Wired Network Troubleshooting

Question 1

Signal loss

Answer 1

• Usually gradual
• Signal strength diminishes over distance
• Attenuation
• Loss of intensity as signal moves through a medium
• Electrical signals through copper, light through fiber
• Radio waves through the air

Question 2

Decibels (dB)

Answer 2

• Signal strength ratio measurements
• One-tenth of a bel
• Capital B for Alexander Graham Bell
• Logarithmic scale
• Add and subtract losses and gains
• 3 dB = 2x the signal
• 10 dB = 10x the signal
• 20 dB = 100x the signal
• 30 db = 1000x the signal

Question 3

dB loss symptoms

Answer 3

• No connectivity
• No signal!
• Intermittent connectivity
• Just enough signal to sync the link
• Poor performance
• Signal too weak
• CRC errors, data corruption
• Test each connection
• Test distance and signal loss

Question 4

Latency

Answer 4

• A delay between the request and the response
• Waiting time
• Some latency is expected and normal
• Laws of physics apply
• Examine the response times at every step along the way
• This may require multiple measurement tools
• Packet captures can provide detailed analysis
• Microsecond granularity
• Get captures from both sides

Question 5

Jitter

Answer 5

• Most real-time media is sensitive to delay
• Data should arrive at regular intervals
• Voice communication, live video
• If you miss a packet, there’s no retransmission
• There’s no time to “rewind” your phone call
• Jitter is the time between frames
• Excessive jitter can cause you to miss information,
“choppy” voice calls

Question 6

Troubleshooting excessive jitter

Answer 6

• Confirm available bandwidth
• Nothing will work well if the tube is clogged
• Make sure the infrastructure is working as expected
• Check queues in your switches and routers
• No dropped frames
• Apply QoS (Quality of Service)
• Prioritize real-time communication services
• Switch, router, firewall, etc.

Question 7

Crosstalk (XT)

Answer 7

• Signal on one circuit affects another circuit
• In a bad way
• Leaking of signal
• You can sometimes “hear” the leak
• Measure XT with cable testers
• Some training may be required
• Near End Crosstalk (NEXT)
• Interference measured at the transmitting end
(the near end)
• Far End Crosstalk (FEXT)
• Interference measured away from the transmitter

Question 8

Troubleshooting crosstalk

Answer 8

• Almost always a wiring issue
• Check your crimp
• Maintain your twists
• The twist helps to avoid crosstalk
• Category 6A increases cable diameter
• Increased distance between pairs
• Test and certify your installation
• Solve problems before they are problems

Question 9

Avoiding EMI and interference

Answer 9

• Electromagnetic interference
• Cable handling
• No twisting - don’t pull or stretch
• Watch your bend radius
• Don’t use staples, watch your cable ties
• EMI and interference with copper cables
• Avoid power cords, fluorescent lights,
electrical systems, and fire prevention components
• Test after installation
• You can find most of your problems before use

Question 10

Opens and shorts

Answer 10

• A short circuit
• Two connections are touching
• Wires inside of a cable or connection
• An open circuit
• A break in the connection
• Complete interruption
• Can be intermittent

Question 11

Troubleshooting opens and shorts

Answer 11

• May be difficult to find
• The wire has to be moved just the right way
• Wiggle it here and there
• Replace the cable with the short or open
• Difficult or impossible to repair
• Advanced troubleshooting with a TDR
• Time Domain Reflectometer

Question 12

Troubleshooting pin-outs

Answer 12

• Cables can foul up a perfectly good plan
• Test your cables prior to implementation
• Many connectors look alike
• Do you have a good cable mapping device?
• Get a good cable person
• It’s an art

Question 13

T568A and T568B termination

Answer 13

• Pin assignments from EIA/TIA-568-B standard
• Eight conductor 100-ohm balanced twisted-pair cabling
• T568A and T568B are different pin assignments
for 8P8C connectors
• Assigns the T568A pin-out to horizontal cabling
• Many organizations traditionally use 568B
• Difficult to change in mid-stream
• You can’t terminate one side of the cable with
568A and the other with 568B
• It won’t be a straight-through cable

Question 14

Incorrect cable type

Answer 14

• Excessive physical errors, CRC errors
• Check your layer 1 first
• Check the outside of the cable
• Usually printed on the outside
• May also have length marks printed
• Confirm the cable specifications with a TDR
• Advanced cable tester can identify damaged cables

Question 15

Incorrect cable type

Troubleshooting interfaces

Answer 15

• Interface errors
• May indicate bad cable or hardware problem
• Verify configurations
• Speed, duplex, VLAN, etc.
• Verify two-way traffic
• End-to-end connectivity

Question 16

Transceiver mismatch

Answer 16

• Transceivers have to match the fiber
• Single mode transceiver connects to single mode
fiber
• Transceiver needs to match the wavelength
• 850nm, 1310nm, etc.
• Use the correct transceivers and optical fiber
• Check the entire link
• Signal loss
• Dropped frames, missing frames

Question 17

Reversing transmit and receive

Answer 17

• Wiring mistake
• Cable ends
• Punchdowns
• Easy to find with a wire map
• 1-3, 2-6, 3-1, 6-2
• Simple to identify
• Some network interfaces will
automatically correct (Auto-MDIX)

Question 18

TX/RX reversal troubleshooting

Answer 18

• No connectivity
• Auto-MDIX might connect
• Try turning it on
• Locate reversal location
• Often at a punchdown
• Check your patch panel

Question 19

Damaged cables

Answer 19

• Copper cables are pretty rugged
• But they aren’t indestructible
• Cables can be out in the open
• Stepped on, folded between a table and wall
• Check your physical layer
• Cables should not be bent or folded
• Check for any bent pins on the device
• It’s difficult to see inside of the cable
• Check your TDR, replace the cable (if possible)

Question 20

Bottlenecks

Answer 20

• There’s never just one performance metric
• A series of technologies working together
• I/O bus, CPU speed, storage access speed,
network throughput, etc.
• One of these can slow all of the others down
• You must monitor all of them to find the slowest one
• This may be more difficult than you might expect

Question 21

Interface configuration problems

Answer 21

• Poor throughput
• Very consistent, easily reproducible
• No connectivity
• No link light
• No connectivity
• Link light and activity light

Question 22

Interface configuration

Answer 22

• Auto vs. Manual configuration
• Personal preference
• Light status
• No light, no connection
• Speed
• Must be identical on both sides
• Duplex
• If mismatched, speed will suffer

Question 23

VLAN mismatch

Answer 23

• Switch is configured with the incorrect VLAN
• Configured per switch interface
• Link light, but no surfing
• A DHCP IP address may not be on the correct subnet
• Manually IP addressing won’t work at all
• Check the switch configuration for VLAN configuration
• Each port should have a VLAN setting
• VLAN 1 is usually the default

Question 24

Duplex/speed match

Answer 24

• Speed and duplex
• Speed: 10 / 100 /1,000 / Auto
• Duplex: Half / Full / Auto
• Incorrect speed
• Many switch configurations will auto-negotiate speed
• Less than expected throughput
• Incorrect duplex
• Again, the switch may auto-negotiate
• Needs to match on both sides
• A mismatch will cause significant slowdowns
• Increase in Late Collisions
may indicate a duplex mismatch

Question 25

Reflection

Answer 25

• Wireless signals can bounce off some surfaces • Depends on the frequencies and the surfaces • Too much reflection can weaken the signal • A little multipath interference actually helps with MIMO • Position antennas to avoid excessive reflection • May not be a problem for MIMO in 802.11n and 802.11ac

Question 26

Refraction

Answer 26

• Signal passes through an object and exits at a different angle • Similar to light through water • Data rates are affected - Signal is less directional • Outdoor long-distance wireless links • Changes in air temperature and water vapor

Question 27

Absorption

Answer 27

* Signal passes through an object and loses signal strength * Especially through walls and windows * Different objects absorb differently as frequencies change * 2.4 GHz may have less absorption than 5 GHz * Put the antennas on the ceiling * And avoid going through walls

Question 28

Latency and jitter

Answer 28

* Latency - Delays between transmission and reception * Jitter - Deviation from a predictable data stream * Wireless interference and signal issues * Slower data rates * Increase in retransmissions * Capacity issues * Many people using the same wireless frequencies

Question 29

Attenuation

Answer 29

• Wireless signals get weaker as you move farther from the antenna • The attenuation can be measured with a Wi-Fi analyzer • Control the power output on the access point • Not always an option • Use a receive antenna with a higher gain • Capture more of the signal • Move closer to the antenna - May not be possible

Question 30

Interference

Answer 30

``` • Interference • Something else is using our frequency • Predictable • Florescent lights, microwave ovens, cordless telephones, high-power sources • Unpredictable - Multi-tenant building • Measurements • netstat –e • Performance Monitor ```

Question 31

Incorrect antenna type

Answer 31

* The antenna must fit the room * Or the distance between sender and receiver * Omnidirectional * Useful on the ceiling * Not very useful between buildings * Directional * Used often between two points * Or on a wall-mounted access point * The access point may provide options * Connect different antennas

Question 32

Incorrect antenna placement

Answer 32

* Interference * Overlapping channels * Slow throughput * Data fighting to be heard through the interference * Check access point locations and channel settings * A challenge for 2.4 GHz * Much easier for 5 GHz

Question 33

Overcapacity

Answer 33

* Device saturation * Too many devices on one wireless network * There are only so many frequencies * The 5 GHz can really help with this * Bandwidth saturation * Large data transfers * Common in large meeting places * Conferences * Airports * Hotels

Question 34

Frequency mismatch

Answer 34

• Devices have to match the access point • 2.4 GHz, 5 GHz • Verify the client is communicating over the correct channel • This is normally done automatically • May not operate correctly if manually configured • Older standards may slow down the newer network • 802.11b compatibility mode on 802.11n networks • Every access point has an SSID • But did you connect to the right one? • This can be more confusing than you might think • Public Wi-Fi Internet • Guest Internet • Internet • Confirm the correct SSID settings • Should be listed in the current connection status

Question 35

Wrong passphrase

Answer 35

* Wireless authentication * Many different methods * Required to connect to the wireless network * If not connected, check the authentication * Shared passphrase * Common in a SOHO, not in the enterprise * 802.1X * Used for the enterprise * Make sure the client is configured to use 802.1X

Question 36

Security type mismatch

Answer 36

• Encryption on wireless is important • Make sure the client matches the access point • This is much easier these days • Almost everything is at the level of WPA2 • Some legacy equipment may not be able to keep up • If you change the access point, you may not be able to support it • Migrate all of your WEP to WPA2 • And any WPA

Question 37

Signal to noise ratio

Answer 37

* Signal * What you want * Noise * What you don’t want * Interference from other networks and devices * You want a very large ratio * The same amount of signal to noise (1:1) would be bad

Question 38

Names not resolving

Answer 38

* Web browsing doesn’t work * The Internet is broken! * Pinging the IP address works * There isn’t a communication problem * Applications aren’t communicating * They often use names and not IP addresses

Question 39

Troubleshooting DNS issues

Answer 39

* Check your IP configuration * Is the DNS IP address correct? * Use nslookup or dig to test - Does resolution work? * Try a different DNS server - Google is 8.8.8.8 & 8.8.4.4

Question 40

IP configuration issues

Answer 40

* Communicate to local IP addresses * But not outside subnets * No IP communication - Local or remote * Communicate to some IP addresses - But not others

Question 41

Troubleshooting IP configurations

Answer 41

* Check your documentation * IP address, subnet mask, gateway * Monitor the traffic * Examine local broadcasts * Difficult to determine subnet mask * Check devices around you * Confirm your subnet mask and gateway * Traceroute and ping * The issue might be your infrastructure * Ping local IP, default gateway, and outside address

Question 42

Duplicate IP addresses

Answer 42

* Static address assignments - Must be very organized * DHCP isn’t a panacea * Static IP addressing * Multiple DHCP servers overlap * Rogue DHCP servers * Intermittent connectivity * Two addresses “fight” with each other * Blocked by the OS - Checks when it starts

Question 43

Troubleshooting duplicate IP addresses

Answer 43

* Check your IP addressing - Did you misconfigure? * Ping an IP address before static addressing * Does it respond? * Determine the IP addresses * Ping the IP address, check your ARP table * Find the MAC address in your switch MAC table * Capture the DHCP process * What DHCP servers are responding?

Question 44

Duplicate MAC addresses

Answer 44

``` • Not a common occurrence • MAC addresses are designed to be unique • May be a man-in-the-middle attempt • Mistakes can happen • Locally administered MAC addresses • Manufacturing error • Intermittent connectivity • Confirm with a packet capture, should see ARP contention • Use the ARP command from another computer • Confirm the MAC matches the IP ```

Question 45

Expired IP addresses

Answer 45

* A DHCP address should renew well before the lease expires * The DHCP server(s) could be down * Client gives up the IP address at the end of the lease * APIPA address is assigned * Checks in occasionally for a DHCP server * Look for an APIPA assigned address * 169.254.*.* * Check the status of your DHCP server

Question 46

Rogue DHCP server

Answer 46

* IP addresses assigned by a non-authorized server * There’s no inherent security in DHCP * Client is assigned an invalid or duplicate address * Intermittent connectivity, no connectivity * Disable rogue DHCP communication * Enable DHCP snooping on your switch * Authorized DHCP servers in Active Directory * Disable the rogue * Renew the IP leases

Question 47

Untrusted SSL certificate

Answer 47

* Browsers trust signatures from certain CAs * A certificate was signed by a CA that’s not in our list * Error message on the browser * Certificate Authority Invalid * Check the certificate details * Look for the issuing CA * Compare to the CA list on your computer * If it’s an internal server, it may be internally signed * Add your internal CA certificate to the list

Question 48

Incorrect time

Answer 48

• Some cryptography is very time sensitive • Active Directory requires clocks set within five minutes of each other • Kerberos communication uses a time stamp • If the ticket shown during authentication is too old, it’s invalid • Client can’t login • Check the timestamp of the client and the server • Configure NTP on all devices • Automate the clock setting

Question 49

Exhausted DHCP scope

Answer 49

* Client received an APIPA address * Local subnet communication only * Check the DHCP server * Add more IP addresses if possible * IP address management (IPAM) may help * Monitor and report on IP address shortages * Lower the lease time * Especially if there are a lot of transient users

Question 50

Blocked TCP/UDP ports

Answer 50

* Applications not working * Slowdowns with other applications * Firewall or ACL configuration * Security choke points * Confirm with a packet capture * No response to requests * Run a TCP- or UDP-based traceroute tool * See how far your packet can go

Question 51

Incorrect host-based firewall setting

Answer 51

``` • Applications not working • Based on the application in use and not necessarily the protocol and port • Check the host-based firewall settings • Accessibility may be limited to an administrator • Managed from a central console • Take a packet capture • The traffic may never make it to the network • Dropped by the operating system ```

Question 52

Incorrect ACL setting

Answer 52

``` • Only certain IP addresses accessible • Or none • Access Control Lists • IP address, port numbers, and other parameters • Can allow or deny traffic by filtering packets • Confirm with packet captures and TCP/UDP traceroutes • Identify the point of no return ```

Question 53

Unresponsive service

Answer 53

* No response to an application request * No answer * Do you have the right port number? * And protocol (TCP/UDP)? * Confirm connectivity * Ping, traceroute * Is the application still working? * Telnet to the port number and see if it responds

Question 54

Hardware failure

Answer 54

* No response * Application doesn’t respond * Confirm connectivity * Without a ping, you’re not going to connect * Run a traceroute * See if you’re being filtered * Should make it to the other side * Check the server * Lights? Fire?