Verify network status and switch operation using basic utilities
Exam: Cisco 200-120 - CCNA Cisco Certified Network Associate CCNA (803)
Once you have configured your network with switches and routers, you may need to verify and troubleshoot your network. Some of the commands that you can use to verify and troubleshot your network arediscussed in this chapter. The commands discussed in the chapter may be used from both a PC and a Cisco router. They may do the same thing but their implementation is different.
Packet InterNet Groper (Ping)
The ping command allows you to verify the connectivity of your PC to the remote hosts. It is a very good command to troubleshoot your network for the connectivity of devices on your network. However, if you need to find out the connectivity of your computer to a different subnet, you need to specify the route to the subnet or configure the router between your subnet and the other subnet to which you want to connect.
The Ping command uses ICMP (Internet Control Message Protocol) echo request and ICMP echo replies query messages to find out whether the remote host is active or not. It also allows you to find out theminimum, average, and maximum time to reach a host and return back.
The ping command works by first sending an echo request to a host. The Ping then waits till it gets a reply from the host. If the ping is able to get to the destination and is able to get an echo reply from the host, the Ping is successful.
The ping command can be executed in normal and privileged mode but cannot be executed in configuration mode. The command returns the following types of output:
- Normal response: host is alive message is returned with 1 to 10 seconds.
- Unknown host: ping displays Unknown host message when the host does not exist.
- Destination unreachable: the default gateway cannot reach the specified network
- Destination does not respond: ping displays No Answer message.
- Network or host unreachable:the Network or host unreachable message is displayed when there is no entry of the host in the route table of the host network.
This example shows how to ping a remote host from normal executive mode:
Switch# ping host1
host1is alive
Switch>ping 172.168.10.3
172.168.10.3 is alive
Switch#
In exec mode, the Ping command returns the number of packets, the packet size, and the timeout period as output:
Traceroute
The traceroute command allows you to discover the path or the list of routers taken by a device to reach the network destination. As the name suggests, the traceroute command traces the path that a network packet takes to reach a destination. The traceroute command also allows you to find out the places where the routing has broken down by displaying TTL time-outs and ICMP error messages.
The command cannot be executed from the DOS prompt. The following example displays the hops that the network packet has taken to reach the destination by using the traceroute command:
Todd#trace r1
Typeescape sequence to abort.
Tracing the route to r1.test.com (172.168.10.2)
1 r1.test.com (172.168.10.2) 16 msec * 16 msec
The above example shows that the packet went through a single hop to reach the destination.
Telnet
The telnet command allows you to access the command-line interface (CLI) of the switch and to access other devices on the network using the switch. You need to configure a telnet session to use it by setting up the IP address and settingup the default gateway on the switch.
You can have multiple telnet sessions. The maximum limit of telnet sessions however is 8 simultaneous sessions. The following command opens a Telnet session to a remote host.
Switch#telnethost[port]
This example shows how to establish a Telnet connection from the switch to the remote host named PC1:
Switch# telnet PC1
Trying 172.168.10.3...
Connected to PC1
Escape character is '^]'.
SSH
Just like telnet, the SSH (secure shell) is also used to build a connection to a router, a switch or other networking devices for network management. However, the SSH command is a secure option to use as compared to telnet because telnet does not encrypt its connections whereas SSH encrypts its connections. A hacker can easily capture the network packets from a telnet session but cannot capture packets from an SSH session.
SSH uses digital certificates, in a Public/Private Key Cryptography to authenticate client and server computers.
Just like telnet, you need to configure SSH on your router with hostname, domain name and generate a certificate to encrypt SSH packets.
ARP
The ARP command allows you to add an entry in the Address Resolution Protocol (ARP) cache, which is used by a software application to translate 32-bit IP addresses into 48-bit hardware addresses.
The ARP command allows you to create IP-to-MAC address mappings. To add a permanent entry in the ARP cache, you need to execute the command in global configuration mode and to remove an entry from the cache you need to use the No form of this command.
arp[vrfvrf-name]ip-addresshardware-addressencapsulation-type[alias]
noarp[vrfvrf-name]ip-addresshardware-addressencapsulation-type[alias]
Where:/p>
vrf: specifies VPN routing and forwarding instance. This is an optional parameter for the command.
Vrf name: specifies the VRF instance that identifies a VPN. This is an optional parameter for the command.
Ip-address : IP address (Ipv4 address) for which a permanent entry is to be added to the ARP cache
hardware-address : Hardware (data link layer) address that the IPv4 address is linked to.
Encapsulation-type :the encapsulation types are:arpa, srp, srpa, srpb.
For Ethernet interfaces, the arpa encapsulation is used typically.
The following example shows a static ARP entry for a typical Ethernet host:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# arp 192.168.17.19 0800.0900.1834 arpa
Iconfig
The ipconfig command allows you to view the current IP settings of your NIC on your PC or for your router’s LAN/WAN interfaces. The output of the ipconfig command displays the IP Address, Subnet Mask, Default Gateway, and (on a PC), even the DNS Servers.
Show and debug commands
The show and debug commands have multiple options and are available for many features and functions within CiscoIOS software. To show command is used to verify the MST (Multiple Spanning Tree) configuration. Some examples of show commands are show interface, show buffers, showsection, and showflash.
The debug command allows you to troubleshoot your network with the extensive output that the command generates. Someexamples of debugcommands aredebug all,debug aaa accounting, anddebug mpls packets. You need a telnet session to use debug commands. You can turn off the debug command by using undebug all command.
Example Question
Which of the following commands would you use to display all the current IP settings on your switch?
- ping
- SSH
- arp
- ipconfig
Answer: D
The ipconfig command allows you to view the current IP settings of your NIC on your PC or for your router’s LAN/WAN interfaces.

Related IT Guides
- Configure and verify ACLs in a network environment
- Configure and verify an ACLs to limit telnet and SSH access to the router
- Configure and verify DHCP (IOS Router)
- Configure and verify initial switch configuration including remote access management
- Configure and verify interVLAN routing (Router on a stick)
- Configure and verify VLANs
- Describe the types, features, and applications of ACLs
- Identify and correct common network problems
- Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
- Select the Components Required to Meet a Network Specification