Wired Network Troubleshooting Flashcards
Signal loss
- Usually gradual
- Signal strength diminishes over distance
- Attenuation
- Loss of intensity as signal moves through a medium
- Electrical signals through copper, light through fiber
- Radio waves through the air
Decibels (dB)
- Signal strength ratio measurements
- One-tenth of a bel
- Capital B for Alexander Graham Bell
- Logarithmic scale
- Add and subtract losses and gains
- 3 dB = 2x the signal
- 10 dB = 10x the signal
- 20 dB = 100x the signal
- 30 db = 1000x the signal
dB loss symptoms
- No connectivity
- No signal!
- Intermittent connectivity
- Just enough signal to sync the link
- Poor performance
- Signal too weak
- CRC errors, data corruption
- Test each connection
- Test distance and signal loss
Latency
- A delay between the request and the response
- Waiting time
- Some latency is expected and normal
- Laws of physics apply
- Examine the response times at every step along the way
- This may require multiple measurement tools
- Packet captures can provide detailed analysis
- Microsecond granularity
- Get captures from both sides
Jitter
• Most real-time media is sensitive to delay
• Data should arrive at regular intervals
• Voice communication, live video
• If you miss a packet, there’s no retransmission
• There’s no time to “rewind” your phone call
• Jitter is the time between frames
• Excessive jitter can cause you to miss information,
“choppy” voice calls
Troubleshooting excessive jitter
- Confirm available bandwidth
- Nothing will work well if the tube is clogged
- Make sure the infrastructure is working as expected
- Check queues in your switches and routers
- No dropped frames
- Apply QoS (Quality of Service)
- Prioritize real-time communication services
- Switch, router, firewall, etc.
Crosstalk (XT)
• Signal on one circuit affects another circuit
• In a bad way
• Leaking of signal
• You can sometimes “hear” the leak
• Measure XT with cable testers
• Some training may be required
• Near End Crosstalk (NEXT)
• Interference measured at the transmitting end
(the near end)
• Far End Crosstalk (FEXT)
• Interference measured away from the transmitter
Troubleshooting crosstalk
- Almost always a wiring issue
- Check your crimp
- Maintain your twists
- The twist helps to avoid crosstalk
- Category 6A increases cable diameter
- Increased distance between pairs
- Test and certify your installation
- Solve problems before they are problems
Avoiding EMI and interference
• Electromagnetic interference
• Cable handling
• No twisting - don’t pull or stretch
• Watch your bend radius
• Don’t use staples, watch your cable ties
• EMI and interference with copper cables
• Avoid power cords, fluorescent lights,
electrical systems, and fire prevention components
• Test after installation
• You can find most of your problems before use
Opens and shorts
- A short circuit
- Two connections are touching
- Wires inside of a cable or connection
- An open circuit
- A break in the connection
- Complete interruption
- Can be intermittent
Troubleshooting opens and shorts
- May be difficult to find
- The wire has to be moved just the right way
- Wiggle it here and there
- Replace the cable with the short or open
- Difficult or impossible to repair
- Advanced troubleshooting with a TDR
- Time Domain Reflectometer
Troubleshooting pin-outs
- Cables can foul up a perfectly good plan
- Test your cables prior to implementation
- Many connectors look alike
- Do you have a good cable mapping device?
- Get a good cable person
- It’s an art
T568A and T568B termination
• Pin assignments from EIA/TIA-568-B standard
• Eight conductor 100-ohm balanced twisted-pair cabling
• T568A and T568B are different pin assignments
for 8P8C connectors
• Assigns the T568A pin-out to horizontal cabling
• Many organizations traditionally use 568B
• Difficult to change in mid-stream
• You can’t terminate one side of the cable with
568A and the other with 568B
• It won’t be a straight-through cable
Incorrect cable type
- Excessive physical errors, CRC errors
- Check your layer 1 first
- Check the outside of the cable
- Usually printed on the outside
- May also have length marks printed
- Confirm the cable specifications with a TDR
- Advanced cable tester can identify damaged cables
Incorrect cable type
Troubleshooting interfaces
- Interface errors
- May indicate bad cable or hardware problem
- Verify configurations
- Speed, duplex, VLAN, etc.
- Verify two-way traffic
- End-to-end connectivity
Transceiver mismatch
• Transceivers have to match the fiber
• Single mode transceiver connects to single mode
fiber
• Transceiver needs to match the wavelength
• 850nm, 1310nm, etc.
• Use the correct transceivers and optical fiber
• Check the entire link
• Signal loss
• Dropped frames, missing frames
Reversing transmit and receive
• Wiring mistake • Cable ends • Punchdowns • Easy to find with a wire map • 1-3, 2-6, 3-1, 6-2 • Simple to identify • Some network interfaces will automatically correct (Auto-MDIX)
TX/RX reversal troubleshooting
- No connectivity
- Auto-MDIX might connect
- Try turning it on
- Locate reversal location
- Often at a punchdown
- Check your patch panel
Damaged cables
- Copper cables are pretty rugged
- But they aren’t indestructible
- Cables can be out in the open
- Stepped on, folded between a table and wall
- Check your physical layer
- Cables should not be bent or folded
- Check for any bent pins on the device
- It’s difficult to see inside of the cable
- Check your TDR, replace the cable (if possible)
Bottlenecks
• There’s never just one performance metric
• A series of technologies working together
• I/O bus, CPU speed, storage access speed,
network throughput, etc.
• One of these can slow all of the others down
• You must monitor all of them to find the slowest one
• This may be more difficult than you might expect
Interface configuration problems
- Poor throughput
- Very consistent, easily reproducible
- No connectivity
- No link light
- No connectivity
- Link light and activity light
Interface configuration
- Auto vs. Manual configuration
- Personal preference
- Light status
- No light, no connection
- Speed
- Must be identical on both sides
- Duplex
- If mismatched, speed will suffer
VLAN mismatch
- Switch is configured with the incorrect VLAN
- Configured per switch interface
- Link light, but no surfing
- A DHCP IP address may not be on the correct subnet
- Manually IP addressing won’t work at all
- Check the switch configuration for VLAN configuration
- Each port should have a VLAN setting
- VLAN 1 is usually the default
Duplex/speed match
• Speed and duplex • Speed: 10 / 100 /1,000 / Auto • Duplex: Half / Full / Auto • Incorrect speed • Many switch configurations will auto-negotiate speed • Less than expected throughput • Incorrect duplex • Again, the switch may auto-negotiate • Needs to match on both sides • A mismatch will cause significant slowdowns • Increase in Late Collisions may indicate a duplex mismatch
Reflection
• Wireless signals can bounce off some surfaces
• Depends on the frequencies and the surfaces
• Too much reflection can weaken the signal
• A little multipath interference actually
helps with MIMO
• Position antennas to avoid excessive reflection
• May not be a problem for MIMO in 802.11n and 802.11ac
Refraction
• Signal passes through an object and
exits at a different angle
• Similar to light through water
• Data rates are affected - Signal is less directional
• Outdoor long-distance wireless links
• Changes in air temperature and water vapor
Absorption
- Signal passes through an object and loses signal strength
- Especially through walls and windows
- Different objects absorb differently as frequencies change
- 2.4 GHz may have less absorption than 5 GHz
- Put the antennas on the ceiling
- And avoid going through walls
Latency and jitter
- Latency - Delays between transmission and reception
- Jitter - Deviation from a predictable data stream
- Wireless interference and signal issues
- Slower data rates
- Increase in retransmissions
- Capacity issues
- Many people using the same wireless frequencies
Attenuation
• Wireless signals get weaker as you move farther from the
antenna
• The attenuation can be measured with a Wi-Fi analyzer
• Control the power output on the access point
• Not always an option
• Use a receive antenna with a higher gain
• Capture more of the signal
• Move closer to the antenna - May not be possible
Interference
• Interference • Something else is using our frequency • Predictable • Florescent lights, microwave ovens, cordless telephones, high-power sources • Unpredictable - Multi-tenant building • Measurements • netstat –e • Performance Monitor
Incorrect antenna type
- The antenna must fit the room
- Or the distance between sender and receiver
- Omnidirectional
- Useful on the ceiling
- Not very useful between buildings
- Directional
- Used often between two points
- Or on a wall-mounted access point
- The access point may provide options
- Connect different antennas
Incorrect antenna placement
- Interference
- Overlapping channels
- Slow throughput
- Data fighting to be heard through the interference
- Check access point locations and channel settings
- A challenge for 2.4 GHz
- Much easier for 5 GHz
Overcapacity
- Device saturation
- Too many devices on one wireless network
- There are only so many frequencies
- The 5 GHz can really help with this
- Bandwidth saturation
- Large data transfers
- Common in large meeting places
- Conferences
- Airports
- Hotels
Frequency mismatch
• Devices have to match the access point
• 2.4 GHz, 5 GHz
• Verify the client is communicating
over the correct channel
• This is normally done automatically
• May not operate correctly if manually configured
• Older standards may slow down the newer network
• 802.11b compatibility mode on 802.11n networks
• Every access point has an SSID
• But did you connect to the right one?
• This can be more confusing than you might think
• Public Wi-Fi Internet
• Guest Internet
• Internet
• Confirm the correct SSID settings
• Should be listed in the current connection status
Wrong passphrase
- Wireless authentication
- Many different methods
- Required to connect to the wireless network
- If not connected, check the authentication
- Shared passphrase
- Common in a SOHO, not in the enterprise
- 802.1X
- Used for the enterprise
- Make sure the client is configured to use 802.1X
Security type mismatch
• Encryption on wireless is important
• Make sure the client matches the access point
• This is much easier these days
• Almost everything is at the level of WPA2
• Some legacy equipment may not be able to keep up
• If you change the access point, you may not
be able to support it
• Migrate all of your WEP to WPA2
• And any WPA
Signal to noise ratio
- Signal
- What you want
- Noise
- What you don’t want
- Interference from other networks and devices
- You want a very large ratio
- The same amount of signal to noise (1:1) would be bad
Names not resolving
- Web browsing doesn’t work
- The Internet is broken!
- Pinging the IP address works
- There isn’t a communication problem
- Applications aren’t communicating
- They often use names and not IP addresses
Troubleshooting DNS issues
- Check your IP configuration
- Is the DNS IP address correct?
- Use nslookup or dig to test - Does resolution work?
- Try a different DNS server - Google is 8.8.8.8 & 8.8.4.4
IP configuration issues
- Communicate to local IP addresses
- But not outside subnets
- No IP communication - Local or remote
- Communicate to some IP addresses - But not others
Troubleshooting IP configurations
- Check your documentation
- IP address, subnet mask, gateway
- Monitor the traffic
- Examine local broadcasts
- Difficult to determine subnet mask
- Check devices around you
- Confirm your subnet mask and gateway
- Traceroute and ping
- The issue might be your infrastructure
- Ping local IP, default gateway, and outside address
Duplicate IP addresses
- Static address assignments - Must be very organized
- DHCP isn’t a panacea
- Static IP addressing
- Multiple DHCP servers overlap
- Rogue DHCP servers
- Intermittent connectivity
- Two addresses “fight” with each other
- Blocked by the OS - Checks when it starts
Troubleshooting duplicate IP addresses
- Check your IP addressing - Did you misconfigure?
- Ping an IP address before static addressing
- Does it respond?
- Determine the IP addresses
- Ping the IP address, check your ARP table
- Find the MAC address in your switch MAC table
- Capture the DHCP process
- What DHCP servers are responding?
Duplicate MAC addresses
• Not a common occurrence • MAC addresses are designed to be unique • May be a man-in-the-middle attempt • Mistakes can happen • Locally administered MAC addresses • Manufacturing error • Intermittent connectivity • Confirm with a packet capture, should see ARP contention • Use the ARP command from another computer • Confirm the MAC matches the IP
Expired IP addresses
- A DHCP address should renew well before the lease expires
- The DHCP server(s) could be down
- Client gives up the IP address at the end of the lease
- APIPA address is assigned
- Checks in occasionally for a DHCP server
- Look for an APIPA assigned address
- 169.254..
- Check the status of your DHCP server
Rogue DHCP server
- IP addresses assigned by a non-authorized server
- There’s no inherent security in DHCP
- Client is assigned an invalid or duplicate address
- Intermittent connectivity, no connectivity
- Disable rogue DHCP communication
- Enable DHCP snooping on your switch
- Authorized DHCP servers in Active Directory
- Disable the rogue
- Renew the IP leases
Untrusted SSL certificate
- Browsers trust signatures from certain CAs
- A certificate was signed by a CA that’s not in our list
- Error message on the browser
- Certificate Authority Invalid
- Check the certificate details
- Look for the issuing CA
- Compare to the CA list on your computer
- If it’s an internal server, it may be internally signed
- Add your internal CA certificate to the list
Incorrect time
• Some cryptography is very time sensitive
• Active Directory requires clocks set within
five minutes of each other
• Kerberos communication uses a time stamp
• If the ticket shown during authentication
is too old, it’s invalid
• Client can’t login
• Check the timestamp of the client and the server
• Configure NTP on all devices
• Automate the clock setting
Exhausted DHCP scope
- Client received an APIPA address
- Local subnet communication only
- Check the DHCP server
- Add more IP addresses if possible
- IP address management (IPAM) may help
- Monitor and report on IP address shortages
- Lower the lease time
- Especially if there are a lot of transient users
Blocked TCP/UDP ports
- Applications not working
- Slowdowns with other applications
- Firewall or ACL configuration
- Security choke points
- Confirm with a packet capture
- No response to requests
- Run a TCP- or UDP-based traceroute tool
- See how far your packet can go
Incorrect host-based firewall setting
• Applications not working • Based on the application in use and not necessarily the protocol and port • Check the host-based firewall settings • Accessibility may be limited to an administrator • Managed from a central console • Take a packet capture • The traffic may never make it to the network • Dropped by the operating system
Incorrect ACL setting
• Only certain IP addresses accessible • Or none • Access Control Lists • IP address, port numbers, and other parameters • Can allow or deny traffic by filtering packets • Confirm with packet captures and TCP/UDP traceroutes • Identify the point of no return
Unresponsive service
- No response to an application request
- No answer
- Do you have the right port number?
- And protocol (TCP/UDP)?
- Confirm connectivity
- Ping, traceroute
- Is the application still working?
- Telnet to the port number and see if it responds
Hardware failure
- No response
- Application doesn’t respond
- Confirm connectivity
- Without a ping, you’re not going to connect
- Run a traceroute
- See if you’re being filtered
- Should make it to the other side
- Check the server
- Lights? Fire?
