debug指令
顯示動態資料與事件,提供目前所發生的資訊,可協助區隔協定及設定方面的問題
若使用telnet,需執行terminal monitor指令,才可看到debug的輸出
ps:需在privileged mode下才可執行debug指令ps
#debug ?
dialer Dial on Demand
isdn
ppp PPP (Point to Point Protocol) information
ip IP information
all Enable all debugging
顯示acl指示的封包
#debug ip packet < acl>
ex:顯示10.10.10.10到172.16.1.1的封包
(config)#access-list 101 permit tcp host 10.10.10.10 host 172.16.1.1
#debug ip packet 101
#debug serial interface
確認是否hdlc keepalive封包持續增加,若無可能是介面卡上或網路內部的時間有問題
#debug arp
顯示是否該router正在發送或學習在另一邊wan中的路由器資訊
當在TCP/IP網路上有一些節點有回應,但是其他的節點卻沒回應時,可以使用此指令
關閉偵錯模式
#undebug all
或
#no debug all
……………………………………………………………………
將介面統計資訊歸0
#clear counters
顯示介面狀態
>show interfaces [interface]
檢查介面的統計資訊及狀態
ps:
以serial0介面為例,畫面大致如下
serial 0 is up, line protocol is up //表示介面layer1,2正常
Hardware is HD64570 //假如是ethernet介面還會多mac address
Internet address is 192.168.1.1/24 //目前ip/mask
MTU 1500 bytes, BW 1544 Kbit, DLY 1000 usec, rely 255/255, load 1/255 //最大封包size為1500bytes
Encapsulation HDLC, loopback not set, keepalive set (10 sec) //hdlc封裝,keepalive10秒,另一邊介面需一樣才可連通
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of “show interface” counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops //可檢查是否接收或送出的資訊是否因過快而丟棄
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 1000 bits/sec, 2 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort //0表示訊號正常,非0可能為CRC,duplex,或線路問題
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets //檢查是否輸出錯誤,若非0可能為duplx問題
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
ps:
以ether介面為例畫面大致如下
GigabitEthernet8/13 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is 0018.ba3f.7c7c (bia 0018.ba3f.7c7c)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s
input flow-control is off, output flow-control is off
Clock mode is auto
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:55, output hang never
Last clearing of “show interface” counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
800 packets input, 260270 bytes, 0 no buffer
Received 76 broadcasts (58 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 3 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
68895 packets output, 6044289 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
ps:
runts(packets that were truncated before they were fully received)
interface 0 is up的意思
硬體狀態,包括纜線,連接器,…等,layer1相關正常
也可反映出此介面是否收到來自另一端DCE的carrier detect(戴波偵測)訊號
interface is down的可能原因
介面或纜線等layer1實體層問題
interface is administratively down的可能原因
1可能出現back-to-back connection(背對背連接)問題
即某一端是管理上的關閉,也就是管理者手動關閉,因此另一端就沒作用
若執行shutdown命令會出現,可用no shutdown開啟介面
2也可能是尚未接線,但機率很低
protocol is up的意思
layer2運作正常
控制連線的cisco ios認為介面可用,是否成功的收到keepalives(存活)訊息來決定的
protocol is down的可能原因
實體介面無運作,ex:serial 0 is down
實體介面管理性關閉,ex:serial 0 is administratively down
進入errdisable狀態,使用介面被關閉
沒有keepalives(存活訊號),若介面沒有連續收到3個keepalives,則protocol down
沒有clock rate(時脈),ex:dce未設定clock rate
encapsulation(封裝)型態不符,ex:一端用hdlc,另一端用ppp
authentication(驗證)失敗,ex:ppp認證失敗
顯示介面進出frame的統計
# show interfaces < interface> counters
畫面大致如下
Port InOctets InUcastPkts InMcastPkts InBcastPkts
Gi0/9 31265148 20003 3179 1
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
Gi0/9 18744149 9126 96 6
顯示介面上的錯誤
# show interfaces < interface> counters errors
畫面大致如下
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
Gi0/9 0 0 0 0 0
Port Single-Col Multi-Col Late-Col Excess-Col Carri-Sen Runts Giants
Gi0/9 5603 0 5373 0 0 0 0
各counter說明
Align-Err:CRC發現錯誤,通常是layer1有問題
Fcs-Err:無效的checksum,通常是layer1問題
Xmit-Err: 緩衝區發生overflow,通常是進入和離開介面的速度不一致問題
Rcv-Err:接收緩衝區發生overflow,通常是全雙工端的duplex mismatch問題
UnderSize:frame過小
Single-Col:轉送frame前發生單一碰撞,通常是duplex mismatch或頻寬過度使用問題
Multi-Col:轉送frame前發生多個碰撞,可能原因和single-Col相同
Late-Col:轉送frame後發生延遲碰撞,可能是線路太長或半雙工端的duplex mismatch問題
Excess-Col:經歷16次連續碰撞,可能原因和single-col相同,也有可能是同區段設備太多
Carri-Sen:載波感應程序,在半雙工上傳資料時該counters會增加
Runts:CRC壞掉的小型FRAME(64)
Giants:CRC壞掉的巨大封包(>1518)
顯示介面狀態
#show interfaces status
Port Name Status Vlan Duplex Speed Type
Gi0/1 connected trunk full 1000 1000BaseSX
Gi0/2 connected 252 full 1000 1000BaseSX
Gi0/3 disabled 1 full 1000 1000BaseSX
Gi0/4 disabled 1 full 1000 No Transceiver
Gi0/5 disabled 1 full 1000 No Transceiver
Gi0/6 connected 10 a-half a-10 10/100/1000BaseT
Gi0/7 connected trunk a-full a-100 10/100/1000BaseT
Gi0/8 connected trunk a-full a-100 10/100/1000BaseT
Gi0/9 connected 10 a-full a-1000 10/100/1000BaseT
Gi0/10 notconnect 1 full auto 10/100/1000BaseT
[omit]
ps:
#show interfaces status ?
err-disabled Show interface error disabled state
inactive Show interface inactive state
module Limit display to interfaces on module
……
顯示介面的ip的狀態
>show ip interface [brief]
ps:
畫面大致如下
Serial1 is administratively down, line protocol is down //serial1介面為shutdown狀態
Internet protocol processing disabled
Ethernet0 is up, line protocol is up //eth0介面layer1,2正常
Internet address is 192.168.2.1/24 //ip位置為192.168.2.1/24
Broadcast address is 255.255.255.0
MTU 1500 bytes,
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set //界面目前無存取清單等資訊
Inbound access list is not set
Proxy ARP Is Enabled
Security Level Is Default
Split horizon Is Enabled
…以下省
ps:
[brief]列出精簡資訊,畫面大致如下
Interface IP-Address OK? Method Status Protocol
Serial0 192.168.1.1 YES unset down down
Serial1 unassigned YES unset administratively down down
Ethernet0 192.168.2.1 YES unset up up
Bri0 unassigned YES unset administratively down down
Bri0:1 unassigned YES unset administratively down down
Bri0:2 unassigned YES unset administratively down down
顯示實體界面相關資訊
>show controllers [int]
纜線種類,實際介面相關資訊,控制卡晶片狀態,…等詳細資訊
ps:
畫面大致如下
interface serial0
HD unit 0, idb = 0x1AE828, driver structure at 0x1B4BA0
buffer size 1524 HD unit 0,V.35 DTE cable //dte介面,使用v.35介面
cpb = 0x7, eda = 0x58DC, cda = 0x58F0
RX ring with 16 entries at 0x4075800
…省略
interface FastEthernet0/0
Hardware is PQUICC MPC860T ADDR: 815A3338, FASTSEND: 80011698
DIST ROUTE ENABLED: 0
Route Cache Flag: 1
…省略
檢視協定狀態
#show protocol
畫面大致如下
Global values:
Internet Protocol routing is enabled
Serial0 is down, line protocol is down //serial0介面layer1,2啟動後無作用
Internet address is 192.168.1.1/24 //ip位置為192.168.1.1/24
Serial1 is administratively down, line protocol is down //serial1介面為shutdown狀態
Ethernet0 is up, line protocol is up //eth0介面layer1,2正常
Internet address is 192.168.2.1/24 //ip位置為192.168.2.1/24
Bri0 is administratively down, line protocol is down
Bri0:1 is administratively down, line protocol is down
Bri0:2 is administratively down, line protocol is down
顯示各process的使用率
#show processes cpu
CPU utilization for five seconds: 5%/3%; one minute: 1%; five minutes: 1%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 4 11 363 0.00% 0.00% 0.00% 0 Chunk Manager
2 4 13904 0 0.00% 0.00% 0.00% 0 Load Meter
4 0 580 0 0.00% 0.00% 0.00% 0 DHCPD Timer
5 0 1 0 0.00% 0.00% 0.00% 0 PF Redun ICC Req
6 138700 11705 11849 0.00% 0.16% 0.17% 0 Check heaps
7 0 1 0 0.00% 0.00% 0.00% 0 Pool Manager
8 0 2 0 0.00% 0.00% 0.00% 0 Timers
9 49448 410365 120 0.07% 0.03% 0.05% 0 ARP Input
10 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
11 0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
12 72 90 800 0.00% 0.00% 0.00% 0 Entity MIB API
13 0 1 0 0.00% 0.00% 0.00% 0 IFS Agent Manage
14 0 1160 0 0.00% 0.00% 0.00% 0 IPC Dynamic Cach
15 8 50 160 0.00% 0.00% 0.00% 0 PF_Split Sync Pr
16 4 69517 0 0.00% 0.00% 0.00% 0 IPC Periodic Tim
[omit…]
ps:此訊息說明cpu負載為5%,其中3%為中斷處理,中間的差額2%為control panel負載
ps:中斷處理通常不會超過5%
ps:cpu使用率過高,可能原因為使用debug命令或snmp,或stp故障造成
顯示cpu和I/O,MEMORY的摘要
#show memory
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 44AE5D50 391193264 70233000 320960264 319948768 247065784
I/O 8000000 67108864 10418792 56690072 56614112 56614072
[omit…]
ps
#show ?
ip IP information
arp ARP table
interfaces Interface status and configuration
controllers Interface controller status
protocols Active network routing protocols
…省略
ps
#show ip ?
ospf OSPF information
dhcp Show items in the DHCP database
eigrp IP-EIGRP show commands
route IP routing table
arp IP ARP Table
protocols IP routing protocol process parameters
interface IP interface status and configuration
nat IP NAT information
bgp BGP information
………….
errdisable detect
switch自動檢測功能
switch會偵測每個port,若有異常則將port設為errdisable模式並關閉介面
若發現errdisable的介面,1確認問題點,2透過指令解除errdisable模式
設定那些errdisable detect功能要被啟用
(config)# [no] errdisable detect cause < all | cause-name >
預設為全部啟用
cause-name有以下可選,
all:Detects every possible cause
arp-inspection:Detects errors with dynamic ARP inspection
bpduguard:Detects when a spanning-tree BPDU is received on a port configured for STP PortFast
channel-misconfig:Detects an error with an EtherChannel bundle
dhcp-rate-limit:Detects an error with DHCP snooping
dtp-flap:Detects when trunking encapsulation is changing from one type to another
gbic-invalid:Detects the presence of an invalid GBIC or SFP module
ilpower:Detects an error with offering inline power
l2ptguard:Detects an error with Layer 2 Protocol Tunneling
link-flap:Detects when the port link state is “flapping” between the up and down states
loopback:Detects when an interface has been looped back
pagp-flap:Detects when an EtherChannel bundle’s ports no longer have consistent configurations
psecure-violation:Detects conditions that trigger port security configured on a port
rootguard:Detects when an STP BPDU is received from the root bridge on an unexpected port
security-violation:Detects errors related to port security
storm-control:Detects when a storm control threshold has been exceeded on a port
udld:Detects when a link is seen to be unidirectional (data passing in only one direction)
unicast-flood:Detects conditions that trigger unicast flood blocking on a port
vmps:Detects errors when assigning a port to a dynamic VLAN through VMPS
在errdisable模式下會將介面disable,有以下兩方法可解除
1.設定自動解除errdisable模式
(config)# errdisable recovery cause [cause-name]
預設300秒後自動解除
ps:
設定自動解除errdisable模式的計時器
(config)# errdisable recovery interval
30-86400seconds(24hours)
ex:
指定發現psecurity-violation後,於1小時自動解除errdisable模式
(config)# errdisable recovery cause psecurity-violation
(config)# errdisable recovery interval 3600
2.手動關閉介面在啟用介面
(config-if)#shutdown
(config-if)#no shutdown
……………………………………………………………………
>traceroute < ip>
可用來找出傳送封包到目的地時所選擇的路徑,及rtt(roundtrip time,往返時間)
每產生一行輸出,代表資料所進入介面的ip位置,若出現*代表封包送失敗
失敗的回應有可能有速率的限制或在主機中被過濾掉
ps:收到traceroute的設備,須知道如何將回覆傳給發出traceroute的來源,因此兩邊都需有己知的路徑
以traceroute 175.10.1.2為例,畫面大致如下
Type escape sequence to abort.
Tracing the route to 175.10.1.2
1 160.10.1.1 0 msec 16 msec 0 msec
2 175.10.1.2 20 msec 16 msec 16 msec
可得知目地ip是否有連線
>ping < ip> [option]
常見option
size 指定byte
repeat 指定回應次數,預設為5次
timeout 指定等待回應的秒數
source 指定回應的ip
df-bit 強制packet do not fragment(封包不分段)
以ping 192.168.1.1為例,畫面大致如下
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
#telnet < ip>
判斷layer7運作是否正常
………………………………………………………….
設定snmp取得統計資料
(config)#snmp-server < option>
option有以下
community < name> < ro|rw >
contact < email>
location < description>
ifindex persist:為確保SNMP interface index(snmp介面索引)保持一致性
ex:
(config)# snmp-server community ciscoro ro
(config)# snmp-server community ciscorw rw
(config)# snmp-server contact ray@systw.net
(config)# snmp-server location 5rd Floor
(config)# snmp-server ifindex persist
設定SPAN port側錄流量
(config)# monitor session < id> source interface < interface>
(config)# monitor session < id > destination interface < interface>
ex:
設定session 1收集gi0/1介面的流量,並丟到gi0/3介面
(config)# monitor session 1 source interface gi 0/1
(config)# monitor session 1 destination interface gi 0/3
# show monitor
ex:
Session 1
————
Type : Local Session
Source Ports :
Both : Gi0/1
Destination Ports : Gi0/3
Encapsulation : Native
Ingress : Disabled
設定RSPAN port側錄遠端流量
遠端switch設定
1.啟動用來傳送資料的vlan為remote-span
SW1(config)# vlan < vlan-id>
SW1(config-vlan)# remote-span
2.設定span port
SW1(config)# monitor session < id> source interface < interface>
SW1(config)# monitor session < id> destination remote vlan < vlan-id> reflector-port < interface>
近端switch設定
1.啟動用來傳送資料的vlan為remote-span
SW2(config)# vlan < vlan-id>
SW2(config-vlan)# remote-span
2.設定span port
SW2(config)# monitor session < id> source remote vlan < vlan-id>
SW2(config)# monitor session < id> destination interface < interface>
ex:
將sw1的gi0/1介面流量,丟到sw2的fa5/1介面
SW1(config)# vlan 10
SW1(config-vlan)# remote-span
SW1(config)# monitor session 1 source interface gi 0/1
SW1(config)# monitor session 1 destination remote vlan 10 reflector-port gi 0/3
SW1#show monitor
Session 1
————
Type : Remote Source Session
Source Ports :
Both : Gi0/1
Reflector Port : Gi0/3
Dest RSPAN VLAN : 10
SW2(config)# vlan 10
SW2(config-vlan)# remote-span
SW2(config)# monitor session 2 source remote vlan 10
SW2(config)# monitor session 2 destination interface fa 5/1
SW2# show monitor
Session 2
————
Type : Remote Destination Session
Source RSPAN VLAN : 10
Destination Ports : Fa5/1