5.3 Network Troubleshooting and ToolsGiven a scenario, troubleshoot common wired connectivity and performance issues.

Question 1

Signal loss

Answer 1

• Usually gradual• Signal strength diminishes over distance• Attenuation• Loss of intensity as signal moves through a medium• Electrical signals through copper, light through fiber• Radio waves through the air

Question 2

Decibels (dB)

Answer 2

Signal strength ratio measurements
• One-tenth of a bel
• Capital B for Alexander Graham Bell
• Logarithmic scale
• Add and subtract losses and gains
• 3 dB = 2x the signal
• 10 dB = 10x the signal
• 20 dB = 100x the signal
• 30 db = 1000x the signal

Question 3

dB loss symptoms

Answer 3

No connectivity• No signal!• Intermittent connectivity• Just enough signal to sync the link• Poor performance• Signal too weak• CRC errors, data corruption• Test each connection• Test distance and signal loss

Question 4

Latency

Answer 4

• A delay between the request and the response• Waiting time• Some latency is expected and normal• Laws of physics apply• Examine the response times at every step along the way• This may require multiple measurement tools• Packet captures can provide detailed analysis• Microsecond granularity• Get captures from both sides

Question 5

Jitter

Answer 5

Jitter is the time between frames

Excessive jitter can cause you to miss information, “choppy” voice calls

Question 6

Troubleshooting excessive jitter

Answer 6

Confirm available bandwidth
Make sure the infrastructure is working as expected
Apply QoS (Quality of Service)

Question 7

Crosstalk (XT)

Answer 7

Signal on one circuit affects another circuit
Leaking of signal
Measure XT with cable testers
Near End Crosstalk (NEXT)
Far End Crosstalk (FEXT)

Question 8

Troubleshooting crosstalk

Answer 8

Almost always a wiring issue
Check your crimp
• Maintain your twists
• The twist helps to avoid crosstalk
• Category 6A increases cable diameter
• Increased distance between pairs
• Test and certify your installation
• Solve problems before they are problems

Question 9

Avoiding EMI and interference

Answer 9

Electromagnetic interference
Cable handling
EMI and interference with copper cables
Test after installation

Question 10

Opens and shorts

Answer 10

A short circuit
• Two connections are touching
• Wires inside of a cable or connection
• An open circuit
• A break in the connection
• Complete interruption
• Can be intermittent

Question 11

Troubleshooting opens and shorts

Answer 11

May be difficult to find
• The wire has to be moved just the right way
• Wiggle it here and there
• Replace the cable with the short or open
• Difficult or impossible to repair
• Advanced troubleshooting with a TDR
• Time Domain Reflectometer

Question 12

Troubleshooting pin-outs

Answer 12

• Cables can foul up a perfectly good plan
• Test your cables prior to implementation
• Many connectors look alike
• Do you have a good cable mapping device?
• Get a good cable person
• It’s an art

Question 13

T568A and T568B termination

Answer 13

Pin assignments from EIA/TIA-568-B standard
• Eight conductor 100-ohm balanced twisted-pair cabling
• T568A and T568B are different pin assignments for 8P8C connectors
• Assigns the T568A pin-out to horizontal cabling
• Many organizations traditionally use 568B
• Difficult to change in mid-stream
• You can’t terminate one side of the cable with568A and the other with 568B
• It won’t be a straight-through cable

Question 14

Incorrect cable type

Answer 14

Excessive physical errors, CRC errors
• Check your layer 1 first
• Check the outside of the cable
• Usually printed on the outside
• May also have length marks printed
• Confirm the cable specifications with a TDR
• Advanced cable tester can identify damaged cables

Question 15

Troubleshooting interfaces

Answer 15

Interface errors
• May indicate bad cable or hardware problem
• Verify configurations
• Speed, duplex, VLAN, etc
• Verify two-way traffic
• End-to-end connectivity

Question 16

Transceiver mismatch

Answer 16

• Transceivers have to match the fiber
• Single mode transceiver connects to single mode fiber
• Transceiver needs to match the wavelength
• 850nm, 1310nm, etc.
• Use the correct transceivers and optical fiber
• Check the entire link
• Signal loss
• Dropped frames, missing frames

Question 17

Reversing transmit and receive

Answer 17

Wiring mistake• Cable ends• Punchdowns
• Easy to find with a wire map
• 1-3, 2-6, 3-1, 6-2
• Simple to identify
• Some network interfaces will automatically correct (Auto-MDIX

Question 18

TX/RX reversal troubleshooting

Answer 18

No connectivity
• Auto-MDIX might connect
• Try turning it on
• Locate reversal location
• Often at a punchdown
• Check your patch panel

Question 19

Damaged cables

Answer 19

Copper cables are pretty rugged
• But they aren’t indestructible
• Cables can be out in the open
• Stepped on, folded between a table and wall
• Check your physical layer
• Cables should not be bent or folded
• Check for any bent pins on the device
• It’s difficult to see inside of the cable
• Check your TDR, replace the cable (if possible)

Question 20

Bottlenecks

Answer 20

• There’s never just one performance metric
• A series of technologies working together
• I/O bus, CPU speed, storage access speed, network throughput, etc.
• One of these can slow all of the others down
• You must monitor all of them to find the slowest one
• This may be more difficult than you might expect

Question 21

Interface configuration problems

Answer 21

Poor throughput
• Very consistent, easily reproducible
• No connectivity
• No link light
• No connectivity
• Link light and activity light

Question 22

Interface configuration

Answer 22

• Auto vs. Manual configuration
• Personal preference
• Light status
• No light, no connection
• Speed
• Must be identical on both sides
• Duplex
• If mismatched, speed will suffer

Question 23

VLAN mismatch

Answer 23

• Switch is configured with the incorrect VLAN
• Configured per switch interface
• Link light, but no surfing
• A DHCP IP address may not be on the correct subnet
• Manually IP addressing won’t work at all
• Check the switch configuration for VLAN configuration
• Each port should have a VLAN setting
• VLAN 1 is usually the defaul

Question 24

Duplex/speed match

Answer 24

Speed and duplex
• Speed: 10 / 100 /1,000 / Auto
• Duplex: Half / Full / Auto
• Incorrect speed
• Many switch configurations will auto-negotiate speed
• Less than expected throughput
• Incorrect duplex
• Again, the switch may auto-negotiate
• Needs to match on both sides
• A mismatch will cause significant slowdowns
• Increase in Late Collisions may indicate a duplex mismatch

Question 25

Reflection

Answer 25

• Wireless signals can bounce off some surfaces
• Depends on the frequencies and the surfaces
• Too much reflection can weaken the signal
• A little multipath interference actually helps with MIMO
• Position antennas to avoid excessive reflection
• May not be a problem for MIMO in 802.11n and 802.11ac

Question 26

Refraction

Answer 26

• Signal passes through an object and exits at a different angle
• Similar to light through water
• Data rates are affected - Signal is less directional
• Outdoor long-distance wireless links
• Changes in air temperature and water vapor

Question 27

Absorption

Answer 27

• Signal passes through an object and loses signal strength
• Especially through walls and windows
• Different objects absorb differently as frequencies change
• 2.4 GHz may have less absorption than 5 GHz
• Put the antennas on the ceiling
• And avoid going through walls

Question 28

Latency and jitter

Answer 28

• Latency - Delays between transmission and reception
• Jitter - Deviation from a predictable data stream
• Wireless interference and signal issues
• Slower data rates
• Increase in retransmission’s
Capacity issues

Question 29

Attenuation

Answer 29

• Wireless signals get weaker as you move farther from the antenna
• The attenuation can be measured with a Wi-Fi analyzer
• Control the power output on the access point
• Not always an option
• Use a receive antenna with a higher gain
• Capture more of the signal
• Move closer to the antenna - May not be possible

Question 30

Interference

Answer 30

Interference
• Something else is using our frequency
• Predictable
• Florescent lights, microwave ovens, cordless telephones, high-power sources
• Unpredictable - Multi-tenant building
• Measurements
• netstat –e
• Performance Monitor

Question 31

Incorrect antenna type

Answer 31

The antenna must fit the room
• Or the distance between sender and receiver
• Omnidirectional
• Useful on the ceiling
• Not very useful between buildings
• Directional
• Used often between two points
• Or on a wall-mounted access point
• The access point may provide options
• Connect different antennas

Question 32

Incorrect antenna placement

Answer 32

• Interference• Overlapping channels
• Slow throughput
• Data fighting to be heard through the interference
• Check access point locations and channel settings
• A challenge for 2.4 GHz
• Much easier for 5 GHz

Question 33

Overcapacity

Answer 33

• Device saturation
• Too many devices on one wireless network
• There are only so many frequencies
• The 5 GHz can really help with this
• Bandwidth saturation
• Large data transfers
• Common in large meeting places
• Conferences• Airports• Hotels

Question 34

Frequency mismatch

Answer 34

Devices have to match the access point• 2.4 GHz, 5 GHz
• Verify the client is communicating over the correct channel
• This is normally done automatically• May not operate correctly if manually configured
• Older standards may slow down the newer network
• 802.11b compatibility mode on 802.11n networks
• Every access point has an SSID
• But did you connect to the right one?• This can be more confusing than you might think• Public Wi-Fi Internet• Guest Internet• Internet
• Confirm the correct SSID settings• Should be listed in the current connection status

Question 35

Wrong passphrase

Answer 35

Wireless authentication
• Many different methods
• Required to connect to the wireless network
• If not connected, check the authentication
• Shared passphrase
• Common in a SOHO, not in the enterprise
• 802.1X
• Used for the enterprise
• Make sure the client is configured to use 802.1X

Question 36

Security type mismatch

Answer 36

• Encryption on wireless is important• Make sure the client matches the access point
• This is much easier these days• Almost everything is at the level of WPA2
• Some legacy equipment may not be able to keep up• If you change the access point, you may not be able to support it
• Migrate all of your WEP to WPA2• And any WPA

Question 37

Signal to noise ratio

Answer 37

• Signal• What you want
• Noise• What you don’t want• Interference from other networks and devices
• You want a very large ratio• The same amount of signal to noise (1:1) would be bad

Question 38

Duplicate IP addresses

Answer 38

• Static address assignments - Must be very organized
• DHCP isn’t a panacea• Static IP addressing• Multiple DHCP servers overlap• Rogue DHCP servers
• Intermittent connectivity• Two addresses “fight” with each other
• Blocked by the OS - Checks when it starts

Question 39

Troubleshooting duplicate IP addresses

Answer 39

Check your IP addressing - Did you misconfigure?• Ping an IP address before static addressing• Does it respond?
• Determine the IP addresses
• Ping the IP address, check your ARP table• Find the MAC address in your switch MAC table
• Capture the DHCP process• What DHCP servers are responding?

Question 40

Duplicate MAC addresses

Answer 40

• Not a common occurrence• MAC addresses are designed to be unique• May be a man-in-the-middle attempt
• Mistakes can happen• Locally administered MAC addresses• Manufacturing error
• Intermittent connectivity• Confirm with a packet capture, should see ARP contention
• Use the ARP command from another computer• Confirm the MAC matches the IP

Question 41

Expired IP addresses

Answer 41

A DHCP address should renew well before the lease expires
Client gives up the IP address at the end of the lease APIPA address is assigned• Checks in occasionally for a DHCP server• Look for an APIPA assigned address• 169.254..• Check the status of your DHCP server

Question 42

Rogue DHCP server

Answer 42

IP addresses assigned by a non-authorized server• There’s no inherent security in DHCP• Client is assigned an invalid or duplicate address• Intermittent connectivity, no connectivity• Disable rogue DHCP communication• Enable DHCP snooping on your switch• Authorized DHCP servers in Active Directory• Disable the rogue• Renew the IP leases

Question 43

Untrusted SSL certificate

Answer 43

Browsers trust signatures from certain CAs• A certificate was signed by a CA that’s not in our list• Error message on the browser• Certificate Authority Invalid• Check the certificate details• Look for the issuing CA• Compare to the CA list on your computer• If it’s an internal server, it may be internally signed• Add your internal CA certificate to the list

Question 44

Incorrect time

Answer 44

• Some cryptography is very time sensitive• Active Directory requires clocks set within five minutes of each other• Kerberos communication uses a time stamp• If the ticket shown during authentication is too old, it’s invalid• Client can’t login• Check the timestamp of the client and the server• Configure NTP on all devices• Automate the clock setting

Question 45

Exhausted DHCP scope

Answer 45

Client received an APIPA address• Local subnet communication only• Check the DHCP server• Add more IP addresses if possible• IP address management (IPAM) may help• Monitor and report on IP address shortages• Lower the lease time• Especially if there are a lot of transient users

Question 46

Blocked TCP/UDP ports

Answer 46

Applications not working• Slowdowns with other applications• Firewall or ACL configuration• Security choke points• Confirm with a packet capture• No response to requests• Run a TCP- or UDP-based traceroute tool• See how far your packet can go

Question 47

Incorrect host-based firewall setting

Answer 47

• Applications not working• Based on the application in use and not necessarily the protocol and port• Check the host-based firewall settings• Accessibility may be limited to an administrator• Managed from a central console• Take a packet capture• The traffic may never make it to the network• Dropped by the operating system

Question 48

Incorrect ACL setting

Answer 48

Only certain IP addresses accessible• Or none• Access Control Lists• IP address, port numbers, and other parameters• Can allow or deny traffic by filtering packets• Confirm with packet captures and TCP/UDP traceroutes• Identify the point of no return

Question 49

Unresponsive service

Answer 49

No response to an application request• No answer• Do you have the right port number?• And protocol (TCP/UDP)?• Confirm connectivity• Ping, traceroute• Is the application still working?• Telnet to the port number and see if it responds

Question 50

Hardware failure

Answer 50

• No response• Application doesn’t respond• Confirm connectivity• Without a ping, you’re not going to connect• Run a traceroute• See if you’re being filtered• Should make it to the other side• Check the server• Lights? Fire?