Troubleshooting commands

Troubleshooting a Cisco device and the networks to which it is connected is an integral part of being a Cisco administrator. Most of your troubleshooting can be solved by verifying your configurations and the device’s operations, using the show commands mentioned in the previous article. However, at times you may need to use additional commands to help identify and troubleshoot faults in the network.
Specifically, the clear command in Privileged EXEC resets statistical information that is being stored for the outputs of your show commands. For example, if you saw the output of the show interfaces serial 0/0 command and noticed excessive late collisions, how do you know whether those are recent statistics or collisions that occurred last week? Using the clear counters commands resets those statistics so you can view up to date information from the show interfaces output.
One of the most widely utilized commands for troubleshooting is the ping command. Ping uses ICMP echo and echo reply messages to verify connectivity to IP devices. To ping a specific device from EXEC or Privileged EXEC, enter ping followed by the IP address or hostname of the device you are trying to verify, as follows:
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: .!!!!
Success rate is 80 percent (4/5)
Notice that the ping response contains a period (.) followed by four exclamation marks (!). An exclamation mark character is indicative of a successful receipt of a reply to the ping. The period character indicates that a timeout has occurred for that particular ICMP echo packet. In some instances, you may receive a U character, which signifies a Destination Unreachable ICMP message. These messages are indicative that a router along the packet’s path to the destination did not know how to reach the destination network. When this occurs, the router sends a Destination Unreachable message back to the packet’s source.
Similar to other operating systems, you can manipulate some of the options in a ping echo request, such as the datagram size and the timeout period in the Cisco IOS. To specify these options, you need to use an extended ping command. This command requires you to be in Privileged EXEC and is used by typing ping followed by the Enter Key (no IP address). From there you can change the default parameters such as the datagram sizes, timeout, and the number of packets sent, as shown in the following example,
Router#ping
Target IP address: 192.168.1.1
Repeat count [5]: 10
Datagram size [100]: 200
Timeout in seconds [2]: 5
Extended commands [n]: y source address or interface: Type of service [0]: set DF bit in IP header? [no]: validate reply data? [no]:Data pattern [0xABCD]:
Loose, strict, record, timestamp, verbose
: sweep range of sizes [n]:
Type escape sequence to abort 192.168.1.1. timeout is 5 seconds:
!!!!!!!!
Success rate is 100 percent (10/10)
Another useful ICMP utility is the tracer oute command. As the name states, tracer oute sends ICMP messages and receives a reply from every routing device along the path to the destination. This is useful in situations where you suspect a router on the route to an unreachable network is failing. The command syntax for tracer oute is similar to the ping command. In fact, you can also perform an extended tracer oute by using the tracer oute command in lieu of the ping keyword.
Router#trace 192.168.1.1
Tracing the route to 192.168.1.1
1 192.168.100.1 4 msec 0 msec 4 msec
2 10.1.1.3 4 msec 4 msec 0 msec
3 192.168.1.1 0 msec 0 msec 4 msec
The final troubleshooting command (for now) is another exclusive Privileged EXEC command that should be used only when all other troubleshooting has failed. The debug command displays real-time information on such things as routing updates, packet forwarding, and interface keep alive, to name a few. The reason behind the cautionary tone of this explanation is because the debug command is very processor-intensive and can generate a lot of information on your terminal screen. For this reason, it is highly recommended that you use these commands only in emergency situations or in a lab environment. If you must troubleshoot on a production router, be sure to issue the show processes command as follows:
Router A#show processes
CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
…output omitted…
The majority of the output will not make sense; however, the top of the output lists the CPU utilization up to the last 5 minutes. If any of these values exceeds 60%, do not use the debug commands. If you do, your router is likely to seize up from over-utilization.
When you have finished troubleshooting, you can turn off debugging by putting a no in front of the command, or you can turn off all debugging by typing no debug all or debug all.
Backing up and restoring configurations and IOS using TFTP
Recall from the “saving configurations” article that you used the copy command to copy the running config in RAM to the startup config in NVRAM. By using this command, you are basically copying this configuration file from one file system component to another. Such is the case if you want to back up and restore configurations and IOSs to and from a TFTP server. A fair amount of setup and preparation is required to achieve this functionality, but the rewards of being able to back up and restore these files are well worth it. Specifically, the following preparations need to be in place for your switch or router to transfer these files to and from a TFTP server.
- The TFTP server must have the TFTP service running. You can search the internet for evaluation TFTP servers from companies such as Solar Winds and Future Soft.
- Your device must be cabled correctly. If you are using a switch, plug the TFTP server into the switch with a straight-through Ethernet cable. If you’re going directly between a router and the TFTP server, use a cross-over cable.
- You must have IP connectivity to the server. In other words, your interface should be on the same subnet as the server.
- There must be enough room on the TFTP server and your device’s memory to store these files. If your Flash memory cannot store two files, the IOS erases the old files from Flash memory before copying the new one.
After all the preparations are in place, and you have verified connectivity between the TFTP server and your Cisco router or switch, you can use the copy command again to transfer files. Remember, copy command instructs the IOS to copy from somewhere to somewhere. The available keywords, once again, are starup-config, running-config, tftp, and flash. When the tftp keyword is used, the IOS follows up with a few subsequent questions to help the IOS identify the IP address of the server, and the filenames of the source and destination files.
For example, to copy the IOS from a TFTP server to the flash memory of the router, your command would look something like the following:
Router#copy tftp flash
Address or name of remote host []? 172.16.1.254
Source filename []? C2600-is-mz.120-3.T3.bin
Destination filename [c2800-is-mz.123-3.T3.bin]?
Copy ‘c2800-is-mz.123-3.T3.bin’from flash to server as
‘c2800-is-mz.123-3.T3.bin’ [yes/no]y
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
……output omitted……upload to server done
Flash device copy took 00:01:24 [hh:mm:ss]
Similarly, if you need to upgrade your IOS to a new version or you want to restore a previously backed up IOS from your TFTP server, the command would be copy tftp flash. Remember, if your flash memory does not have enough space for your current IOS file and the new one, the process erases your old IOS file to make room for the new one. If you accidentally lose power during the file transfer, you inevitably end up in ROM mon. At that point, you can download the IOS again from the TFTP server or copy the image over the console.
After the IOS image is loaded to your flash memory, you have to reboot the device for that IOS to run (because your current IOS is still decompressed and running in RAM). To reboot a Cisco device, use the reload command from Privileged EXEC. Do not forget to save any configuration changes that you made with the copy running-config startup-config command before rebooting the device because the router or switch uses the contents of your startup configuration when it reinitializes. In many current IOS version, the IOS reminds you that your configuration has modified and asks you whether you want to save it. Answering “Yes” to this prompt saves your configuration to NVRAM.
Router#reload
System configuration has been modified. Save?
: yes
Building configuration…
[OK]
Proceed with reload? [confirm]
04:31:02: %SYS-5-RELOAD: reload requested
The copy command can also be used to back up and restore your configurations. For example, to back up your current configuration, you can type copy running-config flash. Alternatively, you can always save your configuration to a text file by capturing the text output of your terminal program and doing the show running-config command. If you want to paste the configuration back, into the Cisco device, just go into Global configuration and paste the text back into the terminal program window.
Neighbor Discovery with CDP
Imagine it is your first day at work and your boss wants you to create a topology map of the network, including model numbers, IPs, and IOS versions of all the Cisco equipment. Eager to impress the boss, you want to get this task done as soon as possible. The problem is that the equipment isn’t allocated in the same building and your security badge won’t allow you into other buildings. Thus, console access isn’t possible and you don’t know the IP addresses of the other devices to use SSH or Telnet into them. Instead of spending that free time looking in the want ads because you are afraid you are going to get fired, you can call upon a very useful protocol called Cisco Discovery Protocol (CDP) to gather information of directly connected Cisco neighbors.
As the name indicates, CDP is a Cisco proprietary protocol that operates at the Data link layer. One unique feature about operating at Layer 2 is that CDP functions regardless of what physical layer media you are using (UTP, fiber, and so on) and what Network layer routed protocols you are running (IP, IPX, AppleTalk, and so on). CDP is enabled on all Cisco devices by default, and is multicast every 60 seconds out of all functioning interfaces, enabling neighbor Cisco devices to collect information about each other. Although this is a multicast message, Cisco switches do not flood that out to all their neighbors as they do a normal multicast or broadcast.
The amount of information you can display ultimately depends on the command you use. For instance, the following example illustrates the output of the show cdp neighbors command;
CCNA2811>show cdp neighbors
Capability codes: R-Router, T-Trans Bridge, B-Source Route Bridge, S-Switch, H-Host, I-IGMP, r-Repeater
Device ID local intrfce Holdtm capability platform port ID
Bldgl-3550 Fas 0 128 S I WS-C3550-2 Fas 0/22
Engineering1801 Ser 0/1 134 R 1801 Ser 0/0
The following table explains the output depicted in the proceeding example.
Output | Explanation |
Device ID | Neighbor’s configured hostname |
Local Intrfce | A local interface in which you received this information |
Holdtm | CDP hold down timer to keep track of how long it has been since you received information from that neighbor and how many seconds to wait until you consider that neighbor dead. |
Capability | The capabilities of the Cisco devices as explained in the legend at the top of the output |
Platform | The model number of the Cisco device. |
Port ID | The interface in which the neighbor device sent out this CDP information |
By using the show cdp neighbors detail command or the show cdp entry *command, you can gain even more information about your neighbor Cisco devices. Specifically, you can see all the information from the show cdp neighbors output in addition to the Layer 3 information and the IOS version of your directly connected neighbors. The following figure illustrates the details output of these commands.
CCNA2621>show cdp neighbour detail
Device ID: Bldgl-3550
Entry address(es):
Platform: Cisco WS-C3550-24, Capabilities: Switch IGMP
Interface: FastEthernet 0/0, Port ID <outgoing port>: FastEthernet 0/22
Holdtims: 143 sec
Version:
Cisco Internetwork Operating system software
IOS (tm) C3550 software <C3550-I9Q3L2-M>, Version 12.1(13)EA1a, RELEASE SOFTWARE (fo1)
Copyright, (c) 1986-2003 by Cisco systems, Inc.
Compiled Tue 25-Mar-18 23:21 by Kumarjanglu
Advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x00112: payload lan=27, value=00000000FFFFFFFF010221FF0000000000000D65D04E00FF0000
VIP Management Domain: ‘ThirteenBlack’
Native VLAN:1
Duplex:full
Based on this information, you can already begin to see the topology layout of these three devices, as illustrates in the following picture.

At this point, I am sure you are completely in awe of the wonders the CDP can bring to your administrative duties; however, there are times you may wish to disable CDP. As mentioned before, CDP is a Cisco proprietary protocol enabled by the default on all Cisco devices.
So what happens when you are not connected to a Cisco device? Although the bandwidth usage is minimal, it still serves no purpose to continue sending CDP advertisements to non-Cisco devices that cannot interpret this protocol. In addition, it is a good idea to disable CDP for security reasons because you can gain so much useful information that could prove fatal in the wrong hands.
You can disable CDP in one of the two ways: globally on the Cisco device or on an interface by interface basis. To disable CDP for the entire device, you have to configure the no cdp run command in global configuration. Otherwise, you can specify on which interfaces to disable CDP advertisement by navigating to those specific interfaces and using the no cdp enable command in the interface configuration.
Read Previous articles on Cisco Device configurations
- Foundation Cisco Device Configurations.
- Domain name specific commands for Cisco configurations.
- Cisco Router Interface configurations.
- The “Show” command in Cisco Configurations.