Messer - 5. Network Troubleshooting & Tools

Question 1

What are the seven steps of network troubleshooting?

Answer 1

1. Identify problem
2. Establish theory
3. Test theory
4. Plan solution
5. Implement solution
6. Verify results
7. Document everything

[Identify. Then two related to theory. Then two related to solution. Then two related to results]

Question 2

Explain what is involved in the following step of the network troubleshooting methodology:

1. Identify problem

Answer 2

• Gather information
-Determine scope (i.e. area affected)
(e.g. single station? floor? entire network?)
-Check docs (e.g. install & maintenance logs)
-Vendor knowledge bases
• Question users (open and closed questions)
• Identify symptoms
-Maybe make physical inspection
• Duplicate problem, if possible
• Determine if anything has changed
-Did it ever work?
-What changed since last working?
• Approach multiple problems individually.

Question 3

Explain what is involved in the following step of the network troubleshooting methodology:

2. Establish theory

Answer 3

• Question the obvious
• Step through what should happen
    -And identify where it breaks down
    -Prove functionality of each component in sequence
• Consider multiple approaches
• OSI model:
    -Start at bottom
    -Start at top
    -Start at most likely layer (aka divide and conquer)

Question 4

Explain what is involved in the following step of the network troubleshooting methodology:

3. Test theory

Answer 4

• Once theory is confirmed, determine next steps to resolve problem.
• If theory is not confirmed, re-establish new theory
• Or escalate as necessary by referring problem to senior technician, manager, or third party if:
  • Problem is beyond your knowledge or ability
  • Problem falls under warranty
  • Scope of problem is very large
  • Solution requires major reconfiguration
  • Customer becomes difficult or abusive

Question 5

Explain what is involved in the following step of the network troubleshooting methodology:

4. Plan solution

Answer 5

Typically three solutions to any problem:

* Repair - You need to determine whether cost and time of repair makes this the best option
* Replace - Often more expensive and may be time-consuming depending on availability. May be opportunity to upgrade
* Ignore - If problem isn't critical and/or repairing / replacing aren't cost-effective, might be best just to find a workaround

Always consider potential effects on rest of the system. e.g. If you need to apply a software patch, might cause other programs not to work properly. Helpful to have an effective configuration management system. May need to seek authorization for plan.

Question 6

Explain what is involved in the following step of the network troubleshooting methodology:

Implement solution

Answer 6

If you are simply reverting to a known good configuration before something was changed, you might be able to implement solution directly. But if fix requires changes to system / network, you may have to follow a change management plan. And again, may need authorization. If making a series of changes, be sure to document everything along the way!

Question 7

Explain what is involved in the following step of the network troubleshooting methodology:

6. Verify results

Answer 7

Verify full system functionality, and if applicable, implement preventive measures.

Before closing a ticket, make sure you’re satisfied that the problem (and system as a whole) are now working properly. AND get customer’s acceptance that issue is solved and ticket can be closed.

Think about ways you can prevent problem from happening again.

Question 8

Explain what is involved in the following step of the network troubleshooting methodology:

7. Document everything

Answer 8

Document findings, actions, and outcomes.

In ticket system, write complete description of the problem, its solution, including findings, actions, and outcomes.

Question 9

Describe the purpose of crimpers.

Answer 9

A tool used to attach connectors to the ends of cables. For instance, you use one type of wire crimper to attach RJ-45 connectors on unshielded twisted-pair (UTP) cable. You use a different type of wire crimper to attach British Naval Connectors/Bayonet Neill-Concelman (BNCs) to coaxial cabling.

A crimper sometimes includes a wire stripper, as well. If it doesn’t, you need one..

Question 10

Describe the purpose of a cable tester.

Answer 10

A tool for determining whether a cable is crimped properly. It’s a very basic tool for testing continuity. Can identify missing pins or crossed wires. NOT used for frequency testing (e.g. crosstalk, signal loss, etc.)

Should have two parts to allow it to plug into each
end of the cable, and it should have light indicators that light up as it tests for connectivity from one end of the cable to another on each wire.

The tester should have a light for each wire in the cable. It will light up an indicator for each wire, one after the other—you will need to watch the lights light up at both ends and make sure that the order is the same on both parts of the tester. If the order is different, you have an incorrectly positioned wire and you will need to recrimp an end.

Question 11

What is a cable certifier?

Answer 11

A type of cable tester that will report the same info as a normal cable tester, but will also report on info such as speed and duplex settings.

Question 12

What is a butt set?

Answer 12

aka lineman’s handset

A cable tester for telephone lines.

Question 13

Describe the purpose of a TDR / OTDR.

Answer 13

aka. Time Domain Reflectometer / Optical Time Domain Reflectometer

A tool used to troubleshoot problems with a cable by sending a signal, where it is reflected back at some point. The TDR then calculates the distance down the cable that the signal traveled before being reflected. If this distance is less than your overall cable length, a problem exists at that distance from your location. Great for detecting shorts and breaks.

Can give a lot of information:

• cable length
• splice locations
• cable type (impedance info)
• signal loss

Helpful for certifying a new cable installation.

TDR sends electrical signals for copper cabling. OTDR sends light for fiber optics and is extremely expensive.

Question 14

Describe the purpose of a light meter.

Answer 14

aka. optical power meter or power meter

A tool for measuring the amount of light loss in fiber-optic cables. Sends a light (e.g. laser, LED) from one side, and then measures it on the other.

Messer says it’s the fiber-optic equivalent of using a cable tester to check for continuity in copper cabling.

Question 15

Describe the purpose of a tone generator.

Answer 15

aka fox and hound

A device used to determine the two ends of a specific cable within a large bulk of cables. In short, it’s a wire tracer. Includes two components: the tone generator itself, and an inductive toner probe that listens for the tone on the other end. Often has modular jacks, coax connections, punch down connectors, etc that can fit onto most cables.

Question 16

Describe the purpose of a loopback adapter.

Answer 16

aka loopback plug

A tool for testing the physical ports / interfaces on a system (e.g. ethernet and WAN) without having to connect an external device. Very simply, it returns a transmitted signal back to the interface that transmitted it. If the sent signal is different than received signal, you know something is wrong.

[Do NOT confuse with cross-over cables, which connect like devices to each other]

Question 17

Describe the purpose of a punchdown tool.

Answer 17

A tool used to attach twisted-pair network cable to connectors within a patch panel. Specifically, they connect twisted-pair wires to the insulation displacement connector (IDC). You “punch” a wire into a wiring block (e.g. 66 or 110 block), locking that wire into place.

Question 18

Describe the purpose of a multimeter.

Answer 18

A device used to measure AC or DC voltage, or when troubleshooting cabling issues, it can measure resistance (in ohms). A normal cable without any problems should measure a resistance of 0 ohms, but if the cable is broken or has faults in the wiring, it will measure higher resistance.

Messer says it can also check for continuity between ends of a cable, fuse status, wire mapping, etc.

[So not just an electrician’s tool for checking whether there’s power. According to Emmett Dulaney ebook, network multimeters can do a lot of things, including ping and test response times on key networking equipment, verify faults on network cabling, locate and identify cable]

[Most popular pronunciation is “multi-meter,” not “mull-tim-eter”]

Question 19

Describe the purpose of a spectrum analyzer.

Answer 19

A device typically used to monitor and troubleshoot signals with wireless technologies, such as wireless networks. Can display noise levels with the signal, as well as frequency information and signal strength. Can help determine whether there’s conflicts or interference (e.g. another wireless access point or device.)

[Not to be confused with software called WiFi analyzer]

Question 20

What is a packet sniffer / protocol analyzer?

Answer 20

The two terms are often used interchangeably as both are used to capture communication streams so you can analyze the traffic and determine the cause of a problem. But technically there’s a difference. While a packet sniffer simply captures traffic, a protocol analyzer reads and decodes it, specifically on the protocol level.

Very helpful for solving complex application issues, identifying unknown or suspicious traffic, verifying security controls, identifying protocol patterns and problems, etc.

Ex of protocol analyzer: WireShark

[Note: Can be hardware or software, although objectives have it under software tool]

Question 21

Describe the purpose of a port scanner.

Answer 21

A software-based security utility designed to search a network host for open ports on a TCP/IP-based network. (As a refresher, in a TCP/IP-based network, a system can be accessed through one of 65,535 available port numbers. Each network service is associated with a particular port.)

Many of the thousands of ports are closed by default; however, many others, depending on the OS, are open by default. These are the ports that can cause trouble. It is critical that administrators know which ports are open and potentially vulnerable. The quickest way to get an overview of the ports used by the system and their status is to issue the netstat -a command from the command line.

[One reason hackers love port scanners: If you know what ports are open, you know what services are likely running]

Ex: NMap, Zenmap, SuperScan, Angry IP Scanner

Question 22

Describe the purpose of a WiFi analyzer.

Answer 22

aka wireless analyzer

A software utility that provides power measurements of SSIDs and encryption being used on each, along with channels SSI is using and MAC address of the WAP announcing the SSID. [Zacker book says this info is useful because it shows the overall RF airspace as a device will see it. Not exatly sure what he means]

Often, this functionality is incorporated into spectrum
analyzers. However, Wi-Fi analyzers can be used independently and are often free because of the basic functionality they provide. Spectrum analyzers will allow you to see NON-Wi-Fi devices utilizing the RF
airspace as well as interfering with electronics such as microwave ovens and wireless phones.

[IMO, Messer did a bad job on this one. And some surprisingly thorough authors don’t appear to cover it.]

Question 23

Describe the purpose of a bandwidth speed tester.

Answer 23

A software utility (often a website) that communicates with dedicated Internet servers to determine your download and upload speed. Often by transferring a file and measuring throughput. These sites are not all the same (e.g. different number of servers, bandwidth, testing methodologies). But especially helpful if used for pre- and post-change analysis.

Common sites: SpeedOf.Me, speedtest.net, testmy.net, ISP sites.

Their inherent problem is they report the speed at which the server can communicate to you, which may not be the total speed of your connection. That said, useful to validate if there is a problem with your Internet connectivity.

A more precise method of measuring bandwidth speed is the use of an open source tool called iPerf, which requires a server to be set up to listen for an incoming request from the iPerf client. Many ISPs have an internal iPerf server so that you can test your WAN speed. When the iPerf tool is used, it saturates the entire line to report actual bandwidth speeds. It is also
a useful tool for determining how well a firewall can perform under a high-bandwidth load as part of a stress test.

Question 24

What is ping?

Answer 24

Command line utility that verifies hostname, host IP address, and physical connectivity to a remote device.

Each ping makes four attempts, returns time of response (in ms). How many packets lost, if any. You also see TTL (time to live). Based on TTL, you can get a sense if multiple hops.

Uses ICMP.

Messer says one of the most commonly used tools in troubleshooting a network. First and last thing you use. (Used last to verify a fix.)

Question 25

What is tracert / traceroute?

Answer 25

Tracert - Windows
Traceroute - Linux

Command line utility that traces and reports on the route to a remote device. Maps the entire path between our device and the remote one.

Takes advantage of ICMP Time to Live Exceeded Error message. Time in TTL refers to hops, not seconds or minutes. TTL=1 is first router, TTL=2 is second, etc. Not all devices reply with ICMP Time Exceeded messages. Not all routers send that message. And some firewalls filter. ICMP is low-priority for many devices.

Different flavors of traceroute. Not all the same. Some OSes allow you to specify protocol used (e.g. Linux, Unix, Mac). They use UDP by default, whereas Windows uses ICMP.

[Tracert doesn’t work correctly on my system due to how Verizon FiOS handles ICMP. Would need to download an alternate tool that uses UDP]

Question 26

What is nslookup?

Answer 26

Command line utility that is used to lookup DNS info (e.g. canonical names, IP address, cache timers, etc.) given a particular name or IP address. (If you enter a domain name, it will give you IP address. And sometimes vice versa.) Looks like you can get other types of DNS data, as well. Like mail servers.

Cross-platform: Works on Windows, Mac, and LInux

Deprecated. Use dig instead.

[When I look up my rdb subdomain, I can see the IPv6 address I’ve added, as well as the IPv4]

Question 27

What is dig?

Answer 27

Command line utility that is used to query DNS. Dig will give you much the same information as nslookup, but is updated tool and gives you more advanced domain info.

Not native to Windows. You have to download.

Question 28

What is ipconfig / ifconfig?

Answer 28

ipconfig = Windows. ifconfig = Mac / Linux
(“if” is for “interface”)

Command line utility that displays current IP configuration information.

Without any switches, you can see IP address, subnet mask, and default gateway (router) for all network interfaces to which TCP/IP is bound. [meaning?]

Use /all switch to display complete TCP/IP config parameters for each interface to which TCP/IP is bound.

You can tell whether your IP address was granted via DHCP or APIPA. You can force DHCP to renew leased IP address, and also release it.

Commands:
ipconfig /all
ipconfig /release
ipconfig /renew

[Not entirely clear to me how to read what this returns. Like what applies to router and what applies to this device]

Question 29

What is iptables?

Answer 29

Command line utility that is a very powerful firewall feature found in Linux. Gets its name from tables
of rules that control what traffic is allowed to enter or leave the system or to be forwarded on to another system.

The three main tables used with IPTables are:

• Input - This table controls what traffic is allowed to pass through the network card into the Linux system.
• Output - This table controls what traffic is allowed to pass through the network card out of the Linux system.
• Forward - This table is used if you want to forward a packet from the Linux system on to another system.

Messer says it’s a stateful firewall that filters in the kernel of the Linux OS. Some Linux distros prefer firewalld or other firewalls over iptables.

Question 30

What is netstat?

Answer 30

Command line utility that displays statistics for current TCP/IP connections. And basically what services you’re currently using (e.g. https)

Cross-platform: Windows, Unix, Linux, etc.

switches:

• a - shows all active connections (on individual machine)
• b - shows binaries that created connection (Windows)
• n - Do not resolve names
• f - Shows fully qualified domain names. This makes it a little more interesting.

[Not really clear what I’m looking at. Runs for a while. Shows protocol (e.g. TCP or UDP), Local address (and port), Foreign address (sometimes IP, sometimes not), and the state (e.g. listening, established).]

Question 31

What is tcpdump?

Answer 31

tl;dr - Command line packet sniffer [Not protocol analyzer, if following strict definition]

Command line utility that is used to capture packets and print the contents. Can read packets from a network interface card or from a previously created saved packet file and write packets to either standard output or a file.

Output saved in standard pcap file format, which can be easily read in protocol analyzers like WireShark. [Although not entirely clear why you wouldn’t just use WireShark in the first place.]

You can apply filters, view traffic in realtime to quickly identify traffic patterns. Can be overwhelming amount of data. Takes a bit of time to parse and filter.

Available on Linux/Unix/Mac. On Windows, there’s WinDump.

Question 32

What is pathping?

Answer 32

Command line utility that combines Ping with Tracert functionality. Pathping is different from Tracert in the sense that it reports statistic information at the end of the ping, summarizing information such as percent packet loss so that you can identify the hop that is causing problems along the pathway of communication.

Messer says: First phase runs a traceroute, building map/path between you and another device. Second phase is the ping, measuring round trip time and packet loss at each hop.

[Again, Verizon appears to be breaking this for me]

Question 33

What is nmap?

Answer 33

Command line port scanner that is available on most Linux systems by default and can be installed on Windows systems.

Messer says: In addition to finding devices and identifying open ports, can also discover OS of device without logging in, and discover available services (e.g. name, version, details, etc.) There’s also Nmap Scripting Egine (NSE), which extends capabilities, including vulnerability scans.

[Need to know common commands, I guess? Like how to scan a single IP for common open ports, or scan entire network for specific ports [Clarke has commands for this. Curious if other books do, as well]

Question 34

What is route?

Answer 34

Command line utility that is used to view and manage the local routing table. (i.e. Find out which way the packets where go / where traffic will be routed.)

Windows command: route print
(Gives break-down of both IPv4 and IPv6)

[No idea what to do with any of this]

Question 35

What is arp?

Answer 35

Command line utility that displays and modifies the local Address Resolution (ARP) cache. i.e. You can determine a MAC address based on an IP address.

Windows: arp -a
(View local ARP table)

[To see one of your local devices in this cache, you may first need to ping its IP address first. Because ARP cache is regularly pruned?]

[Okay, so I just did this with my cell phone. Went into phone settings > Phone Status, and got the IP address. It was NOT in the ARP table. So from my laptop, I pinged that IP address, and then phone’s IP appeared in ARP table. Using that, I was able to see phone’s MAC address. Which I confirmed by looking at it in settings.]

Question 36

What is attenuation?

Answer 36

aka insertion loss

Signal loss. Loss of intensity as a signal moves through a medium (e.g. electrical signals through copper, light through fiber, or radio waves through air.) Can be caused by distance, obstacles, or interference. Attenuation explains why some mediums (e.g. fiber) allow greater distance than others.

Question 37

How is attenuation measured / quantified?

Answer 37

In decibels (dB), which is based on ratio (i.e. ratio of signal strength at point A and point B). Decibels are logarithmic (i.e. non-linear), so a small change in value represents a large change in what’s being measured.

3dB = 200% signal
-3dB = 50% signal

Question 38

What are the symptoms of attenuation? And how might you troubleshoot it?

Answer 38

Symptoms can be any of the following:

• No connectivity at all (easier to troubleshoot)
• Intermittent connectivity
• Poor performance

Troubleshooting:

• Look at stats associated with that network interface card. Should see CRC errors, a sign of data corruption
• Test each connection with a TDR / OTDR. You can test distance, signal loss, how much signal you’re getting.

Question 39

What are CRC errors and what do they indicate?

Answer 39

An error message that appears when corruption is suspected or detected in data storage or transmission.. They use a check value similar to a checksum. Typically indicate a Layer 1 (Physical Layer) issue. [Although some argue it’s Layer 2 because that’s where the actual error exists, I think?] In networking, could indicate faulty cable or bad port. And also duplex mismatch (if you also have a lot of collisions, runts, large packets). In data storage, could indicate a failing hard drive.

Question 40

What is latency, and when is it particularly relevant?

Answer 40

The delay between a request and response. Some latency is unavoidable due to the laws of physics (takes time for signal to transmit). But excessive latency is problematic, especially with certain kinds of applications like VoIP, streaming video, and other real-time apps.

Question 41

How do you troubleshoot latency?

Answer 41

Examine response time at every step along the way. May require multiple measurement tools. Packet captures and protocol analyzer can provided a detailed analysis, down to the microsecond. Good to get captures from both sides.

Question 42

What is jitter, when is it particularly relevant, and how do applications compensate for it?

Answer 42

Jitter is delay inconsistency / variability between packets / frames. As with latency, it’s particularly relevant in VoIP, streaming video, and other real-time apps. Buffering is commonly used to even things out.

Question 43

What is the difference between latency and jitter?

Answer 43

Latency is the time it takes for a packet to move from one point to another. Jitter is the difference in delay between two packets. [i.e. Jitter is variability in latency]

Question 44

How do you troubleshoot jitter?

Answer 44

• Confirm available bandwidth and make sure network isn’t clogged
• Check infrastructure (e.g. queues in your switches and routers. Look for dropped frames)
• Apply QoS in switch, router, firewall, etc. to prioritize real-time communication

Question 45

What are the kinds of media interference that can interfere with data transmissions over network media?

Answer 45

Crosstalk (XT)
EMI

[Note: Fiber is immune to these]

Question 46

What is Crosstalk (XT)?

Answer 46

Signal leaking. i.e. When signal going across one pair of wires affects another. Can be measured with a TDR. As with latency and jitter, there’s always going to be a little crosstalk.

[Note: You would not use an OTDR with fiber because fiber is immune to Crosstalk. Not susceptible to electrical interference.]

Question 47

What are NEXT and FEXT?

Answer 47

NEXT - Near End Crosstalk - Interference measured at transmitting end

FEXT - Far End Crosstalk - Interference measured at receiving end

Question 48

How do you troubleshoot crosstalk (XT)?

Answer 48

Almost always indicates one of three problems:

1) bad wiring
- poor quality - maintain your twists going into RJ45 and at other end going in to patch panel (Remember: twists are there to help prevent crosstalk)
- wrong type - Try shielded between pairs. Cat 6A increases distance between pairs
- damaged - Test and certify installation, analyzing each connection

2) bad connector
3) improper termination - check your crimp

Question 49

What is EMI, what are potential sources, and how can it be avoided?

Answer 49

Electromagnetic interference. Occurs when cable is run too close to anything that creates an electromagnetic field (e.g. computer monitors, fluorescent lights, elevators, microwaves, power cords, outlets, electrical systems, fire prevention components, etc.)

Avoided by careful cable placement. Using shielded cables can help. Test using TDR after installation. Also be careful about where you later place potential sources of EMI.

Question 50

What are opens / shorts?

Answer 50

Open fault (aka continuity) - A complete interruption of signal within a cable (i.e. not making a full circuit). Might be due to a cut in the cable across one or more wires.

Short circuit - Two wires inside of a cable are touching, causing data to attempt to travel on wrong wire. Can be caused by miswiring or bent cable.

A short can create an intermittent issue. An open will never be intermittent.

Question 51

How do you troubleshoot opens / shorts?

Answer 51

You can use a multifunction cable tester or TDR to identify / confirm the problem. (A TDR will tell you exactly where on the cable the problem is located.) A multimeter can be used for this as well. Primary purpose is to test electrical circuits, but can also test for continuity on copper wire.

Better to simply replace than repair.

Can be difficult to find a short because cable might need to be moved in just the right way. Might need to be wiggled here and there for problem to appear.

Question 52

What is an incorrect pin-out, and how do you troubleshoot it?

Answer 52

When wires are terminated in the wrong place in a plug or jack (e.g. you connect pin 3 to pin 6 rather than pin 3 to pin 3). Or the two terminated ends don’t match the same standard.

Very easy to switch wires around if you’re crimping your own RJ45 cables, for example. Or you might accidentally use T568A termination standard on one end, and T568B on the other.

To troubleshoot, you need a good cable mapping device (i.e. cable tester), where you can plug in the two sides of the cable to see connection between one side and the other.)

[Pengelly talks about split pairs, crossed pairs (TX/RX reverse), and reversed pairs as examples. Didn’t feel like getting to deep into that]

Question 53

How do you recognize and troubleshoot an incorrect cable type?

Answer 53

Will lead to excessive physical errors, CRC errors. Look for printed marks on the outside of the cable. Also confirm specs with a TDR.

Question 54

How do you recognize and troubleshoot a bad physical port / interface?

Answer 54

Interface errors (e.g. FCS errors, oversize packets, late collisions, etc.) can indicate bad cable, but could also be the port itself.

Good to verify ethernet adapter configurations on both sides of connection to make sure you’re matching speed, duplex VLAN, etc.

You can also use a loopback plug or test with a known
good host. If the port and NIC are good, the link should be reported as Up by a tool such as ipconfig or ifconfig when the loopback plug is connected.

Question 55

How do you recognize and troubleshoot a transceiver mismatch?

Answer 55

You might have signal loss, dropped frames, missing frames, or the connection might go down completely.

Because transceivers look almost exactly the same, it’s easy not to match them properly. They need to match the mode and wavelength of the optical fiber (e.g. single-mode / multi-mode and 850nm / 1310nm).

[Remember: Transceivers like GBIG and SFP are used on switches. With FIBER]

Question 56

What is a TX/RX reversal, how do you recognize it, and how do you troubleshoot it?

Answer 56

A TX/RX reversal is simply when you reverse the transmit and receive wires. In other words, it’s when you accidentally have a crossover cable instead of a straight-through cable. [In other words, TX/RX is not always a bad thing!] This can happen very easily when putting on an RJ45 connector, or when punching into punch down block itself.

If you have an unexpected / unwanted TX/RX reversal, you’ll simply get no connectivity.

Easy to detect with a wire mapping device or cable tester. Might even be able to see it visually. If network has Auto-MDIX enabled, might correct the problem automatically. You can try turning it on.

Question 57

What is a duplex / speed mismatch and how do you troubleshoot?

Answer 57

When two switches are connected, speed and duplex need to match on both ends. e.g. Speed can often be set at 10 mbit, 100 mbit, 1000 mbit, or auo-negotiate. Duplex options will be Half, Full, and Auto.

If speed is mismatched, you’ll get less than expected throughput. If duplex is mismatched, you’ll get a significant slowdown, along with an increase in late collisions. You can look at ethernet statistics for that adapter.

Question 58

How do you troubleshoot a network bottleneck?

Answer 58

To check connectivity speeds, traceroute / tracert can be a good place to start.

Messer says there’s never one place to look or one performance metric. When someone says network is slow, it could really be one of many devices plugged into network. Networks involve a lot of technologies working together. You need to look at things like I/O bus of server, CPU speed, storage access speed, router or switch throughput, etc. Look at stats in servers, routers, switches, networks, workstations. Monitor all of these. Helps if you have baselines.

Question 59

What is a VLAN mismatch, and how do you troubleshoot it?

Answer 59

Occurs when users are moved or otherwise connected to the wrong VLAN.

When you’re configuring interfaces on a switch, you’re assigning each interface with a VLAN. So you want to check these VLAN configurations by using SSH into a switch. Each port should have a VLAN setting. VLAN 1 is usually the default. But many orgs have many VLANs, so you may need to check documentation to see which VLAN the device belongs to.

From book:

Administrators have to ensure that the user system is plugged into the correct VLAN port. For example, suppose a network is using port-based VLANs to assign ports 1 through 8 to marketing, ports 9 through 18 to sales, and so on. Plugging a sales client into port 6 would make that sales client part of the marketing network. This sounds simple, but if the documentation is not up-to-date, and you work with a new network, this can be tricky to identify.

One of the keys to preventing VLAN assignment errors is to clearly document the VLAN arrangement. If systems are moved, you need to know how to reconnect them and forward them to the correct VLAN port. Also, membership to a VLAN can be assigned both statically and dynamically. In static VLAN assignment, the switch ports are assigned to a specific VLAN. You must ensure you have right ports assigned to users.

Question 60

Describe typical LED status indicators on a NIC for various problems.

Answer 60

• Solid green—Link is connected but there is no traffic.
• Flickering green—The link is operating normally (with traffic).
• No light—Link is not working or is disconnected at the other end (Could be disconnected cable,damaged cable, open, short, Tx/Rx reverse, incorrect pin out, bent pin, etc.)
• Blinking amber—Fault has been detected (duplex mismatch or spanning tree blocking, for instance).
• Solid amber—Port is disabled.

Question 61

Describe reflection as it relates to wireless connectivity.

Answer 61

When a wireless signal bounces of an object (e.g. metal, desks). Too much can weaken the signal, but according to Messer, a little actually helps with MIMO. You can position antennas to avoid excessive reflection. Reflection depends on types of surfaces, as well as frequencies used (e.g. 2.4 v. 5 GHz)

[Want to look back at 2.4 v. 5 GHz notes]

Question 62

Describe refraction as it relates to wireless connectivity.

Answer 62

When a wireless signal passes through an object, and then changes its course / angle of travel. (Similar to how light travels through water, making a straw look strange in a glass of water.) Outdoor long-distance wireless links can be impacted by changes in air temp and water vapor.

Question 63

Describe absorption as it relates to wireless connectivity.

Answer 63

When a wireless signal is swallowed by an object rather than reflected or absorbed.

Again, absorption depends upon interaction of material with different frequencies.)

(Not always a bad thing. For security purposes, you might want material that absorbs signal on the outer walls of a building. Can use shielding (RF) paint, copper plaints, aluminum sheets.)

Question 64

List a few objects that are pose high, medium, and low obstacle severity.

Answer 64

High:

• Metals
• Mirrors
• Water

Medim-High:
-Concrete blocks

Medium:

• Tinted glass
• Ceramic tile
• People (crowds)

Low

• Clear glass
• Furniture
• Drywall
• Wood

[Messer didn’t mention it, but saw it in a book]

Question 65

Describe attenuation as it relates to wireless connectivity (and how to address it).

Answer 65

Signal gets weaker as you move farther from antenna. Can be measured with a WiFi analyzer. Sometimes you can control power output on the access point, or use a receive antenna with a higher gain to capture more of the signal.

Question 66

Conflicting channels pose a greater challenge for which of the two wireless frequencies? And why?

Answer 66

It’s a greater challenge for 2.4 GHz because there are fewer non-overlapping channels available.

Question 67

Describe how you’d set up wireless channels / antennas on a single office building floor with many different rooms. Let’s say you need seven different access points using thee different channels (e.g. Ch. 1, 6, and 11).

Answer 67

You need to set things up to prevent interference from access points using overlapping channels.

To do this, you’d use a number of different access points with omni-directional antennas.

You could have a channel 1 on one side of the building, and another channel 1 on the other side. And then in between, you could have Channels 6 and 11. It’s okay if a Channel 1 overlaps with a Channel 6 or 11. The main idea is you don’t want a Channel 1 overlapping with another Channel 1, or a Channel 6 overlapping with another Channel 6.

Question 68

Describe the difference between interference you’d find on a wireless v. wired network.

Answer 68

On a wired network, you’re concerned with electrical interference from other cables, wires, devices, etc.

With wireless, you’re concerned bout other things using your frequency. Like another network in same multi-tenant building. [Looks like it can also be fluorescent lights, microwave ovens, cordless phones, high-power sources - similar to wired, right??]

Question 69

What tools could you use to measure wireless interference?

Answer 69

Wireless site survey
aka Radio Frequency (RF) site survey

[WiFi analyzer? App on phone?]

[Weirdly, Messer didn’t mention either in this section]

Messer mentioned:

• netstat -e on Linux or Mac [I also see on Windows. Not sure if different, or? Just shows discards, errors, unknown protocols, etc.]
• Performance Monitor on Windows [Don’t see anything helpful in here]

Question 70

Which three wireless channels should you stick with to minimize chance of overlap / interference?

Answer 70

1, 6, and 11

[Says one book: Important on a non-MIMO set up (such as 802.11a, b, or g) and on 802.11n with 20 MHz channels]

Question 71

Describe the two main types of overcapacity you may experience on a wireless network.

Answer 71

Device saturation - Too many client devices connected to the same AP. The maximum number of clients an AP can support varies, depending on WiFi standard used and type of traffic. Using 5 GHz can help because many more frequencies available. And web surfing less demanding than video streaming. As a general rule, 30 client max per AP.

Bandwidth saturation - Too much data being moved at once. Even with a relatively low number of clients, can be a problem if one client being a bandwidth hog.

[Overcapacity issues common at conferences, airports, hotels]

Question 72

What are the indicators of a DNS problem?

Answer 72

• Web browsing doesn’t work (i.e. domain names not resolving)
• Some applications aren’t communicating (often use names rather than IP addresses
• You’ve confirmed that IP address, netmask, and default gateway are all configured correctly
• Pinging IP address of website does work (if you know it). So does pinging local gateway. And so does pinging Google’s DNS servers (e.g. 8.8.8.8)

Question 73

What are the indicators of an incorrect IP address for the default gateway?

Answer 73

• You will not be able to communicate with any devices outside the local network
• BUT you should be able to communicate directly with devices on your network
• You can use ipconfig / ifconfig to see if gateway address makes sense. (e.g. If device IP address is 192.168.1.151 and you know the subnet mask is 255.255.255.0, then gateway should be 192.168.1.1)

Question 74

What are the indicators of an incorrect subnet mask?

Answer 74

• Failed or very limited connection to your network
• BUT you might still have outgoing connectivity with other network devices, and even the Internet.

[So basically, the opposite problem of having an incorrect gateway, where internal works, but external doesn’t]

• You can use ipconfig / ifconfig to see if subnet mask makes sense. (e.g. If device IP address is 192.168.1.151 and the gateway is 192.168.1.1, then that should tell you that subnet should be and you know the subnet mask should be 255.255.255.0. Unless gateway is wrong, as well) [This is my own idea]
• Messer says check other devices for correct subnet to confirm

Question 75

What are the indicators of a duplicate IP address?

Answer 75

• Intermittent connectivity as the two devices “fight” with each other (i.e. connectivity will switch back and forth between them)
• Especially likely if you’re using static IP addressing instead of using DHCP. But even with DHCP, you could have servers overlapping, or a rogue server
• Most OSes do a check at startup and will block duplicate IP addresses

Question 76

How do you troubleshoot a duplicate IP address?

Answer 76

• Look for misconfiguration, starting with manually configured devices (e.g. IP, netmask, gateway)
• When device is off, ping its IP address. If something responds, you know there’s a duplicate
• Check ARP table. Find MAC address in switch’s MAC table (which will tell you what interface that device is connected to)
• If you think DHCP server is sending out duplicate IP addresses, capture packets from DHCP process (which DHCP servers are responding?)

Question 77

What are the indicators of a duplicate MAC address?

Answer 77

• Intermittent connectivity issues for devices involved in the duplication
• Most switches will detect the problem and produce a helpful error message

[Relatively rare problem. But can happen when managing multiple virtual devices on a large network]

Question 78

What are the indicators of an expired IP address, and what should you do about it?

Answer 78

You’ll see a link local address:

IPv4 - 169.254.x.x
IPv6 - fe80::

You should check your DHCP server, because it’s apparently not renewing IP addressees before they expire. Could be down. So an APIPA / link-local address gets assigned]

Question 79

What does a loopback address look like?

Answer 79

IPv4 - 127.0.0.1

IPv6 - 0:0:0:0:0:0:0:1 or ::1

Question 80

What are the indicators of a rogue DHCP server, and what should you do about it?

Answer 80

• Client is assigned invalid or duplicate IP address
• Intermittent or no connectivity

To fix:

• Enable DHCP snooping on your switch to identify and disable the rogue DHCP device
• Release and renew IP leases for devices that received IP addresses from the rogue