Senior Acquisitions Editor: Kenyon Brown Development Editor: Kim Wimpsett

Using DNS to Resolve Names

If you have a lot of devices, you don’t want to create a host table in each

one of them unless you’ve also got a lot of time to waste. Since most of us

don’t, I highly recommend using a DNS server to resolve hostnames

instead!

Anytime a Cisco device receives a command it doesn’t understand, it will

try to resolve it through DNS by default. Watch what happens when I type

the special command

todd

at a Cisco router prompt:

SW-1#

todd

Translating "todd"...domain server (255.255.255.255)

% Unknown command or computer name, or unable to find

computer address

SW-1#

Because it doesn’t know my name or the command I’m trying to type, it

tries to resolve this through DNS. This is really annoying for two reasons:

first, because it doesn’t know my name , and second, because I

need to hang out and wait for the name lookup to time out. You can get

around this and prevent a time-consuming DNS lookup by using the

no

ip domain-lookup

command on your router from global configuration

mode.

So if you have a DNS server on your network, you’ll need to add a few

commands to make DNS name resolution work well for you:

The first command is

ip domain-lookup

, which is turned on by default.

It needs to be entered only if you previously turned it off with the

no

ip domain-lookup

command. The command can be used without the

hyphen as well with the syntax

ip domain lookup

.

The second command is

ip name-server

. This sets the IP address of

the DNS server. You can enter the IP addresses of up to six servers.

The last command is

ip domain-name

. Although this command is

optional, you really need to set it because it appends the domain name

to the hostname you type in. Since DNS uses a fully qualified domain

name (FQDN) system, you must have a second-level DNS name, in

the form

domain.com

.

Here’s an example of using these three commands:

SW-1#

config t

SW-1(config)#

ip domain-lookup

SW-1(config)#

ip name-server ?

A.B.C.D Domain server IP address (maximum of 6)

SW-1(config)#

ip name-server 4.4.4.4

SW-1(config)#

ip domain-name lammle.com

SW-1(config)#

^Z

After the DNS configurations have been set, you can test the DNS server

by using a hostname to ping or telnet into a device like this:

SW-1#

ping SW-3

Translating "SW-3"...domain server (4.4.4.4) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.100.128.8, timeout is

2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max

= 28/31/32 ms

Notice that the router uses the DNS server to resolve the name.

After a name is resolved using DNS, use the

show hosts

command to

verify that the device cached this information in the host table. If I hadn’t

used the

ip domain-name

​

lammle.com

command, I would have needed to

type in

ping sw-3.lammle.com

, which is kind of a hassle.

Should You Use a Host Table or a DNS Server?

Karen has finally finished mapping her network via CDP and the

hospital’s staff is now much happier. But Karen is still having a

difficult time administering the network because she has to look at

the network drawing to find an IP address every time she needs to

telnet to a remote router.

Karen was thinking about putting host tables on each router, but with

literally hundreds of routers, this is a daunting task and not the best

solution. What should she do?

Most networks have a DNS server now anyway, so adding a hundred

or so hostnames into it would be much easier—certainly better than

adding these hostnames to each and every router! She can just add

the three commands on each router and voilà—she’s resolving names!

Using a DNS server makes it easy to update any old entries too.

Remember, for even one little change, her alternative would be to go

to each and every router to manually update its table if she’s using

static host tables.

Keep in mind that this has nothing to do with name resolution on the

network and nothing to do with what a host on the network is trying

to accomplish. You only use this method when you’re trying to resolve

names from the router console.

Checking Network Connectivity and

Troubleshooting

You can use the

ping

and

traceroute

commands to test connectivity to

remote devices, and both of them can be used with many protocols, not

just IP. But don’t forget that the

show ip route

command is a great

troubleshooting command for verifying your routing table and the

show

interfaces

command will reveal the status of each interface to you.

I’m not going to get into the

show interfaces

commands here because

we’ve already been over that in Chapter 6. But I am going to go over both

the

debug

command and the

show processes

command, both of which

come in very handy when you need to troubleshoot a router.

Using the ping Command

So far, you’ve seen lots of examples of pinging devices to test IP

connectivity and name resolution using the DNS server. To see all the

different protocols that you can use with the Ping program, type

ping ?

:

SW-1#

ping ?

WORD Ping destination address or hostname

clns CLNS echo

ip IP echo

ipv6 IPv6 echo

tag Tag encapsulated IP echo

The

ping

output displays the minimum, average, and maximum times it

takes for a

ping

packet to find a specified system and return. Here’s an

example:

SW-1#

ping SW-3

Translating "SW-3"...domain server (4.4.4.4) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.100.128.8, timeout is

2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max

= 28/31/32 ms

This output tells us that the DNS server was used to resolve the name,

and the device was pinged in a minimum of 28 ms (milliseconds), an

average of 31 ms, and up to 32 ms. This network has some latency!

The

ping

command can be used in user and privileged mode

but not configuration mode!

Using the traceroute Command

Traceroute—the

traceroute

command, or

trace

for short—shows the

path a packet takes to get to a remote device. It uses time to live (TTL),

time-outs, and ICMP error messages to outline the path a packet takes

through an internetwork to arrive at a remote host.

The

trace

command, which you can deploy from either user mode or

privileged mode, allows you to figure out which router in the path to an

unreachable network host should be examined more closely as the

probable cause of your network’s failure.

To see the protocols that you can use with the

traceroute

command, type

traceroute ?

:

SW-1#

traceroute ?

WORD Trace route to destination address or hostname

appletalk AppleTalk Trace

clns ISO CLNS Trace

ip IP Trace

ipv6 IPv6 Trace

ipx IPX Trace

mac Trace Layer2 path between 2 endpoints

oldvines Vines Trace (Cisco)

vines Vines Trace (Banyan)

The

traceroute

command shows the hop or hops that a packet traverses

on its way to a remote device.

Do not get confused! You can’t use the

tracert

command;

that’s a ​Windows command. For a router, use the

traceroute

command!

Here’s an example of using

tracert

on a Windows prompt—notice that

the command is

tracert

, not

traceroute

:

C:\>

tracert

www.whitehouse.gov

Tracing route to a1289.g.akamai.net [69.8.201.107]

over a maximum of 30 hops:

1 * * * Request timed out.

2 53 ms 61 ms 53 ms hlrn-dsl-gw15-207.hlrn.qwest.net

[207.225.112.207]

3 53 ms 55 ms 54 ms hlrn-agw1.inet.qwest.net

[71.217.188.113]

4 54 ms 53 ms 54 ms hlr-core-01.inet.qwest.net

[205.171.253.97]

5 54 ms 53 ms 54 ms apa-cntr-01.inet.qwest.net

[205.171.253.26]

6 54 ms 53 ms 53 ms 63.150.160.34

7 54 ms 54 ms 53 ms

www.whitehouse.gov

[69.8.201.107]

Trace complete.

Okay, let’s move on now and talk about how to troubleshoot your network

using the

debug

command.

Debugging

Debug is a useful troubleshooting command that’s available from the

privileged exec mode of Cisco IOS. It’s used to display information about

various router operations and the related traffic generated or received by

the router, plus any error messages.

Even though it’s a helpful, informative tool, there are a few important

facts that you need to know about it. Debug is regarded as a very high-

overhead task because it can consume a huge amount of resources and

the router is forced to process-switch the packets being debugged. So you

don’t just use debug as a monitoring tool—it’s meant to be used for a

short period of time and only as a troubleshooting tool. It’s highly useful

for discovering some truly significant facts about both working and faulty

software and/or hardware components, but remember to limit its use as

the beneficial troubleshooting tool it’s designed to be.

Because debugging output takes priority over other network traffic, and

because the

debug all

command generates more output than any other

debug

command, it can severely diminish the router’s performance—even

render it unusable! Because of this, it’s nearly always best to use more

specific

debug

commands.

As you can see from the following output, you can’t enable debugging

from user mode, only privileged mode:

SW-1>

debug ?

% Unrecognized command

SW-1>

en

SW-1#

debug ?

aaa AAA Authentication, Authorization and

Accounting

access-expression Boolean access expression

adjacency adjacency

aim Attachment Information Manager

all Enable all debugging

archive debug archive commands

arp IP ARP and HP Probe transactions

authentication Auth Manager debugging

auto Debug Automation

beep BEEP debugging

bgp BGP information

bing Bing(d) debugging

call-admission Call admission control

cca CCA activity

cdp CDP information

cef CEF address family independent operations

cfgdiff debug cfgdiff commands

cisp CISP debugging

clns CLNS information

cluster Cluster information

cmdhd Command Handler

cns CNS agents

condition Condition

configuration Debug Configuration behavior

[output cut]

If you’ve got the freedom to pretty much take out a router or switch and

you really want to have some fun with debugging, use the

debug all

command:

Sw-1#

debug all

This may severely impact network performance. Continue?

(yes/[no]):

yes

All possible debugging has been turned on

At this point my switch overloaded and crashed and I had to reboot it. Try

this on your switch at work and see if you get the same results. Just

kidding!

To disable debugging on a router, just use the command

no

in front of the

debug

command:

SW-1#

no debug all

I typically just use the

undebug all

command since it is so easy when

using the shortcut:

SW-1#

un all

Remember that instead of using the

debug all

command, it’s usually a

much better idea to use specific commands—and only for short periods of

time. Here’s an example:

S1#

debug ip icmp

ICMP packet debugging is on

S1#

ping 192.168.10.17

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.10.17, timeout is 2

seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1

ms

S1#

1w4d: ICMP: echo reply sent, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply rcvd, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply sent, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply rcvd, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply sent, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply rcvd, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply sent, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply rcvd, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply sent, src 192.168.10.17, dst 192.168.10.17

1w4d: ICMP: echo reply rcvd, src 192.168.10.17, dst 192.168.10.17

SW-1#

un all

I’m sure you can see that the

debug

command is one powerful command.

And because of this, I’m also sure you realize that before you use any of

the debugging commands, you should make sure you check the CPU

utilization capacity of your router. This is important because in most

cases, you don’t want to negatively impact the device’s ability to process

the packets on your internetwork. You can determine a specific router’s

CPU utilization information by using the

show processes

command.

Remember, when you telnet into a remote device, you will not

see console messages by default! For example, you will not see

debugging output. To allow console messages to be sent to your

Telnet session, use the

terminal monitor

command.

Using the show processes Command

As I’ve said, you’ve really got to be careful when using the

debug

command on your devices. If your router’s CPU utilization is consistently

at 50 percent or more, it’s probably not a good idea to type in the

debug

all

command unless you want to see what a router looks like when it

crashes!

So what other approaches can you use? Well, the

show processes

(or

show

processes cpu

) is a good tool for determining a given router’s CPU

utilization. Plus, it’ll give you a list of active processes along with their

corresponding process ID, priority, scheduler test (status), CPU time

used, number of times invoked, and so on. Lots of great stuff! Plus, this

command is super handy when you want to evaluate your router’s

performance and CPU utilization and are otherwise tempted to reach for

the

debug

command!

Okay—what do you see in the following output? The first line shows the

CPU utilization output for the last 5 seconds, 1 minute, and 5 minutes.

The output provides 5%/0% in front of the CPU utilization for the last 5

seconds: The first number equals the total utilization, and the second one

indicates the utilization due to interrupt routines. Take a look:

SW-1#

sh processes

CPU utilization for five seconds: 5%/0%; one minute: 7%; five

minutes: 8%

PID QTy PC Runtime(ms) Invoked uSecs Stacks TTY

Process

1 Cwe 29EBC58 0 22 0 5236/6000 0 Chunk

Manager

2 Csp 1B9CF10 241 206881 1 2516/3000 0 Load

Meter

3 Hwe 1F108D0 0 1 0 8768/9000 0

Connection Mgr

4 Lst 29FA5C4 9437909 454026 20787 5540/6000 0 Check

heaps

5 Cwe 2A02468 0 2 0 5476/6000 0 Pool

Manager

6 Mst 1E98F04 0 2 0 5488/6000 0 Timers

7 Hwe 13EB1B4 3686 101399 36 5740/6000 0 Net

Input

8 Mwe 13BCD84 0 1 0 23668/24000 0 Crash

writer

9 Mwe 1C591B4 4346 53691 80 4896/6000 0 ARP

Input

10 Lwe 1DA1504 0 1 0 5760/6000 0 CEF MIB

API

11 Lwe 1E76ACC 0 1 0 5764/6000 0

AAA_SERVER_DEADT

12 Mwe 1E6F980 0 2 0 5476/6000 0 AAA

high-capacit

13 Mwe 1F56F24 0 1 0 11732/12000 0 Policy

Manager [output cut]

So basically, the output from the

show processes

command reveals that

our router is happily able to process debugging commands without being

overloaded—nice!

Summary

In this chapter, you learned how Cisco routers are configured and how to

manage those configurations.

We covered the internal components of a router, including ROM, RAM,

NVRAM, and flash.

Next, you found out how to back up and restore the configuration of a

Cisco router and switch.

You also learned how to use CDP and Telnet to gather information about

remote devices. Finally, you discovered how to resolve hostnames and

use the

ping

and

trace

commands to test network connectivity as well as

how to use the

debug

and

show processes

commands—well done!

Exam Essentials

Define the Cisco router components. Describe the functions of the

bootstrap, POST, ROM monitor, mini-IOS, RAM, ROM, flash memory,

NVRAM, and the configuration register.

Identify the steps in the router boot sequence. The steps in the

boot sequence are POST, loading the IOS, and copying the startup

configuration from NVRAM to RAM.

Save the configuration of a router or switch. There are a couple of

ways to do this, but the most common method, as well as the most tested,

is

copy running-config startup-config

.

Erase the configuration of a router or switch. Type the privileged-

mode command

erase startup-config

and reload the router.

Understand the various levels of syslog. It’s rather simple to

configure syslog; however, there are a bunch of options you have to

remember for the exam. To configure basic syslog with

debugging

as the

default level, it’s just this one command:

SF(config)#

logging 172.16.10.1

However, you must remember all eight options:

SF(config)#

logging trap ?

<0-7> Logging severity level

alerts Immediate action needed (severity=1)

critical Critical conditions (severity=2)

debugging Debugging messages (severity=7)

emergencies System is unusable (severity=0)

errors Error conditions (severity=3)

informational Informational messages (severity=6)

notifications Normal but significant conditions (severity=5)

warnings Warning conditions (severity=4)



Understand how to configure NTP. It’s pretty simple to configure

NTP, just like it was syslog, but we don’t have to remember a bunch of

options! It’s just telling the syslog to mark the time and date and enabling

NTP:

SF(config)#

service timestamps log datetime msec

SF(config)#

ntp server 172.16.10.1 version 4

Describe the value of CDP and LLDP. Cisco Discovery Protocol can

be used to help you document as well as troubleshoot your network; also,

LLDP is a nonproprietary protocol that can provide the same information

as CDP.

List the information provided by the output of the

show cdp

neighbors

command. The

show cdp neighbors

command provides the

following information: device ID, local interface, holdtime, capability,

platform, and port ID (remote interface).

Understand how to establish a Telnet session with multiple

routers simultaneously. If you telnet to a router or switch, you can

end the connection by typing

exit

at any time. However, if you want to

keep your connection to a remote device but still come back to your

original router console, you can press the Ctrl+Shift+6 key combination,

release it, and then press X.

Identify current Telnet sessions. The command

show sessions

will

provide you with information about all the currently active sessions your

router has with other routers.

Yüklə 22,5 Mb.

Dostları ilə paylaş: