Using the show Command to Get Information
Objective:
- Verify router hardware and software operation using SHOW & DEBUG commands.
As an administrator of Cisco routers and switches, it is inevitable that you will have to get information and statistics to verify the functionality of those devices and the networks that are connected to them. The crux of every command to view these statistics is the show keyword. This section explains what information you can gain from several of these show commands and
tells you how to interpret outputs of those commands.
TIP
Some of the show commands will have quite a lot of extraneous output that may not be pertinent to what you are trying to discover. In some extreme cases, this can go on for pages and pages of output and you could spend quite a bit of time weeding through all the information. To assist you finding specific informa tion, the Cisco IOS now gives you the ability to filter the output by adding a pipe symbol (|) followed by the keyword include, exclude, or begin and the expression you want to filter. Include will only show you outputs that include the expression that you define in the command. Exclude provides the exact opposite service in that it will show you all the output except for the expression you specify. Finally, begin will show you the full output beginning at the point the expression is found.
Verifying Your Configurations
Without a doubt, verifying your configurations is one of the most widely used show functions in the Cisco IOS. What better way to double-check or troubleshoot your configuration could there be besides seeing it displayed right in front of you? One caveat to these particular show commands, however, is that you must be in Privileged EXEC to see the configurations. This makes logical sense because you don’t want anybody from User EXEC to see your passwords in the configurations.
To see the active configuration that is running in RAM (that is, running-config), simply type show running-config. Similarly, the command show startup-config displays the configuration that will be loaded after you reboot the router or switch. The following example shows the show running-config command, and the output of some of the router configurations discussed in this chapter, performed on an 1720 router with a fixed Fast Ethernet interface:
CCNA1720#show running-config Building configuration... Current configuration: ! version 12.4 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname CCNA1720 ! enable secret 5 $1$nLCr$gNidpLSZvMnm2wFW6ACLm0 enable password 7 14120A0A0107382A29 ! boot-start-marker boot-end-marker ! memory-size iomem 15 no aaa new-model ip subnet-zero ip host corerouter 172.16.1.1 ip name-server 172.16.1.254 ! ip cef ! interface FastEthernet0 ip address 172.16.1.1 255.255.0.0 no ip directed-broadcast full-duplex ! interface Serial0/0 bandwidth 64 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast no fair-queue ! ip classless ip http server ! banner motd ^C This is a private system and may be accessed only by authorized users. 3Unauthorized access is strictly prohibited and will be enforced to the full 3 extent of the law.^C ! line con 0 exec-timeout 1 30 password 7 045802150C2E login line vty 0 4 exec-timeout 1 30 password 7 02050D480809 login ! End
NOTE
Notice that in the output of the show running-config command there are commands such as service timestamps debug uptime, ip subnet-zero, and so on that have not been dis cussed. These are all configurations that are created by default by the IOS, and may vary depending on the version of the IOS that is loaded. On that same note, some configurations do not even show up in the IOS configuration even though they are configured on the router or switch. For instance, both interfaces were administratively enabled in this configuration despite the lack of the command no shutdown being dis played on each interface configuration.
EXAM ALERT
One of your best resources on a simulation that has a troubleshooting scenario is the show running config command. By looking at the configuration and recognizing incorrect or missing entries, you can determine what items must be fixed in a particular device to regain connectivity in the simulated network.
Viewing Interface Statuses and Statistics
Beyond a doubt, the next four show commands will serve as the most useful tools in determining interface functionality and the performance of the network connected to those interfaces. Some of the outputs for these interface-specific show commands display similar statistics; nevertheless, each command serves a unique purpose depending on what facet of the interfaces you are trying to investigate.
show interfaces Command
The most detailed show command that displays statistics about the status of the interfaces and the network traffic for that interface is the show interfaces command. This command shows you statistics for all interfaces on the router or switch; however, if you wish to view information about only a single interface, you can specify that interface in the command (for example, show interfaces serial 0/0). The output that follows illustrates the show interface output for a Fast Ethernet interface:
Router#show interfaces FastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Hardware is Gt96k FE, address is 001a.2f66.fa1a (bia 001a.2f66.fa1a) Internet address is 172.16.0.1/16 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 100Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:10, output 00:00:10, output hang never Last clearing of “show interface” counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 322 packets input, 70336 bytes Received 322 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 343 packets output, 72188 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out
A common statistic of most of the interface show commands is the actual status of the interface itself. This is identified in the first line of output of the show interfaces commands. The first part of the status identifies the Layer 1 information of the interface, followed by the Layer 2 line protocol status.
If you understand the interface statuses you are ultimately building a solid foundation to accurately troubleshoot any malfunctioning interface. For example, if your interface is in an “up/line protocol up” state, you have eliminated Layer 1 and Layer 2 malfunctions for that interface. From this point, you can determine whether the problem on the interface is perhaps a Layer 3 problem (IP addressing, routing, and so on). Table 8.1 lists the possible values of this command.
EXAM ALERT
Be able to recognize the interface status meanings and determine the possible reasons for that status.
The rest of the output of the show interfaces command is also extremely useful for gaining information about the interface and the network. Of course, you won’t be expected to know all the elements listed in this output; however, Table 8.2 displays some of the valuable common statistics descriptions.
EXAM ALERT
You may be presented with the output of a show interface command with the intention of testing your knowledge of being able to identify problematic elements in the output. For instance, a high load value is evidence of a saturated link, a large number of late collisions is a duplex mismatch, excessive collisions might be indicative of being plugged into a hub, and so on.
show ip interface brief Command
If the goal of your show command is to get a condensed output of the interfaces’ status and their IP addresses, the show ip interface brief command conveniently shows you a minimal display of these statistics as illustrated here:
Router#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.100.154 YES DHCP up up FastEthernet0/1 unassigned YES unset administratively down down Serial0/0 unassigned YES unset administratively down down
show controller Command
Although the output of the show controller command is unintelligible to everyone except for the Cisco TAC (Technical Assistance Center), one particularly useful extract from this output is in the show controller serial command. The needle in this haystack of statistics is the line of output that identifies whether a DTE or a DCE cable is attached to the serial interface. This is useful if you are connecting to your router remotely and you are not sure whether your router should be providing the clocking (if you are the DCE interface). The following
excerpt example illustrates this useful output:
Router>show controller serial 0/1 Interface Serial0/1 Hardware is PowerQUICC MPC860 V.35 DCE cable, clockrate 64000 ...output omitted...
IOS File Version show Commands
The following section discusses how to back up your IOS to a TFTP server or download a new version of the IOS to your router or switch. Tasks of this magnitude, however, cannot be performed unless you do some initial legwork. Namely, you must perform some essential steps such as identifying the amount of Flash memory, the IOS filename located in Flash, and the current IOS version that is running on the device. Different Cisco IOS versions and feature sets will ultimately dictate the size of the IOS file and the amount of Flash and DRAM memory required to run the IOS. If you are planning to
upgrade to a new IOS, you must make sure that you have enough memory (the more, the better) in your device. To see the amount of Flash you have and the current IOS file stored in Flash memory, utilize the show flash command as follows:
Router>show flash System flash directory: File Length Name/status 1 5510192 c2600-is-mz.120-3.T3.bin [5510256 bytes used, 2878352 available, 8388608 total] 8192K bytes of processor board System flash (Read/Write)
Typically, the filename of the IOS file in Flash correctly reflects the actual IOS version running currently on the device. However, an administrator can easily change the filename to his or her own purposes, or there could be multiple IOS files stored on the Flash and you are not sure which one is running currently. To ensure the correct version of IOS, use the widely practical show version command. As the following output demonstrates, the show version command displays a plethora of information well beyond the version of IOS running. Table 8.3 explains some of the useful output of this multifaceted command.
Router#show version Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(3g), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright 1986-2006 by Cisco Systems, Inc. Compiled Mon 06-Nov-06 01:23 by alnguyen ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1) CCNA1841 uptime is 8 hours, 35 minutes System returned to ROM by power-on System image file is “flash:c1841-advipservicesk9-mz.124-3g.bin” This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected]. Cisco 1841 (revision 6.0) with 236544K/25600K bytes of memory. Processor board ID FTX1046W1X1 2 FastEthernet interfaces 1 Serial(sync/async) interface 2 Virtual Private Network (VPN) Modules DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 62720K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102
EXAM ALERT
Be able to rattle off all the information that you can extract from the show version command, including the current loaded IOS version, configuration register, and total memory of RAM, NVRAM, and Flash.
REVIEW BREAK
Table 8.4 reviews the show commands discussed in this chapter, including their functions and whether they are in User EXEC or both User EXEC and Privileged EXEC.
Troubleshooting Commands
Objectives:
- Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities.
- Verify router hardware and software operation using SHOW & DEBUG commands.
Troubleshooting a Cisco device and the networks to which it is connected is an integral part of being a Cisco administrator. Most of your troubleshooting can be solved by verifying your configurations and the device’s operations, using the show commands mentioned in the previous section. However, at times you may need to use additional commands to help identify and troubleshoot faults in the network.
Specifically, the clear command in Privileged EXEC resets statistical information that is being stored for the outputs of your show commands. For example, if you saw the output of the show interfaces serial 0/0 command and noticed excessive late collisions, how do you know whether those are recent statistics or collisions that occurred last week? Using the clear
counters command resets those statistics so you can view up-to-date information from the show interfaces output. One of the most widely utilized commands for troubleshooting is the ping command. ping uses ICMP echo and echo reply messages to verify connectivity to IP devices. To ping a specific device from User EXEC or Privileged EXEC, enter ping followed by the IP address or hostname of the device you are trying to verify, as follows:
Router#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5)
Notice that the ping response contains a period (. ) followed by four exclamation marks (! ). An exclamation mark character is indicative of a successful receipt of a reply to the ping. The period character indicates that a timeout has occurred for that particular ICMP echo packet. In some instances, you may receive a U character, which signifies a Destination Unreachable ICMP message. These messages are indicative that a router along the packet’s path to the destination did not know how to reach the destination network. When this occurs, the router sends a Destination Unreachable message back to the packet’s source.
EXAM ALERT
ICMP Destination Unreachable messages are sent by a routing device when it does not know how to reach the destination network. The router sends this ICMP message back to the packet’s source.
EXAM ALERT
Notice that in the output of the ping command, the first ping packet timed out. This actually is quite normal when pinging a device on a LAN because the router or switch might have to resolve the MAC address on the data link segment with an ARP request. Any successive pings shortly after should receive 100% of replies.
Similar to other operating systems, you can manipulate some of the options in a ping echo request, such as the datagram size and the timeout period in the Cisco IOS. To specify these options, you need to use an extended ping command. This command requires you to be in Privileged EXEC and is used by typing ping followed by the Enter key (no IP address). From there, you can change the default parameters such as the datagram sizes, timeout, and the number of packets sent, as shown in the following example:
Router#ping Target IP address: 192.168.1.1 Repeat count [5]: 10 Datagram size [100]: 200 Timeout in seconds [2]: 5 Extended commands [n]: y Source address or interface: Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort 192.168.1.1, timeout is 5 seconds: !!!!!!!!! Success rate is 100 percent (10/10)
EXAM ALERT
The extended ping must be entered in Privileged EXEC. The command is ping followed by the Enter key.
Another useful ICMP utility is the traceroute command. As the name states, traceroute sends ICMP messages and receives a reply from every routing device along the path to the destination. This is useful in situations where you suspect a router on the route to an unreachable network is failing. The command syntax for traceroute is similar to the ping command. In fact, you can also perform an extended traceroute by using the traceroute command in lieu of the ping keyword.
Router#trace 192.168.1.1 Tracing the route to 192.168.1.1 1 192.168.100.1 4 msec 0 msec 4 msec 2 10.1.1.3 4 msec 4 msec 0 msec 3 192.168.1.1 0 msec 0 msec 4 msec
EXAM ALERT
traceroute is an ICMP utility that tests the connectivity to a device by receiving responses from each routing device along the path to the destination. It is especially useful when you suspect a router on the route to an unreachable network is failing.
The final troubleshooting command (for now) is another exclusive Privileged EXEC command that should be used only when all other troubleshooting has failed. The debug command displays real-time information on such things as routing updates, packet forwarding, and interface keepalives, to name a few. The reason behind the cautionary tone of this explanation is because the debug command is very processor intensive and can generate a lot of information on your terminal screen. For this reason, it is highly recommended that you use these
commands only in emergency situations or in a lab environment. If you must troubleshoot on a production router, be sure to issue the show processes command as follows:
RouterA#show processes CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0% ...Output Omitted...
The majority of the output will not make sense; however, the top of the output lists the CPU utilization up to the last 5 minutes. If any of these values exceeds 60%, do not use the debug commands. If you do, your router is likely to seize up from over-utilization.
EXAM ALERT
It is recommended to use the show processes command before using any debug commands to veri
fy the router’s current CPU utilization.
When you are finished troubleshooting, you can turn off debugging by putting a no in front of the command, or you can turn off all debugging by typing no debug all or undebug all. Specific debugging commands are discussed throughout the course of this book.
EXAM ALERT
If your device is seizing up from too much debug processing, turn it off by using the no debug all or undebug all commands.
TIP
To see accurate timestamps for your debug messages, it is highly recommended that you configure the clock to reflect the correct date and time by using the clock command in Privileged EXEC. In addition, to add a timestamp to the debug output, use the service timestamp command in Global Configuration.