lapse of a minute. This displays the trend or pattern followed by the active processes on the system. This information shows more reliable trends compared to when the command is executed just once. The output of the show process cpu command is displayed in Figure 3.9.

click to expand
Figure 3.9: The output of the show process CPU diagnostic command.

The Show Stack Command

The show stack command displays the status of stack utilization of processes and interrupt routines. It also displays the reasons for the last system reboot. It is mainly used when a system crash occurs, because it displays information about the failure type, failure program counter address, and the stack trace of the operand, which is stored by the ROM monitor. The commonly monitored error types displayed by the show stack command are:

Bus Error: Occurs when the CPU attempts to use a memory location or device that does not exist. Usually, this situation occurs because of a software or hardware bug.

Parity Error: Occurs because of a hardware failure. In this case, the internal hardware checking fails.

Emulator Trap: Occurs when the processor performs an illegal operation. This type of error can be generated when there is a failure of hardware such as the CD-ROM.

Watchdog Timeout: Monitors certain types of system interruptions. If watchdog time fails or is reset, an error occurs.

Address Error: Occurs when any software tries to access data that is not placed in the correct memory blocks. This error type is also referred to as software forced crash.

The output of the show stack command is displayed in Figure 3.10.

click to expand
Figure 3.10: The output of the show stack diagnostic command.

The Show cdp Neighbors Command

The show cdp neighbors command displays information about the neighboring devices directly connected to the router. It provides reachability data, which helps determine the status of the devices at the Physical and Data-link layers. The output of the show cdp neighbors command is displayed in Figure 3.11.

click to expand
Figure 3.11: The output of the show cdp neighbors diagnostic command.

Other Show Commands

A couple other show commands you might run into include:

Show debugging: Determines the type of debugging enabled on a particular router. This information is useful if you need to switch to a different type of debugging mode or if you need to disable a particular type of debugging when there are more than one debugs running.

Show logging: Displays the status of the syslog errors and event logging. It displays the host addresses, the type of logging being performed, and various logging statistics including the messages stored in log buffer. This command can run in the privilege exec mode only. The output of the show logging command is displayed in Figure 3.12.

click to expand
Figure 3.12: The output of the show logging diagnostic command.

Depending on the type of information that is required, you need to decide the most appropriate show command to use in a particular situation. Table 3.1 displays various show commands that can be used in various situations.

Table 3.1 : The Show Commands with Respect to the Problem Area

Problem Area on the Network

Show Commands

Degradation of performance

show interfaces

show buffers

show memory

show process cpu

Loss of functionality for protocols

or connection

show protocol

show [protocol] traffic

show [protocol] interface

show [protocol] access lists

General troubleshooting

show version

show running-config

show controllers

show stack

show interfaces

show process mem

show process cpu

show buffers

Note

A highly useful show command is show tech support, which displays the combined output of the show controllers, show stack, show interfaces, show process memory, show process cpu, and show buffers commands.

The Ping Command

The ping command checks the connectivity between the nodes on the network. It sends ICMP echo messages to the destination node and waits for a reply. If a reply to the echo message is not received, it confirms connectivity problems on the network. The ping command can be executed in both the user mode and the privileged exec mode.

In the user mode, default parameters are defined to check for connectivity. For example, five echo messages for 100 bytes each are sent by default to the destination host with a timeout interval of two seconds.

While troubleshooting connectivity problems, it is very important to identify the problem area. If the ping command does not receive a reply from the destination host, it should be used for destination hosts that are nearer to the source host. As soon as the ping command is able to receive a reply from a particular destination host, you can isolate the exact problem area on the network.

Connectivity problems might occur when the devices are extremely busy or have restricted access on the network. In the case of a connection timeout or devices with restricted access, you need to identify the busy or prohibited devices and perform remedial actions accordingly.

Note

The debug ip icmp command may be used for troubleshooting connectivity issues.

The ping command can be used with AppleTalk and IPX. However, this is a Cisco-proprietary command, and as a result, non-Cisco devices such as NetWare servers do not receive responses for this command. To enable Cisco routers to generate pings that are compatible with the Novell environment, the IPX ping default novell command should be used. This command is a global configuration command for Novell. However, it is not applicable if the ping command requires compatibility with IPX and non-Cisco devices. To enable ping for IPX and non-Cisco devices, you need to access the privilege mode. In this mode, the option to use a Novell standard echo is available. This allows you to ping for IPX and generate echo messages for Novell standard ping. The test characters generated during a ping response for IPX have certain implications, listed in Table 3.2.

Table 3.2 : Test Characters and Their Implications

Test Character

Implication

!

Echo message has received a reply

.

Router timeout waiting for a reply

U

Datagram unable to reach destination host

C

Received packet has experienced congestion

I

Test was interrupted by the end user

?

Type of the received packet is unknown

&

Lifetime of the packet has exceeded

For AppleTalk, ping sends AppleTalk Echo Protocol (AEP) packets to the destination node in the AppleTalk environment and receives replies. Table 3.3 displays the test characters and their implications, when ping for AppleTalk is used.

Table 3.3 : Test Characters and Their Implications

Test Character

Implication

!

Echo message has received a reply

.

Router timeout waiting for a reply

B

Received datagram was bad or malformed

C

DDP checksum of the datagram was improper

E

Echo packet could not be transmitted to the destination host

R

Echo packet cannot find a route for transmission

The ping functionality can be extended in the privilege mode. In the extended mode, you can configure ping for the type of protocol, target IP address, repeat count, datagram size, timeout in seconds, source address, data pattern, and supported header options including Loose, Strict, Record, Timestamp or Verbose, along with a host of other options. To enter the extended ping mode, type “Yes” when prompted for entering the extended command prompt for ping. Table 3.4 displays the options that you need to specify while entering the privilege mode of the ping command.

Table 3.4 : Ping Command Options and Their Descriptions

Command Option

Description

Source address

Specify any of the local IP addresses of the router or its interface.

Type of service [0]:

Specify the value for this bit as 1 to show the selection of Internet Service Quality.

Set DF bit in IP header? [no]

Specify the value as no. Specifying yes as the value will enable the Don’t Fragment option and prevent the packet from being fragmented when it needs to pass through a segment with a smaller MTU. This would cause the operation to fail and generate an error.

Data Pattern [0xABCD]

Use this prompt to edit the 16-bit data pattern. This enables you to detect crosstalk and other cable problems.

Sweep range of sizes [n]

Change the size of packets using this prompt.

Loose, Strict, Record, Timestamp, Verbose [none]

Select any one of these options to display the same prompt again, and allow the selection of more than one option. Selecting any of the options automatically includes Verbose. The preferred option is Record, because it displays the addresses of the hops to which the packets need to be transmitted.

For example, as a network administrator, you need to ping a host with IP address 201.202.203.254. Figure 3.13 displays the output of a successful ping command.

click to expand
Figure 3.13: The output of the ping command.

Note

The Record option of the Loose, Strict, Record, Timestamp, Verbose [none] prompt is similar to the traceroute command, but it provides enhanced capabilities. The Record option provides data about the hops through which the echo request was transmitted and mentions the path used when the reply to the message was sent. This information is not provided with the traceroute command.

The Debug Command

The debug command is an advanced command that provides high-end options for monitoring and retrieving network data for troubleshooting. It can be executed only in the privilege exec mode. As it is highly resource-intensive, the debug command is used only for temporary or specific troubleshooting purposes.

Debug commands prevent high-speed switching of data packets and force the use of the route processor and process switching before data packets can be sent to the interfaces from which they are finally dispatched. This reduces the speed of operation of the router and increases the processing time, which in turn reduces network performance.

Process switching is performed when the router receives the first data packet for a particular destination host. During process switching, the data packet is transferred within the router using the switching technique. For example, when the data packet is transferred from the internal interface buffer to the main memory, it uses switching. This process is very slow and involves the use of the route processor to determine the interface of the destination host to which the data packet needs to be sent. To increase the routing speed, the information collected during process switching is stored in the switching cache and is used to transmit subsequent data packets to the same destination host. This process is known as fast switching. However, during troubleshooting, the debug command needs to collect the data for each data packet that is transmitted. As a result, it forces all the data packets to be process switched, which heavily consumes router resources. As a result, the debug command should, therefore be used with caution while troubleshooting. To isolate problems and derive alternate solutions, you can use the debug cdp packets command to debug the packets transmitted from one host to another using the current router, as shown in Figure 3.14.

click to expand
Figure 3.14: The output of the debug cdp packets diagnostic command.

After the information received from the debug command has been viewed and analyzed, it should be disabled in order to revert to the normal mode in which high-speed switching techniques are used.

Note

The debug all command should not be used at all, because it collects information about the entire process and all the data packets transmitted through the router, which may render the entire router unusable.

Some guidelines to follow while executing the debug command are:

  • Display the timestamp with each line of the debug command, using the command:

        router(config)#service timestamps debug [ datetime | uptime]

  • Use the debug command for specific purposes only, such as diagnosing a facility, task, or protocol. This helps in focusing on a particular area or problem and isolating the problem.

  • If the debugging requirements are not exhaustive, use the event debugging technique, because it is less resource-intensive than packet debugging. Use this only if you need more information on the problem.

  • Check the CPU utilization before running the debug command. If the CPU utilization is more than 50%, it is recommended not to use the debug command, because it may render the network nonfunctional.

  • Study the usage pattern of the network and determine peak usage time intervals. Depending on the severity of the problem, determine whether it would be feasible to run the debug command during or after peak hours. This decision should be based on the fact that Cisco routers assign high priority to debug commands as compared to other processes running in the environment.

  • Disable the debug command as soon as the required task has been accomplished. The no debug {argument} can be used to disable a particular type of debugging. To disable all types of debugging, use no debug all or undebug all.

  • Use protocol analyzers or network management applications for troubleshooting, when feasible, instead of using debug.

  • Use access lists with the debug command in order to narrow down the data that the debug command needs to collect. The debug IP packet detail command allows you to specify the name or number of the access list, which restricts the debug command to collect data only for packets pertaining to the specified access list. This reduces the network overhead and provides relevant information by narrowing down the debug criteria.

The output of the debug command can be logged and stored in four places: the console, the internal buffer of the router, the virtual terminal or Telnet, or the syslog server. Table 3.5 lists the various commands used for logging messages.

Table 3.5: Commands for Logging Messages

Logging Command Option

Description

logging console [level]

Enables console logging and sets the level of logging as console. To disable console logging, use the no logging console command.

logging buffered [level]

Directs the logging messages to the internal buffer and sets the level of logging as buffered. To disable this command use the no logging buffered command.

logging monitor [level]

Directs the logging messages to the virtual terminal or Telnet, specifying the level of logging to the virtual terminal lines. To disable this command use the no logging monitor command. Executing the command, terminal monitor from the virtual terminal, can also turn the logging on for the virtual terminal. To disable the command use the no monitor command.

logging trap [level]

Directs the logging messages to the syslog server and allows you to specify the level of messages. To disable this command use the no logging trap command. The default level of this type of logging is informational.

logging [ip-address]

Identifies the IP address of the syslog server to route the logging messages. If the logging messages need to be sent to more than one syslog server, this command needs to be executed with the IP address of each server. To disable the command for a server, use the no form command.

Note

The console logging command generates the maximum overhead when executed, followed by the virtual terminal, syslog, and buffered logging commands.

The output of the debug command has eight levels of message logging, based on the severity of the message. Table 3.6 provides the level name, value, and description of the messages.

Table 3.6 : Level Name, Value, and Description of Debug Log Messages

Level

Level Name

Syslog Definition

Description

0

Emergency

LOG EMERG

The network is unusable.

1

Alerts

LOG ALERT

The problem requires immediate action.

2

Critical

LOG CRIT

The problem is critical.

3

Errors

LOG ERR

An error has occurred.

4

Warning

LOG WARNING

Warning against a preset criteria or a potential problem.

5

Notification

LOG NOTICE

An important but normal event has occurred.

6

Informational

LOG INFO

Information about the network status.

7

Debugging

LOG DEBUG

Messages displayed while debugging.

The Trace Command

The trace command is used to determine the route followed by the data packets on the network. This command is available only for IP in the Cisco IOS. The traceroute command initiates a session by sending UDP or connectionless probes with a time-to-live (TTL) interval of 1. The TTL value increases until the probe reaches the destination host. The probe reaches the first hop when the TTL value is 1. The hop then responds with a time-exceeded message. When the TTL reaches the second hop, the TTL value increases to 2. This process goes on until the probe arrives at the destination host. The destination host then sends a port unreachable message to the source, because it is unable to deliver the packet to an application.

Note

When a probe reaches a router, the TTL value decreases by 1.

Three types of probes are generated for each TTL value, and if a response is not received within a certain interval, the output is generated as an asterisk, indicating that the destination host was unreachable. The trace command ends when the probe reaches the destination port, the user interrupts the trace command using the escape sequence, or the maximum TTL value is exceeded.

Like ping, the trace command provides extended capabilities in the privilege exec mode. It allows you to change the operational parameters and specify the source address of the probes. In addition, it allows selection of the Loose, Strict, Record, and Timestamp options. For example, you may need to trace the host with IP address 1.1.1.1, as shown in Figure 3.15.

click to expand
Figure 3.15: The output of the trace diagnostic command.

Cisco Discovery Protocol (CDP)

A proprietary protocol developed by Cisco, CDP functions at the Data-link layer and supports heterogeneous network layer protocols on different networks. It can run on Cisco devices such as routers, bridges, access servers, and switches. In addition, it can run on all types of media that support SNMP, Frame Relay, ATM, and LAN.

Each device that uses CDP advertises a minimum of one address at which it can receive SNMP messages, and a TTL limit that is set to 180 seconds, by default. It helps in fast detection of the interface states. When a CDP packet is transmitted, the value of TTL is nonzero once the interface is enabled; when the interface is in an idle state, the TTL value becomes zero.

The cdp command is used to determine the IP addresses of neighboring devices. This can be done by conducting a Telnet session with the neighboring device and executing the show cdp command. This command displays all the devices that are directly connected to the router, as shown in Figure 3.16.

click to expand
Figure 3.16: The output of the show cdp diagnostic command.

Similarly, the show cdp neighbors diagnostic command is used to identify the neighbors directly connected to the router, as shown in Figure 3.17.

click to expand
Figure 3.17: The output of the show cdp neighbors diagnostic command.

To configure the cdp command before it is used for troubleshooting purposes, you need to:

  1. Configure the CDP transmission timer and hold time: Execute the cdp holdtime [seconds] and cdp timer [seconds] commands respectively. These commands need to be executed in the global configuration mode. The default value of the CDP timer is 60 seconds. This time limit is usually sufficient for running the command successfully. If the limit is reduced to an excessively low value, it may lead to high network traffic.

  2. Disable and enable the protocol: Run the no cdp run command to disable it, and then run the cdp enable command to re-enable CDP globally. The cdp command is enabled by default. These commands need to be executed in the global configuration mode.

  3. Disable and enable the protocol on the interface: Run the no cdp run command to disable CDP and then the cdp run command to enable it, in the interface configuration mode.

  4. Monitor CDP: There are various commands that assist in managing CDP information:

clear cdp counters:

Resets the traffic counter value to zero.show cdp: This is one of the most important cdp commands. It displays global information about CDP including the frequency transmission rate, hold time of data packets, and other critical information.show cdp interface: Displays details about the interface where CDP is running.show cdp entry: Displays information about a particular neighbor. It can run with the protocol and version options to restrict the information to information about the protocol and version only.

In addition, the show cdp neighbors command is used to display information about networks that are connected to the router directly.

Core Dumps

Core dumps are used to retrieve a full copy of the memory image of the router in case of a crash. The memory image can then be used to identify the cause of the crash. Core dumps have the ability to transfer the binary image file using the FTP, TFTP, or RCP protocols. However, executing the core dump command disrupts the entire network operation, so make sure the command is used only when it is evident that the router will ultimately crash.

If you experience bottlenecks in the operations of the router and anticipate that a crash will occur, you can execute the write core command.

This command enables you to generate a core dump without reloading the router. However, there are certain prerequisites for executing this command, which include the following:

  • The TFTP, FTP, or RCP server being used in the network must have sufficient storage capacity.

  • The server must be accessible.

  • You must know the file naming convention of the server in order to store the image file.

  • You must know whether an empty file needs to be created on the server.

The write core command cannot be used if the server has already crashed. In that case, the exception dump ip-address global configuration command is used. This command tries to generate a core dump after the crash. The core dump is written to the file, [hostname]-core on the server, where hostname is the name of the router. The attempt to retrieve the core dump may not be successful always, depending on the severity of the crash. The data stored in the core dump file is used by the Cisco technical support group to decipher the cause of the crash and recover the system.

Note

If you use TFTP for receiving the core dump file on the server, only the first 16 MB of the image file are transferred.




Cisco IP Routing Protocols(c) Trouble Shooting Techniques
Cisco IP Routing Protocols: Trouble Shooting Techniques (Charles River Media Networking/Security)
ISBN: 1584503416
EAN: 2147483647
Year: 2006
Pages: 130

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net