IOS Ping With Extended Options

While Ping is one of the best known tools for network monitoring and troubleshooting, the IOS version has a set of options that make it even more useful than the Ping you might know from your desktop. For instance, IOS allows you to set the size of the datagram and the DF (Do not Fragment) bit, so you can test MTU (Maximum transmission unit) of a network path.

Ping officially stands for “Packet INternet Groper,” but that is a backronym with the name probably coming from the pinging sound of active sonar.

Ping is part of the ICMP (Internet Control Message Protocol) suite, and uses Type 8 (Echo Request) and Type 0 (Echo Reply) ICMP messages. Below is a Wireshark analysis of an ping request packet. 

Note the Ethernet type of 0x0800 (IP), an IP protocol of 1 (ICMP), and and ICMP type of 8 (Echo Request). ICMP does not use TCP or UDP, it is it’s own protocol riding directly on IP.

To use Ping without the expended commands, you can just issue the ping command, followed by the ip address you want to ping.

R1#ping 192.168.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/102/312 ms

If you want to use the extended commands, you can add some of the options to the end of the ping command:

R1#ping 192.168.13.3 ?
  data      specify data pattern
  df-bit    enable do not fragment bit in IP header
  repeat    specify repeat count
  size      specify datagram size
  source    specify source address or name
  timeout   specify timeout interval
  validate  validate reply data
  <cr>

Or issue the ping command, and hit enter, and IOS will prompt you for the other options. This allows for more options than are available as command line options, and walks you through the options you can set.

R1#ping 
Protocol [ip]: 
Target IP address: 192.168.1.1 
Repeat count [5]: 
Datagram size [100]: 
Timeout in seconds [2]: 
Extended commands [n]: y
Source address or interface: 
Type of service [0]: 
Set DF bit in IP header? [no]: 
Validate reply data? [no]: 
Data pattern [0xABCD]: 
Loose, Strict, Record, Timestamp, Verbose[none]: 
Sweep range of sizes [n]: 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5)
R1#

The options for IP ping are as follows:

  • Protocol – Although IP is the most common protocol, IOS Ping also supports appletalk, clns, decnet, ipv6, ipx, mpls, and srb.
  • Repeat Count – How many ping requests should be sent? If you are looking for packet loss, it can be useful to send more pings. Five percent packet loss is one packet out of 20, so you may not see it reliably without sending hundreds of pings.
  • Datagram size – the size of the packets to be sent. This can be quite useful for testing for network congestion, or a segment that has an MTU that is either preventing larger packets from passing through or causing delays due to fragmentation.
  • Timeout in Seconds – How long to wait before considering a packet lost. 2 seconds should be fine for most uses, but it can be adjusted up or down to test for tighter requirements, or see if there is an inordinately long delay rather than a full outage.
  • Extended Commands – Allows for the following extended commands.
  • Source Address or Interface – by default, IOS sends internally sourced traffic, such as ping, traceroute, or outgoing telnet/SSH with a source IP of the outgoing interface. You can specify another interface, or an address assigned to an interface on the router. You may need to do this to test reverse routes, or test NAT or IPSec. You can either specify the interface or an ip address on the router for this.
  •  Type of Service – set a type of service to test QoS.
  • Set DF bit in IP header – Set the Do not Fragment bit in the IP header to prevent transit routers from fragmenting the packet. The size where you start losing packets indicates the MTU somewhere along the path. 
  • Validate reply data – Validate the data in the reply packets. Could be useful for troubleshooting framing errors. 
  • Data pattern – Specify a HEX data pattern to use. This could also be used looking for framing errors.
  • Loose, Strict, Record, Timestamp, Verbose. Specific options that can be added, definitions follow. Once you enter one, it will prompt you again, with the options entered in brackets. To proceed press enter again, or select another option. 
    • Verbose information (automatically enabled with the other options) displays more information, such as the time for individual pings, rather than just showing exclamation points (for  successful pings) and  periods (of lost pings)
    • Record displays up to nine hops, but shows both the hops to and from the remote host, where traceroute only shows hops to the destination. 
    • Loose/Strict allows you to set IP addresses the packets should pass through. Strict requires the packet to take that route, while loose will attempt to pass those IPs, but can pass through others, as well.
  • Sweep range of sizes – Set a minimum size, maximum size, and the size interval in bytes, and have IOS sweep the sizes to determine the MTU

Here is an example sweeping for the MTU. If you need more detail, you could run a sweep between the last successful size, 1500, and the first failed size, 1600, at a smaller interval to find an exact MTU.

R1#ping      
Protocol [ip]: 
Target IP address: 172.16.2.2
Repeat count [5]: 1 !only send one set of pings, or the sweep will be repeated.
Datagram size [100]: 
Timeout in seconds [2]: 
Extended commands [n]: y
Source address or interface: 
Type of service [0]: 
Set DF bit in IP header? [no]: yes
Validate reply data? [no]: 
Data pattern [0xABCD]: 
Loose, Strict, Record, Timestamp, Verbose[none]: V
Loose, Strict, Record, Timestamp, Verbose[V]: 
Sweep range of sizes [n]: y
Sweep min size [36]: 100
Sweep max size [18024]: 2000
Sweep interval [1]: 100
Type escape sequence to abort.
Sending 20, [100..2000]-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds:
Packet sent with the DF bit set
Reply to request 0 (36 ms) (size 100)
Reply to request 1 (116 ms) (size 200)
Reply to request 2 (76 ms) (size 300)
Reply to request 3 (48 ms) (size 400)
Reply to request 4 (32 ms) (size 500)
Reply to request 5 (8 ms) (size 600)
Reply to request 6 (16 ms) (size 700)
Reply to request 7 (28 ms) (size 800)
Reply to request 8 (16 ms) (size 900)
Reply to request 9 (32 ms) (size 1000)
Reply to request 10 (12 ms) (size 1100)
Reply to request 11 (32 ms) (size 1200)
Reply to request 12 (16 ms) (size 1300)
Reply to request 13 (28 ms) (size 1400)
Reply to request 14 (4 ms) (size 1500)
Request 15 timed out (size 1600)
Request 16 timed out (size 1700)
Request 17 timed out (size 1800)
Request 18 timed out (size 1900)
Request 19 timed out (size 2000)
Success rate is 75 percent (15/20), round-trip min/avg/max = 4/33/116 ms

Summary:

Ping is a tool used to monitor and troubleshoot networks. It is based on ICMP, a set of protocols and tools built into the TCP/IP protocol stack. Any IP host should be able to respond to Pings, although some block it for security reasons.

IOS Ping allows an administrator to set advanced options, increasing its value as a troubleshooting tool.

The CCNA blueprint includes extended ping in the topics, so make sure you know this material, and that you take some time testing the the different options.

For more information on this, see:

Configuring and Using Floating Static Routes

Sometimes it becomes necessary to build static backup routes, where a dynamically learned route is preferred, and the static route is only used if the dynamic route is lost. Common applications of this would be a WAN with a VPN backup, and Dial on Demand Routing (DDR). The route to a remote location is normally learned over the WAN by a routing protocol, but should be routed out an interface configured for VPN if the WAN connection is lost.

Since the default administrative distance of static routes makes them preferred over any routes learned by dynamic protocols, this normally would not work. The router would prefer the route to the VPN all the time.

There are a couple ways around this. One would be to use a less specific route, such as a default route, which would only be preferred if the more specific routes are lost, but this is not always workable. If both internet and VPN traffic should take the same route, often the default route could be used, since the more specific dynamic routes would be preferred if available.

The other option, and the one we will look at here, is a so-called floating static route. Floating static routes are like regular static routes, except that the administrative distance has been manually changed. Since this allows for the static route having a higher administrative distance than the dynamic routes, so they will not be used if there is a dynamic route available.

In the following, we are learning the route to 172.16.2.0/24 from OSPF, pointed to 192.168.12.3. After adding the static route with an administrative distance of 254, we are still routing via OSPF. Then we lose our OSPF neighbor, and the static route takes over, with an Administrative distance of 254.

R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.13.3 254
R1(config)#
R1(config)#do sh ip route                                    
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Loopback0
O       172.16.2.0 [110/11] via 192.168.12.3, 00:00:12, FastEthernet0/1
R1(config)#
*Mar  3 05:13:25.666: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.12.3 on 
FastEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
R1(config)#
R1(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Loopback0
S       172.16.2.0 [254/0] via 192.168.13.3
R1(config)#

While Administrative distances go up to 255, a route with an AD of 255 will not be installed in the routing table, so 254 is effectively the highest you can use. Note that the route is no longer installed in the routing table after having the AD changed to 255.

R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.13.3 255
R1(config)#
R1(config)#do sh ip route                                    
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Loopback0
R1(config)#

Any administrative distance can be assigned to a static route, but to work as a floating static route, it needs to have an AD between the AD of the routing protocol +1 and 254, inclusive. If it is below the routing protocol it will be preferred, rather than floating, 255 is not used. Below the route is added with an AD of 111, which makes it less preferred than OSPF, but it would be preferred over a RIP route with an AD of 120. If you find yourself needing to do this, it’s probably time to redesign your network, but it is possible.

R1(config)#ip route 172.16.2.0 255.255.255.0 192.168.13.3 111
R1(config)#
R1(config)#do sh ip route                                    
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Loopback0
S       172.16.2.0 [111/0] via 192.168.13.3
R1(config)#
*Mar  3 05:19:23.042: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.12.3 on 
FastEthernet0/1 from LOADING to FULL, Loading Done
R1(config)#
R1(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, FastEthernet0/1
C    192.168.13.0/24 is directly connected, Serial1/3
     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Loopback0
O       172.16.2.0 [110/11] via 192.168.12.3, 00:02:56, FastEthernet0/1
R1(config)#

Summary.

Floating static allows an administrator to define a static backup route by manipulating the Administrative Distance. Without manipulating the AD, static routes are preferred over any dynamic protocol. The AD needs to be set somewhere between one more than the routing protocol and 254, since routes with an AD of 255 will not get installed in the routing table. While you can set it at a lower number, floating statics normally use 254, which leads to more predictable behavior, and is more likely to be understood if someone else needs to work on the network.

Further Reading:

Sample Configuration: Using Floating Static Routes and Dial-on-Demand Routing – Cisco.com
CCENT/CCNA ICND1 100-105 Official Cert Guide (affiliate link)
Routing TCP/IP Volume 1, Chapter 3. (affiliate link)

Reversible vs. Non-Reversible Encryption

Cisco devices can store passwords using either a reversible (Type 7) or non-reversible (Type 4 or 5, enabled by the “secret” keyword) encryption.

Reversible encryption has the ability to decrypt the stored password, which can then be compared to the password a user wishing to authenticate provides. Cisco Type 7 passwords are stored using reversible encryption. When you configure a password with “service password-encryption” enabled in the config, the device runs a calculation against the password, creating a string that contains the encrypted password. It is not a simple substitution cipher, but it is easily decrypted, and can even be decrypted on a router. Continue reading

Initial Configuration of IOS Devices

In this post we will take a look at the initial configuration that should be performed on a new device before the actual network configuration is performed.

Most Cisco IOS devices come from the factory with a very basic default configuration, and require configuration before the are deployed. The majority come with no IP addresses, and routers even have all their interfaces shut down by default.

To begin the configuration, the first step is to console into the device, using either a serial port and the Cisco rollover serial cable, or the mini USB port on the newer devices. Console settings should be 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control. You need terminal emulation software, such as PuTTY or SecureCRT.

Continue reading

Practical OSI Layers – Part 2

In the previous post, we took a look at the basics of the OSI and TCP/IP model layers. In this post we are going to take a closer look at end to end routing of a packet, and the interaction between layers 2 and 3 as a packet is passed between routers to it’s ultimate destination. The following is the general process to route between endpoints. Some operating systems may behave a little different that described, but this is the general process.

This post will use this network, with a telnet session from R1 to R3. R1 is connected to R2 via a serial link running PPP, and R2 is connected to R3 via an Ethernet segment. Continue reading

Practical OSI Layers – Part 1

In this post, we are going to explore the OSI and TCP/IP layered model, and use some packet capture examples to illustrate the modular nature of the two models.

One of the most difficult subjects for many people beginning to learn networking or studying for the Network+ or CCNA certifications to grasp seems to be the 7 layer model used by the OSI model and the similar model used by TCP/IP. The two models do the same thing, but define slightly different layers. They are as follows: Continue reading

Default routing options

There are a number of different ways you can implement a default route in IOS. The method you choose depends on the circumstances (routing protocol used, equipment being configured, etc.) and your design goals (such as static vs. dynamic routing.)

ip default-gateway

The ip default-gateway command only works on a device not running IP routing. The most common uses of this command are L2 switches and access points, although it could theoretically be used on something like a voice gateway with only one connection, and the no ip routing command configured. Frankly, I cannot think of any advantage or doing this over a static route. Continue reading

Configuring Router on a Stick

Router on a stick (or One Armed Router) is a common name for a configuration used for routing between VLANs on a single Ethernet (including Fast/Gig/10Gig) interface. This configuration uses sub-interfaces on the separate VLANs and an 802.1q or ISL trunk to perform the routing. There are a few reasons you would use this configuration, and several not to. Probably the most common reason is cost. Most branches will have a router for WAN or internet access, using the same router for routing between VLANs saves the cost of a Layer 3 switch. You may also wish to make use of some of the more advanced features on a router, such as firewalling.  Another thing that cuts both ways is that you gain some simplicity by minimizing the number of routing devices, but you add complexity to the configuration of the router. The main drawback is performance. You are pushing all your traffic between two VLANs through a single interface, which could become a network bottleneck. You have to determine the potential impact to your network. The topology and network usage will largely determine how big an impact this will have. If you have all your PCs on one VLAN, and a couple servers that you are doing large file transfers with on another, and your printers on their own VLAN, you are probably going to see some serious issues. Conversely, if you have a single data VLAN, a wireless VLAN, and a voice VLAN, with the majority of the traffic from each going back to a central site over a WAN connection, this may be a very legitimate production use of router on a stick.

Continue reading

Implementing SPAN

Switched Port Analyzer (SPAN) is a means of redirecting traffic from one switch port to another for analysis. An example would be capturing the traffic to a host with a PC running a program like Wireshark. Setting up SPAN is a relatively simple operation, consisting of creating a monitoring session by specifying a source and destination. Multiple SPAN operations can be active on a switch at any given time, depending on the hardware platform.

To specify a source,  the port with the host to be monitored, issue the following command:

monitor session <session number> source interface <interface name> [rx|tx|both]

The session number is a locally significant value, used to match the source to the destination. This value must match in both commands. The RX, TX, or Both keyword limit the traffic captured to received or transmitted traffic only, or both directions. If no option is specified, bidirectional traffic will be captured.

To specify the destination, the port with the traffic analyzer, issue the following command:

monitor session <session number> destination interface <interface name>

Once both commands are configured, all traffic to and from the source port will be mirrored to the destination port, and can be captured with some sort of traffic analyzer. By default the destination port will not pass other traffic while in SPAN destination mode.

Here is an example of the configuration, as well as verification with the “show monitor session” command.

Switch(config)#monitor session 1 source interface fastEthernet 0/24
Switch(config)#monitor session 1 destination interface fastEthernet 0/23
Switch(config)#end
Switch#sh monitor session 1
Session 1
———
Source Ports:
RX Only:       None
TX Only:       None
Both:          Fa0/24
Destination Ports: Fa0/23

Basic Subnetting Trick

This is good for Cisco exams, and work, if you ever need to figure out subnets on paper. 

To figure out the valid addresses in a subnet: 
Take the octet that is not 0 or 255, for example starting with 255.255.224.0, take 224, and subtract that value from 256 (256 – 224 = 32). Now make a chart starting at 0, and adding the value from that last step with each line, up to 256 (the note board I got for the CCNA had gridlines, which made it even easier) 


32 
64 
96 
128 
160 
192 
224 
256 


Now, leaving room in between, write on each line the value of the line below, minus 1 

 

 
  0       31 
 32       63 
 64       95 
 96       127 
128      159 
160      191 
192      223 
224      255 
256 


The values on the left are the valid subnet addresses, and the right is the broadcast address. 

If you want, now fill in the valid ranges in between 

 

Code:
  0         1-30          31 
  32      33-62          63 
  64      63-94          95 
  96      97-126        127 
128     127-158        159 
160     161-190        191 
192     192-222        223 
224     225-254        255 
256 


There you go, all your addresses, with subnet and broadcast addresses.