Network+ Lesson 5

Implementing a troubleshooting methodology:

A structured approach to diagnosing and resolving network issues efficiently and systematically.

Identifying the problem

The initial step in troubleshooting where the specific issue or malfunction within the network is recognized.

Establishing and testing your theories

• Developing an idea or ideas about the root cause of the problem

• Conducting tests to validate these theories.

Establishing an action plan

• Creating a detailed strategy for addressing the identified issue

• Include steps for resolution and resources required.

Implementing a solution

Executing the action plan to resolve the network problem.

Verifying the solution:

Confirming that the implemented solution effectively resolves the issue and restores network functionality.

Documentation of the solution:

• Record the problem

• Record the steps of solution process

• Finally, record the outcomes

• This can be references in the future and provide learning.

What is the initial step in the troubleshooting methodology?

• Identifying a Problem in Troubleshooting

  • The initial step in troubleshooting where the specific issue or malfunction within the network is recognized.

What are some of the techniques we can utilize to identify problems?

Gather information, Question users, Identify symptoms, Determine if anything has changed, Duplicate the problem, if possible, Approach multiple problems individually

Gather information

• Collect data and logs that can shed light on the issue.

  • Previous troubleshooting documentation

  • Configuration information

  • System and network logs

  • Firewall logs

Question users

• Interview users who might have noticed the problem or its effects.

• Ask open-ended questions such as "Describe what the symptoms that you have been noticing," instead of "Have you had issues with the network?". this is a "yes" and "no" or closed-ended question

Identify symptoms

Pinpoint the exact nature and characteristics of the problem.

Determine if anything has changed

• Check for recent changes in

  • Network configuration (if possible, check configuration management database)

  • Software updates

  • Environmental factors

Duplicate the problem, if possible

Reproducing the issue can help to better understand its conditions and triggers.

Approach multiple problems individually

Break down complex issues into simpler, individual problems for easier management

Can you describe the what we mean when we say "Establishing and Testing Theories in Troubleshooting?

• Formulating hypotheses about the root cause

• systematically test these theories to narrow down the possibilities.

What are some of the techniques that we can utilize to come up with possible theories?

Question the Obvious and Consider Multiple Approaches

Question the Obvious

• Start by questioning basic assumptions

• Verifying simple configuration

• Try to ensure that no details have been overlooked

Consider Multiple Approaches:

Top-to-bottom/bottom-to-top (OSI Model) and Divide and Conquer

Top-to-bottom/bottom-to-top (OSI Model)

• Approach the problem by working through the OSI model layers

• From the Physical Layer or Layer 1 up to the Application layer or Layer 7 (bottom-to-top)

• From the application layer down (top-to-bottom)

• Done to isolate the issue or issues systematically.

Divide and Conquer

• Break down the problem into smaller, manageable segments

• Helps to identify the root cause more efficiently

• Focuses on isolating specific areas or functions where the issue could reside.

Now that we have some theories, what do we do with them next?

Test the theory to determine the cause - practical experimentation and observation to validate or refute the established hypothesis or theory.

What if we confirm our theory to be correct?:

• If the theory has been confirmed

  • Determine the next steps to fully resolve the problem. This may include:

    • Applying fixes

    • Changing settings,

    • Replacing faulty hardware.

What if we find our theory to be incorrect?

• If the theory is not confirmed

  • Reassess the situation to establish a new theory based on the information gathered from the test

  • Consider alternative explanations for the issue, leading to a fresh set of theories

What if we find that the issue is alluding us, or beyond the scope of our expertise, what do we do?

• We escalate the problem - Escalation - escalate the issue to a higher-level support team or specialist with more expertise or resources.

• If after several attempts the problem remains unsolved

• If the complexity of the issue is beyond the current skill level

What is an action in troubleshooting?

• Developing a step-by-step approach to implementing a solution

• Also, carefully considering the potential impacts on the network, system or users.

What are some techniques to creating an plan of action:

Detail the steps required to fix the issue, Evaluate how these actions might affect, The goal is to mitigate adverse effects, Implement a carefully detailed rollback plan

Detail the steps required to fix the issue, such as:

• Configurations

• Hardware replacements

• Software updates

Evaluate how these actions might affect

• Network operations

• User experience

• Security

Implement a carefully detailed rollback plan

• Reverses the changes made by solution implementation.

• Sets a predefined timeline amd threshold to implement the rollback plan, should the implementation fail

Can you give us a couple of examples?

Switch configuration issue and Hypervisor host server configuration changes :

Switch configuration issue:

• Plan

  • Modify the switch configuration to eliminate a forwarding loop.

  • Adding new VLAN configuration, to isolate communication for VoIP system and apply prioritized forwarding.

• Potential effects

  • The company has an expectancy of temporary network downtime during the switch reboot

  • VoIP systems will be effected by temporary configuration changes

  • Scheduled during off-peak hours to reduce user impact.

Hypervisor host server configuration changes :

• Plan

  • Modify settings on the host server's virtual networks

• Potential effects

  • The company has an expectancy that virtual machines currently running on the host server may experience intermittent network disruptions

  • Real-time or near real-time transactions may be queued for loss protection, impacting platform performance

  • Send advanced notification to affected users can minimize inconvenience.

Can you explain a little about the solution implementation step in troubleshooting?

After planning, the crucial steps are implemented, according to the action plan

Where does escalation come into the equation?

• If issue is beyond current capabilities

• The solution should be transferred to more specialized support.

Can you provide more detail on the implemention process?

• Execute the solution according to the action plan

• Apply changes meticulously to avoid unintended consequences.

• Continuously monitor the system's response to the implemented changes to ensure the problem is resolved.

• Adjustments may be required if the initial solution doesn't fully resolve the issue or if it leads to unforeseen problems.

How about the escalation side, can you provide more detail?

• If the problem proves too complex or requires specialized knowledge,

• The issue should be escalated/transferred to higher-level technical support or specialized teams.

• Provide a comprehensive briefing to ensure they understand the issue, what has been tried, and any relevant system information.

• Maintain communication with the team or individual the issue was escalated to, offering support and staying informed on progress to relay updates back to affected users or stakeholders.

Can you give us some examples?

Software configuration adjustment, Hardware replacement, and Complex security breach

Software configuration adjustment

• Implementation

  • Modify specific settings in the network's firewall software

  • Done to alleviate throughput bottlenecks identified during troubleshooting.

• Monitoring

  • Use network performance monitoring tools

  • To ensure that changes have effectively eliminated the bottleneck without compromising security.

Hardware replacement:

• Implementation

  • Systematically replace a defective network switch that's causing connectivity issues

  • Ensuring the new switch is correctly configured to match the network's requirements.

• Verification

  • Perform comprehensive tests

  • Stress testing under peak load

  • To confirm that the network is fully functional and the problem is resolved.

Complex security breach:

• Escalation

  • For a security breach involving advanced persistent threats (APT)

  • Escalate the issue to external cybersecurity specialists who have the tools and expertise to conduct deep forensic analysis and mitigate the breach.

• Collaboration

  • Facilitate a smooth handover by providing detailed logs, access to affected systems, and any initial findings.

  • Regularly check in for updates and assist with implementing recommended security measures to prevent future incidents.

When we are trying to verify that are solution did indeed work?

Start with a confirmation of resolution, post-implementation and Perform system-wide and platform-wide checks,

Start with a confirmation of resolution, post-implementation

• Confirm that the original problem has been resolved by retesting under the same conditions that initially identified the issue.

• Engage with the end-users or stakeholders to ensure the solution meets the needs, resolving the issue from their perspective.

Perform system-wide and platform-wide checks

• Perform a comprehensive system checks, ensuring the implemented solution has not adversely affected other areas of the network.

• Monitor system performance and logs to detect any unintended consequences of the changes made.

If we have confirmed that our implementation has solved the problem, what is next?

Provide final documentation (may be located in more than a single location)

Provide final documentation (may be located in more than a single location)

• Update network documentation to reflect any changes made during the troubleshooting process.

• Document the problem, the analysis, the implemented solution, and the verification process for future reference and learning.

Can you provide a few examples of these steps?

Switch Reconfiguration and Virtualization host reconfiguration

Switch Reconfiguration

• Perform confirmation testing

  • After reconfiguring the switch, conduct tests to ensure network stability and VoIP quality.

• System-wide Checks

  • Verify that the new VLAN settings and prioritization rules have not negatively impacted other network traffic.

• Final Documentation

  • Record the details of the switch reconfiguration

    • Configuration changes

    • The reasoning or justification behind the changes

    • The results of post-implementation testing

Virtualization host reconfiguration

• Perform confirmation testing

  • Test connectivity and network performance for all VMs running on the host

  • Ensure the VMs have not been adversely affected by the changes.

  • Perform system-wide and platform-wide checks

  • Perform continuous monitoring on the host and other VMs to identify any unintended side effects of the network adapter reconfiguration.

• Final Documentation

  • Record the changes made to the virtual network adapter settings

  • Record the reasoning or justification for the change

  • Record the outcomes of the verification process.

We have seen that interference can hinder Wi-Fi signals, can this happen in cabling?

• External signals can disrupt a cable's signal.

• Electromagnetic sources like motors, fluorescent lights, HVAC and elevators.

• Signal degradation

  • a reduction in the quality of the signal as it travels through the cable.

• Potential solutions

  • Use shielded cables

  • Reroute cables away from interference sources

The motors, fluorescent lights and few more, how do these interfere?

• This increases the potential for electromagnetic interference or EMI, or unwanted noise/electrical energy in the twisted pair cabling.

• Can be an incorrect cabling choice due to environmental awareness

  • Shielded Twisted Pair (STP) vs. Unshielded Twisted Pair (UTP)

  • STP provides additional electromagnetic interference protection.

  • Use STP in high interference environments; UTP in cost-sensitive, lower interference scenarios.

You mentioned external signals causing interference, how does this happen?

• Crosstalk

  • is when the signal from one cable leaks into another.

• Common causes

  • Physical cable damage

  • Tightly packed cables

  • Lack of or poor shielding

  • Poor quality cables

• Potiential solutions

  • Regular cable inspections

  • use high-quality cables

  • Cable management techniques

What about mismatches?

Can be an incorrect cable, Can be TX/RX mismatches, Potential solutions

Can be an incorrect cable

• The wrong type of cable for the network's requirements/hardware capabilities

• Such as a standards mismatch such (CAT 5e vs. 6 vs. 6a vs. 8)

  • Categories differ in data rate and bandwidth support.

  • Misuse arises from outdated standards knowledge.

• Lack of understanding of cable specifications or network requirements

Can be TX/RX mismatches

• Mixing up the transmit (TX) and receive (RX) ends of a cable.

• Cable mismatch (straight through vs. crossover)

• Improper termination, TIA 568 mismatch

• Common cause - misunderstanding or lack of cable wiring standards

Potential solutions

• Educate and train staff on cable types and network requirements

• Select category based on network speed and future-proofing considerations.

• Ensure cables are clearly labeled

• Provide clear up-to-date documentation

How about fiber optic cabling?

Physical damage, Connector issues, Environmental factors

Physical damage (Fiber Optic)

Bending or pulling can cause breaks or microbeads in the fibers

Fiber optic Connector issues

• Improperly cleaned or aligned connectors

• Can cause significant loss and reflection problems

Fiber optic Environmental factors

• Temperature fluctuations and moisture

• Can affect fiber performance and longevity

Single-Mode Fiber (SMF) Issues

Installation Sensitivity, Higher equipment costs, Attenuation and dispersion

SMF Installation Sensitivity

• Requires precise alignment and handling due to its narrow core diameter

• Installation and maintenance can be more challenging

SMF Higher equipment costs

• Compatible equipment (like lasers)

• Costs more than those used with MMF.

SMF Attenuation and dispersion

While less than MMF, still can be affected by bending and physical stress.

Multimode Fiber (MMF) Issues

Modal dispersion, Distance limitations, and Core diameter variability

MMF Modal dispersion

• Leads to signal distortion over long distances

• This can limit bandwidth and data transmission rates.

MMF Distance limitations

• Effective only for short-range communications

• Limited use in extended networks

MMF Core diameter variability

Differences in core sizes can lead to mismatches and loss when interconnecting different types or generations of MMF

What can interface metrics help us to troubleshoot the network?

Problems at the network interface level can indicate data transmission, issues, and efficiency.

What are some of the metrics we can utilize?

Increasing interface counters, Cyclic redundancy checks (CRCs), Runts, Giants, Drops, Port status

Increasing interface counters

Indicate various types of errors and issues affecting network performance and data integrity

Cyclic redundancy checks (CRCs)

• An error-detection code or EDC used to detect errors, when forwarding data

• Common issues

  • A large CRC failure can be a sign of a damaged network adapter, cabling, or electromagnetic interference

• Solutions

  • Check and replace faulty cables or network adapters

  • Ensure proper grounding of all components

Runts

• Small packets that are smaller than the minimum allowed size

• Can indicate collisions or other errors

• Common issues

  • Can be caused by collisions in half-duplex modes

  • Can be caused by undersized packets due to configuration errors

• Solutions

  • Check duplex settings

  • Ensure proper configuration

  • Update device firmware.

Giants

• Packets that exceed the maximum permitted size

• May suggest configuration errors or faulty hardware

• Common issues

  • Can result from misconfigured devices allowing oversized packets or malfunctioning hardware.

• Solutions - Verify network device configurations for MTU sizes and replace any malfunctioning hardware.

Drops

• Occurs when the interface discards packets due to errors, full buffers, or other transmission issues.

• Common issues

  • Network congestion

  • Buffer overflow

  • Misconfigured QoS settings

• Solutions

  • Increase buffer size

  • Adjust QoS policies

  • Resolve network congestion issues.

Port status

• Reflects the current operational state of network ports.

• Error disabled - a port state where the interface is disabled due to a network error or policy violation.

• Common issues

  • Triggered by port security violations, BPDU guard, or other protective mechanisms

• Solutions

  • Reset the port and re-enable it manually if necessary.

• Administratively down

  • A port condition set by network administrators to disable the interface manually.

  • Common issues

    • Intentionally set for maintenance, security, or other administrative reasons

  • Solutions

    • Re-enable the port through configuration once the reason for shutdown is addressed

Suspended

• The port is temporarily disabled due to issues like violation of port security settings.

• Common issues

  • Often a result of exceeding allowed MAC addresses or other security policy violations.

• Solutions

  • Clear the security violation

  • Adjust port security settings as needed

What about hardware issues?

Power budget exceeded (Power over Ethernet), Incorrect standard (Power over Ethernet), Transceiver mismatch, Signal strength

Power budget exceeded (Power over Ethernet)

• Common issues

  • Devices demanding more power than the PoE switch can supply

  • This can lead to underperformance or device shutdown

• Solutions

  • Upgrade to a switch with a higher power budget or reduce the number of PoE devices connected

Incorrect standard (Power over Ethernet)

• Common issues

  • Devices and switches may not operate efficiently if they support different PoE standards (IEEE 802.3af vs. 802.3at)

• Solutions

  • Ensure that all devices and switches are compatible with each other

Transceiver mismatch

• Common issues

  • Incompatibility between transceiver types (mismatch between SFP, SFP+, QSFP, QSFPO+ modules) can lead to connectivity failures

• Solutions

  • Use compatible transceivers, with matching specifications required by the networking equipment

Signal strength

• Common issues

  • Weak or degraded signals

  • Poor quality cables, excessive distance, or incorrect transceiver types

• Solutions

  • Check cable quality and length

  • Ensure correct transceiver type

What Layer 2 services, such as STP, can cause network issues?

Forwarding loops, Root bridge selection, Port roles, Port states

Forwarding loops

• Symptom

  • Unintended traffic loops causing broadcast storms and network slowdowns

• Common causes

  • Inadequate STP configuration

  • Failure to block redundant paths

• Solution

  • Verify STP operation to ensure, correct identification and redundant path blocking

Root bridge selection

• Symptom

  • Poor network performance due

• Common causes

  • Inefficient root bridge location

  • Default configuration leading to an unplanned device becoming the root bridge

• Solution

  • Manually set bridge priority on the preferred root bridge (controlled root bridge election)

Port roles

• Root

  • Non-root switches, having the best cost path to root bridge. These ports forward data to the root bridge.

• Designated

  • Ports on root and designated switches

• Blocked

  • All other ports to bridges or switches are in a blocked state.

• Symptom

  • Misrouted traffic or network segments becoming isolated

• Common causes

  • Incorrect STP calculations or configuration errors assigning incorrect port roles

• Solution

  • Check STP port roles (root, designated, blocked)

  • Adjust configurations as needed

Port states

• Port states

  • States

    • Disabled - The port is disabled, does not forward traffic

    • Blocking - In a blocking state, does not forward traffic

    • Listening -listens for and sends BPDUs

    • Learning - When a superior BPDU is received, it will stop sending its own BPDUs, and will start relaying the superior BPDUs.

    • Forwarding - Forwarding traffic.

  • Symptom

    • Slow network convergence

    • Devices unable to communicate immediately after network changes

  • Common causes

    • Ports stuck in inappropriate states (listening, learning) for too long due to STP settings

  • Solution

    • Review and adjust STP timers and settings

    • Ensure ports transition to the forwarding state in a timely manner

Configuration issues on managed switches, could this be the cause?

Incorrect VLAN Assignment, ACLs (Access Control Lists),

Incorrect VLAN Assignment

• Symptom

  • Lack of connectivity

  • Access issues (inlcuding unauthorized)

• Common causes

  • Assigning a device or port to the wrong VLAN

• Solution

  • Ensure port VLAN configurations match the intended network segment for the connected devices

ACLs (Access Control Lists)

• Used to permit or deny traffic through the network, impacting access and flow

• Symptom

  • Blocking legitimate traffic

  • Allowing unauthorized

• Common cause

  • Incorrectly configured ACLs

• Solution

  • Regularly review and update ACLs

  • align with network security policies and access requirements

How about Layer 3 or routing issues?

Routing tables and Default routes

Routing tables

• Symptom

  • Misdirected or dropped traffic, inability to reach specific network segments.

• Common causes

  • Incorrectly configured static routes, outdated or missing routes due to dynamic routing failures.

• Solution

  • Verify the accuracy of routing table entries, update static routes, and ensure dynamic routing protocols are properly configured and operational.

Default routes

• Symptom

  • Inability to access external networks or the internet.

• Common causes

  • Absence of a default route or incorrect default gateway configuration.

• Solution

  • Ensure that a correct default route is set and points to a valid gateway that can route traffic outside the local network

What can cause a 169.254.x.y address?

Address Pool Exhaustion, Duplicate IP Address, Two hosts are assigned the same IP address on a network

Address Pool Exhaustion

• Occurs when all IP addresses in a designated pool are in use, preventing new device connections

• Common issues

  • High number of connected devices exceeding the available addresses in the DHCP scope

• Solutions

  • Expand the DHCP address pool or reduce lease time to free up addresses

Two hosts are assigned the same IP address on a network

• Common issues

  • Manual configuration errors

  • DHCP misconfigurations

• Solutions

  • Use DHCP reservation for critical devices

  • Verify static IPs do not overlap with the DHCP scope

What can cause a misconfigured network adapter settings?

Incorrect Default Gateway, Incorrect IP Address, Incorrect Subnet Mask

Incorrect Default Gateway

• The designated router IP for outgoing traffic is wrongly configured, hindering external network access

• Solutions

  • Verify and correct the default gateway settings on affected devices

  • Reconfigure and update DHCP server settings

Incorrect IP Address

• An IP address that does not align with the intended network configuration is assigned to a device

• Solutions

  • Ensure static IP addresses are correctly assigned

  • Reconfigure and update DHCP server settings

Incorrect Subnet Mask

• An improperly configured subnet mask can lead to incorrect network or broadcast addresses on devices

• Solutions

  • Double-check and correct subnet mask configurations on individual devices

  • Reconfigure and update DHCP server settings*