640-606 Support

www.testking.com

- 1 -


640-606
Study Guide
Cisco CCNP Support

(Cisco Internetwork Troubleshooting)
Version 1.1

640-606 Support

www.testking.com

- 2 -
TABLE OF CONTENTS

List of Tables

Introduction

11. Support Resources for Troubleshooting

1.1 Network Media Test Equipment

1.2 Network Monitors

1.3 Protocol Analyzers

1.4 Network Management Systems

1.5 CiscoWorks
1.5.1 CiscoWorks for Switched Internetworks Software (CWSI) Campus
1.5.2 TrafficDirector Remote Monitoring Software

1.6 Simulation and Modeling Tools

1.7 Cisco Connection Online (CCO)

2. Understanding Troubleshooting Methods

2.1 The steps and scope of systematic troubleshooting

2.2 The Problem-Solving Model

2.3 A Baseline Model of the Network

3. Identifying Troubleshooting Targets

3.1 Data Link Troubleshooting
3.1.1 Troubleshooting Physical and Data Link Protocol
3.1.2 Clearing Interface Counters

3.2 The
show
Commands


3.3 Token Ring Soft Errors

3.4 Cisco Discovery Protocol (CDP)
3.4.1 Common Protocol Characteristics
3.4.2 Protocol Connection Troubleshooting
3.4.2.1 TCP Connection Sequence
3.4.2.2 Novell Connection Sequence

640-606 Support

www.testking.com

- 3 -
3.4.2.3 AppleTalk Connection Sequence

4. Applying Cisco Troubleshooting Tools

4.1 Routing and Switching Processes

4.2 Switching in Different Routers Models
4.2.1 The 7000 Series
4.2.2 The 7500 Series
4.2.3 The 4000, 3000, and 2500 Series

4.3 The
debug
Tool

4.4 Error Messages


4.5 Reachability and Path Tests
4.5.1 The
ping
Command
4.5.2 The
traceroute
Command

4.6 Gathering further information
4.6.1 The
show version
Command
4.6.2 The
show buffers
Command
4.6.3 The
show memory
Command
4.6.4 The
show processes
Command
4.6.5 The
show controllers cxbus
Command
4.6.6 The
show stacks
Command
4.6.7 Core Dumps

5. Diagnosing and Correcting Campus TCP/IP, Novell Networking and

AppleTalk Problems

5.1 Cisco IOS Troubleshooting Tools and Commands for TCP/IP, IPX and AppleTalk.
5.1.1 The
ping
,
traceroute
and
test
Commands
5.1.2 The
show ip
,
show ipx
and
show appletalk
Commands
5.1.2.1 The
show ip
Commands
5.1.2.2 The
show ipx
Commands
5.1.2.3 The
show appletalk
Commands
5.1.3 The
debug ip
,
debug ipx

and
debug apple
Commands
5.1.3.1 The
debug ip
Commands
5.1.3.2 The
debug ipx
Commands
5.1.3.3 The
debug apple
Commands

5.2 General Problem Isolation Method for TCP/IP Connectivity
5.2.1 Browser Issues in Microsoft Products
5.2.2 Redistribution between IP Routing Protocols

5.3 Problem Isolation in IPX Networks
640-606 Support

www.testking.com

- 4 -
5.3.1 IPX Frame Type
5.3.2
ipx gns-response-delay

5.3.3 Specific IPX Problems, Causes, and Possible Actions
5.3.3.1 Client cannot connect to the local LAN’s server
5.3.3.2 Client cannot connect to a remote LAN’s server.

5.3.3.3 NetBIOS applications on the client cannot access a remote server.
5.3.3.4 No connectivity over the IPX router.
5.3.3.5 Router does not propagate SAP updates.

5.4 AppleTalk Configuration and Troubleshooting Checklist
5.4.1 Common AppleTalk Faults
5.4.2 Common AppleTalk Symptoms
5.4.3 Solving Common AppleTalk Problems
5.4.3.1 Configuration Mismatches
5.4.3.2 Duplicate Cable Range/Network Numbers
5.4.3.3 Phase I/Phase II Incompatibility
5.4.3.4 Unstable Routes
5.4.3.5 ZIP Storms
5.4.3.6 Old Zone Names Appearing in the Chooser
5.4.3.7 Zones do not Appeare in the Chooser

6. Diagnosing and Correcting Catalyst Problems

6.1 CiscoWorks for Switched Internetworks (CWSI)

6.2 Catalyst 5000 Switches
6.2.1 Embedded RMON Agent and SwitchProbe
6.2.2 Catalyst Switch LEDs
6.2.3 Cable, Speed, and Media
6.2.4 Catalyst Power-on Self-Test
6.2.5 Catalyst 5000 Spanning Tree
6.2.6 Troubleshooting Catalyst 5000
6.2.6.1 VLAN Trunking Protocol (VTP) and Interswitch Trunk Links
(ISLs)
6.2.6.2 Using

ping

6.2.6.3 The Cisco Discovery Protocol (CDP)
6.2.6.4 The
show
Commands
6.2.6.3 The
set
and
clear
Commands
6.2.7 Catalyst Symptoms, Problems, and Suggested Actions
6.2.7.1 Connection a Designated Local Switch is not Working
6.2.7.2 Communication Problems between the Terminal or Modem and
the Switch
6.2.7.3 Cannot Access Switch from Remote Devices

7. Troubleshooting VLANS on Routers and Switches

7.1 Troubleshooting Cisco IOS Configuration

640-606 Support

www.testking.com

- 5 -
7.2 VLAN Design Issues for Troubleshooting

7.3 Switch/Router Configuration Consistency


7.4 Router VLAN Diagnostic Tools
7.4.1 The
show
Commands
7.4.2 The
debug
Commands

7.5 Problem Isolation in Router/Switch VLAN Networks

8. Diagnosing and Correcting Frame Relay Problems

8.1 Frame Relay Troubleshooting

8.2 The Frame Relay Diagnostic Tools
8.2.1 Frame Relay Loopback Testing
8.2.2 The
show
Commands
8.2.3 The
debug
Commands

8.3 Frame Relay Problem Isolation

9. Diagnosing and Correcting ISDN BRI Problems

9.1 ISDN Components and Reference Points

9.2 BRI Channels

9.2.1 ISDN BRI Layer 1
9.2.2 ISDN Layer 2
9.2.3 ISDN Layer 3
9.2.4 ISDN End-to-End Circuit
9.2.5 PPP over B Channel
640-606 Support

www.testking.com

- 6 -

LIST OF TABLES


TABLE 3.1
TABLE 3.2
TABLE 3.3
TABLE 3.4
TABLE 3.5
TABLE 3.6
TABLE 4.1
TABLE 4.2
TABLE 4.3
TABLE 6.1
TABLE 6.2
TABLE 6.3
TABLE 7.1
TABLE 9.1
The
show interfaces fddi

Fields
The
show interfaces atm
Fields
Token Ring Isolating Soft Errors
Token Ring Nonisolating Soft Error
The
show novell traffic
Fields
The
show appletalk traffic
Fields
Commands for Logging Message Destinations
Logging Message Severity Levels
Common Failure Reported by the show stacks Command
Cable Length Limitations
The
show system
Command Fields
The
show test
Command Fields
Default VLANs on a Catalyst 5000 Switch
ISDN Reference Points

640-606 Support

www.testking.com

- 7 -

Cisco CCNP Support - Certified Internetwork
Troubleshooting (CIT)

Exam Code: 640-606

Certifications:

Cisco CCNP Routing and Switching Certification Core


Prerequisites:
Cisco CCNA Routing and Switching Certification Exam 640-607.


About This Study Guide
This Study Guide is based on the current pool of exam questions for the Cisco 640-606 – Support exam. As
such it provides all the information required to pass the Cisco 640-606 exam and is organized around the
specific skills that are tested in that exam. Thus, the information contained in this Study Guide is specific to
the 640-606 exam and does not represent a complete reference work on the subject of Internetwork
Troubleshooting. Topics covered in this Study Guide includes Traffic and Data link Fundamentals:
Identifying troubleshooting targets for connection-oriented and connectionless protocols, Identifying
common data link layer characteristics and key troubleshooting targets a campus LAN environment,
Identifying connection sequences and key troubleshooting targets within TCP/IP, and Identifying connection
sequences and key troubleshooting targets within Novell IPX; Troubleshooting Tools, Methods and Targets:
Identifying the types and purposes of tools commonly used for network troubleshooting, Describing and
identifying how to use the Cisco information resources, Listing the preferred methods for escalation of
troubleshooting issues to Cisco's service and support programs; Using the Cisco IOS Troubleshooting
Commands and Debugging Utilities: Using troubleshooting tools and minimizing their impact on a Cisco
router's switching type and data flow, and Identifying and using Cisco IOSTM software commands and
debug utilities to filter, capture and display protocol traffic flows; Implementing Efficient Troubleshooting

Methods: Describing an efficient problem-solving method; Implementing Problem Isolation for TCP/IP and
Novell IPX: Explaining the use of problem isolation techniques to list the symptoms of common TCP/IP and
IPX problems on routed networks, and Applying diagnostic tools to solve network problems;
Troubleshooting VLANC on Switches and Routers: Explaining how Cisco routers and switches use VLAN
technology, Applying diagnostic tools to switched and routed VLAN configuration problems, and Using
Cisco IOS router troubleshooting commands and Catalyst switch troubleshooting commands; Problem
Isolation and Resolution on Catalyst Switches: Explaining Catalyst technology, Describing troubleshooting
and problem isolation techniques to list the symptoms of Catalyst 5000 and VLAN problems on switched
Ethernet Networks, and Applying diagnostic tools to solve Catalyst 5000 problems; Problem Isolation and
Resolution for ISDN BRI: Using Cisco IOS commands and problem isolation techniques to identify the
symptoms of common ISDN BRI problems, and Applying diagnostic tools to solve ISDN BRI problems;
and Problem Isolation and Resolution for Frame Relay WANs: Using Cisco IOS commands and problem
isolation techniques to identify the symptoms of common WAN and Frame Relay problems, and Applying
diagnostic tools to solve Frame Relay problems.
640-606 Support

www.testking.com

- 8 -


Intended Audience
This Study Guide is targeted specifically at people who wish to take the Cisco CCNP 640-606 – Support
(CIT) exam. This information in this Study Guide is specific to the exam. It is not a complete reference work.
Although our Study Guides are aimed at new comers to the world of IT, the concepts dealt with in this Study
Guide are complex and require an understanding of material provided for the Cisco Certified Network
Associate (CCNA) exam 640-607. Knowledge of CompTIA’s A+ course would also be advantageous but is
not a requirement.

Note: There is a fair amount of overlap between this Study Guide and the 640-

604 and 640-605 Study Guides. We would not advise skimming over the
information that seems familiar as this Study Guide either expands on the
information, as it does in relation to the 640-607 Study Guide, or approaches
the information from a different angle.


How To Use This Study Guide
To benefit from this Study Guide we recommend that you:
• Although there is a fair amount of overlap between this Study Guide and the 640-607, 640-604 and 640-
605 Study Guides, the relevant information from those Study Guides are included in this Study Guide.
This is thus the only Study Guide you will require to pass the 640-606 exam.
• Study each chapter carefully until you fully understand the information. This will require regular and
disciplined work. Where possible, attempt to implement the information in a lab setup.
• Be sure that you have studied and understand the entire Study Guide before you take the exam.

Note: Remember to pay special attention to these note boxes as they contain
important additional information that is specific to the exam.

Good luck!
640-606 Support

www.testking.com

- 9 -
1
.
Support Resources for Troubleshooting


Today’s networks are mission critical resources, this makes the network support task very essential. Should

a component break down or be misconfigured, the network support engineers must be able to diagnose and
fix the problem in a timely manner while allowing connectivity through alternate devices. A variety of tools
has been created to help network support engineers.


1.1 Network Media Test Equipment
There are three classes of equipment for testing the physical layer medium:
• Volt/Ohm meters and digital multimeters used to check for cable connectivity and continuity.
• Cable testers or scanners, also test for connectivity but are more sophisticated than Volt/Ohm meters.
Are able report cable conditions such as attenuation, near-end crosstalk (NEXT), and noise. Can also
provide the measurement of a cable’s impedance.
• TDRs and OTDRs, devices that provide time domain reflectometer (TDR and optical TDR or OTDR
for fiber-optic cable testing), wire-map, and traffic monitoring functionality. Can locate opens, shorts,
kinks, sharp bends, crimps, and impedance mismatches.


1.2 Network Monitors
A Layer 2 tool used to capture, display and save traffic passing through a network cable. Can take the raw
data and provide information on frame sizes, number of erroneous frames, MAC addresses, number of
broadcasts, etc.

Network monitors can:
• Monitor network activity over a period of time, making it possible to establishing a network baseline.
• Assist in network capacity planning by observing patterns of changing network utilization.
• Identify traffic overloads and bottlenecks.


1.3 Protocol Analyzers
Similar to network monitors but are capable of interpreting and displaying the packet, segment, and other
(higher) protocol data units (PDUs). Can be used to study the format or behavior of certain protocols; to

check time delays between request and response.


1.4 Network Management Systems
Most networks deploy a variety of topologies, protocols, applications, and remote access technologies and
techniques. Network management systems are tools that can be used to understand, monitor, troubleshoot,
modify, scale, and secure networks.

Five key functional areas of network management are:
• Fault management
• Performance management
640-606 Support

www.testking.com

- 10 -
• Configuration and device management
• Accounting management
• Security management

Fault management is about discovering abnormal behavior before or shortly after it happens. Once a
problem is detected, take the following steps:
1. Identify the problem area.
2. Isolate the problem area and direct connectivity through alternate paths and/or devices.
3. Minimize the impact of the failure.
4. Identify the device causing the fault.
5. Identify the component/subsystem that is malfunctioning and needs to be replaced or reconfigured.
6. Implement the solution to restore normal network operation.



1.5 CiscoWorks
CiscoWorks is Cisco Systems’ network management software. It is based on Simple Network Management
Protocol (SNMP) and is used for managing networks with one integrated platform.

Network managers can monitor routers down to port activity, observe traffic patterns, modify configurations,
observe and report inventory, capture data, and observe security settings all from their one central station.


1.5.1 CiscoWorks for Switched Internetworks Software (CWSI) Campus
CWSI Campus is a suite of network management applications that provide remote monitoring, configuration,
and management of switched internetworks.


1.5.2 TrafficDirector Remote Monitoring Software
Considered an excellent fault and performance management tool. It is a part of the CWSI Campus suite of
network management applications and can be used to monitor traffic on network segments. Can detect
collisions, errors, utilization, and broadcast rates on a port basis.


1.6 Simulation and Modeling Tools
Allow you to put a test network together and see how it performs. Can be used to design a new network or to
see how an existing network will perform if you modify it, expand it, or put traffic stress on it.


1.7 Cisco Connection Online (CCO)
Provides interactive web-based services with access to Cisco’s information, systems, resources, and
personnel. The CCO consists of the Bug Toolkit, Troubleshooting Engine, Stack Decoder, and Open Forum,
all of which aid diagnosis and corrective activities.
640-606 Support


www.testking.com

- 11 -
2
.
Understanding Troubleshooting Methods

2.1 The steps and scope of systematic troubleshooting
Deploy a systematic troubleshooting technique that can eliminate different possibilities and move step-by-
step toward the real causes of the problem.


2.2 The Problem-Solving Model
The following is a generally accepted troubleshooting model. It presents a flow chart that can effectively
guide you through your troubleshooting tasks.



• Define the problem in terms of the associated symptoms and possible causes.
• Gather facts from different sources. Talk to network administrators, other support engineers, managers,
and anyone that can provide relevant information. Run some basic tests (such as
ping
,
trace
, etc).
• Consider all possibilities and eliminate the improbable possibilities so as to set a boundary for the
problem area. Order the possibilities that you believe might be the cause of the network problem based
on their likelihood.
• Create an action plan for each possibility in order to solve the problem. Ensure the security and
performance implications of each of your proposed actions are acceptable.

640-606 Support

www.testking.com

- 12 -
• Implement the action plan for each possibility in the order of their likelihood. Every action and change
must be documented so that you can reverse your actions if they are not appropriate.
• Observe the results of each action. See if the problems or symptoms have been eliminated and that
other normal network operations are not disrupted or adversely affected.
• Document the facts and report the problem as solved if the symptoms have disappeared and the
problem has been solved without creating new ones. Documenting your work will save you and others a
lot of time and effort in the future. Also document the date and time that you made changes.
• Go through an iteration process of implementing actions and observing results if there are still
unresolved issues. Consider the next action plan and go about implementing it. There will be times that
you remain with no possibility in hand while your network problems persist. In this event, you will have
to think of more possibilities. This may require that you gather more facts that you might have
overlooked.


2.3 A Baseline Model of the Network
To be able to effectively support, troubleshoot, or modify an internetwork, you must gather and document
information about the internetwork. Some of the essential information includes:
• The physical and logical network map
• Active protocols
• The protocol specific addressing scheme
• The devices, configurations, operating systems, and software in the network
• Baseline traffic and performance statistics and measurements about the internetwork and its devices.
• Past troubleshooting cases
• An historical profile of how the network arrived at its current state
640-606 Support


www.testking.com

- 13 -
3
.
Identifying Troubleshooting Targets

Your success in troubleshooting is often measured by how fast you can correctly identify the trouble causes,
fix the faults, and communicate the results. You should be familiar with the layered network model (OSI)
and understand the dependency of each layer on the correct operation of the layers below it.


3.1 Data Link Troubleshooting
All networking layers, except the physical layer, rely on the correct operation of the data link layer. The data
link layer connects devices, which are called adjacent devices. If the data link layer is faulty, problems such
as application failure, connection failure, slow network performance, distorted data, etc will occur. When
troubleshooting the data link layer with Cisco Routers in place, the interface and in some cases the controller
is examined.


3.1.1 Troubleshooting Physical and Data Link Protocol
You should first ensure that the physical layer is functioning properly before you troubleshoot the data link
layer. To troubleshoot the physical layer:
• Use the
show interfaces
command and look at the first line of the output to check that the interface is
up and line protocol is up.
• Check the link LED of the appropriate interface.
• Check the condition cables, jacks, and connectors.

• Use physical media test equipment.


3.1.2 Clearing Interface Counters
If you suspect interface problems, check the output of the
show interfaces
command. Interpret the input,
output, and error statistics from the
show interfaces
command. How you would interpret these statistics
depends on when those counters were last cleared, the time period through which those counters have
accumulated, and how those statistics compare to your baseline.


3.2 The
show
Commands
There are a number of show commands that you can use to trouble shoot targets. These commands include:
•
show interfaces
, which displays the status and statistics information about all router interfaces.
•
show interfaces ethernet n
, which lets you to examine the status of an Ethernet interface with
n

specifying the interface.

•
show interfaces tokenring n

, which lets you to examine the status of a Token Ring interface with
n

specifying the interface; and the state of source-route bridging. It also provides in-depth information on
that interface’s performance.
•
show controllers
, which displays information on all of router controllers. You can specify the type of
controller to get only the information on that particular controller. The router may have BRI, CBus, E1,
Ethernet, FastEthernet, FDDI, Lex, MCI, PCBus, serial, T1, T3, Token, or VGAnylan controllers,
depending on the type of router. The information is displayed in separate sections.
640-606 Support

www.testking.com

- 14 -
•
show interfaces fddi
, which displays information about the state of the FDDI interfaces. Table 3.1
provides a brief description of the FDDI-specific fields of the
show interfaces fddi
command.

TABLE 3.1: The show interfaces fddi Fields
Field Description
Phy-{A | B}
Lists the state the Physical A or Physical B connection is
in. These could be:
•
Off

, which indicates that the CMT is not running on
the Physical Sublayer.
•
Brk
(Break State), which is the entry point in the start
of a PCM connection.
•
Tra
(Trace State), which localizes a stuck beacon
condition.
•
Con
(Connect State), which synchronizes the ends of
the connection for the signaling sequence.
•
Nxt
(Next State), which separates the signaling
performed in the Signal State and transmits Protocol
Data Units (PDUs) while MAC Local Loop is
performed.
•
Sig
(Signal State), which is entered from the Next
State when a bit is ready to be transmitted.
•
Join
(Join State), which is the first of three states in a
unique sequence of transmitted symbol streams
received as line states that lead to an active connection.
•

Vfy
(Verify State), which is the second state in the
path to the Active State and will not be reached by a
connection that is not synchronized.
• Act
(Active State), which indicates that the CMT
process has established communications with its
physical neighbor.

Neighbor
State of the neighbor:
•
A
, which indicates that the CMT process has
established a connection with its neighbor.
•
S
, which indicates that the CMT process has
established a connection with its neighbor and that the
bits received during the CMT signaling process
indicate that the neighbor is one Physical type in a
singleattached station (SAS).
•
B
, which indicates that the CMT process has
established a connection with its neighbor and that the
bits received during the CMT signaling process
indicate that the neighbor is a Physical B dual-attached
station or concentrator that attaches to the secondary
ring IN and the primary ring OUT when attaching to

the dual ring.
•
M
, which indicates that the CMT process has
640-606 Support

www.testking.com

- 15 -
established a connection with its neighbor and that the
bits received during the CMT signaling process
indicate that the router’s neighbor is a Physical M-type
concentrator that serves as a Master to a connected
station or concentrator.
• unk
, which indicates that the network server has not
completed the CMT process.

Cmt signal bits
Shows the transmitted and received CMT bits.
Status
Status value displayed is the actual status on the fiber. This
can be:
•
LSU
(Line State Unknown), which indicates that the
criteria for entering or remaining in any other line state
have not been met.
•
NLS

(Noise Line State), which is entered upon the
occurrence of 16 potential noise events without
satisfying the criteria for entry into another line state.
•
MLS
(Master Line State), which is entered upon the
reception of eight or nine consecutive HQ or QH
symbol pairs.
•
ILS
(Idle Line State), which is entered upon the receipt
of four or five idle symbols.
•
HLS
(Halt Line State), which is entered upon the
receipt of 16 or 17 consecutive H symbols.
•
QLS
(Quiet Line State), which is entered upon the
receipt of 16 or 17 consecutive Q symbols or when
carrier detect goes low.
•
ALS
(Active Line State), which is entered upon receipt
of a JK symbol pair when carrier detect is high.
•
OVUF
(Elasticity buffer Overflow/Underflow), which is
the normal states for a connected Physical type are ILS
or ALS.

ECM is . . .
ECM is the SMT state entity coordination management,
which overlooks the operation of CFM and PCM. This can
be:
• out
when the router is isolated from the network.

•
in
when the router is actively inserted in the network.
•
trace
when the router is trying to localize a stuck
beacon condition.
•
leave
when the router is allowing time for all the
connections to break before leaving the network.
•
path_test
when the router is testing its internal paths.
•
insert
when the router is allowing time for the optical
bypass to insert.
•
check
when the router is making sure optical bypasses
switched correctly.
640-606 Support


www.testking.com

- 16 -
•
deinsert
when the router is allowing time for the
optical bypass to deinsert.
CFM is . . .
Contains information about the current state of the MAC
connection. This can be:
•
Isolated
when the MAC is not attached to any
Physical type.
•
Wrap A
when the MAC is attached to Physical A. Data
is received on Physical A and transmitted on Physical
A.
•
Wrap B
when the MAC is attached to Physical B. Data
is received on Physical B and transmitted on Physical
B.
•
Thru A
when the MAC is attached to Physical A and
B. Data is received on Physical A and transmitted on
Physical B.

RMT is . . .
RMT (Ring Management) is the SMT MAC-related state
machine. This can be:
•
Isolated
when the MAC is not trying to participate in
the ring.
•
non_op
when the MAC is participating in ring recovery
and ring is not operational.
•
ring_op
when the MAC is participating in an
operational ring.
•
detect
when the ring has been nonoperational for
longer than normal.
•
non_op_dup
when indications have been received that
the address of the MAC is a duplicate of another MAC
on the ring.
•
ring_op_dup
when indications have been received that
the address of the MAC is a duplicate of another MAC
on the ring.
•

directed
when the MAC is sending beacon frames
notifying the ring of the stuck condition.
•
trace
when trace has been initiated by this MAC, and
the RMT state machine is waiting for its completion
before starting an internal path test.
Token rotation
Token rotation value is the default or configured rotation
value as determined by the
fddi token rotation-time

command. This value is used by all stations on the ring.
The default is 5000 microseconds.
Ring operational
When the ring is operational, the displayed value will be
the negotiated token rotation time of all stations on the
ring. Operational times are displayed by the number of
hours:minutes:seconds
the ring has been up. If the ring
is not operational, the message "
ring not operational
"
640-606 Support

www.testking.com

- 17 -
is displayed.

Upstream | downstream
neighbor

Displays the canonical MAC address of outgoing upstream
and downstream neighbors. If the interface is not up, these
values will be zero (0).
•
show interfaces atm
Some of the output of the
show interfaces atm
command is similar to other

show interface
commands, however there are several output fields that is unique to the
show
interfaces atm
command. Table 3.2 discusses the output for the
show interfaces atm
command.

TABLE 3.2: The show interfaces atm Fields
Field Description
ATM x is {up | down |
administratively down}
Indicates if the interface hardware is active, is down, or has
been shut down.
Line protocol is {up |
down}
Indicates if the software processes handling the line protocol
consider the link as usable or not.

NSAP address
The ATM address based on the structure of the OSI network
service access point (NSAP) addresses.
Encapsulation(s)
ATM adaptation layer (AAL) and encapsulation type.
TX buffers
The maximum number of transmit buffers for simultaneous
packet fragmentation, set using the
atm txbuff
interface
configuration command.
RX buffers
The maximum number of receive buffers for simultaneous
packet reassembly, set using the
atm rxbuff
interface
configuration command.
Maximum active VCs
Maximum number of supported virtual circuits, set using the
atm maxvc
interface configuration command. Valid values
are
256
,
512
,
1024
, or
2048
. The default is

2048
.
VCs per VP
The maximum number of VCIs to support per VPI, set using
the
atm vc-per-vp
interface configuration command.
Current VCCs
Number of Current Virtual Circuits.
VC idle disconnect time
Number of seconds the VC can be inactive before
disconnecting.
Signaling vc = x, vpi =
x, vci = x
The signaling Virtual Circuit number, along with its
associated vpi/vci pair.
UNI version =
The User-Network Interface (UNI) version determined
through ILMI link autodetermination or using the
atm
universion
interface configuration command.


3.3 Token Ring Soft Errors
The Token Ring soft errors are divided into two classes: isolating soft errors and nonisolating soft errors.
640-606 Support

www.testking.com


- 18 -
• Isolating soft errors are those that are caused by the local station; its Nearest Active Upstream
Neighbor (NAUN); or devices and/or medium between the two. Table 3.3 list the isolating soft errors.
• Non-isolating soft errors are not necessarily caused by the local station or its NAUN but by devices
anywhere in the ring. Table 3.4 list the nonisolating soft errors.

TABLE 3.3: Token Ring Isolating Soft Errors
Error Explanation
Internal error
The number of recoverable internal station errors.
Burst error
Incorrect incoming signal usually due to crosstalk or noise.
ARI/FCI error
More than one "active monitor present" or "standby monitor
present" frame was received. This indicates a problem with the
neighbor notification usually caused by NAUN.
Abort error
Errors during frame transmission.

TABLE 3.4: Token Ring Nonisolating Soft Errors
Error Explanation
Lost frame
Sent frame never returned to the sender.
Copy error
Frame destined for the station was received with the address-
recognized bit set due to duplicate MAC addresses.
Receive congested
The station has been unable to copy all the data sent to it. The
station could be congested because another station sends it too
much data.

Token error
Generated by Active Monitor and is a valid action, unless it
happens too often.
Frequency error
Error in the frequency of the incoming signal.


3.4 Cisco Discovery Protocol (CDP)
Cisco Discovery Protocol (CDP) is a Cisco proprietary layer 2 protocol that is bundled in Cisco IOS release
10.3 and later versions. CDP can run on all Cisco manufactured devices including: routers, switches, hubs,
bridges, and communication servers. It uses SNAP (layer 2 frame type) and is multicast based. By default, a
Cisco device running CDP multicasts (sends) information about itself on all its links every 60 seconds.
Neighbor devices that are directly connected to the device will add the device and its information to their
dynamic CDP tables. Neighbors hold this information in their CDP tables for the period specified by the
CDP hold-time value, which is 180 seconds by default, and refresh them periodically upon receiving updates.
If the neighbor does not receive a multicast before its CDP hold-time expires, it deletes the CDP infprmation
for the device that failed to multicast an update. For this reason, the CDP timers should be consistent among
neighboring devices so that a device's CDP information are not delete from a neigbor's CDP table before the
device's next multicast. If the CDP information is not updated and is deleted, the neighbor's CDP table
would be inaccurate. The CDP timer and CDP hold-time values are controlled using
cdp timer x
and
cdp
holddown y
commands only at the global level.

The information a device multicasts includes:
640-606 Support

www.testking.com


- 19 -
• Its device name;
• Its device capabilities;
• Its hardware platform;
• The port type and number through which CDP information is being sent; and
• One address per upper layer protocol.

The
[no] cdp run
command and the
[no] cdp enable
command can be used to disable CDP on a router
at the global configuration level. The
[no] cdp run
command will disable the sending of CDP updates on
all interfaces. The
[no] cdp enable
command will disable a particular interface only.


3.4.1 Common Protocol Characteristics
Network protocols are divided into two classes: connection-oriented protocols and connectionless protocols.
• Connection-oriented protocols establish an end-to-end connection before transmitting data. Most
connection-oriented protocols are reliable as they guarantee delivery of the data through usage of
sequence numbers, acknowledgements, error control mechanisms, and flow control mechanisms.
Examples include the TCP transport layer member of the TCP/IP protocol suite and the SPX transport
layer member of the IPX/SPX protocol suite.

When troubleshooting these protocols, check for connection failures and multiple retransmissions.

Common causes of connection failures are routing problems, access control configurations, and security
policies. Multiple retransmissions could be due to intermittent links and paths, congestion, or busy
devices.
• Connectionless protocols do not establish a connection prior to transmitting data. Connectionless
protocols have less overhead and are thus faster and require less network resources than connection
oriented protocols. An example of this type of protocol is the UDP protocol member of the TCP/IP
protocol suite. This type of protocol is not reliable. If the destination to which data is transmitted is
unreachable, or is not available, the data delivery fails and the action has to be repeated.

When troubleshooting these protocols, check for failing transactions. This could be due to bad routes,
access control configurations, congestion, and intermittent or faulty paths.


3.4.2 Protocol Connection Troubleshooting
Before a connection between two hosts can be successfully established, all the lower layer protocols must be
working properly. A transport layer protocol cannot establish a connection unless the physical layer, data
link layer, and network layer are configured and working properly.


3.4.2.1 TCP Connection Sequence
To make a TCP connection using host names, the network must have a working name resolution system to
resolve a name to an IP address. Routers can use a DNS or an IP host table for name-to-IP-address
resolution.

640-606 Support

www.testking.com

- 20 -
Once the host name has been resolved to an IP address, a MAC

address for the frame (i.e., device) via which the first IP packet,
encapsulating the TCP SYN segment, will be transmitted is
required. If the destination host is on the same subnet as the local
host which is to transmit the data, the local host performs a local
ARP (Address Resolution Protocol) to obtain the destination
host’s MAC address. If the two hosts are on remote subnets, the
local host will either ARP for the local router’s IP address or it
will ARP for the destination host’s address. The local router will
reply to the ARP request for the destination host’s IP address if:
• The local router’s interface is configured with IP proxy-ARP
enabled.
• The router can route or forward the IP address of the destination host.
• The local router has not learned about the destination host’s network via the interface on which it is
receiving the ARP request.

If no reply is received, frame delivery and the intended IP packet delivery fails and an ICMP message is
generated. If a reply is received with a MAC address, the MAC address will be used and stored in the ARP
table (cache) for a predetermined period of time to prevent sending ARP requests repeatedly for the
subsequent frames that are part of the same transmission. You can use the
show ip arp EXEC
command to
display the ARP table. This allows you to determine which device replied to the ARP request and whether
that is a desirable behavior. You can also use this command to check accuracy of any static ARP entries
currently in the table.

The local host submits the first TCP segment (SYN) to the destination host via the local router, which in
turn forwards the packet to the next router, and so on until it reaches the destination host. If the destination
host is configured to respond favorably to the TCP segment (SYN), it will send the TCP reply segment
(SYN, ACK) back to the local host. On receiving the reply segment, the local host will send the third TCP
segment (ACK) to the destination host. Once the destination host receives the ACK segment, the TCP

connection between the two hosts is established and data can be transmitted between the two. Once the data
transmissions complete, the connection between the two hosts is terminated.


3.4.2.2 Novell Connection Sequence
When a Novell client makes a connection to a Novell server that offers a particular service such as file
services, the client sends a Get Nearest Server (GNS) broadcast request via its network interface card (NIC).
If a Novell server offering the service is on the local area network (LAN), it will reply to the client’s request.
If a Novell server offering the service is not on the LAN, the router searches in its IPX servers table for an
entry that matches the client’s request. If the router has the desired
entry, it replies to the client with the selected server’s internal IPX
address. However, a reply is not sent if there is a GNS-reply filter
configured on the corresponding interface of the router. If more
than one entry is present in the router's IPX server table, the
closest device in terms of hop count is chosen. When the client
receives the router’s reply, it generates a RIP broadcast request for the server’s internal network address.
The router then searches its IPX route table for an entry that matches the client’s request. If the router finds a
Segments and Subnets
Throughout this study guide, the term
"segment" is used to refer to the transport
layer protocol data unit (PDU) and not to a
network segment, i.e. a subnetwork. The
term subnet is used throughout this study
guide to refer to a subnetwork.
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) is a
network layer member of the TCP/IP
protocol suite.
IPX Server Tables
Routers build and maintain IPX server

tables by accepting Service Advertisement
Protocol (SAP) broadcasts that are
generated by neighbor devices.
640-606 Support

www.testking.com

- 21 -
match, it sends a RIP reply to the client. Finally, the client sends a Novell Core Protocol (NCP) request to
the server to establish a connection. Once a connection is established, the file sharing mechanism begins.

You can use the
show novell traffic
command to receive information about traffic statistics concerning
the number of IPX packets sent and received; the input and output errors encountered; and the broadcast and
SAPs generated and received. Table 3.5 discuses the various fields of the output from the
show novell
traffic
command.

TABLE 3.5: The show novell traffic Fields
Field Description
Format errors
The number of bad packets received. A high number of
format errors can be a sign of encapsulation mismatch.
Bad hop count
Bad hop count increments when a packet’s hop count exceeds
16.
Encapsulation failed
The router is unable to encapsulate a packet.



3.4.2.3 AppleTalk Connection Sequence
When an Apple Macintosh client opens the Chooser applet from Apple’s pull-down menu, the client sends a
GetZoneList request on its network. The Routers on the local subnet respond using GetZoneList reply, based
on their Apple Zone table and any GetZoneList filters that may be applied to their appropriate interfaces.
When the client receives the list of zones, its chooser zone field is populated. The user then selects a zone
and a service. This causes the client computer to generate a Name Binding Protocol (NBP) request, which is
forwarded by the connected routers towards the selected zone. On the subnets that constitutes the destination
zone, all devices that offer the selected service will reply to the client computer. The client computer then
populates the appropriate box in the chooser with the name of all those servers that have sent a reply. The
user can then select one of the servers. When the user selects one of the servers, an AppleTalk Transaction
Protocol (ATP) connection sequence between the client and the server begins. Once this ATP connection
successfully completes, the Apple Filing Protocol (AFP) is used to access shared files on the server.

The
show appletalk traffic
Command
You ca use the
show appletalk traffic
command to receive information about the number of packets
sent and received, various errors encountered, and a classified set of statistics on various AppleTalk
protocols and services. Table 3.6 discuses some of the fields included in the output of the
show appletalk
traffic
command.

TABLE 3.6: The show appletalk traffic Fields
Field Description
Checksum errors

Number of packets dropped since their DDP checksum was bad.
Bad hop count
Number of packets dropped since the number of hops they
travelled was larger than 15.
Access denied
Number of packets dropped since access list didn’t permit them.
Port disabled
Number of packets dropped since routing was disabled for port
due to config error or if a packet is received while in
640-606 Support

www.testking.com

- 22 -
verification/discovery mode.
Encapsulation
failed
Number of times packets were received for a connected network,
but the node was not found.
No buffers
Number of times attempted packet buffer allocation failed.
Unknown
Number of times Unknown AppleTalk packet types were seen.
Wrong encapsulation
Nonextended AppleTalk packet on extended AppleTalk port
640-606 Support

www.testking.com

- 23 -

4
.
Applying Cisco Troubleshooting Tools

There are some powerful troubleshooting tools that are built into the Cisco IOS. Some of these tools have an
impact on the way routers operate and may impede the router's performance. Following the systematic
troubleshooting process discussed in Section 2.2
, after defining the problem, you must start gathering
detailed facts about the behavior of the devices and protocols of the production network. Several IOS
troubleshooting tools and commands can be used in this task. However, these tools utilize some processing
cycles and memory of the router, and may disable or have a negative effect on some of the router’s optimal
operations.

Several of the Cisco IOS
show
commands display information about the status of the router, its interfaces,
and the rate of utilization of router resources. The
debug
command is a powerful command for finding out
which packets are generated, received, and forwarded by a router. Several parameters of the
debug

command help focus the output on what you are interested in reviewing, but the
debug
command also
lowers a router’s performance.


4.1 Routing and Switching Processes
Routing and switching processes are two of the essential tasks performed by routers. Switching is commonly

defined as the process that takes charge of moving data units (frames or packets) through the anatomy of
internetworking devices. Routing can be defined as the operation that attempts to select an output interface
and perhaps a next hop for a packet based on the packet’s destination address. The routing process makes its
routing decision by consulting its routing table, which it builds and maintains dynamically.


4.2 Switching in Different Routers Models
4.2.1 The 7000 Series
The 7000 series routers have a fast switching option that is enabled by default. Fast switching is performed
using a Fast Switch Cache in the Route Processor. Two major components that participate in the routing and
switching operations are the Route Processor (RP) and the Silicon Switch Processor (SSP). The early models
of the 7000 series had a RP and a Switch Processor (SP). The SP only had an Autonomous Switch Cache.
The SSP has both an Autonomous Switch Cache and a Silicon Switch Cache. However, autonomous and
silicon switching are not enabled by default. You can enable either or both of these switching options on a
per-protocol basis at each interface of a router. The commands for enabling and disabling fast switching,
autonomous switching, and silicon switching are:

Router(config-if)# [no] [protocol] route-cache

Router(config-if)# [no] [protocol] route-cache cbus

Router(config-if)# [no] [protocol] route-cache sse

respectively.


4.2.2 The 7500 Series
Improvements in the 7500 series routers include:
640-606 Support


www.testking.com

- 24 -
• The internal bus (CyBus) operates at 1 Gbps, i.e. about twice the speed of the 7000 router’s CxBus.
• The 7500 router is equipped with one component called the Route/Switch Processor instead of having
two separate components for RP and SSP. This eliminates the slow 153 Mbps system bus previously
needed to connect the RP and SSP.
• The switch cache of the 7500 series router, called Optimum Switch Cache, is faster than the Silicon
Switch Cache of the 7000 router.
Fast switching in the 7500 router is enabled by default and it is accomplished using the Fast Switch Cache
located in the Route Switch Processor (RSP). The second type of switching performed by the 7500 router is
called optimum switching and is faster than the 7000 router’s Silicon Switch Cache. The Optimum Switch
Cache is also located on the RSP.

By default, optimum switching is enabled for IP on all supported interfaces. However, it must be manually
enabled on each interface for all other protocols. You can use the following interface configuration
command to enable or disable optimum switching for a protocol on an interface:

Router(config-if)# [no] [protocol] route-cache optimum

The 7500 routers also feature Versatile Interface Processors (VIPs) that have a RISC processor and memory
locally (on the blade). The 7500 routers can be configured to distribute routing information to be stored on
the VIP. The VIP can then use the cached information to switch the packets on its own without having to
send packets over to the RSP. This method, which is called distributed switching, makes the processing of
packets more than three times faster than silicon switching. To enable or disable distributed switching for a
protocol on a VIP card, use the following interface configuration command:

Router(config-if)# [no] [protocol] route-cache distributed

Netflow switching was introduced with Cisco IOS version 11.1(2). It identifies a flow based on the source

and destination IP address, source and destination port, protocol type, type of service (TOS), and input
interface. Netflow switching caches security information and accounting information as well as routing
information for each flow, hence, once a network flow is identified and the first packet of this flow is
processed, access list checks for subsequent packets belonging to the same flow are bypassed and packet
switching and statistics capture are performed in tandem. Netflow also allows for exporting captured data to
management utilities. However, netflow switching can be resource intensive, especially with the export
option. On 7000 and 7500 routers with RSP, Netflow switching can be performed on a distributed basis on
individual VIPs. You can enable or disable netflow switching by using the following interface configuration
command:

Router(config-if)# [no] [protocol] route-cache flow


4.2.3 The 4000, 3000, and 2500 Series
The 4000, 3000, and 2500 series routers are not high-end routers. These routers have only the process
switching and fast switching options. Fast switching is enabled by default on all interfaces for all supported
protocols. You can disable or enable fast switching on an interface for a particular protocol using the
following command:

640-606 Support

www.testking.com

- 25 -
Router(config-if)# [no] [protocol] route-cache

To determine whether fast switching is enabled or disabled for a particular protocol on a particular interface,
use the following command:

Router# show [protocol] interface type number


To see the statistics on the number of packets that are process switched and fast switched, use the following
command:

Router# show interface stats

Process-Switched Packets include:
• Data-link layer broadcasts;
• Packets subjected to Debug;
• Packets delivering error log messages to syslog;
• SNMP packets;
• Protocol translations;
• Tunneling;
• Custom and priority queuing;
• Link compression; and
• Keepalives.


4.3 The
debug
Tool
Debug
is a troubleshooting command that is available from the privileged exec mode in the Cisco IOS. It can
be used to display information about various router operations and the related traffic generated or received
by the router, as well as any error messages.

Debug is treated as a very high priority task and can consume a significant amount of resources as the router
is forced to process-switch the packets being debugged. For this reason,
debug
should not be used as a

monitoring tool. Use the
debug
command:
• with the timestamp service to see a timestamp with each line of the debug output. Load the timestamp
service the using the
router(config)#service timestamps debug [ datetime | uptime]
command;
• with the
terminal monitor
command to see the debug output from within a Telnet session;
• to diagnose a specific facility, task, or protocol

Before using the
debug
command, monitor the router's CPU utilization using the
show processes cpu

command. If the router’s CPU utilization is consistently at 50% or more, debug events instead of packets.
Avoid using the
debug all
command. Also use the debug command during off peak periods when ever
possible as Cisco routers give the
debug
command higher CPU priority than network traffic. Use an access