640-606 Support

www.testking.com

- 1 -640-606
Study Guide
Cisco CCNP Support

(Cisco Internetwork Troubleshooting)
Version 1.1

640-606 Support

www.testking.com

- 2 -
TABLE OF CONTENTS

List of Tables

Introduction

11. Support Resources for Troubleshooting

1.1 Network Media Test Equipment

1.2 Network Monitors


3.3 Token Ring Soft Errors

3.4 Cisco Discovery Protocol (CDP)
3.4.1 Common Protocol Characteristics
3.4.2 Protocol Connection Troubleshooting
3.4.2.1 TCP Connection Sequence
3.4.2.2 Novell Connection Sequence

640-606 Support

www.testking.com

- 3 -
3.4.2.3 AppleTalk Connection Sequence

4. Applying Cisco Troubleshooting Tools

4.1 Routing and Switching Processes

4.2 Switching in Different Routers Models
4.2.1 The 7000 Series
4.2.2 The 7500 Series
4.2.3 The 4000, 3000, and 2500 Series

4.3 The
debug
Tool

4.4 Error Messages


AppleTalk Problems

5.1 Cisco IOS Troubleshooting Tools and Commands for TCP/IP, IPX and AppleTalk.
5.1.1 The
ping
,
traceroute
and
test
Commands
5.1.2 The
show ip
,
show ipx
and
show appletalk
Commands
5.1.2.1 The
show ip
Commands
5.1.2.2 The
show ipx
Commands
5.1.2.3 The
show appletalk
Commands
5.1.3 The
debug ip
,
debug ipx

5.3.3.3 NetBIOS applications on the client cannot access a remote server.
5.3.3.4 No connectivity over the IPX router.
5.3.3.5 Router does not propagate SAP updates.

5.4 AppleTalk Configuration and Troubleshooting Checklist
5.4.1 Common AppleTalk Faults
5.4.2 Common AppleTalk Symptoms
5.4.3 Solving Common AppleTalk Problems
5.4.3.1 Configuration Mismatches
5.4.3.2 Duplicate Cable Range/Network Numbers
5.4.3.3 Phase I/Phase II Incompatibility
5.4.3.4 Unstable Routes
5.4.3.5 ZIP Storms
5.4.3.6 Old Zone Names Appearing in the Chooser
5.4.3.7 Zones do not Appeare in the Chooser

6. Diagnosing and Correcting Catalyst Problems

6.1 CiscoWorks for Switched Internetworks (CWSI)

6.2 Catalyst 5000 Switches
6.2.1 Embedded RMON Agent and SwitchProbe
6.2.2 Catalyst Switch LEDs
6.2.3 Cable, Speed, and Media
6.2.4 Catalyst Power-on Self-Test
6.2.5 Catalyst 5000 Spanning Tree
6.2.6 Troubleshooting Catalyst 5000
6.2.6.1 VLAN Trunking Protocol (VTP) and Interswitch Trunk Links
(ISLs)
6.2.6.2 Using

7.4 Router VLAN Diagnostic Tools
7.4.1 The
show
Commands
7.4.2 The
debug
Commands

7.5 Problem Isolation in Router/Switch VLAN Networks

8. Diagnosing and Correcting Frame Relay Problems

8.1 Frame Relay Troubleshooting

8.2 The Frame Relay Diagnostic Tools
8.2.1 Frame Relay Loopback Testing
8.2.2 The
show
Commands
8.2.3 The
debug
Commands

8.3 Frame Relay Problem Isolation

9. Diagnosing and Correcting ISDN BRI Problems

9.1 ISDN Components and Reference Points

9.2 BRI Channels

Fields
The
show interfaces atm
Fields
Token Ring Isolating Soft Errors
Token Ring Nonisolating Soft Error
The
show novell traffic
Fields
The
show appletalk traffic
Fields
Commands for Logging Message Destinations
Logging Message Severity Levels
Common Failure Reported by the show stacks Command
Cable Length Limitations
The
show system
Command Fields
The
show test
Command Fields
Default VLANs on a Catalyst 5000 Switch
ISDN Reference Points

640-606 Support

www.testking.com

- 7 -

Methods: Describing an efficient problem-solving method; Implementing Problem Isolation for TCP/IP and
Novell IPX: Explaining the use of problem isolation techniques to list the symptoms of common TCP/IP and
IPX problems on routed networks, and Applying diagnostic tools to solve network problems;
Troubleshooting VLANC on Switches and Routers: Explaining how Cisco routers and switches use VLAN
technology, Applying diagnostic tools to switched and routed VLAN configuration problems, and Using
Cisco IOS router troubleshooting commands and Catalyst switch troubleshooting commands; Problem
Isolation and Resolution on Catalyst Switches: Explaining Catalyst technology, Describing troubleshooting
and problem isolation techniques to list the symptoms of Catalyst 5000 and VLAN problems on switched
Ethernet Networks, and Applying diagnostic tools to solve Catalyst 5000 problems; Problem Isolation and
Resolution for ISDN BRI: Using Cisco IOS commands and problem isolation techniques to identify the
symptoms of common ISDN BRI problems, and Applying diagnostic tools to solve ISDN BRI problems;
and Problem Isolation and Resolution for Frame Relay WANs: Using Cisco IOS commands and problem
isolation techniques to identify the symptoms of common WAN and Frame Relay problems, and Applying
diagnostic tools to solve Frame Relay problems.
640-606 Support

www.testking.com

- 8 -Intended Audience
This Study Guide is targeted specifically at people who wish to take the Cisco CCNP 640-606 – Support
(CIT) exam. This information in this Study Guide is specific to the exam. It is not a complete reference work.
Although our Study Guides are aimed at new comers to the world of IT, the concepts dealt with in this Study
Guide are complex and require an understanding of material provided for the Cisco Certified Network
Associate (CCNA) exam 640-607. Knowledge of CompTIA’s A+ course would also be advantageous but is
not a requirement.

Note: There is a fair amount of overlap between this Study Guide and the 640-

a component break down or be misconfigured, the network support engineers must be able to diagnose and
fix the problem in a timely manner while allowing connectivity through alternate devices. A variety of tools
has been created to help network support engineers. 1.1 Network Media Test Equipment
There are three classes of equipment for testing the physical layer medium:
• Volt/Ohm meters and digital multimeters used to check for cable connectivity and continuity.
• Cable testers or scanners, also test for connectivity but are more sophisticated than Volt/Ohm meters.
Are able report cable conditions such as attenuation, near-end crosstalk (NEXT), and noise. Can also
provide the measurement of a cable’s impedance.
• TDRs and OTDRs, devices that provide time domain reflectometer (TDR and optical TDR or OTDR
for fiber-optic cable testing), wire-map, and traffic monitoring functionality. Can locate opens, shorts,
kinks, sharp bends, crimps, and impedance mismatches. 1.2 Network Monitors
A Layer 2 tool used to capture, display and save traffic passing through a network cable. Can take the raw
data and provide information on frame sizes, number of erroneous frames, MAC addresses, number of
broadcasts, etc.

Network monitors can:
• Monitor network activity over a period of time, making it possible to establishing a network baseline.
• Assist in network capacity planning by observing patterns of changing network utilization.
• Identify traffic overloads and bottlenecks. 1.3 Protocol Analyzers
Similar to network monitors but are capable of interpreting and displaying the packet, segment, and other
(higher) protocol data units (PDUs). Can be used to study the format or behavior of certain protocols; to

1.5 CiscoWorks
CiscoWorks is Cisco Systems’ network management software. It is based on Simple Network Management
Protocol (SNMP) and is used for managing networks with one integrated platform.

Network managers can monitor routers down to port activity, observe traffic patterns, modify configurations,
observe and report inventory, capture data, and observe security settings all from their one central station. 1.5.1 CiscoWorks for Switched Internetworks Software (CWSI) Campus
CWSI Campus is a suite of network management applications that provide remote monitoring, configuration,
and management of switched internetworks. 1.5.2 TrafficDirector Remote Monitoring Software
Considered an excellent fault and performance management tool. It is a part of the CWSI Campus suite of
network management applications and can be used to monitor traffic on network segments. Can detect
collisions, errors, utilization, and broadcast rates on a port basis. 1.6 Simulation and Modeling Tools
Allow you to put a test network together and see how it performs. Can be used to design a new network or to
see how an existing network will perform if you modify it, expand it, or put traffic stress on it. 1.7 Cisco Connection Online (CCO)
Provides interactive web-based services with access to Cisco’s information, systems, resources, and
personnel. The CCO consists of the Bug Toolkit, Troubleshooting Engine, Stack Decoder, and Open Forum,
all of which aid diagnosis and corrective activities.
640-606 Support


640-606 Support

www.testking.com

- 12 -
• Implement the action plan for each possibility in the order of their likelihood. Every action and change
must be documented so that you can reverse your actions if they are not appropriate.
• Observe the results of each action. See if the problems or symptoms have been eliminated and that
other normal network operations are not disrupted or adversely affected.
• Document the facts and report the problem as solved if the symptoms have disappeared and the
problem has been solved without creating new ones. Documenting your work will save you and others a
lot of time and effort in the future. Also document the date and time that you made changes.
• Go through an iteration process of implementing actions and observing results if there are still
unresolved issues. Consider the next action plan and go about implementing it. There will be times that
you remain with no possibility in hand while your network problems persist. In this event, you will have
to think of more possibilities. This may require that you gather more facts that you might have
overlooked. 2.3 A Baseline Model of the Network
To be able to effectively support, troubleshoot, or modify an internetwork, you must gather and document
information about the internetwork. Some of the essential information includes:
• The physical and logical network map
• Active protocols
• The protocol specific addressing scheme
• The devices, configurations, operating systems, and software in the network
• Baseline traffic and performance statistics and measurements about the internetwork and its devices.
• Past troubleshooting cases
• An historical profile of how the network arrived at its current state
640-606 Support

• Use physical media test equipment. 3.1.2 Clearing Interface Counters
If you suspect interface problems, check the output of the
show interfaces
command. Interpret the input,
output, and error statistics from the
show interfaces
command. How you would interpret these statistics
depends on when those counters were last cleared, the time period through which those counters have
accumulated, and how those statistics compare to your baseline. 3.2 The
show
Commands
There are a number of show commands that you can use to trouble shoot targets. These commands include:
•
show interfaces
, which displays the status and statistics information about all router interfaces.
•
show interfaces ethernet n
, which lets you to examine the status of an Ethernet interface with
n

specifying the interface.

•
show interfaces tokenring n

, which indicates that the CMT is not running on
the Physical Sublayer.
•
Brk
(Break State), which is the entry point in the start
of a PCM connection.
•
Tra
(Trace State), which localizes a stuck beacon
condition.
•
Con
(Connect State), which synchronizes the ends of
the connection for the signaling sequence.
•
Nxt
(Next State), which separates the signaling
performed in the Signal State and transmits Protocol
Data Units (PDUs) while MAC Local Loop is
performed.
•
Sig
(Signal State), which is entered from the Next
State when a bit is ready to be transmitted.
•
Join
(Join State), which is the first of three states in a
unique sequence of transmitted symbol streams
received as line states that lead to an active connection.
•

the dual ring.
•
M
, which indicates that the CMT process has
640-606 Support

www.testking.com

- 15 -
established a connection with its neighbor and that the
bits received during the CMT signaling process
indicate that the router’s neighbor is a Physical M-type
concentrator that serves as a Master to a connected
station or concentrator.
• unk
, which indicates that the network server has not
completed the CMT process.

Cmt signal bits
Shows the transmitted and received CMT bits.
Status
Status value displayed is the actual status on the fiber. This
can be:
•
LSU
(Line State Unknown), which indicates that the
criteria for entering or remaining in any other line state
have not been met.
•
NLS

ECM is . . .
ECM is the SMT state entity coordination management,
which overlooks the operation of CFM and PCM. This can
be:
• out
when the router is isolated from the network.

•
in
when the router is actively inserted in the network.
•
trace
when the router is trying to localize a stuck
beacon condition.
•
leave
when the router is allowing time for all the
connections to break before leaving the network.
•
path_test
when the router is testing its internal paths.
•
insert
when the router is allowing time for the optical
bypass to insert.
•
check
when the router is making sure optical bypasses
switched correctly.
640-606 Support

RMT is . . .
RMT (Ring Management) is the SMT MAC-related state
machine. This can be:
•
Isolated
when the MAC is not trying to participate in
the ring.
•
non_op
when the MAC is participating in ring recovery
and ring is not operational.
•
ring_op
when the MAC is participating in an
operational ring.
•
detect
when the ring has been nonoperational for
longer than normal.
•
non_op_dup
when indications have been received that
the address of the MAC is a duplicate of another MAC
on the ring.
•
ring_op_dup
when indications have been received that
the address of the MAC is a duplicate of another MAC
on the ring.
•

Upstream | downstream
neighbor

Displays the canonical MAC address of outgoing upstream
and downstream neighbors. If the interface is not up, these
values will be zero (0).
•
show interfaces atm
Some of the output of the
show interfaces atm
command is similar to other

show interface
commands, however there are several output fields that is unique to the
show
interfaces atm
command. Table 3.2 discusses the output for the
show interfaces atm
command.

TABLE 3.2: The show interfaces atm Fields
Field Description
ATM x is {up | down |
administratively down}
Indicates if the interface hardware is active, is down, or has
been shut down.
Line protocol is {up |
down}
Indicates if the software processes handling the line protocol
consider the link as usable or not.

2048
.
VCs per VP
The maximum number of VCIs to support per VPI, set using
the
atm vc-per-vp
interface configuration command.
Current VCCs
Number of Current Virtual Circuits.
VC idle disconnect time
Number of seconds the VC can be inactive before
disconnecting.
Signaling vc = x, vpi =
x, vci = x
The signaling Virtual Circuit number, along with its
associated vpi/vci pair.
UNI version =
The User-Network Interface (UNI) version determined
through ILMI link autodetermination or using the
atm
universion
interface configuration command. 3.3 Token Ring Soft Errors
The Token Ring soft errors are divided into two classes: isolating soft errors and nonisolating soft errors.
640-606 Support

www.testking.com


Token error
Generated by Active Monitor and is a valid action, unless it
happens too often.
Frequency error
Error in the frequency of the incoming signal. 3.4 Cisco Discovery Protocol (CDP)
Cisco Discovery Protocol (CDP) is a Cisco proprietary layer 2 protocol that is bundled in Cisco IOS release
10.3 and later versions. CDP can run on all Cisco manufactured devices including: routers, switches, hubs,
bridges, and communication servers. It uses SNAP (layer 2 frame type) and is multicast based. By default, a
Cisco device running CDP multicasts (sends) information about itself on all its links every 60 seconds.
Neighbor devices that are directly connected to the device will add the device and its information to their
dynamic CDP tables. Neighbors hold this information in their CDP tables for the period specified by the
CDP hold-time value, which is 180 seconds by default, and refresh them periodically upon receiving updates.
If the neighbor does not receive a multicast before its CDP hold-time expires, it deletes the CDP infprmation
for the device that failed to multicast an update. For this reason, the CDP timers should be consistent among
neighboring devices so that a device's CDP information are not delete from a neigbor's CDP table before the
device's next multicast. If the CDP information is not updated and is deleted, the neighbor's CDP table
would be inaccurate. The CDP timer and CDP hold-time values are controlled using
cdp timer x
and
cdp
holddown y
commands only at the global level.

The information a device multicasts includes:
640-606 Support

www.testking.com

Common causes of connection failures are routing problems, access control configurations, and security
policies. Multiple retransmissions could be due to intermittent links and paths, congestion, or busy
devices.
• Connectionless protocols do not establish a connection prior to transmitting data. Connectionless
protocols have less overhead and are thus faster and require less network resources than connection
oriented protocols. An example of this type of protocol is the UDP protocol member of the TCP/IP
protocol suite. This type of protocol is not reliable. If the destination to which data is transmitted is
unreachable, or is not available, the data delivery fails and the action has to be repeated.

When troubleshooting these protocols, check for failing transactions. This could be due to bad routes,
access control configurations, congestion, and intermittent or faulty paths. 3.4.2 Protocol Connection Troubleshooting
Before a connection between two hosts can be successfully established, all the lower layer protocols must be
working properly. A transport layer protocol cannot establish a connection unless the physical layer, data
link layer, and network layer are configured and working properly. 3.4.2.1 TCP Connection Sequence
To make a TCP connection using host names, the network must have a working name resolution system to
resolve a name to an IP address. Routers can use a DNS or an IP host table for name-to-IP-address
resolution.

640-606 Support

www.testking.com

- 20 -
Once the host name has been resolved to an IP address, a MAC

connection between the two hosts is established and data can be transmitted between the two. Once the data
transmissions complete, the connection between the two hosts is terminated. 3.4.2.2 Novell Connection Sequence
When a Novell client makes a connection to a Novell server that offers a particular service such as file
services, the client sends a Get Nearest Server (GNS) broadcast request via its network interface card (NIC).
If a Novell server offering the service is on the local area network (LAN), it will reply to the client’s request.
If a Novell server offering the service is not on the LAN, the router searches in its IPX servers table for an
entry that matches the client’s request. If the router has the desired
entry, it replies to the client with the selected server’s internal IPX
address. However, a reply is not sent if there is a GNS-reply filter
configured on the corresponding interface of the router. If more
than one entry is present in the router's IPX server table, the
closest device in terms of hop count is chosen. When the client
receives the router’s reply, it generates a RIP broadcast request for the server’s internal network address.
The router then searches its IPX route table for an entry that matches the client’s request. If the router finds a
Segments and Subnets
Throughout this study guide, the term
"segment" is used to refer to the transport
layer protocol data unit (PDU) and not to a
network segment, i.e. a subnetwork. The
term subnet is used throughout this study
guide to refer to a subnetwork.
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) is a
network layer member of the TCP/IP
protocol suite.
IPX Server Tables
Routers build and maintain IPX server
3.4.2.3 AppleTalk Connection Sequence
When an Apple Macintosh client opens the Chooser applet from Apple’s pull-down menu, the client sends a
GetZoneList request on its network. The Routers on the local subnet respond using GetZoneList reply, based
on their Apple Zone table and any GetZoneList filters that may be applied to their appropriate interfaces.
When the client receives the list of zones, its chooser zone field is populated. The user then selects a zone
and a service. This causes the client computer to generate a Name Binding Protocol (NBP) request, which is
forwarded by the connected routers towards the selected zone. On the subnets that constitutes the destination
zone, all devices that offer the selected service will reply to the client computer. The client computer then
populates the appropriate box in the chooser with the name of all those servers that have sent a reply. The
user can then select one of the servers. When the user selects one of the servers, an AppleTalk Transaction
Protocol (ATP) connection sequence between the client and the server begins. Once this ATP connection
successfully completes, the Apple Filing Protocol (AFP) is used to access shared files on the server.

The
show appletalk traffic
Command
You ca use the
show appletalk traffic
command to receive information about the number of packets
sent and received, various errors encountered, and a classified set of statistics on various AppleTalk
protocols and services. Table 3.6 discuses some of the fields included in the output of the
show appletalk
traffic
command.

TABLE 3.6: The show appletalk traffic Fields
Field Description
Checksum errors

4
.
Applying Cisco Troubleshooting Tools

There are some powerful troubleshooting tools that are built into the Cisco IOS. Some of these tools have an
impact on the way routers operate and may impede the router's performance. Following the systematic
troubleshooting process discussed in Section 2.2
, after defining the problem, you must start gathering
detailed facts about the behavior of the devices and protocols of the production network. Several IOS
troubleshooting tools and commands can be used in this task. However, these tools utilize some processing
cycles and memory of the router, and may disable or have a negative effect on some of the router’s optimal
operations.

Several of the Cisco IOS
show
commands display information about the status of the router, its interfaces,
and the rate of utilization of router resources. The
debug
command is a powerful command for finding out
which packets are generated, received, and forwarded by a router. Several parameters of the
debug

command help focus the output on what you are interested in reviewing, but the
debug
command also
lowers a router’s performance. 4.1 Routing and Switching Processes
Routing and switching processes are two of the essential tasks performed by routers. Switching is commonly

www.testking.com

- 24 -
• The internal bus (CyBus) operates at 1 Gbps, i.e. about twice the speed of the 7000 router’s CxBus.
• The 7500 router is equipped with one component called the Route/Switch Processor instead of having
two separate components for RP and SSP. This eliminates the slow 153 Mbps system bus previously
needed to connect the RP and SSP.
• The switch cache of the 7500 series router, called Optimum Switch Cache, is faster than the Silicon
Switch Cache of the 7000 router.
Fast switching in the 7500 router is enabled by default and it is accomplished using the Fast Switch Cache
located in the Route Switch Processor (RSP). The second type of switching performed by the 7500 router is
called optimum switching and is faster than the 7000 router’s Silicon Switch Cache. The Optimum Switch
Cache is also located on the RSP.

By default, optimum switching is enabled for IP on all supported interfaces. However, it must be manually
enabled on each interface for all other protocols. You can use the following interface configuration
command to enable or disable optimum switching for a protocol on an interface:

Router(config-if)# [no] [protocol] route-cache optimum

The 7500 routers also feature Versatile Interface Processors (VIPs) that have a RISC processor and memory
locally (on the blade). The 7500 routers can be configured to distribute routing information to be stored on
the VIP. The VIP can then use the cached information to switch the packets on its own without having to
send packets over to the RSP. This method, which is called distributed switching, makes the processing of
packets more than three times faster than silicon switching. To enable or disable distributed switching for a
protocol on a VIP card, use the following interface configuration command:

Router(config-if)# [no] [protocol] route-cache distributed

Netflow switching was introduced with Cisco IOS version 11.1(2). It identifies a flow based on the source


To see the statistics on the number of packets that are process switched and fast switched, use the following
command:

Router# show interface stats

Process-Switched Packets include:
• Data-link layer broadcasts;
• Packets subjected to Debug;
• Packets delivering error log messages to syslog;
• SNMP packets;
• Protocol translations;
• Tunneling;
• Custom and priority queuing;
• Link compression; and
• Keepalives. 4.3 The
debug
Tool
Debug
is a troubleshooting command that is available from the privileged exec mode in the Cisco IOS. It can
be used to display information about various router operations and the related traffic generated or received
by the router, as well as any error messages.

Debug is treated as a very high priority task and can consume a significant amount of resources as the router
is forced to process-switch the packets being debugged. For this reason,
debug
should not be used as a