350-401 ENCOR – Cisco CCIE Enterprise – Network Assurance part 1
January 27, 2023

1. Debug

In section 40 we have to learn about network assurance. Here you can see the topic. We have to learn about various type of troubleshooting mechanism or diagnostic mechanism like trace routing, SNMP, NetFlow, SLA, IPSLA, netcon, Restcon, et cetera. So what I’m going to do that as we have done earlier, one by one and section by section, module by module, we are going to discuss each and every topic. So let’s start with debug. We have debugs and conditional debugs. We know that in Cisco routers and switches we use to run debugs to know more about what is happening in the break scenario or what is happening behind the scene.

 By doing so, whenever we are enabling the debug, there’s a chance that we can increase the CPU, obviously, because now you are getting all the information about what is happening to that particular process. Again, Cisco has given a nice option that we can use conditional debug as well. Now, conditional debug is a way that we can prevent or protect from the utilization of high CPU and memory. We have certain commands to do that that will go and check in the lab section. So what we can do that, we can go and enable debug. So for that we should go to the exact mode and run debug. And then we have multiple options to enable that debug.

We can go and debug as well with the command no debug protocol. So enable the protocol or turn on the protocol, take the logs to the analysis and turn off the protocol. Then we have so debugging option. With that we can understand that how many debugs that we have used, how many debugs actually are running in that device, then we have conditional debug. So for example, I can go and use debug condition interface and over that interface what is happening will get to know again, for the conditional debug we have options to do the no debug for the conditional debug and conditional interface debug over that interface. All right, so let me quickly log into the lab section and let me show you the laptopology as well.

And then we’ll go and enable the debug and we’ll play around. So here you can see that I have my laptopology. It’s a very straightforward laptopology where you have four routers and you can see the network as well. The router one has IP 120, router two has two, then three has 230 zero three, et cetera. So let me quickly log into the device and first of all, let me show you the IP schema that we are using here, so I can go and run the script show IP interface. Please select all, send the script so you can see the IP assign to the interfaces. So for example, for router number four, I want to create one loop back as well. So I’ll go and assign one loop back address for our future troubleshooting and testing. So here you can see R one, R two, R three, R four. These are the IP addresses.

So far I have assigned only the IP addresses. Later on we will go and run any of the routing protocol as well. So what I want to do here is that I want to do the ping to router number two and whose IP here you can see even we can go like this. I’m going to do the ping to as you can see that I am sending the ping packet and ping is successful. So what I want to do here that I will initiate the ping and I can do the repeat count one number of times. Then I can go to routine number two and I can enable the debug. So what I can do here, debug IP and here you can see what options you have. So we have long list of protocols that is supported. What I want to do here, I want to do the debug for IP. So let me do that. So debug IP and then again after IPO you can see that we have options related to so many things. Say ICMP. Now you can see here at the moment I enable the debug, I can see that eco reply. This device is sending the eco reply, correct. You can see it is sending the eco reply and it is so fast because it is coming from here I can go and stop this. So let me go and complete that. And here you can see there is still whatever requested are there in the buffer still we can go and see that.

Now, in this case you can see there’s no chance that I can go and turn off the debug because already it is cached correct. So what you can do that you can relog into the device or otherwise you have to wait to that particular point it will come where you can go and stop the debug. So one thing you can see here that at the moment I enable the debug, I start getting so many packets correct. Now, while it is going on, let me show you that what other option we have with the go here. And if you want to stop, you can go and use undebug all. Before doing that, let me show you that what debug we have on. So here you can see that it is showing that your debug is ICMP packet.

Now, if I go ahead and use IP packets detail instead of ICMP and now if I go and show debug now you can see that we have two debugs on. And now if I go and initiate the ping while initiating the ping, let me reduce the size as well. For example three. Now you can see the debug is on and we are getting the output in detail because we have done IP packet details. So we are getting the ICMP type and code that we are going to discuss in the upcoming session. So here you can see that with help of Debug, we are getting much more information about the ping and what is happening behind the scene. Okay, now, next, what we can do.

2. Conditional Debug

Next we can go and verify the conditional debug as well. Now, before doing conditional debug, if we go and check the IP route so I have created one IP route here for 2222, say in router two, I have one loop two two two. So for that I have created do an IP router statement that I can go to the next router and then the next stop. Great. So now, if I go and enable, say, debug IP packet details, and if I go and do the ping for 2222 so you can see that we have flood of message rather than getting the flood of message what? We can do that. We can go and create one condition, say, for example, IP access list standard or maybe extended where we can go and define the source and destination.

 So I want to do say for example permit IP host my sources say this and then I can go and give the destination as two two two. Then inside the debug statement, I can go and use it anyways, if I’m using debug on this route, I should use the condition here. So I can do this thing. I can copy and paste this condition here. Also I can run the debug correct. So no problem here also I’ll go and enable the debug IP packets in detail. And here I’ll do undebug say for example undebug all. Now I can ping 2120 zero one with the source of two two two. And I can repeat for example four times. Now here you can see that you have this debug. Again, you have long list of debug packets that you want to shrink or you want to minimize that. So for that we have this option I can go and use IP debug packets and then you can see that I can use the SEL although I don’t have option to apply the named based SEL correct. So I can go and create the same thing with the named based number based SEL. So I can go and create, say, IP access list. Not IP access list extended. I can give the number so we know that the number 1333 is my number permit IP who is the source? Let’s give this source and the wild card correct. So IP is twelve 000-1000 means the host and then the destination. Let me quickly see that. What’s the issue? I just wanted to use the extended ACL and I have number for extended ACL here you can see it’s a little bit different than the other. I can go and give the extended ACL number as 100 and then I can go and give permit IP host 120, then host 2222. Great. Then we can go and apply to debug IP packets 100 correct detail. And then if I go and do the testing so from other side, I’ll go and ping so I can come here and I can do that ping one more time. Here it is. Here you can see that your table has decreased. So initially we have big table. Let me do that one more time.

Now you are capturing the source and destination. So this way that we can go and use condition in terms of we can apply the ACL with the debug. The other variation we have actually is the condition. So I can go here and give the condition and inside that condition I can go and match the fast ethernet zero one. Now you can see that one condition has been set and then I can go and do the same thing. So let’s do the ping. We can go and check here. So in this what is happening that the condition will match only fast ethernet one. You can go and check the condition and you can see that one flag has been triggered. So this is the way that we can do the debug. So I have shown you the normal debug then debug with ACL. Then also we can go and use the Debug with condition as well.


Next topic, we have packet internet grouper or Ping. Now how ping working? Ping depends upon ICMP messages. And with help of ICMP message we can determine that whether the remote destination is active or inactive. What’s the round trip delay, the packet loss. Now, when we are sending the first packet with help of Ping, we are sending the eco request. And if we are getting the eco reply in the specified time, that means that the remote destination is up. And then we can get certain information about remote destination. Now here you can see that ICMP type and code. These are the messages and quotes the Ping is using to get the information about the remote host.

 So first of all it is sending the eco, that is the type eight. And then it is waiting for eco reply. Again you can see that type three destination unreachable, network unreachable, host unreachable, protocol unreachable, et cetera. So we have long list of type and code. For example, other popular one is eleven, time exceed code, time to leave exceed in transit, et cetera. So these are the code messages that we can go and refer. While we are doing the troubleshooting. There are other character as well. We are very much familiar with the exclamatory. That means it is successful. Dot means maybe some issue with the network, it’s still waiting, maybe harp resolution or any other network stuff. Q means unreachable and destination is unleachable. Q means source quench destination too busy. M stands for could not fragment cushion mark means you don’t know to reach to that particular IP in that subnet. Generally in firewall when we used to ping without some specified information, we are getting this question mark. And then you have this. And that means the packet life time exceeded. So let me log into the device in the lab section and let me show you few of the ICMP code messages. All right, so I am in the lab and here you can see the same lab setup you are using for Ping as well. I can go here to R one and then I can ping to if I go and do this, maybe I can do ping from R one and then I can go and verify in R two. So in R two I’ll go and enable that debug IP packet in detail. And then I can do the ping save one.

So now here you can see that you are getting the information. And now you can go and check the ICMP code. So this is nothing but the echo. And again you can see that you have the echo reply as well. So you have the ICMP. Here you can see who’s the source, who is the destination. So if I am the source so here you can see the source and the destination packet. You have the source and the destination packet. Again you can see the source and destination. We suppose for the destination I will be the source means that thing will reverse. Again here you can see that the ICMP type zero, that’s the reply. And then ICMP if I go and enable the debug on the source as well.

So debug IP packet in detail. And then if I go and do the ping for one time so here also you can see the message, the type length code and the message 80 and that’s okay, we are sending the eco packet and we’re getting the response as well. Easy and straightforward. Now I’ll go and do some trick. I’ll go and go to interface. I’ll make this shut down. And now if I do that thing so here you can see that now you’re sending the ecos but you will not get the response correct because anyways the destination is down, because the interface is down. And here we can see that we are sending this packet, but we are not getting any response back. So we are sending the echo and the reply is not coming back. So constantly we are sending the echo packets and we are not getting the response. I’ll go and make this no shirt and for example if you go and check the routing so this time I’ll go and change the routing, let me remove this default router statement.

And then if you go and do the ping so now again I am sending the echo, but we are seeing here that we are getting the dot means that you don’t have network to reach there because you don’t have route correct. So this time we are getting the dot, dot, dot, dot. This time clearly you can see that we are getting the dots. So now I can go here and do this as this. All right, next what I want to do, I’ll go to router number two, or maybe router number one also, but I can go to router number two. And then I can create one access list, say access list eleven and deny 120. Then I will go and apply to the interface in the inward direction, in the incoming direction. And then again if I go and do the pin this time so it is working maybe what exactly I was looking for, it is not the same.

So let me quickly go and check show IP interface brief what I want that the router number two should not accept 120 whenever it will come. Okay? So if you go and check I have IP access group in the invoicing that should deny show IP access ten, I’m sorry, eleven, not do the ping and will come to this device in the ingress direction and it should drop it all if I do the ping. See you’re getting this unreachable, say for example some more. So I just wanted to show you this unreachable and you can see here in the router number two that what type of message you’re getting. So yeah, you have the eco but you have type three and 13 that’s unreachable as well, both at the source location and the destination location. You can go and see this. So far we have discussed about debug conditional debug, debug with condition or debug with some access list. Again you’re seeing different type of ping messages and with different type of options as well. Okay, so adding to this, we have a nice advanced option in the ping, that is the conditional ping. So let me show you the simple ping. Whenever you are doing the ping, what is your simple ping? Your simple ping is telling that you are sending some ecos with some repetitive frames, with some time out, with some frame size or packet size.

So for example, ten times this is not successful. So let me quickly do one thing. Let me go and remove the ACL say no IP access group eleven in. Now if you do a ping, first of all you should understand that we are getting the round trip information as well, how many packets, what is the packet loss, et cetera. So you have packet loss, round trip and then the reachability three information you’re getting correct. But we can do more than this as well. So what I am telling you that you can go and do the extended ping as well. So suppose your destination is this your repeat count? Suppose I want to do this to repeat count the datagram size, I can go and give more or less the timeout in second is okay. And you want to do extended ping? Yes, I want to do what is the store interface? I will leave this. You have any tos in your IPV four frame?

We’ll leave this as the default, zero is the default. You want to set any DF bit? We can leave that, that is do not fragment bit validate reply data? No, we’ll leave that. You have any pattern? You can leave that. So what I want to tell you here, this particular section is very important. Now remember when you are doing the trace again, the next topic is related to trace route. So you’re going hop by hobby, hop by hop. You will see the logic as well in the upcoming section. But you are not getting any information for the reverse direction or reverse route that you can go and get from the record option. So here you can see that you have lose option. You have a strict option record timer, stamp and burgos.

If you want you can use all. So if I go and use the lose one, I want to show you all and lose? It’s not that what exactly what exact path you want to give so you have any exact path. If you don’t have that’s, the loose if you want that your ping will go with certain route, it will go with certain hop certain route. So that’s a lose and strict. That is not that much informative in case of troubleshooting but this record will be very much important. Time stamp is again just the timer stamp. So at this point of time I don’t have the source route so I will leave it but if you have any, you can go and give the source. So here you can see that you have loose and you have any sweep range in sizes you want to have any variable MTU size in between. If you want to give, leave it. Now, here you can see that you have this output.

 Again, it’s not that exactly informative that we are looking for so you will not get much help while doing the troubleshooting related to two options that is the lose and strict but although they have their own use cases but for response for response you will get that not response that record you will get that. So let me go and do the same thing. So I’m going to do the ping and IP is two to two. This is my destination. IP repeat count is three. Rest of the things I will leave it extended. Yes. Source interface. Leave it, leave it, leave it.

 And then say record. By default it has maximum actually nine number of ops you can reduce but you can’t increase from this. For example LG four. Now you can see this option is RV. That is record and verbose. I can go. We’ll leave that sweep range. But here you can see that. Reply to request. Reply to request. Correct. So how the packet you are sending? How it is coming back? So while it is coming back from here it is going to this and it is going to this, correct? So that’s actually the key we have that you will not get in the trace route. When you are doing the trace route, you don’t know that if in case you have the Asymmetric path.

So here all the paths, although they are showing the same because we don’t have Asymmetry at this point of time. But suppose if you have Asymmetry in route, it will catch and it will give you the information about the Asymmetry as well. You can see the record. Route started from here, the destination. This is the source and this is the destination actually. But the reply is coming to this and coming to this. So you can think like this reply to response zero reply to response one now to add some more visibility, here what I will do.

 I’ll go and run some sort of IGP in between r one, R two, R three. So let me quickly do here router EIGRP ten, network zero, no auto summary EIGRP rather, I should take this and then I’ll go and copy paste this command to all the devices so I can do some bigger ping and bigger trace route. And then finally here. So that means if I go and check show IP route, we have a loop back at 4444. So I should get the loop back four four four somewhere. So here we can see this 2222 and then here we can see four four four. So if I ping 4444, okay, my ping is there. Now I want to do the extended ping. Four four is the destination hop count. I will take say for example OK, four we can take the grace.

 Okay timeout is okay extended I want to do source interface. Leave it at this point of time. What I’m looking for is the record option and the verbose with that. So till nine hop, although it is four or five hop a week, we can go and check the reverse route we are looking for. Now here you can see that where is your destination. This is your destination. If you go and check the diagram parallel, let me show you this diagram as well in parallel. Here you have the destination at what point? So you have 4444 and here you have then this is dot three. This is dot four. So you can see your destination starting from here. Then you have dot four. So here then you have 230 zero three. Say from here you have 23 this interface. Then you have twelve zero zero to this interface.

 So basically we are talking about which interfaces. Basically we are talking about these interfaces. Correct. And then finally you have twelve one. So that should be the response correct response packet. Now if I do the trace route and we haven’t covered trace route at this point of time, but if I do the trace route four four four and you can see the output here. So to reach to four four four while you’re going see, that’s the difference. That’s the big thing we have. So twelve one one here you can see two L 1122-3003 and 340 zero three. So reaching here, coming back it is showing you both the things correct. Now clearly you can check the trace route and the record option here and I’m taking some more time here because this will be useful tool actually to do this. So here you can see that with the trace route we are going here, we are going here and then we are going here.

 With the record option you can see that when we are reaching there this interface, this interface, this interface, let me correct it. So dot one, not this interface. Let me quickly erase and draw both things. So with the record option, this interface, this interface and this interface correct. And then you are reaching to four four four. Again from four four how you are coming this interface. This interface this interface means this is covering all the outgoing interface incoming interface correct. But with the trace route outgoing interface and that’s the key and that’s the important information we have with the record option. So I hope you, you understand the power of ICMP as well, the power of ping as well. And you can utilize it for the troubleshooting.

Leave a Reply

How It Works

Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!