Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 12: Network Troubleshooting - Coggle Diagram
Module 12: Network Troubleshooting
Network Documentation
Documentation Overview
Common network documentation includes the following:
Physical and logical network topology diagrams
Network device documentation that records all pertinent device information
Network performance baseline documentation
Network Topology Diagrams
Physical Topology
Logical IPv4 Topology
:
Logical IPv6 Topology
Network Device Documentation
Network device documentation should contain accurate, up-to-date records of the network hardware and software. Documentation should include all pertinent information about the network devices.
Many organizations create documents with tables or spreadsheets to capture relevant device information.
Step 1
- Determine What Types of Data to Collect
When conducting the initial baseline, start by selecting a few variables that represent the defined policies. If too many data points are selected, the amount of data can be overwhelming, making analysis of the collected data difficult. Start out simply and fine-tune along the way. Some good starting variables are interface utilization and CPU utilization.
Step 2
- Identify Devices and Ports of Interest
Use the network topology to identify those devices and ports for which performance data should be measured. Devices and ports of interest include the following:
Network device ports that connect to other network devices
Servers
Key users
Anything else considered critical to operations
Step 3
- Determine the Baseline Duration
The length of time and the baseline information being gathered must be long enough to determine a “normal” picture of the network. It is important that daily trends of network traffic are monitored. It is also important to monitor for trends that occur over a longer period, such as weekly or monthly. For this reason, when capturing data for analysis, the period specified should be, at a minimum, seven days long.
The figure displays examples of several screenshots of CPU utilization trends captured over a daily, weekly, monthly, and yearly period
:
12.3 Troubleshooting Tools
Network Management System Tools
Network management system (NMS) tools include device-level monitoring, configuration, and fault-management tools. These tools can be used to investigate and correct network problems. Network monitoring software graphically displays a physical view of network devices, allowing network managers to monitor remote devices continuously and automatically. Device management software provides dynamic device status, statistics, and configuration information for key network devices. Search the internet for “NMS Tools” for more information.
12.3.2 Protocol Analyzers
Protocol analyzers can investigate packet content while flowing through the network. A protocol analyzer decodes the various protocol layers in a recorded frame and presents this information in a relatively easy to use format. The figure shows a screen capture of the Wireshark protocol analyzer.
12.3.3 Hardware Troubleshooting Tools
Cable Testers
Cable testers can be used to detect broken wires, crossed-over wiring, shorted connections, and improperly paired connections. These devices can be inexpensive continuity testers, moderately priced data cabling testers, or expensive time-domain reflectometers (TDRs). TDRs are used to pinpoint the distance to a break in a cable. These devices send signals along the cable and wait for them to be reflected. The time between sending the signal and receiving it back is converted into a distance measurement. The TDR function is normally packaged with data cabling testers. TDRs used to test fiber-optic cables are known as optical time-domain reflectometers (OTDRs).
Digital Multimeters
Digital multimeters (DMMs) are test instruments that are used to directly measure electrical values of voltage, current, and resistance.
In network troubleshooting, most tests that would need a multimeter involve checking power supply voltage levels and verifying that network devices are receiving power.
Cable Analyzers
Cable analyzers are multifunctional handheld devices that are used to test and certify copper and fiber cables for different services and standards.
Portable Network Analyzers
By plugging the network analyzer in anywhere on the network, a network engineer can see the switch port to which the device is connected, and the average and peak utilization. The analyzer can also be used to discover VLAN configuration, identify top network talkers (hosts generating the most traffic), analyze network traffic, and view interface details. The device can typically output to a PC that has network monitoring software installed for further analysis and troubleshooting.
12.3.4 Syslog Server as a Troubleshooting Tool
Syslog is a simple protocol used by an IP device known as a syslog client, to send text-based log messages to another IP device, the syslog server. Syslog is currently defined in RFC 5424.
Implementing a logging facility is an important part of network security and for network troubleshooting. Cisco devices can log information regarding configuration changes, ACL violations, interface status, and many other types of events. Cisco devices can send log messages to several different facilities. Event messages can be sent to one or more of the following:
Console - Console logging is on by default. Messages log to the console and can be viewed when modifying or testing the router or switch using terminal emulation software while connected to the console port of the network device.
Terminal lines - Enabled EXEC sessions can be configured to receive log messages on any terminal lines. Like console logging, this type of logging is not stored by the network device and, therefore, is only valuable to the user on that line.
Buffered logging - Buffered logging is a little more useful as a troubleshooting tool because log messages are stored in memory for a time. However, log messages are cleared when the device is rebooted.
SNMP traps - Certain thresholds can be preconfigured on routers and other devices. Router events, such as exceeding a threshold, can be processed by the router and forwarded as SNMP traps to an external SNMP network management station. SNMP traps are a viable security logging facility but require the configuration and maintenance of an SNMP system.
Syslog - Cisco routers and switches can be configured to forward log messages to an external syslog service. This service can reside on any number of servers or workstations, including Microsoft Windows and Linux-based systems. Syslog is the most popular message logging facility, because it provides long-term log storage capabilities and a central location for all router messages.
:
Troubleshooting Process
General Troubleshooting Procedures
Troubleshooting can be time consuming because networks differ, problems differ, and troubleshooting experience varies. However, experienced administrators know that using a structured troubleshooting method will shorten overall troubleshooting time.
Therefore, the troubleshooting process should be guided by structured methods. This requires well defined and documented troubleshooting procedures to minimize wasted time associated with erratic hit-and-miss troubleshooting. However, these methods are not static. The troubleshooting steps taken to solve a problem are not always the same or executed in the exact same order.
Seven-Step Troubleshooting Process
Gather Information
Troubleshooting with Layered Models
The OSI and TCP/IP models can be applied to isolate network problems when troubleshooting. For example, if the symptoms suggest a physical connection problem, the network technician can focus on troubleshooting the circuit that operates at the physical layer.
12.4 Symptoms and Causes of Network Problems
12.4.1 Physical Layer Troubleshooting
12.4.4 Transport Layer Troubleshooting - ACLs
Network problems can arise from transport layer problems on the router, particularly at the edge of the network where traffic is examined and modified. For instance, both access control lists (ACLs) and Network Address Translation (NAT) operate at the network layer and may involve operations at the transport layer, as shown in the figure.
12.4.3 Network Layer Troubleshooting
Network layer problems include any problem that involves a Layer 3 protocol, such as IPv4, IPv6, EIGRP, OSPF, etc. The figure summarizes the symptoms and causes of network layer network problems.
12.4.2 Data Link Layer Troubleshooting
Troubleshooting Layer 2 problems can be a challenging process. The configuration and operation of these protocols are critical to creating a functional, well-tuned network. Layer 2 problems cause specific symptoms that, when recognized, will help identify the problem quickly.
12.4.5 Transport Layer Troubleshooting - NAT for IPv4
There are several problems with NAT, such as not interacting with services like DHCP and tunneling. These can include misconfigured NAT inside, NAT outside, or ACLs. Other issues include interoperability with other network technologies, especially those that contain or derive information from host network addressing in the packet.
12.4.6 Application Layer Troubleshooting
Most of the application layer protocols provide user services. Application layer protocols are typically used for network management, file transfer, distributed file services, terminal emulation, and email. New user services are often added, such as VPNs and VoIP.
