E-mail this to a friend
This chapter covers the following subjects:
Cisco IOS Diagnostic Tools: This section shows how a few readily accessible Cisco IOS Software commands can be used to quickly gather information as part of a structured troubleshooting process.
Specialized Diagnostic Tools: This section introduces a collection of specialized features, such as Switched Port Analyzer (SPAN), Remote SPAN (RSPAN), Simple Mail Transfer Protocol (SMTP), NetFlow, and Embedded Event Manager (EEM), which can be used to collect information about a problem.
Key to maintaining and troubleshooting a network is the collection of information about that network. Fortunately, *Cisco IOS offers many commands that* can be used for information gathering. Mastery of these basic tools can dramatically reduce the time a troubleshooter spends isolating the specific information needed for a troubleshooting task. (Note: The highlighted words are part of Cisco Subnet's February 2010 book giveaway. Click here for monthly contest information.)
Beyond basic Cisco IOS commands, many network devices support features targeted toward the collection of information. Perhaps an event occurs on a network device, such as a router’s processor utilization exceeding a defined threshold. The network device could report the occurrence of such an event. Alternatively, network devices might be periodically queried by a network management system for device and traffic statistics.
This chapter covers several basic Cisco IOS commands, in addition to specialized information collection features. These features not only help a troubleshooter collect information about a problem, but they can create a baseline of network performance. This baseline data can then be contrasted with data collected when a problem is occurring. The comparison of these two data sets often provides insight into the underlying cause of a problem.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin. Table 3-1 details the major topics discussed in this chapter and their corresponding quiz questions.
Table 3-1 “Do I Know This Already?” Section-to-Question Mapping
|
Foundation Topics Section |
Questions |
|
Cisco IOS Diagnostic Tools |
1–3 |
|
Specialized Diagnostic Tools |
4–7 |
-
Which of the following commands displays a router’s running configuration, starting where the routing protocol configuration begins?
-
show running-config | tee router
-
show running-config | begin router
-
c. show running-config | redirect router
-
d. show running-config | append router
-
-
Which of the following is the ping response to a transmitted ICMP Echo datagram that needed to be fragmented when fragmentation was not permitted?
-
U
-
.
-
M
-
D
-
-
Which portion of the show interfaces command output indicates that a router received information faster than the information could be processed by the router?
-
input queue drops
-
output queue drops
-
input errors
-
output errors
-
-
The types of information collection used in troubleshooting fall into which three broad categories? (Choose three.)
-
Troubleshooting information collection
-
Baseline information collection
-
QoS information collection
-
Network event information collection
-
-
What features available on Cisco Catalyst switches allow you to connect a network monitor to a port on one switch to monitor traffic flowing through a port on a different switch?
-
RSTP
-
SPAN
-
RSPAN
-
SPRT
-
-
Which two of the following are characteristics of the NetFlow feature? (Choose the two best answers.)
-
Collects detailed information about traffic flows
-
Collects detailed information about device statistics
-
Uses a pull model
-
Uses a push model
-
-
Identify the Cisco IOS feature that allows you to create your own event definition for a network device and specify the action that should be performed in response to that event.
-
SNMP
-
EEM
-
NetFlow
-
syslog
-
Foundation Topics
Cisco IOS Diagnostic Tools
After a problem has been clearly defined, the first step in diagnosing that problem is collecting information, as described in Chapter 2, “Introduction to Troubleshooting Processes.” Because the collection of information can be one of the most time consuming of the troubleshooting processes, the ability to quickly collect appropriate information becomes a valuable troubleshooting skill. This section introduces a collection of basic Cisco IOS commands useful in gathering information and discusses the filtering of irrelevant information from the output of those commands. Also included in this section are commands helpful in diagnosing connectivity and hardware issues.
Filtering the Output of show Commands
Cisco IOS offers multiple show commands useful for gathering information. However, many of these show commands produce a large quantity of output.
Consider the output shown in Example 3-1. The output from the show processes cpu command generated approximately 180 lines of output, making it challenging to pick out a single process.
Example: show processes cpu Command
Example 3-1 show processes cpu Command Output
R1# show processes cpu CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 4 3 1333 0.00% 0.00% 0.00% 0 Chunk Manager 2 7245 1802 4020 0.08% 0.08% 0.08% 0 Load Meter 3 56 2040 27 0.00% 0.00% 0.00% 0 OSPF Hello 1 4 4 1 4000 0.00% 0.00% 0.00% 0 EDDRI_MAIN 5 21998 1524 14434 0.00% 0.32% 0.25% 0 Check heaps 6 0 1 0 0.00% 0.00% 0.00% 0 Pool Manager 7 0 2 0 0.00% 0.00% 0.00% 0 Timers 8 0 1 0 0.00% 0.00% 0.00% 0 Crash writer 9 0 302 0 0.00% 0.00% 0.00% 0 Environmental mo 10 731 1880 388 0.00% 0.00% 0.00% 0 ARP Input ...OUTPUT OMITTED... 171 0 1 0 0.00% 0.00% 0.00% 0 lib_off_app 172 4 2 2000 0.00% 0.00% 0.00% 0 Voice Player 173 0 1 0 0.00% 0.00% 0.00% 0 Media Record 174 0 1 0 0.00% 0.00% 0.00% 0 Resource Measure 175 12 6 2000 0.00% 0.00% 0.00% 0 Session Applicat 176 12 151 79 0.00% 0.00% 0.00% 0 RTPSPI 177 4 17599 0 0.00% 0.00% 0.00% 0 IP NAT Ager 178 0 1 0 0.00% 0.00% 0.00% 0 IP NAT WLAN 179 8 314 25 0.00% 0.00% 0.00% 0 CEF Scanner
Perhaps you were only looking for CPU utilization statistics for the Check heaps process. Because you know that the content of the one line you are looking for contains the text Check heaps, you could take the output of the show processes cpu command and pipe that output (that is, use the | character) to the include Check heaps statement. The piping of the output causes the output to be filtered to only include lines that include the text Check heaps, as demonstrated in Example 3-2. This type of filtering can help troubleshooters more quickly find the data they are looking for.
Example 3-2 Filtering the show processes cpu Command Output
R1# show processes cpu | include Check heaps 5 24710 1708 14467 1.14% 0.26% 0.24% 0 Check heaps
Example: show ip interfaces brief Command
Similar to piping output to the include option, you could alternatively pipe output to the exclude option. The exclude option can display all lines of the output except lines containing the string you specify. For example, the show ip interfaces brief command can display IP address and status information for all interfaces on a router, as shown in Example 3-3.
Example 3-3 show ip interface brief Command Output
R1# show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.11 YES NVRAM up up Serial0/0 unassigned YES NVRAM administratively down down FastEthernet0/1 192.168.0.11 YES NVRAM up up Serial0/1 unassigned YES NVRAM administratively down down NVI0 unassigned YES unset up up Loopback0 10.1.1.1 YES NVRAM up up
Notice in Example 3-3 that some of the interfaces have an IP address of unassigned. If you want to only view information pertaining to interfaces with assigned IP addresses, you can pipe the output of the show ip interface brief command to exclude unassigned, as illustrated in Example 3-4.
Example 3-4 Filtering Output from the show ip interface brief Command
R1# show ip interface brief | exclude unassigned Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.11 YES NVRAM up up FastEthernet0/1 192.168.0.11 YES NVRAM up up Loopback0 10.1.1.1 YES NVRAM up up
Example: Jumping to the First Occurrence of a String in show Command Output
As another example, you might be troubleshooting a routing protocol issue and want to see the section of your running configuration where the routing protocol configuration begins. Piping the output of the show running-config command to begin router, as shown in Example 3-5, skips the initial portion of the show running-config output and begins displaying the output where the routing protocol configuration begins.
Example 3-5 Filtering the Output from the show running-config Command
R1# show running-config | begin router router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ...OUTPUT OMITTED...
Example: The show ip route Command
Another command that often generates a lengthy output, especially in larger environments, is the show ip route command. As an example, consider the show ip route output presented in Example 3-6.
Example 3-6 Sample show ip route Command Output
R1# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/30 is subnetted, 2 subnets
O 172.16.1.0 [110/65] via 192.168.0.22, 00:50:57, FastEthernet0/1
O 172.16.2.0 [110/65] via 192.168.0.22, 00:50:57, FastEthernet0/1
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
O 10.2.2.2/32 [110/2] via 192.168.0.22, 00:50:57, FastEthernet0/1
O 10.1.3.0/30 [110/129] via 192.168.0.22, 00:50:57, FastEthernet0/1
O 10.3.3.3/32 [110/66] via 192.168.0.22, 00:50:57, FastEthernet0/1
O 10.1.2.0/24 [110/75] via 192.168.0.22, 00:50:58, FastEthernet0/1
C 10.1.1.1/32 is directly connected, Loopback0
O 10.4.4.4/32 [110/66] via 192.168.0.22, 00:50:58, FastEthernet0/1
C 192.168.0.0/24 is directly connected, FastEthernet0/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
Although the output shown in Example 3-6 is relatively small, some IP routing tables contain hundreds or even thousands of entries. If, for example, you wanted to determine if a route for network 172.16.1.0 were present in a routing table, you could issue the command show ip route 172.16.1.0, as depicted in Example 3-7.
Perhaps you were looking for all subnets of the 172.16.0.0/16 address space. In that event, you could specify the subnet mask and the longer-prefixes argument as part of your command. Such a command, as demonstrated in Example 3-8, shows all subnets of network 172.16.0.0/16, including the major classful network of 172.16.0.0/16.
Example 3-7 Specifying a Specific Route with the show ip route Command
R1# show ip route 172.16.1.0
Routing entry for 172.16.1.0/30
Known via “ospf 1”, distance 110, metric 65, type intra area
Last update from 192.168.0.22 on FastEthernet0/1, 00:52:08 ago
Routing Descriptor Blocks:
* 192.168.0.22, from 10.2.2.2, 00:52:08 ago, via FastEthernet0/1
Route metric is 65, traffic share count is 1
Example 3-8 Filtering Output from the show ip route Command with the longer-prefixes Option
R1#show ip route 172.16.0.0 255.255.0.0 longer-prefixes
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/30 is subnetted, 2 subnets
O 172.16.1.0 [110/65] via 192.168.0.22, 00:51:39, FastEthernet0/1
O 172.16.2.0 [110/65] via 192.168.0.22, 00:51:39, FastEthernet0/1