lost frequently, then application network
performance may be sluggish or application time-outs may occur.
For Layer 2 protocols that can be classified as best effort
delivery, such as Ethernet, the loss of a frame immediately
translates to the loss of a packet and in the case of TCP, a
segment. In this case it is the responsibility of TCP to
retransmit lost segments. Once again, if the frame losses are
intermittent the effects on the application may be that it runs
sluggishly or the loss of performance may not be noticeable at
all. However, TCP statistics should show evidence of the
segment loss and retransmissions. The chart in Figure outlines
the symptoms that might be experienced at each of the layers of
the TCP model when an intermittent or total Layer 2 failure
occurs. Although these characteristics give some indication
that a Layer 2 problem exists, it will be inconclusive until
the devices attached to the non-functional data link are
examined. Performing a traceroute or tracert
command will immediately identify the failing link, allowing
the devices at each end of the link to be checked for
appropriate Layer 2 to Layer 3 mapping operations. The table in
Figure summarizes the effect of data-link layer problems on the
other layers. Use these characteristics to assist in
determining whether a problem being experienced could be a
Layer 2 failure.
Content 4.1
Characteristics of Data Link Layer Problems 4.1.9
Critical characteristics – console messages In some
instances a router will recognize that a Layer 2 problem has
occurred and will send alert messages to the console. Typically
a router does this when it detects a problem with interpreting
incoming frames (encapsulation or framing problems) or when
keepalives are expected but do not arrive. The most common
console message that indicates a Layer 2 problem is a line
protocol down message.
Content 4.2
End-System Commands for Gathering Data Link Information
4.2.1 Common end-system commands The following
commands are basic tools for Layer 2 troubleshooting and are
implemented on Windows, UNIX and Max OS X operating systems:
Although ping operates as part of the IP suite of
protocols, it is useful for troubleshooting Layer 2 as it is a
means of establishing the boundaries of the fault. The
continuous ping is also a useful method for generating
test frames and observing error counters. The arp –a
command is useful for verifying that the ARP process is
functioning correctly and is not being overridden by static
entries configured on a workstation or router. Lab
Activity Lab Exercise: Troubleshooting Problems at the
Physical and Data Link Layers After completing this lab, the
student will be able to follow a logical troubleshooting
process to define, isolate, and correct problems outlined in a
trouble ticket.
Content 4.2 End-System Commands
for Gathering Data Link Information 4.2.2
Microsoft Windows end-system commands The following
commands, available in the Microsoft Windows environment, are
useful in gathering basic Layer 2 information from host
systems: - winipcfg
- ipconfig /all
- tracert
- netstat –rn
- arp -a
winipcfg can be run
from the command prompt or the Run window. It is a quick way of
determining the MAC address of a Windows 9X or Me based PC.
Later versions of the Microsoft Windows operating system use
the ipconfig /all command from the command prompt to
obtain similar information. netstat -r will also
provide MAC address information. netstat -r has the
added benefit of displaying the routing table of the host,
which can help to make sense of multihomed workstations.
netstat -n displays addresses and port numbers in numerical
form. Although tracert is a Layer 3 tool which displays
the path packets take to get to a destination, it is also a
quick way to find where a Layer 2 failure has occurred. The
tracert command is similar to the Cisco IOS
traceroute command. arp –a is similar to the Cisco
IOS show arp command. It displays the ARP table of MAC
to IP addresses for a device.
Content 4.2
End-System Commands for Gathering Data Link Information
4.2.3 UNIX/Mac operating systems end-system
commands The ifconfig –a and traceroute
commands are available on most UNIX variants including Mac OS
X.
Content 4.2 End-System Commands for
Gathering Data Link Information 4.2.4 General
Cisco IOS commands The Cisco IOS has a rich set of show and
debugging commands for troubleshooting Layer 2 problems. Use
the commands in Figures and as a guide when troubleshooting
Layer 2 problems.
Content 4.2 End-System
Commands for Gathering Data Link Information 4.2.5
Cisco IOS show commands There is a wealth of
information that can be gathered from Layer 2 Cisco IOS
show commands. The two main challenges troubleshooters
face when using show commands are: choosing the right
command to obtain the desired information, and correctly
interpreting the command output. Pertinent show commands
and descriptions are listed in Figure .
Content
4.2 End-System Commands for Gathering Data Link
Information 4.2.6 The show cdp neighbors
command The show cdp neighbors command is one of
the quickest ways to verify Layer 2 connectivity between two
directly connected Cisco devices. However, CDP is often turned
off in order to limit bandwidth usage or enhance the security
of the network. Furthermore, most non Cisco devices do not
speak CDP. Before relying on the show cdp neighbors
command, verify that the device at the other end of the data
link is configured to allow CDP. On a Cisco device running IOS
use the global configuration command cdp run to enable
CDP on that device. Router(config)#cdp run Use the
interface configuration command cdp enable to allow CDP
on a particular interface if it has been specifically disabled.
Router(config-if)#cdp enable An example of the output
produced by the show cdp neighbors command is shown in
Figure .
Content 4.3 Troubleshooting Switched
Ethernet Networks 4.3.1 Troubleshooting the
Spanning Tree Protocol The Spanning Tree Protocol (STP) is
designed to allow a logical loop free network in a switched
network featuring redundant links. This is achieved by
strategically blocking some ports from forwarding data. STP is
a straightforward protocol, and has been in use for many years.
STP is likely to fail when there is a problem with the exchange
of Bridge Protocol Data Units (BPDUs). The key parameters for
STP operation are the HELLO time and the MAX AGE time. The
HELLO time determines the frequency with which BPDUs are sent.
The MAX AGE time determines how long a port will wait since the
last BPDU was heard before deciding that a link is no longer
connected to a switch, and is therefore no longer part of a
loop. Symptoms of STP failure and consequent switching loops
include: - Unusually high backplane utilization due to
forwarding frames at line speed.
- Rapid address
re-learning, as the loop will allow a switch to see the same
source address entering on multiple ports.
- Rapidly
incrementing frame counters on the affected ports as they
receive frames at line speed.
- Extremely poor link
performance, high latency on ping replies, and TCP
timeouts, as this traffic has to compete with broadcast frames
caught in the loop.
- Broadcast storms within a Layer 2
domain. Since broadcasts will be perpetuated by a loop, their
effect will be felt throughout the switched network.
Any network problem that prevents BPDUs from being
received within the MAX AGE time will cause an STP topology
recalculation. Ports that need to be blocked will be placed in