23 - Using Network Analysis Tools

Question 1

What command displays the processes and CPU utilisation?

Answer 1

show processes cpu

Question 2

What command shows the CPU utilisation for the last minute?

Answer 2

show processes cpu sorted 1min

Question 3

When issue the ‘show proccesses cpu’ command, the CPU utilisation for five seconds field contains two elements. The first number is the total CPU ___ and the second number is the ___ which indicates the volume of network traffic the CPU is receiving.

Answer 3

CPU utilisation, interrupted utilisation

Question 4

The ___command displays the amount of processor memory and I/O memory that is in use and available. I/O memory is used for temporary packet buffering.

Answer 4

show memory

Question 5

The __ command is essential for troubleshooting. It shows you the status of the interface, MTU, interface operation mode and stats about input queue and output queue drops and errors

Answer 5

show interface

Question 6

The show interface command: signifies that the traffic is dropping because the router was receiving traffic more than is could process

Answer 6

input queue drops

Question 7

The show interface command: usually a result of a congested link

Answer 7

output queue drops

Question 8

The show interface command: result of interface problems, duplex errors, CRC errors

Answer 8

input errors

Question 9

The show interface command: usually related to duplex issues

Answer 9

output errors

Question 10

This command can be helpful to troubleshoot a router reload. It also provides useful info to convey to Cisco support

Answer 10

show platform

Question 11

An ___ determines whether an SLA is being met.

Answer 11

IP SLA

Question 12

An IP SLA can use various options such as:

Answer 12

• FTP
• ICMP
• HTTP
• SIP

Question 13

IP SLAs are Cisco proprietary and uses UDP port __.

Answer 13

1967

Question 14

This is where all IP SLA measurement probe operations are configured either by CLI or through SNMP tool

Answer 14

IP SLA source

Question 15

A device that is required to respond to IP SLA packets. The ___ adds a time stamp to packets and can take in to account any latency that occurred while the responder is processing the test packets

Answer 15

SLA responder

Question 16

___ IP sla operations can run in a network at any given time

Answer 16

Multiple

Question 17

A local __ session is an association of a source port and source VLAN with one or more destination ports.

Answer 17

SPAN

Question 18

How do you configure a SPAN port?

Answer 18

SW1(config)# monitor session 1 source interface Gigabit0/1

SW1(config)# monitor session 1 destination interface Gigabit0/2

Question 19

How do you verify the configuration of the SPAN session?

Answer 19

show monitor

Question 20

__ SPAN supports source and destination ports on different switches, while __ SPAN supports only source and destination ports on the same switch.

Answer 20

remote, local

Question 21

RSPAN consists of the RSPAN __ session, RSPAN __, and RSPAN __ session.

Answer 21

source, VLAN, destination

Question 22

On some platforms, a __ port needs to be specified together with an RSPAN VLAN. The __ port is a physical interface that acts as a loopback and reflects the traffic that is copied from the source port to the RSPAN VLAN. The need for a __ port is caused by a hardware design limitation on some platforms.

Answer 22

reflector

Question 23

How do you configure RSPAN?

Answer 23

SW1(config)# vlan 100
SW1(config-vlan)# name SPAN-VLAN
SW1(config-vlan)# remote-span
SW1(config)# monitor session 2 source interface Gig0/1
SW1(config)# monitor session 2 destination remote vlan 100

SW2(config)# vlan 100
SW2(config-vlan)# name SPAN-VLAN
SW2(config-vlan)# remote-span
SW2(config)# monitor session 3 destination interface Gig0/2
SW2(config)# monitor session 3 source remote vlan 100

Question 24

Because the ports are now on two different switches, you must use a special RSPAN VLAN to transport the traffic from one switch to the other. You configure this VLAN like any other VLAN, but in addition, you must enter the ___ keyword in the VLAN configuration. You need to define this VLAN on all switches in the path.

Answer 24

remote-span

Question 25

RSPAN uses two sessions, the __ and __. The two sessions need to be defined on both the local and remote switches.

Answer 25

source, destination

Question 26

RSPAN __ numbers are local to each switch so do not need to be the same on every switch.

Answer 26

session

Question 27

The Cisco ___ mirrors traffic on one or more “source” ports and delivers the mirrored traffic to one or more “destination” ports on another switch. The traffic is encapsulated in GRE and is, therefore, routable across a L3 network between the source switch and the destination switch.

Answer 27

Encapsulated Remote Switched Port Analyser (ERSPAN)

Question 28

ERSPAN consists of an ERSPAN __ session, routable ERSPAN __ encapsulated traffic, and an ERSPAN __ session.

Answer 28

source, GRE, destination

Question 29

A device that has only an ERSPAN source session configured is called an ERSPAN ___ device, and a device that has only an ERSPAN destination session configured is called an ERSPAN __ device.

Answer 29

source, termination

Question 30

Each ERSPN source session can have either __ or __ as sources, but not both. The ERSPAN source session copies traffic from the source ___ and forwards the traffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPAN destination session switches the traffic to the destination.

Answer 30

ports, VLANs

Question 31

When enabled, Cisco devices can capture the packets sent and received through or to and from them. The packets are stored within a buffer in the __ and are thus not persistent through a reload. Once the data is captured, it can be examined via the CLI in a summary or detailed view on the Cisco device.

Answer 31

DRAM

Question 32

There are 3 key characteristics of Cisco packet tools:

Answer 32

• There are exec-level commands to start and stop the capture
• The tools are useful when it is not possible to tap into the network using a stand-alone packet sniffing tool, or when the need arises to remotely debug or troubleshoot issues
• The capture rate can be throttled using future admin control, for example using an ACL to specify the maximum packet capture rate or specific sampling interval
• You can use show commands to display packet contents on the device itself.

Question 33

This allows for packet data to be captured at various points in the CEF packet-processing path, flowing through, to and from a Cisco router. Support varies based on model

Answer 33

Embedded Packet Capture

Question 34

This allows for packet data to be capture at various points in the packet-processing path, flowing through, to and from a Catalyst 4500 switch and Catalyst 3850 switch

Answer 34

Embedded Wireshark

Question 35

This uses a SPAN session to capture data plane traffic. Allows for packet data to be captured at various points in a hardware-forwarding device like Cisco 7600, Catalyst6500 and ME6500 platforms.

Answer 35

Mini-Protocol Analyser (MPA)