Chapter 5:

Using Specialized
Maintenance and
Troubleshooting
Tools

CCNP TSHOOT: Maintaining and Troubleshooting IP Networks

Course v7 Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 1
 Chapter 5 Objectives
This chapter covers the following topics:
 Categories of troubleshooting tools
 Traffic-capturing features and tools
 Information gathering with SNMP
 Information gathering with NetFlow
 Network event notification with EEM

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 2
 Categories of Troubleshooting Tools
 Collection of information
• Sniffers or debug outputs used for:
• Analyzing and improving network performance or security
• Making proposals for improvements
 Continuous collection of information to establish a
baseline
• Collection of statistics through use of the SNMP and traffic accounting
by use of NetFlow technology.
• Key network performance indicators
• Network behavior over a long period of time
 Notification of network events
• Syslog messages or SNMP
• Based on events triggering devices to report specific information

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 3
 Traffic-Capturing Features and Tools

 Protocol analyzer

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 4
 SPAN (Switch Port Analyzer)

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 5
 RSPAN (Remote Switch Port Analyzer)

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 6
 Verifying RSPAN

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 7
 Information Gathering with SNMP
SNMP Components:
 NMS
 SNMP Agents
 MIB

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 8
 Information Gathering with SNMP

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 9
 Information Gathering with NetFlow

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 10
 Network Event Notification
 SNMP Traps

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 11
 Network Event Notification
 Syslog
• Syslog is a simple protocol used by an IP device (syslog client) to
send text-based log messages to another IP device (syslog server).
• These messages are the same messages that are displayed on the
console of Cisco routers and switches.
• The syslog protocol allows these messages to be forwarded across
the network to a central log server that collects and stores the
messages from all the devices.

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 12
 Network Event Notification
 EEM Embedded Event Manager
• Enables you to define custom events and corresponding actions

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 13
 Chapter 5 Summary
 Categories of troubleshooting tools
 Traffic-capturing features and tools
 Information gathering with SNMP
 Information gathering with NetFlow
 Network event notification with EEM

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 14
 Chapter 5 Labs
 Lab5-1 Second-Base

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 15
Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 16
 Acknowledgment
• Some of the texts and images are from Troubleshooting and Maintaining Cisco
IP Networks (TSHOOT) Foundation Learning Guide by Amir Ranjbar
(158720455X)
• Copyright © 2015 – 2016 Cisco Systems, Inc.
• Special Thanks to Bruno Silva

Chapter 5
© 2007 – 2016, Cisco Systems, Inc. All rights reserved. Cisco Public 17