© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE I Chapter 6
1
Network Troubleshooting
Accessing the WAN – Chapter 8
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
2
Objectives
 In this chapter, you will learn to:
– Establish and document a network baseline.
– Describe the various troubleshooting methodologies and
troubleshooting tools.
– Describe the common issues that occur during WAN
implementation.
– Identify and troubleshoot common enterprise network
implementation issues using a layered model approach.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
3
Documenting Your Network
 To efficiently diagnose and correct network problems,
a network engineer needs to know network baseline .
–This information is captured in documentation.
 Network documentation include 3 components:
1. Network configuration table
2. End-system configuration table
3. Network topology diagram
1. Network Configuration Table
–Contains up-to-date records of hardware and software
•Type of device, model designation
•IOS image name

•Device network hostname
•Location of the device (building, floor, room, rack, panel)
•If it is a modular device, include all module types and in
which module slot they are located
•Data link layer addresses
•Network layer addresses
•Any additional important information about physical aspects
of the device
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
4
Documenting Your Network
2. End-system Configuration Table
–Contains baseline records used in end-system devices
such as servers, and desktop workstations.
•Device name (purpose)
•Operating system and version
•IP address
•Subnet mask
•Default gateway, DNS server, and WINS server addresses
•Any high-bandwidth network applications that the end-
system runs
3. Network Topology Diagram
–Graphical representation of a network, which illustrates
how each device in a network is connected and its
logical architecture.
–Routing protocols can also be shown.
•Symbols for all devices and how they are connected
•Interface types and numbers
•IP addresses

•Subnet masks
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
5
Network Documentation Process
 When you document your network, you may have to
gather information directly from routers and switches.
 Commands that are useful to the network
documentation process include:
–The ping command is used to test connectivity with
neighboring devices. Pinging to other PCs in the network
also initiates the MAC address auto-discovery process.
–The telnet command is used to log in remotely to a
device for accessing configuration information.
–The show ip interface brief is used to display the up
or down status and IP address of all interfaces.
–The show ip route command is used to display the
routing table in a router to learn the directly connected
neighbors, more remote devices (through learned
routes), and the routing protocols.
–The show cdp neighbor detail command is used to
obtain detailed information about directly connected
Cisco neighbor devices.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
6
Why is Establishing a Baseline Important?
 Establishing a network performance baseline requires
collecting key performance data from the ports and
devices that are essential to network operation.

–How does the network perform during a normal or
average day?
• Measuring the initial performance allows a network
administrator to determine the difference between
abnormal behavior and proper network performance.
–Where are the underutilized and over-utilized areas?
• It may also reveal areas in the network that are
underutilized and quite often can lead to network redesign
efforts based on quality and capacity observations.
–Where are the most errors occurring?
• In addition, analysis after an initial baseline tends to
reveal hidden problems.
–What thresholds should be set for the devices that
need to be monitored?
–Can the network deliver the identified policies?
• The baseline also provides insight into whether the
current network design can deliver the required policies.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
7
Steps for Establishing a Network Baseline
3 steps for planning the first baseline:
 Step 1. Determine what types of data to collect
–When conducting the initial baseline, start by selecting
a few variables that represent the defined policies. If too
many data points are selected, the amount of data can
be overwhelming.
• Generally, some good measures are interface utilization
and CPU utilization.
 Step 2. Identify devices and ports of interest

–. Devices and ports of interest include:
• Network device ports that connect to other network
devices
• Servers
• Key users
• Anything else considered critical to operations.
–By narrowing the ports polled, the results are concise,
and network management load is minimized.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
8
Steps for Establishing a Network Baseline
 Step 3. Determine the baseline duration
–This period should be at least seven days to
capture any daily or weekly trends.
–A baseline needs to last no more than six weeks.
–Generally, a two-to-four-week baseline is
adequate.
• The figure shows examples of several
screenshots of CPU utilization trends captured
over a daily, weekly, monthly, and yearly period.
• The work week trends are too short to accurately
reveal the recurring nature of the utilization surge
that occurs every weekend when a database
backup operation consumes network bandwidth.
• The yearly trend shown in the example is too long
a duration to provide meaningful baseline
performance details.
–Baseline analysis of the network should be
conducted on a regular basis.

• Analysis must be conducted regularly to
understand how the network is affected by growth
and other changes.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
9
Measuring Network Performance Data
 Sophisticated network management software is
often used to baseline large networks.
– For example, Fluke Network SuperAgent module
enables administrators to automatically create
reports using Intelligent Baselines feature.
• This feature compares current performance levels
with historical observations and can automatically
identify performance problems and applications
that do not provide expected levels of service.
 In simpler networks, the baseline tasks may
require a combination of manual data collection
and simple network protocol inspectors.
– Hand collection using show commands on
individual network devices is extremely time
consuming and should be limited to mission-
critical network devices.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
10
General Approach to Troubleshooting
 Using efficient troubleshooting techniques shortens overall
troubleshooting time.
 Two extreme approaches to troubleshooting almost always result

in disappointment, delay, or failure.
– At one extreme is the theorist, or rocket scientist, approach.
• The rocket scientist analyzes and reanalyzes the situation until the exact
cause at the root of the problem has been identified.
• While this process is fairly reliable, few companies can afford to have
their networks down for the hours or days.
– At the other extreme is the impractical, or caveman, approach.
• The caveman's first instinct is to start swapping cards, cables, and
software until miraculously the network begins operating again.
• This approach may achieve a change in symptoms faster, it is not
reliable.
 the better approach is somewhere in the middle using elements
of both.
– It is important to analyze the network as a whole rather than in a
piecemeal fashion.
– A systematic approach minimizes confusion and cuts down on time
otherwise wasted with trial and error.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
11
Using Layered Models for Troubleshooting
OSI Versus TCP/IP Layered Models
 OSI Reference Model
–The upper layers (5-7) deal with application issues and
are implemented only in software.
–The lower layers (1-4) handle data-transport issues.
•Layers 3 and 4 are generally implemented only in software.
•The physical layer (Layer 1) and data link layer (Layer 2)
are implemented in hardware and software.
 TCP/IP Model

–The application layer in the TCP/IP suite actually
combines the functions of the three OSI model layers:
session, presentation, and application.
–The transport layers of TCP/IP is responsible for
exchanging segments between devices.
–The Internet layer is responsible for placing messages in
a fixed format that allows devices to handle them.
–The network access layer communicates directly with
the network media and provides an interface between
the architecture of the network and the Internet layer.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
12
General Troubleshooting Procedures
 The stages of the general troubleshooting process are:
–Stage 1 Gather symptoms - Troubleshooting begins with
the process of gathering and documenting symptoms from
the network, end systems, and users.
•Symptoms may appear in many different forms, including
alerts from the network management system, console
messages, and user complaints.
–Stage 2 Isolate the problem - The problem is not isolated
until a single problem, or a set of problems, is identified.
–Stage 3 Correct the problem - Having isolated and
identified the cause of the problem, the network
administrator works to correct the problem by
implementing, testing, and documenting a solution.
If the network administrator determines that the
corrective action has created another problem,
–the attempted solution is documented, the changes are

removed, and the network administrator returns to
gathering symptoms and isolating the problem.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
13
Troubleshooting Methods
 There are three main methods for troubleshooting:
 Bottom-Up Troubleshooting Method
–In bottom-up troubleshooting you start with the physical
components of the network and move up through the layers.
•Bottom-up troubleshooting is a good approach to use when the
problem is suspected to be a physical one.
 Top-Down Troubleshooting Method
–In top-down troubleshooting your start with the end-user
applications and move down the layers of the OSI model.
•Use this approach for simpler problems or when you think the
problem is with a piece of software.
 Divide-and-Conquer Troubleshooting Method
–In divide-and-conquer troubleshooting you start by collecting
user experience of the problem, document the symptoms
and then, using that information, make an informed guess as
to which OSI layer to start your investigation.
•For example, if users can't access the web server and you can
ping the server, then you know that the problem is above Layer 3.
•If you can't ping the server, then you know the problem is likely at
a lower OSI layer.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
14
Guidelines for Selecting a Troubleshooting Method

 To quickly resolve network problems,
take the time to select the most effective
troubleshooting method.
–Use the process shown in the figure to
help you select the most efficient
troubleshooting method.
 For example: Two IP routers are not
exchanging routing information. The last
time this type of problem occurred it was
a protocol issue. So you choose the
divide-and-conquer troubleshooting
method.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
15
Gathering Symptoms
 Step 1. Analyze existing symptoms
–Analyze symptoms gathered from the trouble ticket or
users to form a definition of the problem.
 Step 2. Determine ownership
–If problem is within your system, move onto next stage.
–If the problem is outside the boundary of your control, for
example, lost Internet connectivity you need to contact
an administrator for the external system.
 Step 3. Narrow the scope
–Determine if the problem is at the core, distribution, or
access layer of the network.
 Step 4. Gather symptoms from suspect devices
–Use knowledge and experience to determine if the
problem is a hardware or software problem.

 Step 5. Document symptoms
–Sometimes the problem can be solved using the
documented symptoms. If not, begin the isolating phase
of the general troubleshooting process.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
16
Gathering Symptoms
 Use the Cisco IOS commands to gather
symptoms about the network.
–Although the debug command is an
important tool for gathering symptoms it
generates a large amount of console
message traffic and the performance of a
network device can be noticeably affected.
–Make sure you warn network users that a
troubleshooting effort is underway and that
network performance may be affected.
–Remember to disable debugging when you
are done.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
17
Gathering Symptoms: Questioning End Users
 When you question end users about a network problem they
may be experiencing, use effective questioning techniques.
 This way you will get the information you need to effectively
document the symptoms of a problem.
 The table in the figure provides some guidelines and end-
user example questions.

Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
18
Software Troubleshooting Tools
 NMS Tools
–Network management system (NMS) tools
include device-level monitoring, configuration,
and fault management tools.
–Network monitoring software graphically
displays a physical view of network devices,
allowing network managers to monitor remote
devices without physically checking them.
–Examples are CiscoView, HP Openview, Solar
Winds, and What's Up Gold.
 Knowledge Bases
–On-line network device vendor knowledge
bases have become indispensable sources of
information.
–When vendor-based knowledge bases are
combined with Internet search engines like
Google, a network administrator has access to
a vast pool of experience-based information.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
19
Software Troubleshooting Tools
 Baselining Tools
–For example they can help you draw network
diagrams, help you to keep network software and
hardware documentation up-to-date and help you to

cost-effectively measure baseline network bandwidth
use.
–Many tools for automating the network
documentation and baselining process are available.
–The figure shows a screen chapter of the SolarWinds
LAN surveyor and CyberGauge software.
 Protocol Analyzers
–A protocol analyzer decodes the various protocol
layers in a recorded frame and presents this
information in a relatively easy to use format.
–The figure shows a screen capture of the Wireshark
protocol analyzer.
–Most protocol analyzers can filter traffic that meets
certain criteria so that, for example, all traffic to and
from a particular device can be captured.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
20
Hardware Troubleshooting Tools
 Network Analysis Module
–A network analysis module (NAM) can be
installed in Cisco Catalyst 6500 series switches
and Cisco 7600 series routers to provide a
graphical representation of traffic.
 Digital Multimeters
–Digital multimeters (DMMs) are test instruments
that are used to directly measure electrical values
of voltage, current, and resistance.
 Cable Testers
–Cabling testers can be used to detect broken

wires, crossed-over wiring, shorted connections,
and improperly paired connections.
–These devices can be inexpensive continuity
testers, moderately priced data cabling testers, or
expensive time-domain reflectometers (TDRs).
•TDRs are used to test the distance to a break in a
cable.
•TDRs used to test fiber optic cables are known as
optical time-domain reflectometers (OTDRs).
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
21
Hardware Troubleshooting Tools
 Cable Analyzers
–Cable analyzers are multifunctional handheld devices that
are used to test and certify copper and fiber cables for
different services and standards.
–The more sophisticated tools include advanced
troubleshooting diagnostics that measure distance to
performance defect (NEXT, RL), identify corrective
actions, and graphically display crosstalk and impedance
behavior.
 Portable Network Analyzers
–Portable devices that are used for troubleshooting
switched networks and VLANs.
–By plugging the network analyzer in anywhere on the
network, a network engineer can see the switch port to
which the device is connected and the average and peak
utilization.
–The analyzer can also be used to discover VLAN

configuration, identify top network talkers, analyze
network traffic, and view interface details.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
22
Troubleshooting Tools: Research Activity
 The following are links to various troubleshooting tools.
 Software Tools
–Network Management Systems:
•
•
–Baselining Tools:
•
–Knowledge Bases:
•
–Protocol Analyzers:
•
 Hardware Tools
–Cisco Network Analyzer Module (NAM):
•
–Cable Testers:
•
–Cable Analyzers:
•
–Network Analyzers:
•
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
23
WAN Communications

 WAN technologies function at the lower three
layers of the OSI reference model.
 A communications provider normally owns the
data links that make up a WAN.
–The links are made available to subscribers for a
fee and are used to interconnect LANs or connect
to remote networks.
–WAN data transfer speed (bandwidth) is
considerably slower than the common LAN
bandwidth.
–The charges for link provision are the major cost
element, therefore the WAN implementation must
aim to provide maximum bandwidth at acceptable
cost.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
24
Steps in WAN Design
 WAN connectivity is important to business and expensive,
these are the steps for designing or modifying a WAN:
 Step 1. Locate LANs - Establish the source and destination
endpoints that will connect through the WAN.
 Step 2. Analyze traffic - Know what data traffic must be
carried, its origin, and its destination.
 Step 3. Plan the topology - A high requirement for availability
requires extra links that provide alternative data paths for
redundancy and load balancing.
 Step 4. Estimate the required bandwidth - Traffic on the links
may have varying requirements for latency and jitter.
 Step 5. Choose the WAN technology - Suitable link

technologies must be selected.
 Step 6. Evaluate costs - When all the requirements are
established, installation and operational costs for the WAN
can be determined and compared with the business need
driving the WAN implementation.
Cisco Thai Nguyen Networking Academy
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public ITE 1 Chapter 6
25
WAN Traffic Considerations
 The table in the figure shows
the wide variety of traffic
types and their varying
requirements of bandwidth,
latency, and jitter that WAN
links are required to carry.
–To determine traffic flow
conditions and timing of a WAN
link, you need to analyze the
traffic characteristics specific to
each LAN that is connected to
the WAN.