Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

  1. 1. Mega Guide Exam 642-831 Cisco Internet Troubleshooting Support n n 1-800-418-6789 Technology Identify Troubleshooting Methods OSI & TCP/IP Theoretical Models To be able to properly troubleshoot a complex network, you need to understand the states that network traffic goes through. To do this, you can visualize the different protocols, application, network devices, and physical components fitting into the following networking models. The most common theoretical model is the OSI (open systems interconnect) model. However, the TCP/IP model is also well known. You should be aware of the two different models used to understand networking and troubleshoot it. These two mod- els map to each other like this: OSI TCP/IP NetWare Application Presentation Application SAP, NCP Session Transport Transport IPX/SPX Network Internetwork Data Link Network Mac Interface Protocols Physical While the TCP/IP model isn’t as well known, it is useful to think about the traffic using that model. The TCP/IP model only has 4 layers and shows the close relationship between the upper three and bottom two layers. You might be asking how these theoretical models are used for troubleshooting networks and network devices. In my opinion, the best way to troubleshoot this is to use the “bottom-up” troubleshooting meth- odology (discussed further, later in this study guide). The “bottom-up” method works by starting at the bottom of the OSI model (or whichever theoretical model you are using for troubleshooting) and move up, toward the top. Thus, you would start at the Physical layer and ask yourself, “what is at the physical layer, and are those devices working?” To do this, you must know what devices are at what layer. The fol- lowing table exposes the devices and their corresponding layers: PrepLogic Practice Exams n Video Training n Mega Guides n Printables n Audio Training
  2. 2. Mega Guide Exam 642-831 Cisco Internet Troubleshooting Support n n 1-800-418-6789 Back to our example with the Physical Layer (Layer 1), first you would check whatever cabling your physi- cal device is using to connect to the network. If this is a PC connected to an Ethernet Switch, the physical layer would be the cable and the Ethernet NIC on the PC. To check this, you would check the link light on the NIC and verify that the cable is good. Moving up the OSI model to the physical layer, verify that the Ethernet switch has a link light and, if it is a managed switch, verify that it sees the MAC address on the PC connected to it. The address resolution protocol (ARP) is what connects Layer 2 to Layer 3 in the Ethernet world. On the PC, you could check the ARP table to see if the PC has complete ARP entries. You could ping your default gateway or another host on the network to create ARP traffic. A ping packet will also test Layer 3 as the ping is using an IP address as the source and destination. Something to look out for is two- way vs. one-way traffic. There could be a situation where your system is communicating properly but the destination system cannot respond. You could monitor your traffic with a packet sniffer (protocol analyzer) and verify that your request had a successful ARP and that your request went out but no response was received. Most likely, this would be a problem with the destination system. PrepLogic Practice Exams n Video Training n Mega Guides n Printables n Audio Training
  3. 3. Mega Guide Exam 642-831 Cisco Internet Troubleshooting Support n n 1-800-418-6789 Another possible situation is that you can communicate with hosts that are on your local network (your LAN) but cannot communicate with hosts that are outside your network (on another subnet or across a WAN). This can be tested with simple ping packets. Another test is to ping your default gateway, perhaps you cannot communicate with hosts outside your LAN or across the WAN because your default gateway is down. You must visualize the traffic flow of your data going down the OSI model on the source system (from lay- ers 7 to 1), flowing across the physical layer (the wired or wireless link), flowing up the destination system’s OSI layers (from 1 to 7), getting a response from the application, going back down the destination system’s OSI model (now the source of the traffic), flowing back across the wire to the original source (now the destination), and finally, back up the OSI layer (layers 1 to 7) on the destination device. When troubleshooting, you need to know how the data flows through the network The Encapsulated Data Flow Process n Stage 1 - Encapsulation The encapsulation stage is where data is converted into segments & packets. You have 1’s and 0’s (the data), which need to be sent across the network. For that to happen, the data will have to be packaged (encapsulated). This process could be compared to sending a package through a shipping service. You cannot just drop off your item at the shipper and have it shipped, as is. Say that it is large and must be disassembled before shipment. You will have to take the pieces and label each one so that the receiver can put it back together. You will have to put all this in a box (perhaps multiple boxes) and label the boxes properly, with the sender’s and receiver’s informa- tion on the box. This way, it can be shipped (transmitted) across the shipper’s network (data network in our case) to the receiver. In the example of shipping a large item that must be broken into pieces before shipment, this could be compared to how fragmentation works in networking. Many times, in networking, a file is too large to be transmitted in its entirety. Thus, it must be fragmented and broken into many pieces. In the example of properly addressing the packages to traverse the shipper’s network to the receiver, this addressing is the same way that addressing these pieces of data must occur before they can traverse the sender’s and receiver’s network. When you are using an Ethernet network, your addressing will be with source and destination MAC addresses. With TCP/IP, you will have a source and destination port number and a source and destination IP address. When the data is being encapsulated at OSI Layer 2 (Data Link), this is called a frame. Packets are encapsulated segments (segments are from OSI Layer 4 – the transport layer). Commonly, a packet is known as a datagram. When data is being encapsulated at OSI Layer 3 (Network), it is called a datagram (the entire packet is small enough to be transmitted without exceeding the MTU- maximum transmission unit). A packet is a datagram that has been frag- mented because it exceeded the MTU). n Stage 2 – Transmission The purpose of stage 2, transmission, is to send the encapsulated data from stage 1 over the net- work. This is done with cables, hubs, switches, routers, firewalls, and wide-area network circuits. PrepLogic Practice Exams n Video Training n Mega Guides n Printables n Audio Training
  4. 4. Mega Guide Exam 642-831 Cisco Internet Troubleshooting Support n n 1-800-418-6789 n Stage 3 – Forwarding/Filtering The purpose of stage 3, forwarding/filtering, is to show how the network devices used to trans- mit the data (from stage 2) read and modify the data in transmission. Typically, data sent from an Ethernet device will be sent to either a hub or a switch. Hubs and switches work differently. Hubs will not read or modify data. With a hub, simply, any data that comes in one port, goes out all other ports. In comparison, switches will read the destination MAC address on the frame and send it to the proper port, if the MAC address is known in its switching table. If the MAC address is not known in the DCAM (dynamic content-addressable memory) table, the switch will send the frame out all ports on the switch. Once the data is forwarded from the hub or switch, if it is leaving the local network, it will go to a router. Routers will read the destination IP address, look up the network that it belongs to, and forward the packet out the proper interface. If the destination IP address specifies a network that is found in the routing table, the router will drop the packet. For normal network traffic, the router will forward the traffic to the proper network, either through a specific route or default route. As packets traverse a router, the router will substitute the source MAC address with its own MAC address. Thus, the frame is modified. When it does this, it also recomputes the CRC on the frame as the packet has been changed. A firewall works much like a router but has many more rules used to filter the traffic, and offers many criteria for filtering the traffic. For example, firewalls can filter things such as source/des- tination IP addresses, protocol, source/destination port numbers, TCP state, and many others. Today, there are even firewalls that can scan traffic for viruses and recognize intrusions. Routers and switches, in many cases, can also be used to filter traffic but at a more basic level. n Stage 4 – Decapsulation The purpose of stage 4, decapsulation, is to decapsulate (unencapsulate) what was encapsulated in Stage 1. The decapsulation stage begins when the traffic finally arrives at its destination. The host will remove the Ethernet frame header, Ethernet frame footer, the IP header/footer, the TCP header, etc. By doing this, it moves that data back up to the application. While this is taking place, the Ethernet Frame Check Sequence (FCS) is used to verify that the Ethernet packet was able to traverse the network from the source to the destination, intact and without errors. This process is shown in the following diagram: PrepLogic Practice Exams n Video Training n Mega Guides n Printables n Audio Training
  5. 5. Mega Guide Exam 642-831 Cisco Internet Troubleshooting Support n n 1-800-418-6789 In this diagram, you see that Host A encapsulates the data it wants to send across the network (this is stage 1 – encapsulation). The data is then transmitted across the network to Switch A (this is stage 2 – transmitted). Switch A, the router, and Switch B all perform forwarding and filtering on the data as it moves across the network. Thus, there is some switching back and forth be- tween stage 2 and stage 3, and the traffic traverses the network. Finally, Host B receives the traffic and decapsulates it so that the application can receive it. The application will then, very likely, have some reply that will take a reverse path back through these stages to the original sender. The General Troubleshooting Process We have covered some good general information on troubleshooting, but you must have a formal process. The general troubleshooting process that Cisco recommends is shown below: This is a great process, not just for a network problem but for any type of problem. Now we will learn, more specifically, how to use this process for network troubleshooting, and delve into more detail on each of the troubleshooting steps. To find out what the problem is, you must also find out what the problem is NOT. To successfully eliminate the problem choices, you may have to go through this process a number of times to pinpoint and resolve the correct problem. That being said, if you don’t use a formal approach, the alternative, still used by many unsuccessful troubleshooters, is guessing at the solution and not identifying the real problem. These mis- takes can create even more problems and make the situation worse, instead of better. Now, let’s look at each of the stages of the troubleshooting process in more detail: PrepLogic Practice Exams n Video Training n Mega Guides n Printables n Audio Training