Académique Documents
Professionnel Documents
Culture Documents
Documentation
Baselining
Objective
Discover the true performance of the network
Provide comparison between normal and abnormal situations
Verify policies
Identify over-utilization and under-utilization areas
Long-term performance and capacity prediction
Steps of baselining
Planning for the first baseline
Start with data points which represent defined policies
Collect data for day or two before actual baseline to
determine whether the right data is collected from right
devices
Conduct network baselining on regular basis
Speed up fault isolation
Understand how the network affected by changes
Identifying devices and ports of interest
More clear report
Either keep from change or change informing manner
Use port description field to track the ports
Determine the duration of baseline
At least 7 days, 2 – 4 weeks is adequate
Network documentation
Overview
Facilitate more effective troubleshooting
Save time to build network configurations again
Network configuration table
Contain accurate and up-to-date records of components of the
network.
Provide information to identify and correct faults
Should include: type, model, hostname, location, data link layer
address, network layer address, other physical aspects
Table for budgetary purpose should be separated
Network topology diagrams
Notations and symbols should be consistent
Cloud symbol = out of scope network
Should include: device name, interface name, IP address, routing
protocols
Discover network configuration information
show version – device name, model, OS version (all)
show ip interfaces – active interfaces + addresses (R)
show ip interfaces brief – brief summary of interfaces (R)
show ip interface {interface-name} – MAC address (R)
show ip protocols – routing protocols enabled (R)
show spanning tree/spantree – spanning tree status (all)
show cdp neighbors – directly connected Cisco devices (all)
show cdp entry {device id} – details of connected devices (all)
show interfaces description – active ports + addresses (S)
show interfaces status – ports summary (S)
show etherchannel summary – EtherChannel (S)
show interfaces trunk – Trunk ports (S)
show tech-support – all information (many than needed)
End system configuration table
End systems are important, can affect network performance
Provide complete picture of the network
Should include: device name, OS, IP address, subnet mask,
default gateway, DNS server, high-bandwidth network
applications
End system topology diagrams
Should include: device name, OS, IP address, subnet mask,
interface names, VLANs
Discover end system configuration information
OS and hardware information
Access command line
ipconfig / winipcfg / ifconfig - TCP/IP setting
route print – active routes
arp –a – ARP information
ping – check connectivity
tracert / traceroute – view routes
Documentation guidelines
Determine scope Know the objective Be consistent Keep
the documents accessible Maintain the documentation
Troubleshooting methodologies and tools
Overview
Systematic approach can make troubleshooting manageable, less
confuse and less time wasting
Rocket scientist approach (theorist)
Analyze until identify root cause, then correct with precision
Time wasting, resources demanding
Caveman approach (practical)
Swap the things until the network functions again
Not reliable, root cause may still present
General troubleshooting process
Remarks: stages are not mutually exclusive, policies should be
established in each stage
Step 1 – Gather symptoms
From alerts from NM systems, console message and users
Break down the problems to smaller ones
Questioning technique
Ask questions which related to the problem
Use each question to eliminate or discover possibilities
Make the question understandable by users
Ask the time of the problem first seen
Ask user to recreate the problem if possible
Determine the event sequence before the problem happened
Match the symptoms with common problem causes
Step 2 – Isolate the problem
Use the layer models to categorize the problems
Further gather and document symptoms
Step 3 – Correct the problem
Implement
Test
Document (especially a new problem is made)
Approaches
Types
Bottom-up
Work up through OSI layer model
Good to deal with physical problems
Check every device and document all conclusions and
possibilities after obtain authorization
Top-down
Work down through OSI layer model
Good to deal with application problems
Check every network applications and document all
conclusions and possibilities after obtain authorization
Divide and conquer
Work directly on a particular layer, based on troubleshooter’s
experience and symptoms
If a layer is functioning, normally underneath layers are
working too
Selecting guidelines
Tools
Network management system frameworks
End stations can send alerts when problems are recognized
Management entities are programmed to react
Agent in end stations gather information
Such information will be sent via NM protocols like SNMP
Five areas: Performance, Configuration, Accounting, Fault and
Security
Knowledge base tools - databases
Performance measurement and reporting tools - Cisco view, Netsys
baseliner
Event and fault management tools – Cisco Network Analysis Module,
protocol analyzers, pair / cable testers
OSI layer 1 troubleshooting
Critical characteristics
As physical layer failed, upper layers cannot operate too
Ping timeout
Not able to telnet
Not able to access network drives and servers
“Page cannot be displayed” when attempting to access web pages
Noncritical characteristics
Equipment indicators
System LED - It shows whether the system is receiving power
and functioning correctly
POST – off = running, green = success, amber = failed
Remote Power Supply (RPS) LED - It indicates whether or not
the remote power supply is in use
Port Mode LED - It indicates the current state of the Mode button.
Port Status LED - They have different meanings, depending on
the current value of the Mode LED.
Console messages
show interfaces
no keepalive – pretend interface up, should not be used
Performance lower than baseline
Poor configuration
Incorrect clock rate, incorrect clock source, incorrect serial
links (sync/async), interface shutdown, encapsulations, IP
addressing, duplex and speed
Inadequate capacity
Unstable routing due to marginal link or port
Excessive traffic across low speed link
Overload server or service
Exceed design limits
Distance limit of cable signal attenuation
Collisions
Large collision domains, duplex mismatch, late collisions
Use show interface ethernet/fastethernet
Electromagnetic Interference (EMI) effects
Impulse noise (voltage fluctuation, 270mV on 10BaseT and
30 or 40mV on 1000BaseT)), Random noise, Alien cross-talk
(parallel cables) and Near End Cross Talk (untwisted cable >
13mm)
Faulty media or hardware
Loose cable, dirty contacts, wrong cable, return loss
Power LED, Fan, power cable
Resources and utilization
CPU and memory
Power
Network
Console (error) messages
Format: %FACILITY-SEVERITY-MNEMONIC: Message-text
Facility (hardware, protocol, or module)