Cisco Network Security Troubleshooting Handbook
Cisco Security Network devices have numerous integrated commands to assist you in monitoring and troubleshooting your network. The following sections describe the basic use of these commands:
show Commands
The show commands are powerful monitoring and troubleshooting tools. You can use the show commands to perform several functions:
The show commands have different effects for different devices as explained in this text, chapter by chapter. However, some common commands are used in every device. For instance, the show version command displays the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images. The show running-config command displays the router configuration currently running. Some of the Cisco Network Security devices have a convenient Graphical User Interface (GUI) for obtaining status and various statistics which is equivalent to the output of show command using CLI. One such tool is the PIX Device Manager (PDM). You can use either the show command or the PDM to obtain statistics and configuration information on the PIX firewall. debug Commands
The debug commands can provide a wealth of information about the traffic being seen (or not seen) on an interface, error messages generated by nodes on the network, protocol-specific diagnostic packets, and other useful troubleshooting data. Exercise care when using debug commands. Many debug commands are processor-intensive and can cause serious network problems (such as degraded performance or loss of connectivity) if they are enabled on an already heavily loaded router. When you finish using a debug command, remember to disable it with its specific no debug command (or use the no debug all or undebug all command to turn off all debugging). It is best to use debug commands to isolate problems, not to monitor normal network operation. Because of high processor overhead, debug commands can disrupt device operation, and therefore you should use them only when you are looking for specific types of traffic or problems, and have narrowed your problems to a likely subset of causes. Output formats vary with each debug command. Some generate a single line of output per packet, and others generate multiple lines of output per packet. Some frequently generate large amounts of output, and others generate only occasional output. Some generate lines of text, and others generate information in field format. To minimize the negative impact of using debug commands, follow this procedure:
|