Lecture 3

Small Businesses Networks maintenance

CNET 4

Instructor:
Eng. Ameera Hasan AL-Jermozi
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Network Documentation ▪ For troubleshooting purposes, network
Documenting the Network administrators must have a complete
set of accurate and current network
documentation which includes:
• Configuration files, including network
configure files and end-system
configuration files
• Physical and logical topology diagrams
• Baseline performance levels
▪ Network Configuration files should
contain all relevant information about
any devices including:
• Type of device, model designation
• IOS image name
• Device network hostname
• Location of the device
• If modular, include module/slot info
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Network Documentation • If modular, include module/slot info
Documenting the Network (Cont.) • Data link and network layer addresses
• Any additional important information
about physical aspects of the device
▪ End-system configuration files focus
on the hardware and software used on
end-system devices such as servers,
network management consoles, and
user workstations. Documentation
should include:
• Device name (purpose)
• Operating system and version
• IPv4 and IPv6 addresses
• Subnet mask and prefix length
• Default gateway and DNS server
• Any high-bandwidth network
applications used on the end system
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Network Documentation ▪ Network topology diagrams keep track of
Network Topology Diagrams the location, function, and status of
devices on the network. There are two
types of topology diagrams:
• Physical topology
• Logical topology
▪ Physical Topology network diagrams
show the physical layout of the devices
connected to the network and typically
include:
• Device type
• Model and manufacturer
• Operating System version
• Cable type and identifier
• Cable specification
• Connector type
• Cabling endpoints
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Network Documentation ▪ Logical network topology diagrams illustrate
how devices are logically connected to the
Network Topology Diagrams (Cont.) network

▪ Symbols are used to represent network

elements, such as routers, servers, hosts,
VPN concentrators, and security devices.
▪ Documented information might include:
• Device identifiers
• IP address and prefix lengths
• Interface identifiers
• Connection type
• Frame Relay DLCI for virtual circuits (if
applicable)
• Site-to-site VPNs
• Routing protocols and static routes
• WAN technologies used
• Data-link protocols
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Network Documentation ▪ The purpose of network monitoring is to
Establishing a Network Baseline watch network performance in
comparison to a predetermined baseline.

▪ A network performance baseline

• Is used to establish normal network or
system performance
• Requires collecting performance data
from the ports and devices that are
essential to operation
• Allows the network administrator to
determine the difference between
abnormal behavior and proper network
performance
▪ Analysis after an initial baseline also
tends to reveal hidden problems. The
collected data can show the true nature
of congestion or potential congestion in a
network.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Network Documentation
Steps to Establish a Network Baseline
▪ Step 1: Determine what types of data to
collect.
• Start out with a few variables that represent
the defined policy.
• Not that capturing too many data points can
be overwhelming making analysis difficult.
• Start out simply, and fine-tune along the way.
▪ Step 2: Identify devices and ports of
interest.
• Use the network topology to identify key
devices for which performance data should be
measured.
• Devices and ports of interest include network
device ports that connect to other network
devices, servers, and key users.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Network Documentation
Steps to Establish a Network Baseline (Cont.)
▪ Step 3: Determine the baseline duration
• The length of time and baseline information
being gathered must be sufficient for
establishing a typical picture of the network.
• Daily trends of network traffic should be
measured.
• Monitor for trends that occur over a longer
period of time such as weekly or monthly.
▪ Capture data trends and include:
• Screenshots of CPU utilization trends
captured over a daily, weekly, monthly, and
yearly period
▪ Note: Baseline measurements should not be
performed during times of unique traffic
patterns.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Troubleshooting Tools
▪ Syslog is a simple protocol used by an IP
Using a Syslog Server for Troubleshooting device known as a syslog client to send
text-based log messages to another IP
device known as the syslog server.

▪ Implementing a logging facility is a very

important part of network security and
also for network troubleshooting.

▪ Cisco devices can log various types of

information including configuration
changes, ACL violations, interface status,
▪ Cisco devices can send log messages to several different and many other types of events.
facilities including:
• Console ▪ Cisco IOS log messages fall into one of
• Terminal lines
eight levels as shown in the figure to the
left. The lower the level number, the
• Buffered logging
higher the severity level.
• SNMP traps
• External Syslog service

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Symptoms and Causes of Network Troubleshooting ▪ The physical layer is the only layer with
physically tangible properties, such as
Physical Layer Troubleshooting wires, cards, and antennas.

▪ Issues on a network often present as

performance problems.

▪ Because the upper layers of the OSI

model depend on the physical layer to
function, a network administrator must
have the ability to effectively isolate and
correct problems at this layer.

▪ Common symptoms of network problems

at the physical layer include:
• Performance lower than baseline
• Loss of connectivity
• Network bottlenecks or congestion
• High CPU utilization rates
• Console error messages
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Symptoms and Causes of Network Troubleshooting
Physical Layer Troubleshooting (Cont.)
▪ Issues that commonly cause network
problems at the physical layer
include:
• Power-related
• Hardware faults
• Cabling faults
• Attenuation
• Noise
• Interface-configuration errors
• Exceeding design limits
• CPU overload

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Symptoms and Causes of Network Troubleshooting
Data Link Layer Troubleshooting
▪ Troubleshooting Layer 2 problems can
be a challenging process.

▪ Layer 2 problems cause specific

symptoms that, when recognized, will
help identify the problem quickly:
• No functionality or connectivity at the
network layer or above
• Network is operating below baseline
performance levels
• Excessive broadcasts
• Most common Layer 2 console message
is: “line protocol down”

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Symptoms and Causes of Network Troubleshooting
Data Link Layer Troubleshooting (Cont.)
▪ Issues at the data link layer that commonly result in
network connectivity or performance problems
include these:
• Encapsulation errors
• Encapsulation at one end of a WAN link is configured differently
from that on the other end.
• Address mapping errors
• In a point-to-multipoint or broadcast Ethernet topology, it is
essential that an appropriate Layer 2 destination address be
given to the frame.
• Framing errors
• A framing error occurs when a frame does not end on an 8-bit
byte boundary.
• Spanning Tree Protocol (STP) failures or loops.
• Most STP problems are related to forwarding loops that occur
when no ports in a redundant topology are blocked and traffic is
forwarded in circles indefinitely.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Symptoms and Causes of Network Troubleshooting ▪ Network layer problems include any
problem that involves a Layer 3 protocol
Network Layer Troubleshooting (routed or routing protocols)

▪ Common symptoms of network layer

problems:
• Network failure
• Suboptimal performance
▪ Areas to explore when diagnosing a
possible problem involving routing
protocols:
• General network issues
• Connectivity issues – Also check for Layer
1 or power issues
• Routing table issues – use debug
• Neighbor issues – check for adjacencies if
used
• Check the routing table topology database
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Symptoms and Causes of Network Troubleshooting
Transport Layer Troubleshooting - ACLs
▪ Network problems can arise from transport
layer problems on the router. Improper ACL
configuration issues might include:
• Wrong selection of traffic flow
(inbound/outbound)
• Incorrect order of access control entries
• Implicit deny any
• Misconfiguration of addresses and IPv4
wildcard masks
• Selecting both UDP and TCP protocols when
unsure
• Incorrect source and destination ports
• Incorrect use of the established keyword
• Misconfiguration of uncommon protocols such
as VPN and encryption protocols
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Symptoms and Causes of Network Troubleshooting
Transport Layer Troubleshooting – NAT for IPv4
▪ There are a number of problems with NAT
such as not interacting with services like
DHCP and tunneling.
▪ These can include misconfigured NAT inside,
NAT outside, or a misconfigured ACL.
▪ Other issues include interoperability with
other network technologies including:
• BOOTP and DHCP
• DNS
• SNMP
• Tunneling and encryption protocols

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Symptoms and Causes of Network Troubleshooting
Application Layer Troubleshooting ▪ Most of the application layer protocols
provide user services for network
management, file transfer, distributed file
services, terminal emulation, and email.

▪ The most widely known and implemented

TCP/IP application layer protocols include:
• SSH/Telnet, HTTP, FTP, TFTP
• SMTP, POP, SNMP, DNS, NFS
▪ Application layer problems prevent services
from being provided to application
programs.

▪ A problem at the application layer can result

in unreachable or unusable resources
when the physical, data link, network, and
transport layers are functional.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Using IP SLA ▪ Network administrators must discover network
IP SLA Concepts failures as early as possible.
• A useful tool for this task is the Cisco IOS IP
Service Level Agreement (SLA).
• IP SLAs use generated traffic to measure network
performance between two networking devices,
multiple network locations, or across multiple
network paths.
▪ Network engineers use IP SLAs to simulate
network data and IP services to collect network
performance information in real time.
▪ In the figure above, R1 is the IP SLA source that ▪ Additional benefits for using IP SLA’s include:
monitors the connection to the DNS server by
periodically sending ICMP requests to the server. • SLA monitoring, measurement, and verification
• Monitoring to provide continuous, reliable, and
predictable measurements (jitter, latency, packet
loss)
• IP service network health assessment to verify that
the existing QoS is sufficient for new IP services.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Using IP SLA
▪ Instead of using ping manually, a network
IP SLA Configuration engineer can use IP SLA ICMP Echo
operation to test the availability of network
devices.

▪ The IP SLA ICMP Echo operation provides

the following measurements:
• Availability monitoring (packet loss statistics)
• Performance monitoring (latency and
response time)
• Network operation (end-to-end connectivity)
▪ show ip sla application – this privileged
EXEC mode command verifies that the
desired IP SLA operation is supported on the
source device.
• The output in the figure confirms that R1 is
capable of supporting IP SLA. However, there
are no sessions configured.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Using IP SLA
▪ To create an IP SLA operation and enter IP
IP SLA Configuration (Cont.) SLA configuration mode, use the ip sla
operation-number global configuration
command.
• The operation number is a unique number that is
used to identify the operation being configured.

▪ From IP SLA config mode, you can configure

the IP SLA operation as an ICMP Echo
operation and set the frequency rate:
• Router(config-ip-sla)# icmp-echo { dest-ip-
address | dest-hostname } [ source-ip { ip-
address | hostname } | source-
interface interface-id ]
• Router(config)# ip sla schedule operation-
number [ life { forever | seconds }] [ start-
time { hh : mm [: ss ] [ month day | day month ]
| pending | now | after hh:mm:ss ]
[ ageout seconds ] [ recurring ]

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Using IP SLA
▪ To help understand how to configure a simple
Sample IP SLA Configuration IP SLA, refer to the figure and configuration
commands to the left.

▪ The configuration commands demonstrate

how to configure an IP SLA operation with an
operation number of 1.
• Multiple IP SLA operations may be configured
on a device. Each operation can be referred to
by its operation number.
• The icmp-echo command identifies the
destination address to be monitored.
• The frequency command is setting the IP SLA
rate to 30 second intervals.
▪ The ip sla schedule command is scheduling
the IP SLA operation number 1 to start
immediately and continue until manually
cancelled.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Using IP SLA
▪ Use the show ip sla
Verifying an IP SLA Configuration configuration operation-number command
to display configuration values

▪ In the figure to the left, the show ip sla

configuration command displays the IP SLA
ICMP Echo configuration.
▪ Use the show ip sla statistics [operation-
number] command to display the IP SLA
operation monitoring statistics.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Using IP SLA
Lab – Configure IP SLA ICMP Echo
▪ An outside vendor has been
contracted to provide web services for
your company.

▪ As the network administrator, you

have been asked to monitor the
vendor’s service.
▪ You decide to configure IP SLA to help
with that task.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Thank you

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24