Hello everyone,
I ran into a problem today where a server with a faulty network card prevented a LAN pc from sending ICMP requests with a packet lengh of 0.
My question is, how could I have confirmed this using cisco commands such as show and debug instead of guessing it was the card( that I had swapped for another the night before:P).
Simple diagram:
8.8.8.8 <--->WAN router--> (WAN)Linux box (faulty DMZ net card) ----> 2960G switch ---> (DMZ)-1841Router (LAN)--> LAN NETWORK
sending the following command from LAN PC WORKS:
ping 8.8.8.8 -n 1 -l 1
sending the following command from LAN PC FAILS:
ping 8.8.8.8 -n 1 -l 0
What I did to try and troubleshoot the FAILED ping before remembering about the network card swap:
Ran packet captures(monitor session on 2960switch) between LAN and 1841 Router LAN interface:
-- I could see ECHO request but no ECHO reply
Ran packet capture on Linux Box LAN interface:
-- I could see BOTH ECHO and REPLY packets for 8.8.8.8
Ran packet capture on cisco2960G switch, specifically the interface where 1841 Router is connceted to:
-- I could see BOTH ECHO and REPLY packets for 8.8.8.8
My first assumptions were that the packet died at Router1841's for some reason....
I ran commands such as sho int
[code]
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 0013.c443.8ca7 (bia 0013.c443.8ca7)
Description: WAN ~ DMZ Firewall
Internet address is 172.16.1.4/27
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 3/255, rxload 13/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/33420/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 5251000 bits/sec, 1099 packets/sec
5 minute output rate 1392000 bits/sec, 982 packets/sec
2567067882 packets input, 3361498839 bytes
Received 2230469 broadcasts, 0 runts, 0 giants, 0 throttles
3316 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
2275319253 packets output, 1793306888 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
[/code]
sh int fa0/1 summary
[code]
FastEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 48579551 1186410027 49685800 390879620
Route cache 2518571090 2227556047 2225706052 1415685629
Total 2567150641 3413966074 2275391852 1806565249
NTH-1841#sh interfaces fa0/1 sum
NTH-1841#sh interfaces fa0/1 summary
*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
------------------------------------------------------------------------
* FastEthernet0/1 0 33420 0 0 5246000 1077 1366000 954 0
NOTE:No separate counters are maintained for subinterfaces
Hence Details of subinterface are not shown
[/code]
ran debug:
disabled route-cache and route-cache cef then:
debug ip packet <access-list with only icmp any any> ( this only showed the ICMP ECHO REQUEST packets from LAN)
debug ip errors ( nothing)
debug ip icmp ( nothing)
... I ran almost every IP debug command along with a bunch of tips from Cisco's troubleshooting articles and didn't get a single hit or anything that suggested the packet was dropped due to X reason.
What would your suggestion be regarding cases such as these?
