21.0 Protocol Analyzers:
Protocol analyzer is most commonly used for recording and analyzing network protocol traffic. Filters can be set, so that only particular type of traffic is captured and analyzed. The packet content is displayed in a user friendly, and readable form by using protocol analyzers.
22.0 Debug Commands:
Debug commands are very useful for troubleshooting network problems. However, one need to be very careful when using debug command in a production network ( the term 'production network' is used in the sense that the network is in regular use, and can not be taken off without suffering some kind of loss). If the network is being used heavily, using debug command may result in the disruption of traffic and loss of data packets. Debug command, if used must be as specific as possible, to avoid unnecessary network traffic. Also, remember to undebug as soon as the purpose of using this command is achieved.
By default, all debug output is logged to the console terminal.
To change the default logging option use the command 'logging <option>',
the logging options include:
1. Logging console
2. Logging buffered
3. Logging monitor
4. Logging trap
Note that logging to the console produces very high overhead, whereas logging to internal buffers produces least amount of overhead compared to other logging methods.
The following are true about CDP:
1. CDP - Cisco Discovery Protocol is a Cisco proprietary Layer 2 protocol.
2. CDP uses a multicast packet to the common destination address 01-00-0c-cc-cc.
3. CDP packets are sent out with a non zero TTL after an interface
is enabled and with a zero TTL value immediately before and interface
is made idle. This enables the neighboring devices to quickly discover
the state of neighbors.
4. CDP packets will never be forwarded beyond the directly connected devices. To find CDP information on indirectly connected routers, administrators can 'telnet' to the intended destination device and run CDP command.
24.0 Core Dump:
Core dump is the memory image of a router. It is useful to obtain
the core dump of a router to find the reason for a router crash.
Two most widely used means of configuring core dumps are:
1. By using of TFTP - Trivial File Transfer Protocol
TFTP dumps are usually limited to 16MB. The command used to configure a router to use TFTP for core dump:
exception dump <ip-address>
2. By use of FTP - File Transfer Protocol
To configure a router for core dump using FTP required more configuration steps as below:
step1: ip ftp usename <username>
step2: ip ftp password <password>
step3: exception protocol ftp
step4: exception dump <ip-address>
You can test the core dump by issuing the command 'write core' in privileged exec mode (enable mode). This command will cause a crash, and the content of the memory will be dumped according to the configured setup.
25.0 SPAN monitoring:
The following two commands are useful for setting up a span port
and verifying the span port configuration.
1. Set span - This command sets a port or vlan to be monitored.
Ex: set span 5 3/8 both
In the above command, vlan 5 is monitored by port 3/8. The argument 'both' enables monitoring in both the directions.
Ex2: set span 3/7 3/8 both
In the above command, port 3/7 is monitored by port 3/8 in both the directions (both transmit/receive traffic).
2. Show span
This command displays the span configuration. The command 'show trunk [slot-number/ port-number]' on a Catalyst switch displays the vlan information corresponding to that port. You can also use 'show vlan' command to display the vlan information on a port. This is useful in troubleshooting a vlan and allows us to ensure that the ports are configured for intended vlans.