Cisco Network Security Troubleshooting Handbook
Core dump is basically a complete memory dump of a device. In the event of a core dump, there is nothing much you can do. You need to share this information with Cisco for further analysis. However, it's important to know how many different ways the core dump can be collected. In PIX firewall, the crashinfo (core) goes into flash. The only way to retrieve this file is with the command show crashinfo. In IPS, you can get the core file in text format with the show tech-support command. This section explains the router core dump. For other device-specific core dumps, refer to the respective chapters. You can use four methods to set up the router to generate a core dump:
Using TFTP
If TFTP is used to dump the core file to the TFTP server, the router will dump only the first 16 MB of the core file. This is a limitation of most TFTP applications. Therefore, if your router's main memory is more than 16 MB, do not use TFTP. The following is the router configuration needed for getting a core dump using TFTP: exception dump a.b.c.d
Here, a.b.c.d is the IP address of the TFTP server. The core dump is written to a file named hostname-core on the TFTP server, where hostname is the name of the router. You can change the name of the core file by adding the exception core-file filename configuration command. Depending on the TFTP server application used, it may be necessary to create on the TFTP server an empty target file to which the router can write the core. Also, be sure that you have enough memory on your TFTP server to hold the complete core dump. Using FTP
To configure the router for core dump using FTP, use the following configuration commands: ip ftp username username ip ftp password password exception protocol ftp exception dump a.b.c.d
Here, a.b.c.d is the IP address of the FTP server. If the username and password are not configured, the router will attempt anonymous FTP. Using rcp
Remote Copy Protocol (RCP) can also be used to capture a core dump. Enabling RCP on a router will not be covered in this text. Refer to the Cisco IOS Software Configuration document for configuring RCP. After RCP is enabled on the router, the following commands must be added to capture the core dump using RCP: exception protocol rcp exception dump a.b.c.d Here, a.b.c.d is the IP address of the host enabled for RCP. Using a Flash Disk
Some router platforms support the Flash disk as an alternative to the linear Flash memory or a Personal Computer Memory Card International Association (PCMCIA) Flash card. The large storage capacity of these Flash disks makes them good candidates for another means of capturing core dump. For information on the router platforms and IOS versions that support the Flash disk, refer to the Cisco IOS Release Notes. The following is the router configuration command needed to set up a core dump using a Flash disk: exception flash [procmem | iomem | all ] [device-name[:partition-number]] [erase| no_erase] The show flash all command will give you a list of devices that you can use for the exception flash command. Additional Configuration
The configuration commands in this section may be used in addition to those described in the preceding section. "Exception Memory" Command
During the debugging process, you can cause the router to create a core dump and reboot when certain memory size parameters are violated. The following exception memory commands are used to trigger a core dump: exception memory minimum size
This command defines the minimum free memory pool size. exception memory fragment size
This command defines the minimum size of contiguous blocks of memory in the free pool. The value of size is in bytes and is checked every 60 seconds. If you enter a size that is greater than the free memory, and if the exception dump command has been configured, a core dump and router reload is generated after 60 seconds. If the exception dump command is not configured, the router reloads without generating a core dump. debug sanity Command
In some cases, the technical support representative will request that debug sanity be enabled when setting up the core dump. This is a hidden command in most IOS releases, but it is sometimes necessary to debug memory corruption. With debug sanity, every buffer that is used in the system is sanity-checked when it is allocated and when it is freed. The debug sanity command must be issued in privileged exec mode (enable mode) and involves some CPU utilization. However, it will not significantly affect the router's functionality. Not all types of crashes require debug sanity to be enabled. Use this command only when your technical support representative requires it. To disable debug sanity, use the privileged exec command undebug sanity. Testing the Core Dump Setup
When the router is configured for core dump, it may be useful to test whether the setup works. The IOS provides a special command to test or trigger a core dump: write core
Use this command in privileged EXEC mode (enable mode). This command causes a crash, and the content of the memory is dumped accordingly. If no core dump is generated, the whole setup and config must be reviewed. The write core command will affect a production network. It will cause the router to crash and will prevent it from coming up before dumping the content of its memory. This might take some time, depending on the amount of Dynamic Random Access Memory (DRAM) present on the router. Use the command with utmost caution. As you have seen, this chapter discusses some of the generic tools that are used in day-to-day troubleshooting of Cisco Network Security. The purpose of this high-level overview is to make you familiar with some of the practical reasons to use different troubleshooting tools efficiently and provide you with the links that are hard to find in, around, or during the troubleshooting session. Tools such as the syslog, show, and debug commands are everyday friends for an efficient troubleshooter. As mentioned earlier, there are many more product-specific tools available within the products to debug and troubleshoot a problem, and these are discussed in the product-specific chapters. This chapter familiarizes you with the generic tools that will be used in rest of the text. |