Step-by-Step Internet Troubleshooting Guide

all right so uh what problem we will like solve in this topology is like a user like unable to access internet not able to open any website right so before i show you step by step let me start with like step-by-step process first I mean like if here user sitting here user machine opens browser and type HTTP or HTTPS or maybe any website name like facebook.com or any or you are like example.com so what happens first step here is name to ip translation name to ip translation right so domain name example.com or facebook.com google resolve to ip address right so for that there is role of dns domain name system so if there is no local dns server so there can be a local dns server or maybe isp dns dns at isp end or maybe uh like dns managed by google like 888 etc any dns server right so dns server can be in the enterprise network can be outside enterprise network but first step is name to ip translation and then it's done successfully name to ip translation then basically uh there is like tcp buddha and it negotiate like technically known as three-way handshake and then on top of that http messages are exchanged http messages are exchanged three-step process but now let us assume There is no internal DNS server and you can see in this topology there is no internal DNS server. So what will happen? DNS server is over the internet managed by Google. So there is a server anywhere in any country, any city. IP address 888 managed by Google but for everyone. managed by dns but not only for the managed by google but not only for the google dns server can be used by anyone anywhere like whoever like connects to internet dns job is to provide ip address means now uh this computer user machine will connect with the dns server over the internet will ask that can i have ip address of facebook.com dns server provides that IP address but now DNS server is over the internet. DNS server is not in the same enterprise network. Very big enterprise networks even they prefer to have in-house DNS server. So they configure DNS service on a Windows or Linux based system known as local DNS servers. So in that case resolution is done from the local DNS server rather than just sending packet over the internet. But in the small enterprise, small networks, home networks, of course like no internal DNS server. So what we do, we generally prefer to use either service provider DNS server, internet service provider, or DNS server that is open, free to use and managed by Google. that is IP address is 888. Now if 888 is the IP address of the DNS server, machine IP address is means they both are not on the same network because source IP here is and destination IP is 888, both not on the same network. So what happens if both not on the same network? computer send that request to the gateway because if source and destination they both are from same ip subnet right and of course they are not like here you you can look at the ip 10 0 0 100 for socket is 10 destination is 888 different network address right we have already understood like complete concept in submitting section or ip address in section so they both are not in the same network so here like there is one uh gateway and gateway ip address is so if computer has gateway ip address configured then surely like this request message request packet will be first sent to the gateway gateway means gateway is that device which route packets across different networks gateway right uh sitting at the network edge or boundary but how does windows machine connect with the gateway how does windows reach to the gateway so windows machine is connected to a switch and then this is the path in fact right means like this data frame will be first send to switch Switch will check the MAC address table. Do I have MAC address in my table and then based on that if switch understand Okay gateway or machine or device with the MAC address this this this Connected to my gig 0 slash 0 port then data frame is forwarded But even if there is no entry in the MAC table then a flooding is done I mean like switch will forward that data frame out to all exist interfaces. Now if all like go like well means now packet successfully reached to the gateway then right then what gateway does gateway check the routing table do i have route for 888 or any default route default route means any network address any subnet mask if route is found in the gateway then sent across exit interface and to the isp or internet provider and then our job is done if gateway successfully send packet to the internet not exactly done i mean like we'll have to also care about return traffic then return traffic is coming back properly or not right so if i summarize like what we have let me pick another color so i hope you all understand like what problem we are going to solve in this lab topology now let me quickly go all over again so problem is user opens browser type facebook.com unable to access facebook.com real network right and we understand like in order to open any website first step is named to ip task station that is done by dns but since dns is somewhere over the internet that means routing is involved here so computer checks the gateway address if gateway is there then packet is sent to the gateway but not directly because there is another device here switch so data frame is first sent to switch if like switch is in operation then switch will forward that to the gateway gateway will check the routing table it has proper route then will send to the internet but and of course one piece of information is missing here but not relevant because we have not uh covered so far and that is network address translation or not but we will understand that later on so i'm not bringing here not concept right so that's the like proper traffic flow First, I'm going to show you the actual problem that user is complaining about. User sitting on the machine It's a computer machine, user machine. So on this machine. let me get my device here so i type facebook.com this user machine in fact right and still no luck right this site cannot be reached so error name not resolved name not resolved means unable to resolve domain name to ip address right so i hope you all understand the problem right and good so far like like what problem we are going to solve in this topology you i hope you all understand and and very basic topology i have just taken here right uh it's not very complex and even like if there are like 100 computers connected to this switch or only one computers your troubleshooting is step would remain same now the question here is then how do we start doing troubleshooting if like we get into a similar situation if like a user we like as a network engineer that there is a ticket for you like that uh like uh maybe if you are working at the help desk that a user is unable to open internet access internet right so from where you will start doing troubleshooting what would be your right approach right so practically i'm going to show you i will start this is so right in life environment so that you can properly understand like the entire operation process so problem scenario is clear to all of you or any like question you have so far up to this point good so far Am I audible guys? Yes, you are. Yes. So question, Rashid question is clear to you? Like what problem we are going to solve or fix in this topology? Yeah. Yeah. Understood. Okay. Great. All right. So now problem is clear. Then we will, yeah. Hey, no, no. Like, okay. Understood. Okay. Great, great. Okay. All right. So, now, first step should be you should check connectivity to the gateway. Because without gateway, we cannot go outside the network. This is like in your building, in your premises, right? So, with the help of gateway only, we can route packet to the internet. Gateway is your router here, right? Can be firewall effect. Now. how we can check connectivity so simply we can ping to the gateway ip address whether gateway ip address is reachable or not so this would be your first step that can i reach gateway so very simple how we can do that so let me go to back to this machine open command prompt windows computer and ping one is the gateway address right gateway is not pinging. So 95% if gateway you cannot ping the gateway. So 95% like problem is either with this cable maybe switch or this cable right. First like you will have to look for physical connectivity physical layer right layer one. layer that we understood yesterday also maybe if switch is manageable means configurable branded switch so you can open console or switch also to do further investigation about the port status both port status are good or not right but if your switch is non-manageable a small home office branch office type of switches like there are switches like they cannot be configured managed you cannot see like the configuration you cannot do configuration so of course then there is no way like to like check anything from the switch but cisco switches are some other vendor appliance switches configurable switches so even we can access we can see configuration port status at switch level also because there are two types of switches available in the market one that is manageable enterprise level switches like expensive switches and the switch is least expensive right maybe you can get in 10 to 20 dollars and non-manageable in fact right only for doing you know like networking at your home or like a small office maybe seven eight computers you don't want to implement vlan and all that then yes you can go with that also okay so first step already we have checked that from here we cannot reach to the gateway now if ip address is configured here gateway ip is also properly configured here and still we are not able to ping the gateway right so definitely you need to look at cable whether cable is properly plugged in or not. At switch level, computer level, you can check the status of LED like light in fact green color or red or no color or orange green is good. Orange means like malfunctioning right not good because like I mean like physical if there is no physical connectivity. there is issue with the physical layer so definitely we cannot go ahead and we can check routing and other stuff because they all are mis like layer 2 and layer 3 operation switching is like layer 2 operation right and routing is layer 3 network layer if i start from layer 1 like and physical is what cable connectors physical connectivity so first you should check that in this laptopology of course like we are going to rule out physical connectivity issue because topology is like inside a simulator there is no point of physical connectivity issue right but in a real environment yes like first you should check physical connectivity right then what next now if your switch is manageable configurable like i am using cisco switch so even we can go to switch we can access switch telnet rssh or maybe we can plug in console cable and then we can access switch by using this secure crt or putty or any other software so here is the switch and what command you should run here so this trick is first check the status of all the interfaces show interfaces status is the command run this command show interfaces status and check the status of these two ports gig zero slash zero and gig zero slash two right so execute this command so what i can see from here router connects to gig zero slash zero so i can see like it's connected and computer gig zero slash two but i can see here gig zero slash two is disabled or maybe shut down or maybe error disabled right so something issue with gig zero slash two port itself is disabled further we can check the running configuration or maybe in short you can straight away run the command gig zero slash two show run interface gig zero slash two and see here like the port is shut down right shut down generally your switch ports are up not shut down but let's say if you see like port itself is shut down so you need to fix this and how we can do that we can run the command no shutdown command right even like there are some other reasons if port is down like maybe uh uh like here negotiation you have configured uh half duplex or full duplex because switch level also there can be other reasons also if the port is down i mean like if let's say uh you have configured this port or maybe this port even uh like let's say um 1000 MVPS data transfer rate right and my computer interface a laptop supports only 100 MVPS so this may cause a problem speed mismatch right speed mismatch so what we do generally we prefer to run this command of course negotiation auto because if you run command negotiation auto means it's not hard-coded negotiation is done they both mutually negotiate at what speed we both can operate right if computer says okay i do not support ever 100 mbps switch is capable of operating at 100 and 1000 so switch will start operating at 100 mps only so even if you uh like see like here speed is configured here right not auto so this this is another reason like if the port is in down state right so if now i go to gig zero slash two and run the command no shutdown to bring up the interface right and now let me show you status one more time right so interface status so gig zero slash two is also now connected right connected even we can further verify mac address table dynamically created so whenever we start communicating so even the switch has a mac table learned at gig zero slash zero and this mac address is of which device gateway r1 so very soon like if everything is in place Then of course, Mac address table should have two entries, one entry for router gateway, another entry for this end host device, Windows computer connected with port number two. So, so initiate traffic and I'm going to do the same. Like I'm going to ping gateway again. One more time. It's a gateway pinging and yes, gateway is pinging now. So first problem is fixed. right gateway is pinging and now if i check here mac address table so see here like mac address table has two entries now 5 0 0 0 0 0 4 is the mac address or hardware address of end host device right and connect it with port number two so now switch operation looks good so can we access now facebook.com so i'm back to this facebook.com and I'm trying to open facebook.com one more time right no luck so still facebook.com is not operating so very much I can reach to the gateway there is a gateway I can reach to the gateway but facebook.com is still not opening so what I will do now I will try to ping right facebook.com is ping working maybe sometime issue with the browser with the http protocol so can i ping the domain name facebook.com see here like the result so if it is not right facebook.com is still not pingable so at least At this stage, we can say we can never conclude anything, but at this stage, at least we can say that a problem might not be with the browser, with the HTTP protocol, because even I'm unable to ping facebook.com. Correct. And see here, like ping request could not find host facebook.com. Please check the name. This is this. So if you are finding it difficult to see it, then. let me increase font size if possible yeah okay good so now you can see here uh there is a issue like with the thing so if you cannot ping like name right name because when we ping post a domain name so here like there are two steps in fact first step is what name facebook.com is resolved again with the dns because ping is like basically for ip not for the domain name what i did i typed ping and then domain name facebook.com but we understand networking is based on what ip ip address right so if i knew ip address of facebook then even i could have typed that but even if we type name so what happens again here there are two steps step number one name resolved to ip address and once like ip address obtained then actual ping packet or messages are sent. So now here I'm finding a difficult like like what the issue is but at least I can like find one issue here that even name didn't resolve right because if resolved then definitely I would have seen like IP address here but not resolved right facebook.com not resolved at least. so not resolved means like there seem to be some issue with the dns if like i'm not i don't see any ip address anyway so can we simply check like reachability to the dns server because i understand now and how did i understand because output is not showing any ip address forget about the ping reply and not even if i don't see reply messages coming back but if i see any ip address here like something So at least I understand, okay, name successfully is all to IP address, but because of some reason ping is not working, right? But here like output is like what couldn't find host means like name not resolved. I don't see any IP address even here, no IP address here. So issue with the DNS server. So DNS server means probably I'm not able to reach DNS server. So how we can verify? So if I try to ping DNS. then it's showing like transmit failed journal failure or something so uh but what about gateway gateway is reachable gateway is reachable can i ping any other ip over the internet no so in fact what is happening i'm not able to uh uh like go outside I mean like I can reach up to this point, gateway is pingable, but 888 is somewhere over the internet here. I'm unable to connect with 888 and if I'm unable to connect with 888, so definitely there won't be any IP address. Name to IP resolution will never be successful. So what next steps should be? So next steps should be like checking like IP configuration of the computer, right? Gateway is reachable, perfect. Machine has IP address Gateway and computer both are on the same network. So in order to reach 888 outside, computer should have gateway address configured. Gateway configured means computer should be knowing that if destination is outside my enterprise network, then my first hope would be gateway. So I'll have to send the packet to the gateway. So next step after successfully pinging gateway IP, because now we have ruled out any issue with the cable, with the switch, right? Cable, switch, connectors, LAN card in place, in fact, right? Because now successfully I can reach to the gateway, but still I cannot go outside. So first reason here is probably computer doesn't have gateway IP at this configured. probably not 100 right i cannot say like this is the only problem we are just moving like step by step all right so i'm back to the computer and how i will verify gateway so there are two ways first one is running the command ipconfig slash all from cmd command prompt right so you see like a lot of adapters forget to ignore those adapters mainly we are interested in ethernet or maybe wireless if you have wireless computer so you will be interested in wireless output wireless so we have like ethernet adapter not the wireless so look this or if any confusion then straight away you can just open this network connection and go to tcpip properties you can use shortcut command also So one way like verifying and I can see here like that there is no gateway configured on the machine. IP address is configured. subnet mask is configured and just below this gateway is missing there is a gateway but computer doesn't know and gateway you understand like entry and exit point of the network so if the computer is not able to uh send the packet to the gateway so gateway cannot do anything right because gateway will do without packet only if gateway receive packet computer like has no idea about the gateway where is gateway computer doesn't know so that's the problem and is there any other way to uh check the ip configuration yes even you can go to this network connection properties change adapter settings and select your network in wireless network case you will find wireless network here right this computer has so many adapters because of some other like software origin installed on this machine so double click and check here properties ccp ip Gateway is missing here. So what I'm going to do, I'm going to configure gateway here. Gateway is configured So I configure gateway, gateway IP address, only gateway IP address, skipping everything else. And even like you can open this page with the command, shortcut command. Sometimes what happens on Windows machine, like we don't see like that. your icon in fact so you can run the command ncpa.cpl network connection control panel so same page will open so multiple ways right just you want to see the configuration then you can use ipconfigure otherwise that's where you can go now uh can we now open cisco.com or sorry or facebook.com or any site let me hit down enter So now DNS is configured, but still I don't see any success now, right? Facebook.com, no, not working. So can we ping now Facebook.com from CLI? So I'm trying to ping Facebook.com. just to rule out any issue of browser or something right so even from cli from command prompt it seems like no luck yes request could not and even i don't see any ip address here resolved i mean so the issue is not only with the ping even still the name is not getting successfully resolved to the ip address so what is the case now can i uh ping 888 reachability oops now you see here like how how we can interpret this error message so look at the error message i try to ping 88888 is over the internet right and what i see here reply from 1001 so 1001 is what gateway address right 1001 is gateway address and what gateway says gateway says that sorry destination host not reachable means like packet sent to gateway and returned by the gateway gateway rejected and with the message destination host unreachable sorry i don't know like where is the destination but why like because router means like so at least now again we we understand like everything is in good shape up to this point right packet successfully sent to the gateway now for the destination now packet sent to the gateway because i tried to ping not this ip i tried to ping it packet sent to the gateway and gateway returned back gateway said that sorry i don't know i don't have any information about it how i can reach why it is so because router is a device gateway is a device that route packet to only known networks and how that is identified whether definition is known or not so routers maintain a table known as routing table so whenever like packets sent to the gateway destination was what 888 immediately router will not reject the request packet router will take the request we'll see like if router has any information any route path for 888 or not if router has information in the routing table root then yes packet will be rooted and if there is more route then packet will be returned right and exactly this would have been the case here returned by the gateway that means router has no information no route for the destination in the routing table for sure right so no information for 888 in the routing table but the question here is over the internet there are million or billion of networks right whole bunch of IPs used over the internet. Facebook, Google, Twitter, Cisco, F5, Tickpoint, I mean like your machine IP, my computer IP, we all are part of internet right. Billion, billion of IPs, networks. So because if somehow if I put the route here in the routing table, so because we have concluded that there is routing issue. So can we first like let me go to this router and show you the route first now i have opened the router now to ip out and see here router doesn't have any route what router has directly connected network router is connected with two net router is directly connected with two different networks network ten zero zero zero and network one nine two one six eight one dot zero router is connected two different networks right and slash 8. now if like we want to do routing here and you understand like directly connected networks automatically appear in the routing table and router is connected with the isp and then like under it remind ISP gateway is like 192.168.1.1 my like next hope is 192.168.1.1 basically so can i write it down here so for me like next of ip is 192.168.1.1 this is next hope for me for for this router basically so if let's say problem is what 888 not pinging so can we go this way if i put a route here maybe 888 for only one ip address or maybe network for one ip address even we can use mass like this slash 32 and then next top ip address known as host route for only one ip generally in routing what we do we put route for network entire network big network not for individual ip address but let us assume i did that so now i can verify from the routing table this router has route for 888 now i'm back to this machine right and if i try to uh ping 888 and see here it's reachable now right 888 is reachable 888 is what dns server so can i uh open website now 888 is reachable dns is reachable but still website no facebook.com is not opening why it is so because dns is reachable now right i put that out i'm back to this machine can i try pinging facebook.com one more time with the name this time right so i know name first get resolved to ip address and then actual ping happens so i'm typing here i have typed facebook.com to ping this uh like i mean like to see like whether it's pinging or not so still it's not pinging and there is another tool also like for this dns like if you want to check the dns so NSLOOKUP is the command and but before let's not get into this like you will get confused but why now and now like I'm not able to ping Facebook okay not able to ping Facebook that's okay that's fine but why I don't see the IP address because if I just take you to my laptop this is my laptop now I'm back to my laptop computer this one is my laptop right if I try to ping any IP address example cisco.com so then i'm able to ping cisco.com or not but at least if you see then at least first step is what this one ip address translation name translated to ip address and then actual ping happens right see here these two packets are four packets but before that before actual ping name to ip translation is done name to ip translation is done right name to ip downstairs and you can see here like name to ip translation is done name is resolved and for this name to IP translation only DNS should be reachable 888 should be reachable if 888 is reachable so definitely we should see IP address definitely a ping might be issue but why like name to IP translation is not working now because now we have verified that machine has reachability to 888 888 is reachable I can ping with IP address 888 it's a slow network simulator so sometimes we see one rto no problem but at least i see like the success here 888 is reachable router is doing routing so dns server is reachable but still i don't see ip address here so probably this is the reason that computer doesn't know like what is the ip address of dns who can resolve this name to ip address we know like 888 is the dns server ip dns will resolve name to ip address but tcp ip protocol my ethernet adapter should also be aware with that means like ip configuration is missing right probably ip configuration is missing so open this space adapter settings and properties tcp ip gateway is configured but what about the dns field dns field is blank right refer dns server is blank no dns server configured here and that is why computer has no idea like to whom i should ask like that can i get ip address of facebook.com so mention that right 888 now proper dns server is configured again i'm back to the same computer and see here like error name not forget about these configurations just is a standard message error message so even following along like these messages you might not be able to do troubleshooting it's just general message here but yes i can see error name not resolved anyway head down enter one more time try luck still moving on moving on either name not resolved let's see what happens are we able to open facebook because now uh computer has proper gateway configured computer has dns server and but pay is not loading up right facebook.com no error connection time out right so we'll try multiple times but like seems to be issue right and yes okay why now can we ping try pinging like facebook with the name now facebook.com so and see here the message what happens now at least name successfully got resolved to IP address. DNS has done its job, right? DNS job is to resolve name to IP address. Successfully done. But still, we see like some message reply from this, this, this, this, this. So what is the IP address of facebook.com now? I can see from here facebook.com IP is 157.240.198.35. So this router have the route for this destination facebook.com no router has only one route for 888 so do we have to put route for this network also in the router would be done but not a scalable solution i mean like doing routing this way again just as i put a route here for facebook right facebook ip first and then facebook then cisco f5 checkpoint twitter right palo alto msl so i'm like is it possible going this way no Because over the internet there are thousand, not thousand, even million, billion of destination IPs. Million, billion. So is it feasible, is it scalable that we can put route for million networks going this way? No. And even let us assume we do somehow. So this router should have sufficient memory, processor, very high end device. Generally, higher end routers are deployed at ISP level, Internet Service Provider level, not at customer level. So, in order to have full routing table, first static routing cannot be used. Because you cannot run IP route command million or billion times. Then for that there is one protocol, very advanced routing protocol, BGP. We do that with this BGP protocol. but again like the problem is like too many routes and cpu memory consumption yes but so what's the solution now because you understand the problem if i put it out for 888 then only 888 is reachable right not the facebook not the twitter so i cannot go this way so just get rid of this route the route that i created one route now let me show you no ip route and how we can remove route no ip route is the command and next of ip address and now what i'm going to do and check the routing table one more time no route so instead of putting million or billion route what i'm going to do i'm going to put only one now that's it what is it i said ip route any network address any network address zero means any any network address network address first zero means any network address and second zero means this one any subnet mask So what I said any network address, any subnet mask, next job should be this. Your ISP router. So 000 means any. Why two times? Because first like network address, any network address and any subnet mask. No matter what the mask is, send packet to this. Done. Right. And if I show you, I am known as default route. The route is known as default route. Right. What is? default route so routing is known as default route and will be represented with asterisk in the routing table it's a gateway of last resort gateway of last resort right means what to do if like there is no matching route send all packets blindly to this gateway to this next one into 168.1.1 so can we see the route table now and here we go you you see here like there is a root via this and asterisk means s stand for uh static so you you will find this somewhere here oh yeah static static and asterisk means default where is candidate default here it is so technically it's a default route gateway of loss result is one and two means any network address next hope is one and two one six eight one dot one so does this solve problem because routing is done now right okay let me back to this can be ping facebook.com now so first like name ip resolution successfully done i can see 150 and here we go 157 is springing even our network is a bit slow in simulator i'm running i have tried to simulate everything on this now can we try one more time facebook.com worked right open now facebook.com so facebook.com successfully opened i have not brought any security here That's another piece of information you need to look for in real environment but for that you will have to understand firewall. basic firewalling concept i will explain like in security section in the next class on monday if you uh like want to be exporting security then for that there are some dedicated trainings like firewall trainings like palo alto checkpoint and there are different vendors right palo alto is the leading one palo alto networks the top most firewall worldwide it's us-based so there are different vendors there also they offer courses like very much like ccn firewall courses but but that's something different basic firewalling even i will explain in the next class so i have not brought any uh security uh reason here because the next would have been that what if this computer is able to open facebook but twitter is not working right or maybe some other application is not working and one application is working Then for that we will have to look at firewall policy and all that. In this technology there is no firewall and firewall generally is another device, hardware appliance, can be software device and generally we put firewall here behind the router. And it first like traffic is inspected, is screened, screening is done here. What URL, what website, what applications should be allowed or not. And then packet is sent to the gateway and then to the internet. So for you, immediate gateway will be firewall. Firewall is another device, dedicated hardware. As generally Palo Alto is the leading vendor. Cisco has also a firewall known as FTD, Fire Power Threat Defense, but not very popular because Cisco is popular in networking, not in security. In security like these vendors, Palo Alto and there is another Israel-based company. very top most company checkpoint and uh headquarter is in us so another big company is checkpoint and the third one is 40 gate 40 gate firewall so there are three leading vendors right palo alto checkpoint and 148 they are dealing firewall means security security right but i try to assimilate so uh i hope Now we have put everything together in this topology right. A bit of end-hose device like what type of configuration you should do on end-hose device. A bit of switch routing also, DNS also. So I tried to put everything in a single topology and fault was already injected. Just I wanted to show you a step-by-step troubleshooting approach how you can start doing troubleshooting. So was it that interesting? Like because now we'll conclude here because now it's working fine and user is happy like opening like Facebook so everything is in good place and this simulator even like router is really connected with the internet right so it was not virtual in fact it was very much a real lab in fact. because router really connected with the internet with my next door i did that so very much you can like check other website other domain also so any question like if anyone has any question or if you want to share something then yes because i will not start any new topic today as i said yesterday if we are going to focus on troubleshooting so next topic means security security i will start security means a bit of firewalling right in monday session firewall or security So I'm stopping recording here and start from my site. If you have any question, any query, then you can ask. Otherwise, we'll end up session here for today. Monday, like we'll start with new topic, security, access control list, a little bit about firewalls. So let me stop recording.

So there is a server anywhere in any country, any city. IP address 888 managed by Google but for everyone. managed by dns but not only for the managed by google but not only for the google dns server can be used by anyone anywhere like whoever like connects to internet dns job is to provide ip address means now uh this computer user machine will connect with the dns server over the internet will ask that can i have ip address of facebook.com dns server provides that IP address but now DNS server is over the internet.

DNS server is not in the same enterprise network. Very big enterprise networks even they prefer to have in-house DNS server. So they configure DNS service on a Windows or Linux based system known as local DNS servers. So in that case resolution is done from the local DNS server rather than just sending packet over the internet.

But in the small enterprise, small networks, home networks, of course like no internal DNS server. So what we do, we generally prefer to use either service provider DNS server, internet service provider, or DNS server that is open, free to use and managed by Google. that is IP address is 888. Now if 888 is the IP address of the DNS server, machine IP address is means they both are not on the same network because source IP here is and destination IP is 888, both not on the same network.

So what happens if both not on the same network? computer send that request to the gateway because if source and destination they both are from same ip subnet right and of course they are not like here you you can look at the ip 10 0 0 100 for socket is 10 destination is 888 different network address right we have already understood like complete concept in submitting section or ip address in section so they both are not in the same network so here like there is one uh gateway and gateway ip address is so if computer has gateway ip address configured then surely like this request message request packet will be first sent to the gateway gateway means gateway is that device which route packets across different networks gateway right uh sitting at the network edge or boundary but how does windows machine connect with the gateway how does windows reach to the gateway so windows machine is connected to a switch and then this is the path in fact right means like this data frame will be first send to switch Switch will check the MAC address table. Do I have MAC address in my table and then based on that if switch understand Okay gateway or machine or device with the MAC address this this this Connected to my gig 0 slash 0 port then data frame is forwarded But even if there is no entry in the MAC table then a flooding is done I mean like switch will forward that data frame out to all exist interfaces.

Now if all like go like well means now packet successfully reached to the gateway then right then what gateway does gateway check the routing table do i have route for 888 or any default route default route means any network address any subnet mask if route is found in the gateway then sent across exit interface and to the isp or internet provider and then our job is done if gateway successfully send packet to the internet not exactly done i mean like we'll have to also care about return traffic then return traffic is coming back properly or not right so if i summarize like what we have let me pick another color so i hope you all understand like what problem we are going to solve in this lab topology now let me quickly go all over again so problem is user opens browser type facebook.com unable to access facebook.com real network right and we understand like in order to open any website first step is named to ip task station that is done by dns but since dns is somewhere over the internet that means routing is involved here so computer checks the gateway address if gateway is there then packet is sent to the gateway but not directly because there is another device here switch so data frame is first sent to switch if like switch is in operation then switch will forward that to the gateway gateway will check the routing table it has proper route then will send to the internet but and of course one piece of information is missing here but not relevant because we have not uh covered so far and that is network address translation or not but we will understand that later on so i'm not bringing here not concept right so that's the like proper traffic flow First, I'm going to show you the actual problem that user is complaining about. User sitting on the machine It's a computer machine, user machine. So on this machine.

let me get my device here so i type facebook.com this user machine in fact right and still no luck right this site cannot be reached so error name not resolved name not resolved means unable to resolve domain name to ip address right so i hope you all understand the problem right and good so far like like what problem we are going to solve in this topology you i hope you all understand and and very basic topology i have just taken here right uh it's not very complex and even like if there are like 100 computers connected to this switch or only one computers your troubleshooting is step would remain same now the question here is then how do we start doing troubleshooting if like we get into a similar situation if like a user we like as a network engineer that there is a ticket for you like that uh like uh maybe if you are working at the help desk that a user is unable to open internet access internet right so from where you will start doing troubleshooting what would be your right approach right so practically i'm going to show you i will start this is so right in life environment so that you can properly understand like the entire operation process so problem scenario is clear to all of you or any like question you have so far up to this point good so far Am I audible guys? Yes, you are. Yes. So question, Rashid question is clear to you? Like what problem we are going to solve or fix in this topology?

Yeah. Yeah. Understood.

Okay. Great. All right. So now problem is clear. Then we will, yeah.

Hey, no, no. Like, okay. Understood.

Okay. Great, great. Okay.

All right. So, now, first step should be you should check connectivity to the gateway. Because without gateway, we cannot go outside the network.

This is like in your building, in your premises, right? So, with the help of gateway only, we can route packet to the internet. Gateway is your router here, right? Can be firewall effect. Now.

how we can check connectivity so simply we can ping to the gateway ip address whether gateway ip address is reachable or not so this would be your first step that can i reach gateway so very simple how we can do that so let me go to back to this machine open command prompt windows computer and ping one is the gateway address right gateway is not pinging. So 95% if gateway you cannot ping the gateway. So 95% like problem is either with this cable maybe switch or this cable right. First like you will have to look for physical connectivity physical layer right layer one. layer that we understood yesterday also maybe if switch is manageable means configurable branded switch so you can open console or switch also to do further investigation about the port status both port status are good or not right but if your switch is non-manageable a small home office branch office type of switches like there are switches like they cannot be configured managed you cannot see like the configuration you cannot do configuration so of course then there is no way like to like check anything from the switch but cisco switches are some other vendor appliance switches configurable switches so even we can access we can see configuration port status at switch level also because there are two types of switches available in the market one that is manageable enterprise level switches like expensive switches and the switch is least expensive right maybe you can get in 10 to 20 dollars and non-manageable in fact right only for doing you know like networking at your home or like a small office maybe seven eight computers you don't want to implement vlan and all that then yes you can go with that also okay so first step already we have checked that from here we cannot reach to the gateway now if ip address is configured here gateway ip is also properly configured here and still we are not able to ping the gateway right so definitely you need to look at cable whether cable is properly plugged in or not.

At switch level, computer level, you can check the status of LED like light in fact green color or red or no color or orange green is good. Orange means like malfunctioning right not good because like I mean like physical if there is no physical connectivity. there is issue with the physical layer so definitely we cannot go ahead and we can check routing and other stuff because they all are mis like layer 2 and layer 3 operation switching is like layer 2 operation right and routing is layer 3 network layer if i start from layer 1 like and physical is what cable connectors physical connectivity so first you should check that in this laptopology of course like we are going to rule out physical connectivity issue because topology is like inside a simulator there is no point of physical connectivity issue right but in a real environment yes like first you should check physical connectivity right then what next now if your switch is manageable configurable like i am using cisco switch so even we can go to switch we can access switch telnet rssh or maybe we can plug in console cable and then we can access switch by using this secure crt or putty or any other software so here is the switch and what command you should run here so this trick is first check the status of all the interfaces show interfaces status is the command run this command show interfaces status and check the status of these two ports gig zero slash zero and gig zero slash two right so execute this command so what i can see from here router connects to gig zero slash zero so i can see like it's connected and computer gig zero slash two but i can see here gig zero slash two is disabled or maybe shut down or maybe error disabled right so something issue with gig zero slash two port itself is disabled further we can check the running configuration or maybe in short you can straight away run the command gig zero slash two show run interface gig zero slash two and see here like the port is shut down right shut down generally your switch ports are up not shut down but let's say if you see like port itself is shut down so you need to fix this and how we can do that we can run the command no shutdown command right even like there are some other reasons if port is down like maybe uh uh like here negotiation you have configured uh half duplex or full duplex because switch level also there can be other reasons also if the port is down i mean like if let's say uh you have configured this port or maybe this port even uh like let's say um 1000 MVPS data transfer rate right and my computer interface a laptop supports only 100 MVPS so this may cause a problem speed mismatch right speed mismatch so what we do generally we prefer to run this command of course negotiation auto because if you run command negotiation auto means it's not hard-coded negotiation is done they both mutually negotiate at what speed we both can operate right if computer says okay i do not support ever 100 mbps switch is capable of operating at 100 and 1000 so switch will start operating at 100 mps only so even if you uh like see like here speed is configured here right not auto so this this is another reason like if the port is in down state right so if now i go to gig zero slash two and run the command no shutdown to bring up the interface right and now let me show you status one more time right so interface status so gig zero slash two is also now connected right connected even we can further verify mac address table dynamically created so whenever we start communicating so even the switch has a mac table learned at gig zero slash zero and this mac address is of which device gateway r1 so very soon like if everything is in place Then of course, Mac address table should have two entries, one entry for router gateway, another entry for this end host device, Windows computer connected with port number two.

So, so initiate traffic and I'm going to do the same. Like I'm going to ping gateway again. One more time. It's a gateway pinging and yes, gateway is pinging now.

So first problem is fixed. right gateway is pinging and now if i check here mac address table so see here like mac address table has two entries now 5 0 0 0 0 0 4 is the mac address or hardware address of end host device right and connect it with port number two so now switch operation looks good so can we access now facebook.com so i'm back to this facebook.com and I'm trying to open facebook.com one more time right no luck so still facebook.com is not operating so very much I can reach to the gateway there is a gateway I can reach to the gateway but facebook.com is still not opening so what I will do now I will try to ping right facebook.com is ping working maybe sometime issue with the browser with the http protocol so can i ping the domain name facebook.com see here like the result so if it is not right facebook.com is still not pingable so at least At this stage, we can say we can never conclude anything, but at this stage, at least we can say that a problem might not be with the browser, with the HTTP protocol, because even I'm unable to ping facebook.com. Correct. And see here, like ping request could not find host facebook.com. Please check the name.

This is this. So if you are finding it difficult to see it, then. let me increase font size if possible yeah okay good so now you can see here uh there is a issue like with the thing so if you cannot ping like name right name because when we ping post a domain name so here like there are two steps in fact first step is what name facebook.com is resolved again with the dns because ping is like basically for ip not for the domain name what i did i typed ping and then domain name facebook.com but we understand networking is based on what ip ip address right so if i knew ip address of facebook then even i could have typed that but even if we type name so what happens again here there are two steps step number one name resolved to ip address and once like ip address obtained then actual ping packet or messages are sent. So now here I'm finding a difficult like like what the issue is but at least I can like find one issue here that even name didn't resolve right because if resolved then definitely I would have seen like IP address here but not resolved right facebook.com not resolved at least. so not resolved means like there seem to be some issue with the dns if like i'm not i don't see any ip address anyway so can we simply check like reachability to the dns server because i understand now and how did i understand because output is not showing any ip address forget about the ping reply and not even if i don't see reply messages coming back but if i see any ip address here like something So at least I understand, okay, name successfully is all to IP address, but because of some reason ping is not working, right?

But here like output is like what couldn't find host means like name not resolved. I don't see any IP address even here, no IP address here. So issue with the DNS server.

So DNS server means probably I'm not able to reach DNS server. So how we can verify? So if I try to ping DNS. then it's showing like transmit failed journal failure or something so uh but what about gateway gateway is reachable gateway is reachable can i ping any other ip over the internet no so in fact what is happening i'm not able to uh uh like go outside I mean like I can reach up to this point, gateway is pingable, but 888 is somewhere over the internet here.

I'm unable to connect with 888 and if I'm unable to connect with 888, so definitely there won't be any IP address. Name to IP resolution will never be successful. So what next steps should be?

So next steps should be like checking like IP configuration of the computer, right? Gateway is reachable, perfect. Machine has IP address Gateway and computer both are on the same network.

So in order to reach 888 outside, computer should have gateway address configured. Gateway configured means computer should be knowing that if destination is outside my enterprise network, then my first hope would be gateway. So I'll have to send the packet to the gateway. So next step after successfully pinging gateway IP, because now we have ruled out any issue with the cable, with the switch, right?

Cable, switch, connectors, LAN card in place, in fact, right? Because now successfully I can reach to the gateway, but still I cannot go outside. So first reason here is probably computer doesn't have gateway IP at this configured. probably not 100 right i cannot say like this is the only problem we are just moving like step by step all right so i'm back to the computer and how i will verify gateway so there are two ways first one is running the command ipconfig slash all from cmd command prompt right so you see like a lot of adapters forget to ignore those adapters mainly we are interested in ethernet or maybe wireless if you have wireless computer so you will be interested in wireless output wireless so we have like ethernet adapter not the wireless so look this or if any confusion then straight away you can just open this network connection and go to tcpip properties you can use shortcut command also So one way like verifying and I can see here like that there is no gateway configured on the machine. IP address is configured.

subnet mask is configured and just below this gateway is missing there is a gateway but computer doesn't know and gateway you understand like entry and exit point of the network so if the computer is not able to uh send the packet to the gateway so gateway cannot do anything right because gateway will do without packet only if gateway receive packet computer like has no idea about the gateway where is gateway computer doesn't know so that's the problem and is there any other way to uh check the ip configuration yes even you can go to this network connection properties change adapter settings and select your network in wireless network case you will find wireless network here right this computer has so many adapters because of some other like software origin installed on this machine so double click and check here properties ccp ip Gateway is missing here. So what I'm going to do, I'm going to configure gateway here. Gateway is configured So I configure gateway, gateway IP address, only gateway IP address, skipping everything else. And even like you can open this page with the command, shortcut command. Sometimes what happens on Windows machine, like we don't see like that.

your icon in fact so you can run the command ncpa.cpl network connection control panel so same page will open so multiple ways right just you want to see the configuration then you can use ipconfigure otherwise that's where you can go now uh can we now open cisco.com or sorry or facebook.com or any site let me hit down enter So now DNS is configured, but still I don't see any success now, right? Facebook.com, no, not working. So can we ping now Facebook.com from CLI? So I'm trying to ping Facebook.com.

just to rule out any issue of browser or something right so even from cli from command prompt it seems like no luck yes request could not and even i don't see any ip address here resolved i mean so the issue is not only with the ping even still the name is not getting successfully resolved to the ip address so what is the case now can i uh ping 888 reachability oops now you see here like how how we can interpret this error message so look at the error message i try to ping 88888 is over the internet right and what i see here reply from 1001 so 1001 is what gateway address right 1001 is gateway address and what gateway says gateway says that sorry destination host not reachable means like packet sent to gateway and returned by the gateway gateway rejected and with the message destination host unreachable sorry i don't know like where is the destination but why like because router means like so at least now again we we understand like everything is in good shape up to this point right packet successfully sent to the gateway now for the destination now packet sent to the gateway because i tried to ping not this ip i tried to ping it packet sent to the gateway and gateway returned back gateway said that sorry i don't know i don't have any information about it how i can reach why it is so because router is a device gateway is a device that route packet to only known networks and how that is identified whether definition is known or not so routers maintain a table known as routing table so whenever like packets sent to the gateway destination was what 888 immediately router will not reject the request packet router will take the request we'll see like if router has any information any route path for 888 or not if router has information in the routing table root then yes packet will be rooted and if there is more route then packet will be returned right and exactly this would have been the case here returned by the gateway that means router has no information no route for the destination in the routing table for sure right so no information for 888 in the routing table but the question here is over the internet there are million or billion of networks right whole bunch of IPs used over the internet. Facebook, Google, Twitter, Cisco, F5, Tickpoint, I mean like your machine IP, my computer IP, we all are part of internet right. Billion, billion of IPs, networks. So because if somehow if I put the route here in the routing table, so because we have concluded that there is routing issue.

So can we first like let me go to this router and show you the route first now i have opened the router now to ip out and see here router doesn't have any route what router has directly connected network router is connected with two net router is directly connected with two different networks network ten zero zero zero and network one nine two one six eight one dot zero router is connected two different networks right and slash 8. now if like we want to do routing here and you understand like directly connected networks automatically appear in the routing table and router is connected with the isp and then like under it remind ISP gateway is like 192.168.1.1 my like next hope is 192.168.1.1 basically so can i write it down here so for me like next of ip is 192.168.1.1 this is next hope for me for for this router basically so if let's say problem is what 888 not pinging so can we go this way if i put a route here maybe 888 for only one ip address or maybe network for one ip address even we can use mass like this slash 32 and then next top ip address known as host route for only one ip generally in routing what we do we put route for network entire network big network not for individual ip address but let us assume i did that so now i can verify from the routing table this router has route for 888 now i'm back to this machine right and if i try to uh ping 888 and see here it's reachable now right 888 is reachable 888 is what dns server so can i uh open website now 888 is reachable dns is reachable but still website no facebook.com is not opening why it is so because dns is reachable now right i put that out i'm back to this machine can i try pinging facebook.com one more time with the name this time right so i know name first get resolved to ip address and then actual ping happens so i'm typing here i have typed facebook.com to ping this uh like i mean like to see like whether it's pinging or not so still it's not pinging and there is another tool also like for this dns like if you want to check the dns so NSLOOKUP is the command and but before let's not get into this like you will get confused but why now and now like I'm not able to ping Facebook okay not able to ping Facebook that's okay that's fine but why I don't see the IP address because if I just take you to my laptop this is my laptop now I'm back to my laptop computer this one is my laptop right if I try to ping any IP address example cisco.com so then i'm able to ping cisco.com or not but at least if you see then at least first step is what this one ip address translation name translated to ip address and then actual ping happens right see here these two packets are four packets but before that before actual ping name to ip translation is done name to ip translation is done right name to ip downstairs and you can see here like name to ip translation is done name is resolved and for this name to IP translation only DNS should be reachable 888 should be reachable if 888 is reachable so definitely we should see IP address definitely a ping might be issue but why like name to IP translation is not working now because now we have verified that machine has reachability to 888 888 is reachable I can ping with IP address 888 it's a slow network simulator so sometimes we see one rto no problem but at least i see like the success here 888 is reachable router is doing routing so dns server is reachable but still i don't see ip address here so probably this is the reason that computer doesn't know like what is the ip address of dns who can resolve this name to ip address we know like 888 is the dns server ip dns will resolve name to ip address but tcp ip protocol my ethernet adapter should also be aware with that means like ip configuration is missing right probably ip configuration is missing so open this space adapter settings and properties tcp ip gateway is configured but what about the dns field dns field is blank right refer dns server is blank no dns server configured here and that is why computer has no idea like to whom i should ask like that can i get ip address of facebook.com so mention that right 888 now proper dns server is configured again i'm back to the same computer and see here like error name not forget about these configurations just is a standard message error message so even following along like these messages you might not be able to do troubleshooting it's just general message here but yes i can see error name not resolved anyway head down enter one more time try luck still moving on moving on either name not resolved let's see what happens are we able to open facebook because now uh computer has proper gateway configured computer has dns server and but pay is not loading up right facebook.com no error connection time out right so we'll try multiple times but like seems to be issue right and yes okay why now can we ping try pinging like facebook with the name now facebook.com so and see here the message what happens now at least name successfully got resolved to IP address. DNS has done its job, right? DNS job is to resolve name to IP address. Successfully done.

But still, we see like some message reply from this, this, this, this, this. So what is the IP address of facebook.com now? I can see from here facebook.com IP is 157.240.198.35.

So this router have the route for this destination facebook.com no router has only one route for 888 so do we have to put route for this network also in the router would be done but not a scalable solution i mean like doing routing this way again just as i put a route here for facebook right facebook ip first and then facebook then cisco f5 checkpoint twitter right palo alto msl so i'm like is it possible going this way no Because over the internet there are thousand, not thousand, even million, billion of destination IPs. Million, billion. So is it feasible, is it scalable that we can put route for million networks going this way? No.

And even let us assume we do somehow. So this router should have sufficient memory, processor, very high end device. Generally, higher end routers are deployed at ISP level, Internet Service Provider level, not at customer level.

So, in order to have full routing table, first static routing cannot be used. Because you cannot run IP route command million or billion times. Then for that there is one protocol, very advanced routing protocol, BGP. We do that with this BGP protocol.

but again like the problem is like too many routes and cpu memory consumption yes but so what's the solution now because you understand the problem if i put it out for 888 then only 888 is reachable right not the facebook not the twitter so i cannot go this way so just get rid of this route the route that i created one route now let me show you no ip route and how we can remove route no ip route is the command and next of ip address and now what i'm going to do and check the routing table one more time no route so instead of putting million or billion route what i'm going to do i'm going to put only one now that's it what is it i said ip route any network address any network address zero means any any network address network address first zero means any network address and second zero means this one any subnet mask So what I said any network address, any subnet mask, next job should be this. Your ISP router. So 000 means any.

Why two times? Because first like network address, any network address and any subnet mask. No matter what the mask is, send packet to this. Done. Right.

And if I show you, I am known as default route. The route is known as default route. Right. What is? default route so routing is known as default route and will be represented with asterisk in the routing table it's a gateway of last resort gateway of last resort right means what to do if like there is no matching route send all packets blindly to this gateway to this next one into 168.1.1 so can we see the route table now and here we go you you see here like there is a root via this and asterisk means s stand for uh static so you you will find this somewhere here oh yeah static static and asterisk means default where is candidate default here it is so technically it's a default route gateway of loss result is one and two means any network address next hope is one and two one six eight one dot one so does this solve problem because routing is done now right okay let me back to this can be ping facebook.com now so first like name ip resolution successfully done i can see 150 and here we go 157 is springing even our network is a bit slow in simulator i'm running i have tried to simulate everything on this now can we try one more time facebook.com worked right open now facebook.com so facebook.com successfully opened i have not brought any security here That's another piece of information you need to look for in real environment but for that you will have to understand firewall.

basic firewalling concept i will explain like in security section in the next class on monday if you uh like want to be exporting security then for that there are some dedicated trainings like firewall trainings like palo alto checkpoint and there are different vendors right palo alto is the leading one palo alto networks the top most firewall worldwide it's us-based so there are different vendors there also they offer courses like very much like ccn firewall courses but but that's something different basic firewalling even i will explain in the next class so i have not brought any uh security uh reason here because the next would have been that what if this computer is able to open facebook but twitter is not working right or maybe some other application is not working and one application is working Then for that we will have to look at firewall policy and all that. In this technology there is no firewall and firewall generally is another device, hardware appliance, can be software device and generally we put firewall here behind the router. And it first like traffic is inspected, is screened, screening is done here. What URL, what website, what applications should be allowed or not.

And then packet is sent to the gateway and then to the internet. So for you, immediate gateway will be firewall. Firewall is another device, dedicated hardware.

As generally Palo Alto is the leading vendor. Cisco has also a firewall known as FTD, Fire Power Threat Defense, but not very popular because Cisco is popular in networking, not in security. In security like these vendors, Palo Alto and there is another Israel-based company.

very top most company checkpoint and uh headquarter is in us so another big company is checkpoint and the third one is 40 gate 40 gate firewall so there are three leading vendors right palo alto checkpoint and 148 they are dealing firewall means security security right but i try to assimilate so uh i hope Now we have put everything together in this topology right. A bit of end-hose device like what type of configuration you should do on end-hose device. A bit of switch routing also, DNS also.

So I tried to put everything in a single topology and fault was already injected. Just I wanted to show you a step-by-step troubleshooting approach how you can start doing troubleshooting. So was it that interesting? Like because now we'll conclude here because now it's working fine and user is happy like opening like Facebook so everything is in good place and this simulator even like router is really connected with the internet right so it was not virtual in fact it was very much a real lab in fact.

because router really connected with the internet with my next door i did that so very much you can like check other website other domain also so any question like if anyone has any question or if you want to share something then yes because i will not start any new topic today as i said yesterday if we are going to focus on troubleshooting so next topic means security security i will start security means a bit of firewalling right in monday session firewall or security So I'm stopping recording here and start from my site. If you have any question, any query, then you can ask. Otherwise, we'll end up session here for today.

Monday, like we'll start with new topic, security, access control list, a little bit about firewalls. So let me stop recording.

Transcript for:Step-by-Step Internet Troubleshooting Guide

Transcript for:
Step-by-Step Internet Troubleshooting Guide