Networking Midterm Flashcards
Network maintenance
doing whatever is required to keep the network functioning and meeting the business needs of an organization
Examples of network maintenance
Hardware/software installation and configuration
Troubleshooting problem reports (tickets)
Monitoring and tuning network performance
Planning for network expansion
Documenting the network and any changes made to the network
Ensuring compliance with legal regulations and corporate policies
Securing the network against internal and external threats
Backing up files and databases
What are the two types of Network Maintenance?
Interrupt driven
Structured:
What is Interrupt driven network maintenance?
Performing maintenance as a reaction to an input, such as helping a user after they have reported a problem, or improving network security only after an attack has occurred. Reactive
What is Structured network maintenance?
Performing maintenance as part of a predefined plan of processes and procedures. Proactive
Pros of Proactive vs Reactive network maintenance?
Reduced Network Downtime:Maximize mean time between failures (MTBF). Minimize mean time to repair (MTTR).
More cost effectiveness:Fewer major outages occur, resulting in less resources being consumed for problem resolution
Higher network security: Up-to-date prevention and detection mechanisms
can notify staff through logs and alarms. Monitoring allows you to observe network vulnerabilities and needs, and justify plans for strengthening network security.
FCAPS stands for?
(fault management, configuration management, accounting management, performance management, security management)– is a network maintenance model defined by the ISO
ITIL
IT Infrastructure Library) – defines a collection of best practice recommendations that work together to meet the IT business management goals
Cisco Lifecycle Services
(aka PPDIOO model) – this maintenance model defines distinct phases in the life of a Cisco Technology network (plan, prepare, design, implement, operate, and optimize)
COMMON PROCEDURES
Moves – moving users
Adds – creating new user account, provisioning them a device,
Changes – what needs to happen if network changes, update documentation, report changes, alert user.
Moves, adds, changes is also known as MAC
Replacing older/failed hardware: different specs means rebuilding things from scratch before you even go to install the new hardware.
Scheduled backups
Updating Software
Monitoring Network Performance (during an average day, to see what is different when there is an outage)
WHEN TO SCHEDULE:
Some tasks are urgent, like replacing a core router, and need to happen ASAP
Other tasks that aren’t as urgent can be scheduled to happen during the maintenance window.
Maintaining Network Documentation:
unexpected things can happen during changes, so it’s important to do it during the maintenance window so small things can be fixed before peak business hours.
Who is responsible for authorizing various changes? You might need to collaborate with different departments, or need clearance from a supervisor.
What tasks need to be done in the next maintenance window? There might be more that needs to be done than just regular updates. unexpected things can happen during changes, so it’s important to do it during the maintenance window so small things can be fixed before peak business hours.
Who is responsible for authorizing various changes? You might need to collaborate with different departments, or need clearance from a supervisor.
What tasks need to be done in the next maintenance window? There might be more that needs to be done than just regular updates.
WHAT MEASURABLE CRITERIA DETERMINES THE SUCCESS OR FAILURE OF A NETWORK CHANGE?
By layering changes, it might have broken other things and masked that one of the changes was the right solution. TEST AFTER EVERY CHANGE, IF THE PROBLEM PERSISTS, ALWAYS ALWAYS ALWAYS UNDO THE CHANGE YOU JUST MADE, AND TRY AGAIN. Wrong changes have potential to cause more damage. Copy configs into notepad if you need to.
SOP (standard operating procedure)
a document outlining a step-by-step guide to a task. Maintenance plans need SOP’s to make sure everyone does things the same way, no matter who is doing the procedure.
SOP’s are important for consistencies because everyone had different learning experiences, different naming conventions etc. Can bring a network down and make maintenance very difficult.
Correct documentation and what to have in it
Topology logical&physical
Listing of interconnections- Inventory of networking equipment IP address assignment Config Info Original design documents
RESTORING OPERATIONS AFTER A FAILURE:
To restore a device after a failure, DUPLICATE hardware to be able to swap in in case of a failure is important, preconfigured is nice You can also use the duplicates for a test environment for changes.
OS and application software can be pre-installed, ips can be pre-configured etc. (changes will still need to be made, but this reduces downtime/ MTTR) Backups of device configuration information, Exact hardware backups can use the same config.
MEASURING NETWORK PERFORMANCE
Proactive management
Can forecast potential issues and fix before they become a problem (ex: CPU usage is dangerously high) Assure you are meeting your SLA (service level agreement) if you are an ISP, OR as a customer, make sure your ISP is meeting their SLA.
DISASTER RECOVERY TOOLS:
Need up-to-date configuration backups (more valuable than hardware, because it’s so time consuming to recreate)
Need Client data backup
Need up-to-date software backups
Consider hardware inventories due to how long new equipment would take to arrive. Identical replacements are hard to get quickly
Config + software provisioning tools, plan to restore from backups quickly
ARCHIVE backup and restore
Archive
Path flash:/config-archive/$h-config (stored in flash, in config-archive folder, $h is hostname, R1 etc., can also be sent to storage server instead of flash)
Write-mem (automatically takes new archive if config changes)
Time-period 10080 (how often to auto backup)
Show archive
Backup and Restore:
FTP with stored username + password
FTP with specified username + password
How to Log:
Logging buffered 16348 : Stores logs to a buffer in RAM, limited to the number of bytes inputted (16348) Show log will show the buffers contents. Oldest messages are deleted to make room for new messages when full. Convenient method but not the best
Logging console warnings : which messages are sent to the console, based on the 0-7 severity levels. Warnings would show only levels of 4 to 0. logging console debug will show 0-7 (default). Logging [ip address] : Sent to a syslog server of a set IP, by default, all messages except level 7 are sent. Allows you to see logs from multiple devices at once. Downside of needing the network to be operational to receive the logs.
Logging severity levels
0 is emergencies
1 alerts
2 critical
3 error
4 warnings
5 notifications
6 informational
7 is debugging (don’t use debug all, it can kill a device by leaving no CPU for taking commands)
Troubleshooting is the process of:
Problem Report -> Problem Diagnosis -> Problem Resolution
Responding to a problem report (sometimes in the form of a trouble ticket)
Diagnosing the underlying cause of the problem
Resolving the problem
The primary goal as a troubleshooter is
to become efficient which requires structured troubleshooting
OSI Model?
7 Application Layer
6 Presentation Layer
5 Session Layer
4 Transport Layer
3 Network Layer
2 Data Link Layer
1 Physical Layer
TCP/IP Networking Model?
Application Layer
Transport Layer
Internet Layer
Network Interface Layer
What are the troubleshoot approaches?
Top-down
Bottom-up
Divide and conquer
Follow-the-path
Compare-configurations
Swap-components
Top-Down
If you suspect the issue is a higher layer, this approach is good (like being able to form TCP connection but not open the web page). Start at application layer (7), if everything works, keep moving down the OSI model until you find the problem.
this is efficient because If you have access on a layer, you can safely assume all layers below are working well.
BOTTOM-UP method:
If you have reason to assume it’s a lower layer issue (user can’t get an IP address), this approach may be good.
could be either the client or the server, you can quickly tell by how many users are affected. If it’s only one, it’s likely the client. Physical Errors are more likely to make large outages, such as a switch getting unplugged, but it’s still possible for it to be client side, such as if an end user unplugged their ethernet
DIVIDE AND CONQUER
Typically start at network layer with a ping. Layer 1 and 2 likely work if ping does, so you can move up. If ping fails, you typically troubleshoot down. This is extremely efficient because it quickly clues you into what layer the issue is on.
FOLLOW THE PATH
(very powerful in combination with divide and conquer)
tracert from users station to the unreachable destination, figure out where the traffic is dropped, or if you have full connectivity to the destination. Remember ping checks a round trip to be successful, and traceroute communicates back each step. Either a route is missing or incorrect(read ipv6 carefully)
Compare-configurations
(BANNED, because people used it with show run …. .. .)
Comparing outputs from a working device and a broken device, looking for the differences.
swap-components
niche, but powerful)
If Something isn’t working, switch the devices/cables/ports with a known working one to narrow down the problem. Generally limited to cables and end user pc’s in real work environments.
Problems aren’t real until they are
Noticed
Perceived as a problem Reported as a problem
If it’s not a problem, it ain’t a problem
Symptoms vs. causes?
Symptoms: A problem as experienced by the user (“symptoms”)
Causes: The actual cause of the problem
Solutions vs Workarounds?
Why use a workaround?
Solutions resolve the root cause of a problem
Workarounds only alleviate the symptoms of the problem
The solution to a problem cannot always be implemented immediately
During a busy day, it isn’t always feasible to take the network offline
An interim workaround may be needed
Steps to implement trouble shooting procedures?
Defining the problem
Gathering information
Analyzing the information
Eliminating possible problem causes
Formulating a hypothesis about the likely cause of the problem
Testing that hypothesis
Solving the problem
Trouble shoot flowchart
Report problem > verify problem > Define Problem > Assign problem > gather information OR escalate
Show ip route notes:
Routing tables only contain the best paths, whereas individual protocols contain all paths. Check topology and route commands for routing protocols. Remember if subnet not in table, it doesn’t have a table entry but it might still be reachable using default route.
details about ping
Ping sends an ICMP echo request to the destination and receives an ICMP echo reply.
It tests two way connectivity. Destination host unreachable means some device along the path doesn’t have a path to the destination. IE the ping leaves the device and doesn’t have a route to continue, it responds with destination host unreachable. This is different than a timeout where the package never reached another device. (no routes, stuck in a loop, can’t receive ping, etc)
Explanation of ping results characters
! Each exclamation point indicates receipt of a reply.
. Each period indicates a timeout waiting for a reply.
U A destination unreachable ICMP message was received.
Q Source quench (destination too busy).
M Could not fragment (MTU related).
? Unknown packet type.
& Packet lifetime exceeded.
Hardware troubleshooting commands:
show controllers – show hardware information for interfaces
show platform – detailed hardware information about CPU, memory, backplane
show inventory – shows all hardware attached to chassis
show diag – diagnostic information for ports and interfaces
Show environment all – displays temperature and power settings for a device
Time Domain Reflectometer – used to test cabled pinouts
Why do we want to monitor network traffic?
Ensure compliance with SLA
Trend monitoring (bandwidth utilization, CPU utilization, etc.)
Helps us figure out and plan for expansion
Troubleshooting performance issues
Create a baseline so we have something to compare current network performance with
Simple Network Management Protocol (SNMP) vs NetFlow
Collects device statistics (resource utilization, traffic counts, error counts, etc.)
vs
Collects detailed information about traffic flows (traffic moving through the device)
Uses a pull model (statistics are typically requested from a monitored device)
vs
Uses a push model (statistics are sent from the monitored device to a NetFlow collector)
Available on nearly all enterprise devices
vs
Available only on routers and high-end switches (Cisco only)
Enables custom policies that trigger actions based on events:
Syslog messages
Cisco IOS counter changes
SNMP MIB object changes SNMP traps
CLI command execution
Timers and many other options
EEM Actions can consist of:
Sending SNMP traps or syslog messages Executing CLI commands
Sending email
Running tool command language (TCL) scripts
Process of a ping from host A to B (example)
Pc sends out port based on subnet mask (same subnet so no default gateway, layer 2 frame) - timeout if doesn’t know where to send it
General failure, pc has no IP
Destination host unreachable is different thing
ARP request asking for the MAC address that has the destination IP (Dest MAC = BCAST, Source MAC = MAC A) Switch C adds host A to MAC address table (mac, port, vlan) ARP gets forwarded out each port except the one it came on, adds a 802.1q header for the trunk, and tag it for vlan10 When host B sees the Arp request, it recognizes it has the IP, and sends an arp reply, unicast because it already learned about A from the request Switches copy info about host B on the way back if not already know, as the reply travels back to A Now the ping can be sent (ICMP echo request), switches already have entries for both hosts, still tagged with vlan10, and then the tag is stripped after leaving the vlan. B responds
Issues that could cause the communication to fail:
Physical problems
Bad, missing, or miswired cables
Bad ports
Power failure
Device problems
Software bugs
Performance problems
Misconfiguration
Missing or wrong VLANs
Misconfigured VTP settings
Wrong VLAN setting on access ports
Missing or misconfigured trunks
Native VLAN mismatch
VLANs not allowed on trunk
Verifying layer 2 forwarding
You can check which devices have learned the MAC address, if it doesn’t have it, you can start working backwards towards the source to see why.
Common findings when following the path of the frames through the switches:
Frames are not received on the correct VLAN: This could point to VLAN or trunk misconfiguration as the cause of the problem.
Frames are received on a different port than you expected: This could point to a physical problem, spanning tree issues, a native VLAN mismatch or duplicate MAC addresses.
The MAC address is not registered in the MAC address table: This tells you that the problem is most likely upstream from this switch. Investigate between the last point where you know that frames were received and this switch.
Useful Layer 2 diagnostic commands:
show mac-address-table: Shows learned MAC addresses and corresponding port and VLAN associations. Verifies a frame succeeded in reaching the switch and the port it was received on.
show vlan: Verifies VLAN existence and port-to-VLAN associations.
show interfaces trunk: Displays all interfaces configured as trunks, VLANs allowed, and what the native VLAN is.
HIGHLIGHTED SHOUD SHOW ALMOST ALL LAYER 2 ISSUES FOR TRUNKING AND VLANS
show interfaces switchport: Provides a summary of all VLAN related information for interfaces.
traceroute mac: Provides a list of switch hops (layer 2 path) that a frame from a specified source MAC address to a destination MAC address passes through. CDP must be enabled on all switches in the network for this command to work.
traceroute mac ip: Displays Layer 2 path taken between two IP hosts.
Blue Commands exist xD but require a setup and he doesn’t sound extremely fond of them. Can be useful tho
Spanning tree how are Root Bridges elected?
Root bridge is elected by BID, first based on priority (default 32768, multiples of 4096), then MAC address
How are root ports elected?
Path cost
BID of the neighboring switch, then lowest RECEIVED (g1/0/5 on SW1), interface identifier (doesn’t always match the port number, check with show spanning tree)
SPECIAL CASE IN EXAMPLE:
For s2, the RB is elected by cost, or BID, sw1 has a lower BID, then it decides between g1/0/5 and 1/0/6, and 5 is lower so it uses that.
What is the Designated Port(DP)?
DP = any not root port that is still allowed to forward traffic, other side of RP is always DP
Types of Spanning tree failures?
Type 1 - STP may erroneously block certain ports that should have gone to the forwarding state. You may lose connectivity to certain parts of the network, but the rest of the network is unaffected.
Type 2 - STP erroneously moves one or more ports to the Forwarding state. The failure is more disruptive as bridging loops and broadcast storms can occur.
Type 2 failures can cause these symptoms:
The load on all links in the switched LAN will quickly start increasing.
Layer 3 switches and routers report failures such as continual HSRP, OSPF and EIGRP state changes or that they are running at a very high CPU utilization load.
Switches will experience very frequent MAC address table changes.
With high link loads and CPU utilization devices typically become unreachable, making it difficult to diagnose the problem while it is in progress.
STP, How to Eliminate topological loops and troubleshoot issues:
Physically disconnect links or shut down interfaces.
Diagnose potential problems.
A unidirectional link can cause STP problems. You may be able to identify and remove a faulty cable to correct the problem.
EtherChannel
EtherChannel bundles multiple physical Ethernet links (100 Mbps,1 Gbps, 10 Gbps) into a single logical link.
Traffic is distributed across multiple physical links as one logical link.
This logical link is represented in Cisco IOS syntax as a “Port-channel” (Po) interface.
STP and routing protocols interact with this single port-channel interface.
Packets and frames are routed or switched to the port-channel interface.
A hashing mechanism determines which physical link will be used to transmit them.
Three common EtherChannel problems:
Mismatched port configurations: the configurations of all ports making up an EtherChannel, on each switch, must be identical (speed, duplex, trunk mode, VLANs, type)
Mismatched EtherChannel configuration: Both switches should be configured with the same or compatible channel modes. Three options are Ling Aggregation Control Protocol (LACP), Port Aggregation Protocol (PAgP), and ON.
Inappropriate EtherChannel distribution Algorithm: EtherChannel determines the physical link to use based on a hashing algorithm. Depending on the algorithm, uneven load balancing could occur.
Etherchannel Protocols
PAgP – desirable, desirable, or desriable, auto (desirable =active negotiation, auto = passive negotiation)
LACP- active, active, or active, passive
Show etherchannel summary
The dash means mode ON, otherwise it will say LACP or PAgP
SD = layer 2 down
SU = layer 2 up
RD = layer 3 down
RU = layer 3 up
(P) besides means ports are correctly bundled
(s) means suspended, ports are assigned to etherchannel, but not currently working
(I) means standalone, port can’t add itself to etherchannel but still forwarding traffic