Using the Traceroute Command
Traceroute (the traceroute command, or trace for short) shows the path a packet takes to get to a remote device. To see the protocols that you can use with traceroute, use the traceroute ?
command, do this:
Todd2509#traceroute ?
WORD Trace route to destination address or hostname
appletalk AppleTalk Trace clns ISO CLNS Trace
ip IP Trace ipx IPX Trace
oldvines Vines Trace (Cisco) vines Vines Trace (Banyan) <cr>
The trace command shows the hop or hops that a packet traverses on its way to a remote device. Here’s an example:
Todd2509#trace 2501b
Type escape sequence to abort.
Tracing the route to 2501b.lammle.com (172.16.10.2) 1 2501b.lammle.com (172.16.10.2) 16 msec * 16 msec Todd2509#
You can see that the packet went through only one hop to find the destination. Verifying Cisco Catalyst Switches
The first thing I like to do with any router or switch is to run through the configurations with a show running-config command. Why? Because doing this gives me a really great headshot of each device. Besides, we can run other commands that will still stock us with really good information.
For example, to verify the IP address set on a switch, we can use the show interface command. Here is the output:
S1#sh int vlan 1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 001b.2b55.7540 (bia 001b.2b55.7540) Internet address is 192.168.10.17/28
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set, reliability 255/255, txload 1/255, rxload 1/255
[output cut]
show mac address-table
Using it displays the forward filter table, also called a content addressable memory (CAM) table. Here’s the output from the S1 switch:
S1#sh mac address-table Mac Address Table
Vlan Mac Address Type Ports ---- --- --- --- All 0100.0ccc.cccc STATIC CPU All ffff.ffff.ffff STATIC CPU [output cut] 1 0002.1762.b235 DYNAMIC Po1 1 0009.b79f.c080 DYNAMIC Po1 1 000d.29bd.4b87 DYNAMIC Po1 1 000d.29bd.4b88 DYNAMIC Po1 1 0016.4662.52b4 DYNAMIC Fa0/4 1 0016.4677.5eab DYNAMIC Po1 1 001a.2f52.49d8 DYNAMIC Po1 1 001a.2fe7.4170 DYNAMIC Fa0/8 1 001a.e2ce.ff40 DYNAMIC Po1 1 0050.0f02.642a DYNAMIC Fa0/3
Total Mac Addresses for this criterion: 31 S1#
The switches use what are called base MAC addresses that are assigned to the CPU, and the 2960s use 20. From the preceding output, you can see that we have five MAC addresses
dynamically assigned to EtherChannel port 1. Ports Fa0/3, Fa0/8, and Fa0/4 only have on MAC address assigned and all ports are assigned to VLAN 1.
Let’s take a look at the S2 switch CAM and see what we can find. Keep in mind that the S2 switch doesn’t have EtherChannel configured as the S1 switch does, so STP will shut down one of the redundant links to the Core switch:
S2#sh mac address-table Mac Address Table
--- Vlan Mac Address Type Ports
---- --- --- --- All 0008.205a.85c0 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0cdd.dddd STATIC CPU [output cut]
1 0002.1762.b235 DYNAMIC Fa0/3 1 000d.29bd.4b80 DYNAMIC Fa0/1 1 000d.29bd.4b85 DYNAMIC Fa0/1 1 0016.4662.52b4 DYNAMIC Fa0/1 1 0016.4677.5eab DYNAMIC Fa0/4 1 001b.2b55.7540 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 26 S2#
We can see in the preceding output that we have four MAC addresses assigned to Fa0/1. And of course, we can also see that we have one connection for each host on ports 3 and 4. But where’s port 2? Since port 2 is a redundant link, STP placed Fa0/2 into blocking mode. I’ll get into more about this again in a minute.
You can set a static MAC address in the MAC address table, but like setting static MAC port security, it’s a ton of work. But in case you want to do it, here’s how it’s done:
S1#config t
S1(config)#mac-address-table static aaaa.bbbb.cccc vlan 1 int fa0/5 S1(config)#do show mac address-table
Mac Address Table
--- Vlan Mac Address Type Ports
---- --- --- --- All 0100.0ccc.cccc STATIC CPU [output cut]
1 0009.b79f.c080 DYNAMIC Po1 1 000d.29bd.4b87 DYNAMIC Po1 1 000d.29bd.4b88 DYNAMIC Po1 1 0016.4662.52b4 DYNAMIC Fa0/4 1 0016.4677.5eab DYNAMIC Po1 1 001a.2f52.49d8 DYNAMIC Po1 1 001a.2fe7.4170 DYNAMIC Fa0/8 1 001a.e2ce.ff40 DYNAMIC Po1 1 0050.0f02.642a DYNAMIC Fa0/3 1 aaaa.bbbb.cccc STATIC Fa0/5
Total Mac Addresses for this criterion: 31 S1(config)#
You can see that a static MAC address is now assigned permanently to interface Fa0/5 and that it’s also assigned to VLAN 1 only.
show spanning-tree
By this time you know that the show spanning-tree command is important. With it, you can see who the root bridge is and what our priorities are set to for each VLAN.
Understand that Cisco switches run what is called Per-VLAN Spanning Tree (PVST), which basically means that each VLAN runs its own instance of the STP protocol. If we typed show spanning-tree, we’d receive information for each VLAN, starting with VLAN 1. So, say we’ve got multiple VLANs and we want to see what’s up with VLAN 2—we’d use the command show spanning-tree vlan 2.
Here is an output from the show spanning-tree command from switch S1. Since we are only using VLAN 1, we don’t need to add the VLAN number to the command:
S1#sh spanning-tree VLAN0001
Spanning tree enabled protocol ieee Root ID Priority 32769
Address 000d.29bd.4b80 Cost 3012
Port 56 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 49153 (priority 49152 sys-id-ext 1) Address 001b.2b55.7500
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15
Uplinkfast enabled
Interface Role Sts Cost Prio.Nbr Type
--- ---- --- --- --- --- Fa0/3 Desg FWD 3100 128.3 Edge Shr
Fa0/4 Desg FWD 3019 128.4 Edge P2p Fa0/8 Desg FWD 3019 128.8 P2p Po1 Root FWD 3012 128.56 P2p
Since we only have VLAN 1 configured, there’s no more output for this command, but if we had more, we would get another page for each VLAN configured on the switch. The default priority is 32768, but there’s something called the system ID extension (sys-id-ext), which is the VLAN identifier. The Bridge ID priority is incremented by the number of that VLAN. And since we only have VLAN 1, we increment by one to 32769. But understand, by default, BackboneFast raises the default priority to 49152 to prevent that bridge from becoming the root.