CCNP Support 640-606 Exam cram

CCNP Support exam is a requirement towards obtaining CCNP certification. The skills tested include Troubleshooting of Routing and Switched networks using Cisco routers, switches, and Access Servers. Also, using Cisco Website resources such as TAC assistance are included. Valid CCNA certification is a pre-requisite for obtaining CCNP certification.

 To be CCNP certified, the following exams need to be successfully completed:

Alternatively, one can take the following exams to obtain CCNP certification:

 Exam Notes

1.0 The recommended sequence of steps for systematic troubleshooting are:

Step A: Define the Problem - Here you define the problem by stating the problem symptoms and associated causes.

Step B: Gather Facts - Fact gathering helps in isolating problem areas. Fact gathering is done by questioning the affected users, administrators, and using tools such as protocol analyzers.

Step C: Consider the Possibilities - The objective here is to narrow down the possible causes. Use the facts gathered in Step B and narrow down the possible causes by systematic reasoning and diagnostic methods.

Step D: Create Action Plan - Based on the narrowed down possibilities, create an action plan to troubleshoot the problem.

Step E: Implement Action Plan - Here you implement the Action Plan. Make sure the steps are documented, so that you can retract if the action plan does not give intended results.

Step F: Observe the Results - Check if the actions that have been implemented yielded desired results. If not, don’t forget to undo earlier changes that did not work.

Step G: Repeat the Problem Solving Process - This step is required if the Action Plan did not work. You need to get closer to the actual problem with each iteration.

Step H: Document Facts - The final stage of problem solving model is to document the process. Though it is the final step, note that documentation at every step facilitates easy documentation after the problem is resolved.

2.1 The following are examples of connectionless protocols:
1. IP (Internet Protocol) - IP is the network-layer connectionless protocol of TCP/IP suite.
2. UDP (User Datagram Protocol)- UDP is a connectionless transport layer protocol of TCP/IP suite.
3. Novell IPX
4. AppleTalk DDP (Datagram Delivery Protocol)
5. CLNP (Connectionless Network Service) used by DECnet

2.2 The following are examples of connection oriented protocols:
1. TCP
2. Novell SPX
3. ATM
4. X.25
5. ATP ( AppleTalk Protocol) - an Apple Talk transport layer protocol.

3.0 Token Ring:

Beaconing is used in Token Ring networks to detect and try to rectify certain network faults. By the process of Beaconing, the Token Ring network try to reconfigure by eliminating the faulty network region.

In general, network faults can be grouped into hard errors, and soft errors. 
Hard errors are the those that are permanent and can not be recovered by software routines. Examples of hard errors are cable cuts and station hardware failures. 
On the other hand, soft errors temporarily disrupt the network services and can be recovered by software routines.

There are two types of soft errors that are tracked by Token Ring networks:

1. Isolating faults - Isolating faults are limited to a particular fault domain. The fault domain is usually a node and its NAUN. Examples of isolating errors are: Line errors, burst errors, and internal errors.

2. Non Isolating faults- Non isolating faults are not limited to a particular fault domain. The error is likely to be spread all over the ring, like congestion. Examples of non isolating faults are: Lost frame, Token, Frequency, and congestion errors.

FDDI:

The following are the important characteristics of FDDI:

1. FDDI uses 100Mbps, dual-ring LAN and uses Token passing (Token passing mechanism is similar to Token Ring, however remember that Token Ring networks has a speed of 4 or 16 Mbps only).

2. FDDI uses fiber as the medium of transmission. Two types of fibers exist: single mode, and multi mode fibers. Single mode fiber allows much higher bandwidths and longer cable lengths compared to multi mode fiber. However, multi mode fibers are cheaper.

3. Improved security due to fiber transmission medium. It is very difficult to tap fiber transmission without being detected.

4.0 TCP/IP

4.1 TCP/IP based applications and their protocols are as described below:

1. Electronic Mail uses SMTP (Simple Mail Transfer Protocol).
2. Network Management applications use SNMP
3. Telnet uses terminal emulation
4. Distributed file services use NFS (Network File System)

4.2 Ping and Trace

During the process of network troubleshooting, you will be required to know the host or network reachability at several points of troubleshooting process. The two commands are extremely useful to check the host reachability and the path that is taken to reach the destination are 'ping' and 'trace' commands. 

'Ping' command can be used to check the connectivity on AppleTalk, CLNS, Novell, and various other protocols. To perform an extended ping, simply give 'ping' at the command prompt. You will be prompted for other parameters like protocol, target IP address, etc.

The following are the possible responses for an IP ping command:
! - indicates that a reply is received
. - indicates that the router has timed out.
U - indicates that the destination is unreachable
N - indicates that the network is unreachable
P - indicates that the protocol is unreachable
? - indicates unknown packet type
Q - indicates source quench

'trace' command can be used to see the route that a packet takes to reach the destination. The trace command discovers the path taken to reach its final destination by sending out probe datagrams. The first datagram is sent out with a TTL (Time To Live) value of just 1. This causes the first router to discard the packet and send back 'time exceeded' message. Thus the first router enroute is discovered! Then, the TTL is incremented by 1 (now TTL is 2) and the datagram is sent out again. Now the second router enroute discards the packet as the TTL reached zero, and sends back 'time exceeded' message to the source. This process is repeated till the destination is reached. By doing so, the exact path that a packet takes to reach the destination is established.

TCP/IP troubleshooting:

The first step in troubleshooting TCP/IP problems is to start with the local host. You can ping the local host (use ping 127.0.0.1, a successful ping ensures that the TCP/IP stack is installed properly) and if you are successful, proceed one step at a time. The next step would be to ping the gateway or the next hop address. This procedure can be followed until you reach the destination network. Once you establish basic IP connectivity, perform any troubleshooting for higher layer protocols such as DNS resolution, FTP, or Telnet. Though it may sometimes be faster to trace route to the destination and find the problem route, it may not always be successful. It is recommended to start at the source and proceed one step at a time towards the destination network.

5.0 Router Performance:

The following are the features that affect performance on routers:
1. Queuing
2. Random Early Detection 
3. Compression
4. Filtering
5. Encryption
6. Accounting

6.0 Base Lining:

6.1 Baselining is the process of measuring network parameters such as network traffic, error packets, overall usage etc. Establishing a baseline when the network is performing normally enables to troubleshoot any problems introduced at a later stage. Baselining also enables network managers to plan the network expansion based on the current trend.  Network monitors are useful establishing a baseline. 

7.0 Cisco Network Management Tools:

Important Cisco network management tools that you need to know are:

1. Cisco Works (includes CiscoView)
2. Netsys 
3. TrafficDirector
4. VlanDirector
5. WAN Manager

Note that, CiscoView is bundled with CiscoWorks. CiscoView is also available as a standalone product. 

CiscoWorks: CiscoWorks is an important network management product from Cisco. It provides graphical view of Cisco device panel displays, allowing easy fault recognition and diagnosis.  CiscoWorks uses SNMP (Simple Network Management Protocol) for monitoring and control of SNMP capable devices on a network. One of the big advantages of CiscoWorks is that it can be seamlessly integrated with third party SNMP network management platforms such as HP OpenView.

CiscoWorks is available in four versions:

1. CiscoWorks Blue - suitable for integrated IBM SNA and IP environments.

2. CiscoWorks Windows - A PC-based network configuration and troubleshooting tools. Suitable for small to medium size networks.

3. CiscoWorks Switched Internetwork Solutions (CWSI) - Suitable for campus LAN management. Include VlanDirector, TrafficDirector, and CiscoView.

4. CiscoWorks2000 - A web based network management suite.
Note that CWSI contains TrafficDirector application as an integral part.

Netsys: Netsys is a suite of simulation based design and troubleshooting tools. These tools allow designers to plan the network and see the network behavior before committing the designs or changes to the actual network. 

TrafficDirector: By using TrafficDirector in conjunction with the embedded RMON agents allow us to measure traffic utilization, error rates, and other statistical parameters on any selected port(s). 

VlanDirector:  VlanDirector is a Cisco VLAN management tool. Given below are salient characteristics:
1. Graphical interface
2. Drag and drop functionality for assigning users to VLANs
3. Enables configuration, management, and monitoring of Cisco switches and routers.
4. VlanDirector can be integrated with common SNP management platforms.

WAN Manager: WAN Manager provides easy configuration, management, fault detection of wide-area multiservice networks.]

Buffers:

The following are some important terms with respect to buffers:

1. Hits: This is the count of successful attempts to allocate a buffer when required.

2. Misses: This is the count of buffer allocation attempts that resulted in increasing the buffer pool for allocating a buffer.

3. Trims: This is the count of buffers released to the system because they were not being used.

4. Created: This is the count of new buffers created in response to misses. Note that this field is displayed only for dynamic buffer pools, not for static buffer pools (ex. interface buffer pools).

5. Failures: This is the total number of allocation requests that have failed because no buffer was available. This will result in loss of datagram.

Ethernet:

Runts: This is the number of packets that have been discarded because they are smaller than the medium's minimum packet size. For Ethernet, a packet size of less than 64 bytes is considered a runt. 
In the given example, there are 342 runts per 133+ million bytes. This is more than one runt per million bytes, which is acceptable. Therefore, it is likely that the network is experiencing excessive collisions.

Giants: This is the number of packets that have been discarded because they exceeded the maximum allowable size of the medium. For Ethernet, a packet size of more than 1518 bytes is considered a giant.

Cisco IOS show commands:

The command 'show cdp neighbors' displays information about the Cisco devices directly connected to the router.

The command 'show cdp neighbors detail' provides additional information including network-layer protocol information.

The command 'cdp run' enables CDP. Note that CDP is enabled by default. To disable CDP, use the command 'no cdp run' in the global configuration mode.

The command 'show ip route' displays the entries in the routing table. The routes are displayed by a preceding protocol keyword. Some of the protocol keywords are:
I -IGRP; E - EGP ; B - BGP ; O - OSPF ; I - IGRP; R - RIP
The network address of the remote network, the address of the next router to the remote network, and the interface through which the remote network can be reached are provided for each route in the output. This command is widely used for diagnostic purposes for troubleshooting the routing table entries.

TAC:

Network administrators can avail of Cisco technical support engineer's help in solving router and network problems. This is recommended only after you have found the problem can not be resolved independently. Cisco Technical Assistance Center (TAC) will always require the following information when you report the case:

1. 'show running-config' command output on all routers concerned.
2. 'show version' command output on all routers concerned.
3. 'show controllers' command output on all routers concerned.
4. Details of host, servers, and network topology map
5. Network layer protocols, and version details.

SRB:

You need to configure transparent bridging or source-route bridging (SRB) to forward NetBEUI traffic to remote networks.

Cisco router encapsulation:

A Cisco router defaults to novell-ether (Ethernt_802.3). There are many encapsulation types available as given below

Common Term                    Cisco Term
Ethernet_II                             arpa
IEEE 802.3                              sap
Novell 802.3 raw                     novell-ether
SNAP                                       snap

Catalyst commands:

Some of the important Catalyst commands are:

1. Show config - This command is similar to IOS 'show running config' command.

2. Show span - This command displays information about Catalyst switched port analyzer function settings such as whether the SPAN is enabled or disabled, and whether the transmit and/or receive information is monitored. Don't confuse this with show spantree command that displays spanning tree information for a vlan.

3. Show trunk - Displays the vlan trucking information for the switch.

4. Show spantree - Displays spanning-tree information for a vlan.

5. Show spantree statistics - Displays Spanning-Tree Protocol BPDU communication in readable form.

6. Show cdp neighbors - displays CDP information about all Cisco devices connected to the switch.

Important 'show' commands for Catalyst switches that provide system settings:

1. Show system - Provides status of the system LEDs, power supplies, fan, and system among others.

2. Show test - Provides the results of diagnostic tests.

3. Show interface - Provides information on network interface flags and addressing.

4. Show module - Displays module status and information about the module.

5. Show port - A very useful command that displays information about the port and counters.

6. Show log - Displays error log.

VLANs & VTP:

A VTP capable switch can be configured as:

1. VTP server - It maintains VLAN information in a nonvolatile device or on a TFTP server.

2. Client - Clients also maintain complete list of all VLANs in the VTP domain. 

3. VTP transparent mode - Switches that do not wish to participate in VTP can be put in transparent mode. Here, VTP adverts are forwarded.

A VTP advertisement necessarily consists of "Configuration revision number". Every time a VTP server updates its VLAN information, it increments the configuration revision number by one count. VTP clients, use the revision number to enforce the VLAN configuration Update.

A non-trunk port can carry only one vlan. If more than one vlan need to be carried on a single port, trunking must be enabled on that port.

The recommended maximum hop count in a VLAN is 7, that is 7 switch/router/bridge hops are allowed in a vlan. This in other words is known as the vlan diameter. Network diameter affects the network performance while doing spanning-tree computations.
Lesser the diameter of a network, faster would be the network convergence.

The following are true about VTP:

1. Switches configured in transparent mode relay VTP adverts from other switches.

2. There must be at least 1 VTP servers in a VTP management domain.

3. It is recommended to configure VTP servers ON-LINE. This would ensure VTP domain consistency.

4. VTP does not work if there is no VLAN1 or no trunk port.

5. For CWSI (CiscoWorks for Switched Internetworks) to work, VTP is required.

A vlan belongs to a specific network number. To move traffic from one vlan (one broadcast domain) to another vlan (another broadcast domain) a router is required. 

Troubleshooting:

The first step in troubleshooting a device is to examine the physical indicators such as LEDs. Check if there is any visual hints. This may lead to a failed power supply or disconnected cable.
The next step in diagnosing a switch problem is to check Layer 1 connectivity, and then Layer 2 connectivity. The vlan and vtp information can be obtained and diagnosed at this point.

Frame Relay:

Important 'show' command used in troubleshooting Frame-Relay networks are given below:

1. Show interfaces serial - The information provided by this command include:
- LMI type (cisco/q933a/ansi
- LMI DLCI, Keepalives, Network address and subnet mask.
- Shows the interface and line protocol conditions (Normally interface up, line protocol up)

2. Show frame-relay lmi - Provides LMI statistics.

3. Show frame-relay map: This command shows the configured dlci and ip address mapping. 

4. Show frame-relay pvc: This command shows the LMI status of each configured DLCI. The packet stats for input pkts, output pkts, BECN, FECN, DE packet stats are also given.

ISDN:

ISDN can be mapped to bottom 3 layers of OSI reference model.
Layer 1 is the physical layer and the following protocols are defined at this level:

1. I.430: Defines the communication across S/T reference point.

2. I.431: Defines a full-duplex, point-to-point, serial, synchronous connection and applicable for ISDN PRI.

3. ANSI T1.601: Defines the communication across the U interface (North America only).
Layer 2 and layer 3 work for D channel only. 

Layer 2 of ISDN uses LAPD (Q.921), and Layer 3 of D channel uses Q.931 which is a subset of DSS1.
B channel uses IP/IPX with HDLC/PPP/FR/LAPB protocol.

Important ISDN commands:

debug isdn q921: This debug command shows the Layer 2 D-channel activity taking place between the TE (Terminal Equipment) and the local network termination (ISDN Switch).

Debug isdn q931: This debug command shows the Layer-3 D-channel information between the local router and the ISDN switch.

Debug ppp authentication: This debug command will display CHAP and PAP authentication messages that are being exchanged.

debug bri: shows basic isdn bri routing activity. It indicates whether the ISDN code is enabling and disabling the B-channels when attempting an out going call.

show isdn status - This command outputs ISDN switch type, whether the ISDN connection is working properly. It also displays the status of Layer 1, Layer 2, and layer 3.

Show interface bri 0 - This command shows whether BRI 0 is up and whether line protocol is up (spoofing). The command also displays encapsulation method used (PPP, HDLC, or X.25).

Note that D-channel communication takes place between the TE (Usually the router) and the local network termination point (ISDN Switch). ' debug isdn q921', and 'debug isdn q931' are limited to D-channel information only. Also, 'debug isdn q921' pertains to layer-2, where as 
'debug isdn q931' pertains to layer-3 (again D-channel only). These commands don't show B-channel debug information.

The BRI activation process is a 5 step process. These are:
1. The line is not active in both the directions between a TE and NT.
2. TE becomes active and sends 7E HDLC flag.
3. NT side sends frames with Activation bit (A-bit) set to 0 (indicating not activated)
4. TE synchronizes first and starts sending physical frames.
5. NT also synchronizes and starts sending frames with activation bit (A-bit) set to 1 (indicating activated)

TAC: 

Two levels of access available for accessing CCO (Cisco Connection Online) are:

1. Guest access for general public. The access is limited to certain areas of CCO Website for guests.

2. Registered access for customers.

The three tools of Case management Toolkit in CCO that are accessible interact directly with TAC are:

1. Case Open - Enables you to request technical assistance by opening a case with TAC
2. Case Query - Enables you to verify the status of the case
3. Case Update - Enables you to update the case with your own information.

If a customer reports a router crash or a router hang-up to the Cisco technical support group, he may be asked to provide the outputs of the following commands:

1. Show stacks - This command displays stacks, and stack traces before the reload takes place.

2. Exception dump - The core dump is useful for obtaining a copy of memory image before router crashes. The memory image can be copied to a file by using TFTP (usually if memory dump is less than 16MB) or FTPed to a remote location. You can test the core dump by issuing the command 'write core' in privileged exec mode (enable mode). This command will cause a crash, and the content of the memory will be dumped according to the configured setup.

Cisco® has combined several important commands into one single command, for the purposes of problem reporting. The command 'show tech-support' combines several of important Cisco® commands into one single privileged command.

Switching:

Netflow switching is most suitable for collecting data for accounting, billing, and charge back and other network resource utilization parameters.

Cable Testers:

Cable testers are the most basic testing tools. These are used for making sure that the physical medium is good. Cable test equipment include volt-ohm meters, multimeters, TDRs (Time Domain Reflectometers).

Protocol Analizers:

Protocol analyzer is most commonly used for recording and analyzing network protocol traffic. Filters can be set, so that only particular type of traffic is captured and analyzed. The packet content is displayed in a user friendly, and readable form by using protocol analyzers.

Debug Commands:

Debug commands are very useful for troubleshooting network problems. However, one need to be very careful when using debug command in a production network ( the term 'production network' is used in the sense that the network is in regular use, and can not be taken off without suffering some kind of loss). If the network is being used heavily, using debug command may result in the disruption of traffic and loss of data packets. Debug command, if used must be as specific as possible, to avoid unnecessary network traffic. Also, remember to undebug as soon as the purpose of using this command is achieved.

By default, all debug output is logged to the console terminal. To change the default logging option use the command 'logging <option>', the logging options include:
1. Logging console
2. Logging buffered
3. Logging monitor
4. Logging trap 
Note that logging to the console produces very high overhead, whereas logging to internal buffers produces least amount of overhead compared to other logging methods.

CDP:

The following are true about CDP:

1. CDP - Cisco Discovery Protocol is a Cisco proprietary Layer 2 protocol.

2. CDP uses a multicast packet to the common destination address 01-00-0c-cc-cc.

3. CDP packets are sent out with a non zero TTL after an interface is enabled and with a zero TTL value immediately before and interface is made idle. This enables the neighboring devices to quickly discover the state of neighbors.

4. CDP packets will never be forwarded beyond the directly connected devices. To find CDP information on indirectly connected routers, administrators can 'telnet' to the intended destination device and run CDP command.

Core Dump:

Core dump is the memory image of a router. It is useful to obtain the core dump of a router to find the reason for a router crash. Two most widely used means of configuring core dumps are:

1. By using of TFTP - Trivial File Transfer Protocol 
TFTP dumps are usually limited to 16MB. The command used to configure a router to use TFTP for core dump:
exception dump <ip-address>

2. By use of FTP - File Transfer Protocol
To configure a router for core dump using FTP required more configuration steps as below:
step1: ip ftp usename <username>
step2: ip ftp password <password>
step3: exception protocol ftp
step4: exception dump <ip-address>

You can test the core dump by issuing the command 'write core' in privileged exec mode (enable mode). This command will cause a crash, and the content of the memory will be dumped according to the configured setup.

SPAN monitoring:

The following two commands are useful for setting up a span port and verifying the span port configuration.
1. Set span - This command sets a port or vlan to be monitored.
Ex: set span 5 3/8 both
In the above command, vlan 5 is monitored by port 3/8. The argument 'both' enables monitoring in both the directions.
Ex2: set span 3/7 3/8 both
In the above command, port 3/7 is monitored by port 3/8 in both the directions (both transmit/receive traffic).

2. Show span
This command displays the span configuration. The command 'show trunk [slot-number/ port-number]' on a Catalyst switch displays the vlan information corresponding to that port. You can also use 'show vlan' command to display the vlan information on a port. This is useful in troubleshooting a vlan and allows us to ensure that the ports are configured for intended vlans.

Catalyst 5000:

In Catalyst 5000 switches, the top slot (Slot 1) is always populated with supervisor engine. The remaining slots can be populated with interface modules. Failure to load the supervisor module in slot 1 will result in boot failure of the Catalyst switch.

Frame Relay :

The following three LMI (Local Management Interface) type are supported by Cisco:

1. Cisco (default)
2. ANSI
3. Q933a

Note that, the LMI type must match on either end of the link. That is on the DTE and DCE ends. 
The command 'frame-relay lmi-type {ansi|cisco|q933a} is used for assigning a specific lmi to an interface.

Important 'show' commands used in troubleshooting Frame-Relay networks are given below:

1. Show interfaces serial - The information provided by this command include:
- LMI type (cisco/q933a/ansi
- LMI DLCI, Keepalives, Network address and subnet mask.
- Shows the interface and line protocol conditions (Normally interface up, line protocol up)

2. Show frame-relay lmi - Provides LMI statistics.

3. Show frame-relay map: This command shows the configured dlci and ip address mapping. 

4. Show frame-relay pvc: This command shows the LMI status of each configured DLCI. The packet stats for input pkts, output pkts, BECN, FECN, DE packet stats are also given.

-Vijay