This chapter covers the following subjects:

Cisco IOS Diagnostic Tools: This section shows how a few readily accessible Cisco IOS Software commands can be used to quickly gather information as part of a structured troubleshooting process.

Specialized Diagnostic Tools: This section introduces a collection of specialized features, such as Switched Port ­Analyzer (SPAN), Remote SPAN (RSPAN), Simple Mail ­Transfer Protocol (SMTP), NetFlow, and Embedded Event Manager (EEM), which can be used to collect information about a problem.

Key to maintaining and troubleshooting a network is the collection of information about that network. Fortunately, *Cisco IOS offers many commands that* can be used for information gathering. Mastery of these basic tools can dramatically reduce the time a troubleshooter spends isolating the specific information needed for a troubleshooting task. (Note: The highlighted words are part of Cisco Subnet's February 2010 book giveaway. Click here for monthly contest information.)

Beyond basic Cisco IOS commands, many network devices support features targeted toward the collection of information. Perhaps an event occurs on a network device, such as a router’s processor utilization exceeding a defined threshold. The network device could report the occurrence of such an event. Alternatively, network devices might be periodically queried by a network management system for device and traffic statistics.

This chapter covers several basic Cisco IOS commands, in addition to specialized information collection features. These features not only help a troubleshooter collect information about a problem, but they can create a baseline of network performance. This baseline data can then be contrasted with data collected when a problem is occurring. The comparison of these two data sets often provides insight into the underlying cause of a problem.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin. Table 3-1 details the major topics discussed in this chapter and their corresponding quiz questions.

Table 3-1  “Do I Know This Already?” Section-to-Question Mapping

1. Which of the following commands displays a router’s running configuration, starting where the routing protocol configuration begins?

   1. show running-config | tee router

   2. show running-config | begin router

   3. c. show running-config | redirect router

   4. d. show running-config | append router

2. Which of the following is the ping response to a transmitted ICMP Echo datagram that needed to be fragmented when fragmentation was not permitted?

   1. U

   2. .

   3. M

   4. D

3. Which portion of the show interfaces command output indicates that a router received information faster than the information could be processed by the router?

   1. input queue drops

   2. output queue drops

   3. input errors

   4. output errors

4. The types of information collection used in troubleshooting fall into which three broad categories? (Choose three.)

   1. Troubleshooting information collection

   2. Baseline information collection

   3. QoS information collection

   4. Network event information collection

5. What features available on Cisco Catalyst switches allow you to connect a network monitor to a port on one switch to monitor traffic flowing through a port on a different switch?

   1. RSTP

   2. SPAN

   3. RSPAN

   4. SPRT

6. Which two of the following are characteristics of the NetFlow feature? (Choose the two best answers.)

   1. Collects detailed information about traffic flows

   2. Collects detailed information about device statistics

   3. Uses a pull model

   4. Uses a push model

7. Identify the Cisco IOS feature that allows you to create your own event definition for a network device and specify the action that should be performed in response to that event.

   1. SNMP

   2. EEM

   3. NetFlow

   4. syslog

Foundation Topics

Cisco IOS Diagnostic Tools

After a problem has been clearly defined, the first step in diagnosing that problem is ­collecting information, as described in Chapter 2, “Introduction to Troubleshooting Processes.” Because the collection of information can be one of the most time consuming of the troubleshooting processes, the ability to quickly collect appropriate information becomes a valuable troubleshooting skill. This section introduces a collection of basic Cisco IOS commands useful in gathering information and discusses the filtering of irrelevant information from the output of those commands. Also included in this section are commands helpful in diagnosing connectivity and hardware issues.

Filtering the Output of show Commands

Cisco IOS offers multiple show commands useful for gathering information. However, many of these show commands produce a large quantity of output.

Consider the output shown in Example 3-1. The output from the show processes cpu command generated approximately 180 lines of output, making it challenging to pick out a single process.

Example: show processes cpu Command

Example 3-1  show processes cpu Command Output

R1# show processes cpu
CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
 PID    Runtime(ms) Invoked uSecs   5Sec    1Min    5Min    TTY Process
   1    4   3   1333    0.00%   0.00%   0.00%   0   Chunk Manager
   2    7245    1802    4020    0.08%   0.08%   0.08%   0   Load Meter
   3    56  2040    27  0.00%   0.00%   0.00%   0   OSPF Hello 1
   4    4   1   4000    0.00%   0.00%   0.00%   0   EDDRI_MAIN
   5    21998   1524    14434   0.00%   0.32%   0.25%   0   Check heaps
   6    0   1   0   0.00%   0.00%   0.00%   0   Pool Manager
   7    0   2   0   0.00%   0.00%   0.00%   0   Timers
   8    0   1   0   0.00%   0.00%   0.00%   0   Crash writer
   9    0   302 0   0.00%   0.00%   0.00%   0   Environmental mo
  10    731 1880    388 0.00%   0.00%   0.00%   0   ARP Input
...OUTPUT OMITTED...
 171        0   1   0   0.00%   0.00%   0.00%   0   lib_off_app
 172        4   2   2000    0.00%   0.00%   0.00%   0   Voice Player
 173        0   1   0   0.00%   0.00%   0.00%   0   Media Record
 174        0   1   0   0.00%   0.00%   0.00%   0   Resource Measure
 175        12  6   2000    0.00%   0.00%   0.00%   0   Session Applicat
 176        12  151 79  0.00%   0.00%   0.00%   0   RTPSPI
 177        4   17599   0   0.00%   0.00%   0.00%   0   IP NAT Ager
 178        0   1   0   0.00%   0.00%   0.00%   0   IP NAT WLAN
 179        8   314 25  0.00%   0.00%   0.00%   0   CEF Scanner

Perhaps you were only looking for CPU utilization statistics for the Check heaps process. Because you know that the content of the one line you are looking for contains the text Check heaps, you could take the output of the show processes cpu command and pipe that output (that is, use the | character) to the include Check heaps statement. The piping of the output causes the output to be filtered to only include lines that include the text Check heaps, as demonstrated in Example 3-2. This type of filtering can help troubleshooters more quickly find the data they are looking for.