2/19/17

Five Crucial Commands for Verifying Cisco Switch Network Status and Operational State

 This article looks at five essential commands used to verify a network switch’s status and operation:
  • ping
  • traceroute
  • telnet
  • ssh
  • show cdp neighbors

ping

Available on almost all operating system platforms, including Cisco IOS, the ping command is used to verify the reachability of a targeted device. It does this by sending an Internet Control Message Protocol (ICMP) echo message to the target; if the target receives the message (and is not configured to drop it), it responds to the initial sender with an ICMP echo-reply message. In a perfect world, with no firewalls, and all devices configured to respond to these messages, the ping command would work perfectly. However, many devices (or devices en route, like firewalls) are purposely configured to ignore ICMP echo messages automatically, in order to hide their existence and avoid being targeted by attackers. In these cases, engineers must decide whether the unsuccessful ping is a real problem or a purposeful part of a network’s design.

Cisco IOS also has an extended version of the ping command that allows for more complex command configurations. For example, an engineer has the ability to control the source IP used (which makes sense when being run from a router configured with multiple IP addresses), the size of the messages being sent, and the content of the messages, among other options.

traceroute

The traceroute command is typically used along with the ping command to further determine the reachability of a destination. traceroute works a bit differently from ping; instead of simply sending a message to the destination directly, it aims to find the path from the source to the target destination. It does this by using either ICMP echo messages on Windows or the User Datagram Protocol (UDP) probe messages on Linux and Cisco IOS. It figures out the path by taking advantage of the IP Time to Live (TTL) field.
It’s important to understand what the TTL field does. In normal circumstances, the TTL is used as a loop-prevention mechanism; it works by being set to a number which is then decremented at every respective IP “’hop.” If the TTL reaches a device and is decremented to 0, the packet is dropped and an ICMP “destination unreachable” message is sent back to the source device. When used by the traceroute command, the TTL finds each of the hops in the path between the source and the destination:
  1. Initially the source sends an ICMP or UDP message to the destination with a TTL of 1.
  2. When the packet reaches the first hop, the TTL is decremented to 0; the device drops the packet and sends back an ICMP “destination unreachable” message.
  3. To find the second hop, the TTL is set to 2, for the third hop it’s set to 3, and so on; typically three packets are sent for each step toward the destination (three with a TTL set to 1, three with a TTL set to 2, and so on).
  4. These ICMP “destination unreachable” messages are received by the running traceroute command and interpreted into a readable output showing the path toward the destination.
As with the ping command, many organizations block the ICMP echo messages and some of the UDP messages; and the output should be read with this fact in mind.
The traceroute command on Cisco IOS is extended in the same way as the ping command variant that allows for extended command configurations. The options offered by traceroute mirror most of the options available in an extended ping.

telnet

The telnet command has been around for a long time, allowing users to manage devices via a command-line interface. Its very simple operation provides an unsecured Transmission Control Protocol (TCP) session between the source and destination. Characters entered on the source are immediately relayed to the destination, providing an experience on Cisco IOS (and Linux) that is the same as if the user were directly connected into the device locally.
The telnet command uses TCP port 23.

ssh

The ssh (secure shell) command works similarly to the telnet command but creates a secure communications channel between source and destination. This means that the username and password are not sent in clear text and are protected (at least to some level) from anyone listening in on the conversation.
The ssh command uses TCP port 22.

show cdp neighbors

The show cdp neighbors command is used on a Cisco IOS device to view neighboring devices discovered by the Cisco Discovery Protocol (CDP). CDP is a Cisco proprietary protocol used for Layer 2 discovery; it has the ability to discover all other supporting CDP devices on a shared segment. (It doesn’t work across Layer 3 devices.) The following example shows some typical output of this command:
R1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R2               Fas 0/0            172              R    7206VXR   Fas 0/0
R1#
In this example, we learn that the remote device (R2) is connected via R1’s FastEthernet0/0 interface and is connected to R2’s FastEthernet0/0 interface, and R2 is a Cisco 7206VXR router. This information is very helpful when mapping out unfamiliar networks. It can also be used to help ensure that a device is connected to the correct remote device(s) on the correct interface; as engineers often must configure devices remotely, this command is useful when installing new equipment, to ensure that physical interfaces are connected to the appropriate networks.
Keep in mind that CDP is a proprietary protocol and will not work to discover most other non-Cisco devices; this command is enabled by default on Cisco devices. A standards-based alternative to CDP is the Link Layer Discovery Protocol (LLDP)—IEEE 802.1AB, which is supported by many other vendors, but is not enabled by default on Cisco devices.

No comments:

Post a Comment