Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,786 --> 00:00:07,856 >> You don't have to be in the IT career field for long to realize that there is a lot 2 00:00:07,856 --> 00:00:09,916 of finger pointing going on in this game. 3 00:00:10,696 --> 00:00:13,386 It's always an IT person's job. 4 00:00:13,386 --> 00:00:16,466 It feels like, to be able to point a finger somewhere else 5 00:00:16,466 --> 00:00:18,506 that it's not their responsibility. 6 00:00:18,506 --> 00:00:21,726 For example, someone says, "Hey, the internet is slow." 7 00:00:21,876 --> 00:00:25,816 And, you know, you want to be able to say, "Well, you know, it's a, you know, 8 00:00:25,816 --> 00:00:27,096 fill in your service right out there." 9 00:00:27,096 --> 00:00:28,316 It's the internet service, right. 10 00:00:28,316 --> 00:00:33,906 They must be, you know, let me call them, you know, they must be, like it feels good 11 00:00:33,906 --> 00:00:36,756 for an IT person, it shouldn't be this way, but it is. 12 00:00:36,756 --> 00:00:43,116 It feels good for an IT person to be able to turn and say, "It's not my fault, it's them." 13 00:00:43,306 --> 00:00:46,766 And let me prepare you as you are getting into this network world, 14 00:00:47,206 --> 00:00:53,076 you will find that finger pointed at you so often for issues that well, 15 00:00:53,076 --> 00:00:57,766 it may be your fault, it may be our fault as network people, but for the most part, 16 00:00:57,766 --> 00:01:00,156 if we do our jobs well, it's not. 17 00:01:00,346 --> 00:01:04,406 It's just-- it's an easy finger to point when somebody is like, hey, you know what, 18 00:01:04,476 --> 00:01:10,096 things are just running slow, you know, all the Microsoft team looks over and goes, Cisco guys, 19 00:01:10,096 --> 00:01:15,436 that's their issue, must be them, let's forward that ticket over to them, it's a slow thing. 20 00:01:15,436 --> 00:01:20,076 So, if things feel slow, it must be a network thing or programmers, you know. 21 00:01:20,076 --> 00:01:22,876 A lot of times, you know, there might be a bug in their code. 22 00:01:23,116 --> 00:01:27,326 Not-- it's not always that, you know, here I am pointing the finger right back. 23 00:01:27,326 --> 00:01:30,066 I'm like, "It's their fault and it's never our fault," right? 24 00:01:30,236 --> 00:01:33,366 So, programmers often will have a bug in their code or whatever 25 00:01:33,366 --> 00:01:34,806 and they'll be like, "Oh, it's the network." 26 00:01:34,806 --> 00:01:36,756 And the network guys are like, "No it's not. 27 00:01:36,756 --> 00:01:39,706 Everything works fine except for your program, I mean, it's your program." 28 00:01:39,706 --> 00:01:45,596 So, you get this big finger pointing game, that's when I'm about to train you how to do. 29 00:01:45,706 --> 00:01:49,716 [laughs] So, this nugget that you're looking out right now is actually an after thought. 30 00:01:49,716 --> 00:01:53,046 I was going through and putting together the flow and I was like, "Okay, 31 00:01:53,046 --> 00:01:59,106 we got the base configuration and I was about to get into VLANs which is an alter cool topic, 32 00:01:59,106 --> 00:02:02,686 I mean, kind of an earth shattering topic in terms of network technology. 33 00:02:03,056 --> 00:02:06,196 And I'm sitting here thinking, I'm like, there's more, there's more. 34 00:02:06,196 --> 00:02:09,026 I felt like there's just more somewhere 35 00:02:09,026 --> 00:02:11,946 in between the base configuration which we just talked about. 36 00:02:11,946 --> 00:02:15,876 We have our switches manageable securely and all that kind of stuff. 37 00:02:15,876 --> 00:02:17,416 And then VLANS which is over here. 38 00:02:17,416 --> 00:02:21,456 There's like this squishy middle ground and that's where this nugget came from. 39 00:02:22,116 --> 00:02:24,916 Day-to-day operation of Cisco switches. 40 00:02:25,586 --> 00:02:29,146 Questions like, "Hey, the network is slow, what could cause that?" 41 00:02:29,146 --> 00:02:34,516 Or, let me give you a kind of a more-- a bigger picture to that. 42 00:02:34,846 --> 00:02:39,146 What can you say or what can you do to prove that it's not the network 43 00:02:39,316 --> 00:02:41,316 or to prove that it is, one of those two. 44 00:02:41,316 --> 00:02:43,606 And that will be some of the key interface counters. 45 00:02:43,606 --> 00:02:49,656 And then another one will be, you know, the firewall admin contacts you and says, 46 00:02:49,656 --> 00:02:54,686 "Hey there's somebody with this IP address that is just flooding our internet connection, 47 00:02:54,686 --> 00:02:56,696 you know, they're causing tons of traffic." 48 00:02:56,696 --> 00:02:58,726 So, they're like, "Where is that person?" 49 00:02:59,366 --> 00:03:00,906 You know, and you go, "Ahh, uhm." 50 00:03:00,906 --> 00:03:04,566 How do you find them, finding devices using the MAC address table? 51 00:03:05,006 --> 00:03:11,896 So if somebody is point the finger at you saying you're the problem, your network is the issue, 52 00:03:12,316 --> 00:03:15,916 the best place to go is directly into the live switch interface 53 00:03:15,916 --> 00:03:16,886 and that's where I want to keep it. 54 00:03:16,886 --> 00:03:19,506 Let's start off with the network is slow. 55 00:03:19,786 --> 00:03:23,016 That is one of the worst complaints that you can get, 56 00:03:23,016 --> 00:03:25,896 not worst as in it's a major problem, although it could be. 57 00:03:26,156 --> 00:03:28,446 It's just like, what does that mean? 58 00:03:28,446 --> 00:03:32,856 I mean, it's like saying, somebody come up to me and like, "My car is broken," and you're like, 59 00:03:32,856 --> 00:03:34,776 "Well, what wrong with your car?" 60 00:03:34,906 --> 00:03:39,316 "I don't know," [laughs] and you're like, "Ahh, so what's broken about it?" 61 00:03:39,536 --> 00:03:42,886 "Like, I don't know, it's just kind of doesn't run right." 62 00:03:43,156 --> 00:03:44,156 Well, so you see what I mean? 63 00:03:44,156 --> 00:03:45,696 It's kind of like the network, so what does that mean? 64 00:03:45,696 --> 00:03:50,886 Like, slow compared to home, are you surfing the net and you can't watch your YouTube videos? 65 00:03:50,886 --> 00:03:54,576 I mean, what does that mean when you say the network is slow 'cause it's one 66 00:03:54,576 --> 00:03:58,766 of the most painful things to really even quantify to say, "Here's what it mean." 67 00:03:58,766 --> 00:04:01,216 So, the biggest thing that we want to look 68 00:04:01,216 --> 00:04:07,946 at when we get network is slow is our interface counters and as they relate to speed and duplex. 69 00:04:08,056 --> 00:04:11,026 Let me tell you the tale of speed and duplex. 70 00:04:11,146 --> 00:04:15,246 Speed and duplex has long since been an issue. 71 00:04:15,306 --> 00:04:18,966 When you connect a device, that's a mutant computer, 72 00:04:18,966 --> 00:04:23,356 there to a switch, both sides are set to auto. 73 00:04:23,386 --> 00:04:28,026 And now, I'm drawing a computer but I'm talking routers, servers, printers, 74 00:04:28,026 --> 00:04:30,726 everything can fall victim to this auto detect. 75 00:04:30,726 --> 00:04:32,056 And what do I mean by auto? 76 00:04:32,216 --> 00:04:36,936 That means that the network card is designed to auto detect the speed and duplex 77 00:04:36,936 --> 00:04:38,806 to figure out what the other side is. 78 00:04:38,806 --> 00:04:40,536 Are you 10 megabits per second? 79 00:04:40,636 --> 00:04:41,526 Are you a hundred? 80 00:04:41,526 --> 00:04:43,046 Are you gigabit per second? 81 00:04:43,046 --> 00:04:46,766 Are you full duplex to where you can send and receive at the same time, 82 00:04:46,766 --> 00:04:49,016 you can kind of do this at the same time? 83 00:04:49,186 --> 00:04:53,366 Or, you have duplex to where I can send and you receive and then I have to wait and you send 84 00:04:53,366 --> 00:04:55,396 and I receive, you know, what are you? 85 00:04:55,396 --> 00:04:57,446 So auto detect is supposed to resolve that. 86 00:04:57,446 --> 00:05:01,076 But there were problems, there were problems with auto detect 87 00:05:01,076 --> 00:05:05,276 in the 10 megabit per second world, there was problems with the auto detect mechanism 88 00:05:05,426 --> 00:05:07,786 and the 100 megabit per second world. 89 00:05:08,046 --> 00:05:13,856 They fixed the problems with auto detect when we got to gigabit per second. 90 00:05:13,856 --> 00:05:17,916 Meaning, it now works in all the recommendations, well say, 91 00:05:18,166 --> 00:05:23,966 you should set both sides to auto, dot dot dot if you're running gigabit per-- gigabit speed. 92 00:05:23,966 --> 00:05:27,936 If you got gigabit network cards everywhere then great, but not everybody will have that 93 00:05:27,936 --> 00:05:31,496 and not everybody will have that for quite some time because it takes time for things 94 00:05:31,496 --> 00:05:34,296 like gigabit speed to trickle into all the devices. 95 00:05:34,296 --> 00:05:39,506 We got a lot of-- I mean, I know gigabit has been out for quite sometime now 96 00:05:39,766 --> 00:05:45,806 but only now are we seeing all the computers that are mass produced reflecting that. 97 00:05:45,806 --> 00:05:49,186 The IP phones, I mean, you think about phones and phones affect that, 98 00:05:49,186 --> 00:05:52,816 they plug into the switch and then they connect to a device. 99 00:05:52,816 --> 00:05:59,336 Well, if you purchase to 150 phones and they're all 100 megabits per second, then, you know, 100 00:05:59,336 --> 00:06:02,676 upgrading your network to gigabit just became that much more complex 101 00:06:02,676 --> 00:06:05,576 because you don't just upgrade the switches and the computers anymore, 102 00:06:05,576 --> 00:06:07,316 now you got to swap out all your phones. 103 00:06:07,666 --> 00:06:13,346 That's a major expense to justify if, you know, you look at what people use on average. 104 00:06:13,346 --> 00:06:19,996 On average still today, people use maybe eight megabits per second, no, eight, maybe less, 105 00:06:19,996 --> 00:06:25,376 I would say of speed, I'm referencing a study I saw some time ago but that-- 106 00:06:25,376 --> 00:06:28,586 I mean, that's mostly surfing the web. 107 00:06:28,586 --> 00:06:31,646 I mean, that's people that are steaming, I mean, just on average 108 00:06:31,646 --> 00:06:33,196 and I'm not talking like average throughout the day. 109 00:06:33,196 --> 00:06:35,726 Average throughout the day would probably be like half a megabit per second, 110 00:06:35,886 --> 00:06:40,536 I'm talking like, what's the peak that normal people use and that's about what it is. 111 00:06:40,536 --> 00:06:46,096 So, with that being said, gigabit is a long ways off 112 00:06:46,096 --> 00:06:49,296 and so we've got this auto deal to worry about. 113 00:06:49,446 --> 00:06:56,646 Most of the time, auto detect works okay but when it doesn't, it can cause some major issues. 114 00:06:56,966 --> 00:07:00,466 The speed, I will say, always detects correctly. 115 00:07:00,956 --> 00:07:05,476 So if this side is 100 megabits per second and this side is 100 megabits per second, 116 00:07:05,786 --> 00:07:10,226 then they will always negotiate that, that component works fine, 117 00:07:10,476 --> 00:07:12,816 it's the duplex where the issue happens. 118 00:07:13,096 --> 00:07:16,116 One side detects, "Oh, this is a full duplex connection." 119 00:07:16,416 --> 00:07:17,926 The other side detects, "Oh, no, no, no. 120 00:07:17,926 --> 00:07:19,296 This is half duplex." 121 00:07:19,486 --> 00:07:23,126 Could be the computer, could be the switch-- I mean, one side missed detect. 122 00:07:23,126 --> 00:07:29,026 So one side thinks it can send and receive at a time, the other side thinks it can only send 123 00:07:29,026 --> 00:07:32,796 or receive at a time and what we end up with is collisions. 124 00:07:33,236 --> 00:07:37,586 So collisions are when this side is sending and this guy is like, "Whoa, whoa, whoa, 125 00:07:37,586 --> 00:07:39,626 I can't receive because I'm sending too, 126 00:07:39,626 --> 00:07:43,256 I'm just going to start dropping packets because they've collided." 127 00:07:43,256 --> 00:07:47,566 It's how the networks of old used to work when we had hubs everywhere. 128 00:07:47,816 --> 00:07:50,796 But now that we've moved into a switch generation, 129 00:07:51,066 --> 00:07:53,756 we should never see any collisions on a port. 130 00:07:54,276 --> 00:07:56,106 What's the result of getting collisions? 131 00:07:56,516 --> 00:08:01,536 Slow, meaning, it's not like the link just goes down, although it may depending 132 00:08:01,536 --> 00:08:05,356 on how many errors you get on the line, but usually doesn't just go down. 133 00:08:05,606 --> 00:08:09,946 What happens is you start dropping a bunch of traffic 'cause it's getting collision saying, 134 00:08:09,946 --> 00:08:13,886 "Oh, well, I-- you sent and I'm not supposed to be able to receive 135 00:08:13,886 --> 00:08:16,336 that at the same time I'm sending so I'm drop, drop, drop, drop, drop." 136 00:08:16,506 --> 00:08:22,286 Now, traffic, if it uses TCP which most applications does, will recover from that. 137 00:08:22,286 --> 00:08:26,356 It's like, "I got dropped, let me slow down a little bit and resend and resend and resend." 138 00:08:26,576 --> 00:08:31,396 So the result is that we have people that are just like, "Ahh, just doesn't feel as fast 139 00:08:31,396 --> 00:08:35,076 as it should be," most of the time, it's a speed and duplex mismatch. 140 00:08:35,076 --> 00:08:35,886 So what does that mean? 141 00:08:36,876 --> 00:08:38,046 What do we do about that? 142 00:08:38,346 --> 00:08:40,946 Well, if we have trouble devices, now it-- 143 00:08:40,946 --> 00:08:44,756 I would usually, it doesn't happen with the computers, it might be a router, 144 00:08:44,996 --> 00:08:49,116 that would be a major trouble device or a server or, 145 00:08:49,456 --> 00:08:52,196 I don't know, maybe an IP phone or something. 146 00:08:52,196 --> 00:08:54,796 Things that would be major trouble devices are those kinds 147 00:08:54,796 --> 00:08:57,686 of devices, although computers, they can be. 148 00:08:57,686 --> 00:09:01,276 You can run into computers that misdetect the duplex. 149 00:09:01,276 --> 00:09:03,246 So what we have to do is hardcode it. 150 00:09:03,456 --> 00:09:09,336 Not hardcode it on one side but on both sides of the connection. 151 00:09:09,676 --> 00:09:15,476 Because here's another trouble, with 100 megabit per second, the way the standard is written, 152 00:09:15,686 --> 00:09:20,156 the auto detect standard, is if one side is hardcoded, let's say I go to this computer 153 00:09:20,156 --> 00:09:24,156 and I say, "Okay, I'm turning off auto, no auto detect for you 154 00:09:24,156 --> 00:09:28,016 and I'm putting you at 100 megabit per second full." 155 00:09:28,266 --> 00:09:36,216 Full duplex and I connect this to a switch and I leave this guy as auto. 156 00:09:36,706 --> 00:09:40,816 So one guy is hardcoded, one guy is auto, what's the result? 157 00:09:40,816 --> 00:09:43,886 Well, the way that the standard is written-- 158 00:09:43,886 --> 00:09:49,416 the auto detect standard is if this guy can't detect what the other side is 159 00:09:49,866 --> 00:09:53,296 and he won't be able to because we've turned off auto negotiation on this side. 160 00:09:53,296 --> 00:09:57,226 If he can't detect what the other side is, he's going to resort 161 00:09:57,226 --> 00:10:01,006 to 100 megabits per second half [laughs]. 162 00:10:03,296 --> 00:10:06,426 What? Thelma [phonetic], did he say half? 163 00:10:06,426 --> 00:10:13,086 Half duplex every single time because you have to remember, 100 megabits per second, 164 00:10:13,336 --> 00:10:17,736 that standard was created when it was an error 165 00:10:17,736 --> 00:10:21,536 where half duplex devices were the norm, they were very common out there. 166 00:10:21,756 --> 00:10:25,676 And what they said when they created the auto detect standard is they said, "You know what, 167 00:10:25,676 --> 00:10:29,676 if you can't figure it out, it's safer to default to half 168 00:10:30,376 --> 00:10:33,046 than it is to default to full duplex." 169 00:10:33,396 --> 00:10:37,676 Well, now a days, they fix that with gigabit per second. 170 00:10:37,676 --> 00:10:41,716 When gigabit came out, everybody is like, "Well, good grief, who uses half duplex anymore. 171 00:10:41,946 --> 00:10:47,886 Let's make the default full duplex," which is why the auto detect issues really kind 172 00:10:48,066 --> 00:10:52,136 of started fading away as gigabit per second came out. 173 00:10:52,136 --> 00:10:58,326 So, the key is if we have devices, and let me say this, if-- 174 00:10:58,326 --> 00:11:02,966 I'm trying to think of a way to put this into a good rule of thumb to follow. 175 00:11:03,446 --> 00:11:10,576 If you have 100 megabit per second devices, so, yeah [inaudible]. 176 00:11:10,706 --> 00:11:14,706 If we have 100 megabit per second devices 177 00:11:15,116 --> 00:11:21,966 and they are key devices, hardcoded, what's a key device? 178 00:11:23,236 --> 00:11:25,606 You tell me, what is the key device, think about in your head? 179 00:11:25,606 --> 00:11:26,286 What it is? 180 00:11:26,286 --> 00:11:27,036 It is a server. 181 00:11:27,356 --> 00:11:30,026 It is a router that a lot of people use. 182 00:11:30,236 --> 00:11:36,536 It is, maybe a surveillance camera for the security system or I mean, there's-- 183 00:11:36,746 --> 00:11:42,736 you have to think about your environment and think if XYZ went down, 184 00:11:43,306 --> 00:11:44,706 that would cause the major issues. 185 00:11:44,776 --> 00:11:46,066 Those are key devices. 186 00:11:46,066 --> 00:11:47,816 Those are the ones you want to hardcode. 187 00:11:47,816 --> 00:11:53,196 So let's just say we've got a surveillance camera that watches the lobby all hours 188 00:11:53,196 --> 00:11:55,386 of the day and night, you know, or something that-- 189 00:11:55,386 --> 00:11:58,906 that's a key device where I would go into the camera itself probably a WebGUI 190 00:11:59,216 --> 00:12:02,006 that would be mounted for that guy. 191 00:12:02,006 --> 00:12:06,496 And I would say this is 100 megabit per second full duplex. 192 00:12:07,716 --> 00:12:12,256 Then I'd go into the switch port and say, 'This is 100 megabits per second full duplex." 193 00:12:12,446 --> 00:12:17,256 Hardcode any key device if it's in the 100 megabit per second era. 194 00:12:17,546 --> 00:12:20,586 If it's gigabit, use auto. 195 00:12:21,186 --> 00:12:24,606 Keep auto detect turned on because that usually solves everything 196 00:12:24,606 --> 00:12:28,496 and it's just a lot less work if you do that. 197 00:12:28,496 --> 00:12:32,996 So, okay, we got-- we've got that, we've got the rules, and now what about end computers? 198 00:12:35,016 --> 00:12:40,156 Should we go to every single computer in our network and hardcode the computer to be 100, 199 00:12:40,156 --> 00:12:42,866 I mean, if we're using 100 and hardcode the port? 200 00:12:42,866 --> 00:12:44,646 I would say no. 201 00:12:44,746 --> 00:12:47,336 Because computers aren't key devices. 202 00:12:47,336 --> 00:12:51,376 Is there a chance that one of them could misdetect if both sides are set to auto? 203 00:12:51,576 --> 00:12:56,096 Yes, absolutely, the chance is there but I would say the success rate on computers is, I mean, 204 00:12:56,096 --> 00:12:57,896 I would-- this is a gutt feeling. 205 00:12:57,896 --> 00:13:02,446 It's probably 95, 98 percent success on detecting. 206 00:13:02,446 --> 00:13:05,176 So, that 2 to 5 percent that do misdetect 207 00:13:05,306 --> 00:13:08,136 and if this varies different network cards work differently. 208 00:13:08,506 --> 00:13:10,526 But on those 2 to 5 percent that misdetect, 209 00:13:10,696 --> 00:13:13,306 it's much easier to go troubleshoot those individually 210 00:13:13,306 --> 00:13:15,706 than hardcode everything in your entire enterprise. 211 00:13:16,186 --> 00:13:18,316 So here's how you do it. 212 00:13:18,316 --> 00:13:21,146 On the Cisco side, which is the side you'll want to know, 213 00:13:21,416 --> 00:13:25,206 you go to the interface that you are concerned about. 214 00:13:25,206 --> 00:13:31,866 Let say-- oh, and I should also mention, let just say, this interface right here. 215 00:13:31,866 --> 00:13:38,226 Let me also mention-- yeah let's do this one, that this is not something, if it's a key device 216 00:13:38,226 --> 00:13:42,446 that you would want to do during production hours, unless it's causing a major issue 217 00:13:42,446 --> 00:13:46,696 and everybody's approved it, because the port will go down when you do this. 218 00:13:46,696 --> 00:13:49,996 So, essentially network connectivity lost and it will come back up. 219 00:13:49,996 --> 00:13:52,406 It's usually maybe 5 to 10 second outage. 220 00:13:52,716 --> 00:13:55,706 And you'll like, "Well, 5 seconds, 10 seconds, what's the big deal there?" 221 00:13:55,706 --> 00:13:58,416 Well, depending on the kind of device that it is, it's a key server, 222 00:13:58,416 --> 00:14:01,416 people are transferring files, maybe streaming files off of that, 223 00:14:01,586 --> 00:14:03,836 or a router connection where voice over IP. 224 00:14:03,836 --> 00:14:08,446 I mean 5 seconds of audio cutting out on the voice over IP is deaf. 225 00:14:08,446 --> 00:14:11,006 Nobody has the patience to wait, they'll go, "Hello, hello, click." 226 00:14:11,316 --> 00:14:12,926 We live in a high speed society. 227 00:14:12,926 --> 00:14:16,816 So, the way that you do this is go under the interface that you want to hardcode. 228 00:14:16,816 --> 00:14:21,196 And the command is speed and you type in what the speed is. 229 00:14:21,286 --> 00:14:25,866 Speed 100, it's now hardcoded, Duplex, and by the way, 230 00:14:25,866 --> 00:14:29,476 if you hardcode one, you have to hardcode both. 231 00:14:29,476 --> 00:14:35,576 So, I'm going to do duplex full, put that in there. 232 00:14:35,576 --> 00:14:40,026 A thought-- just-- thought just crossed my mind. 233 00:14:40,026 --> 00:14:43,156 You see what's happening, our interface is going up and down every single time I do this, 234 00:14:43,156 --> 00:14:45,746 so that you can think of that as a mini outage. 235 00:14:45,916 --> 00:14:47,866 But now, that port is hardcoded. 236 00:14:47,986 --> 00:14:49,266 Now, I would go to the other side. 237 00:14:49,266 --> 00:14:54,326 Let's say, FastEthernet0/16 connected to my computer. 238 00:14:54,526 --> 00:14:58,366 You know, that's where I would bust out the Control Panel, and let's see, 239 00:14:58,436 --> 00:15:02,626 I've got to navigate around in here, so let's view the status. 240 00:15:02,626 --> 00:15:05,216 Okay, change the adapter settings on my network, oh, there we go. 241 00:15:05,586 --> 00:15:09,846 I have some-- let's just say, LAN2, go to the property-- you got to dig for this, 242 00:15:09,846 --> 00:15:12,646 this is why you don't want to do it on each of the devices. 243 00:15:12,676 --> 00:15:15,946 So you kind of go to the adapter properties, let's say advance. 244 00:15:16,396 --> 00:15:18,826 We've got connection type, there we go, connection type. 245 00:15:18,826 --> 00:15:21,796 It's kind of different depending on the driver for the network card, 246 00:15:22,136 --> 00:15:26,196 but this is where I can come in and say, "Okay, it's set to auto right now, but I could also, 247 00:15:26,476 --> 00:15:28,666 you know, go a hundred full or a hundred half 248 00:15:28,666 --> 00:15:32,476 and that's how I would hardcode the other side to match that. 249 00:15:32,566 --> 00:15:39,156 Now, there is another feature that has come out, it's called Auto MDIX. 250 00:15:39,736 --> 00:15:41,896 Essentially, this feature, it's really cool, 251 00:15:42,216 --> 00:15:49,536 allows the switch to determine what ports are being use, or let me clarify that, 252 00:15:49,916 --> 00:15:54,516 determine what pins of the network cable are being used for transmit or receive. 253 00:15:54,576 --> 00:15:59,246 See, there's always been this deal and we mentioned it early in the series 254 00:15:59,246 --> 00:16:02,326 to where we say, "Okay, well, if you're connecting a computer to a switch, 255 00:16:02,536 --> 00:16:08,546 we have to use a straight-- a straight through cable, that's-- 256 00:16:08,736 --> 00:16:11,436 sorry, that's totally spelled wrong, you get it though, straight through cable, 257 00:16:11,436 --> 00:16:13,926 right, to connect dissimilar devices. 258 00:16:14,116 --> 00:16:17,356 Now, if we connect similar devices, like I connect this switch to this switch 259 00:16:17,356 --> 00:16:20,246 and this switch to this switch, that's where we use a crossover cable. 260 00:16:21,136 --> 00:16:24,186 And that's, I would say, that's still a good standard to follow, 261 00:16:24,186 --> 00:16:29,706 but since Auto MDIX came out, which is probably about five, six years ago, 262 00:16:29,866 --> 00:16:36,496 I mean 2013 right now, so five, six years ago that this standard was released, 263 00:16:36,496 --> 00:16:40,296 it now can detect-- you can use a crossover cable to connect to computer. 264 00:16:40,596 --> 00:16:44,366 I can use a straight through cable to connect switches together, because it will detect it 265 00:16:44,366 --> 00:16:48,566 but Auto MDIX relies on auto negotiation. 266 00:16:48,866 --> 00:16:56,006 So if I go went to a port and type in, speed auto duplex auto, or wait a second, 267 00:16:56,006 --> 00:17:02,246 speed 100 duplex full, just what I need right now, then Auto MDIX won't be able 268 00:17:02,246 --> 00:17:03,536 to detect the other side anymore. 269 00:17:03,536 --> 00:17:05,546 So, we have to use the right cable. 270 00:17:05,546 --> 00:17:09,176 So, we can't just use a crossover cable to connect to PC anymore because it's not going 271 00:17:09,176 --> 00:17:12,846 to be able to detect which pins are being used, it's all kind of wrapped together 272 00:17:12,846 --> 00:17:14,976 into that big auto detect mechanism. 273 00:17:15,096 --> 00:17:17,766 So, second piece. 274 00:17:17,916 --> 00:17:22,826 The network is slow, how do you-- I mean we can go in and hardcode the speed in duplex, 275 00:17:22,826 --> 00:17:24,166 but how do you know if you have to. 276 00:17:24,396 --> 00:17:27,636 How do you if there's, you know, if they really are errors on the line. 277 00:17:28,346 --> 00:17:32,486 Well, that's because-- oh, shrinking, that's because I can go 278 00:17:32,486 --> 00:17:34,676 in to the interfaces and check the counters. 279 00:17:34,946 --> 00:17:37,556 So, I brought up-- I connected a few more cables just for this. 280 00:17:37,556 --> 00:17:45,316 I brought up FastEthernet0/16, 0/18, so I can go in and do a drop, I got show interface, 281 00:17:45,446 --> 00:17:48,226 not show IP interface in this case, show interface, 282 00:17:48,226 --> 00:17:53,986 and I want to zoom in on FastEhernet 0/18, okay? 283 00:17:55,036 --> 00:17:58,406 First thing I want to look at if somebody is saying the network is slow, 284 00:17:58,406 --> 00:18:01,476 I'm going to come in there and say, "Well, what are you set to? 285 00:18:01,966 --> 00:18:07,186 In this case, I can see they are set to full duplex at 100 megabits per second. 286 00:18:07,186 --> 00:18:08,896 A matter of fact, let me couple one thing in here. 287 00:18:08,896 --> 00:18:12,056 I'm going to do a show run interface FastEthernet0/18, 288 00:18:12,126 --> 00:18:16,476 which shows me the configuration, pretty much nothing underneath that interface right now. 289 00:18:16,476 --> 00:18:19,646 So, I can look and I can go, "Okay, you are currently set 290 00:18:19,646 --> 00:18:22,716 to full duplex 100 megabits per second," and that makes me feel good. 291 00:18:22,716 --> 00:18:27,186 So if they're complaining for about slowness, then I'm going to start coming down here 292 00:18:27,186 --> 00:18:30,866 and say, "Okay, well"-- hang on, let me cut off that output. 293 00:18:32,186 --> 00:18:34,566 Let me look down at your packet statistics. 294 00:18:34,566 --> 00:18:37,666 Now, I can see, this is actually my computer right now. 295 00:18:37,666 --> 00:18:39,556 I've got traffic always go into it. 296 00:18:39,746 --> 00:18:45,306 I can see, you know, this is key right here, full duplex 100 megabits per second. 297 00:18:45,546 --> 00:18:49,076 This is key right here, I see the interface is up, line protocol is up, 298 00:18:49,076 --> 00:18:51,866 that means it's physically connected, that's the first stop. 299 00:18:52,136 --> 00:18:54,756 And then line protocol is up, that means it's communicating. 300 00:18:54,896 --> 00:19:02,316 I drop down and I go, "Okay, well, we've got queues, if you're getting into routers 301 00:19:02,316 --> 00:19:04,806 and things like that, you would check your queues because this tells you 302 00:19:04,806 --> 00:19:08,496 if packets are really battling up like there's not enough bandwidth 303 00:19:08,496 --> 00:19:10,276 to send them, but for now, I mean I'll switch. 304 00:19:10,276 --> 00:19:14,446 You usually don't worry about that, but this, gives me a lot of good feel. 305 00:19:14,446 --> 00:19:15,266 So I go, "Okay." 306 00:19:15,556 --> 00:19:17,346 Right now, input rate. 307 00:19:17,346 --> 00:19:18,446 So, input, what does that mean? 308 00:19:18,596 --> 00:19:23,486 It means, put yourself in the role of the switch, you are a switch, ting, designated. 309 00:19:24,416 --> 00:19:28,896 I'm getting right now-- I'm receiving-- somebody is putting into me, as a switch, 310 00:19:29,376 --> 00:19:36,486 142,000 bits per second, so that tells me, 142 kilobits per second in terms of network speed. 311 00:19:36,746 --> 00:19:40,726 And on an output rate, meaning going-- leaving me, me being a switch, 312 00:19:40,726 --> 00:19:45,366 as in going out FastEthernet0/18 to whatever device that is. 313 00:19:45,366 --> 00:19:49,366 I'm sending looks like a million, 408,000 bits per seconds which is 314 00:19:49,366 --> 00:19:53,526 about 1.4 megabits per second if I'm looking in terms of bandwidth. 315 00:19:53,526 --> 00:19:56,976 I go, "Okay, well that gives me a feel over the last 5 minutes of how that's been." 316 00:19:57,276 --> 00:19:58,956 But-- and then goes into some totals. 317 00:19:59,046 --> 00:20:01,506 It says, "Okay, total, we've had these many packets input." 318 00:20:01,506 --> 00:20:02,846 I've seen these many broadcasts. 319 00:20:02,846 --> 00:20:04,476 And I'm like, "Okay, that's good, that's good. 320 00:20:04,476 --> 00:20:05,996 Okay, packets out, that's good, that's good." 321 00:20:06,176 --> 00:20:11,096 Here's what I'm looking for, right there, collision and late collision. 322 00:20:11,466 --> 00:20:14,916 Collision means there was a normal collision online. 323 00:20:14,916 --> 00:20:18,396 Now, if we're in a switch world, never should you see that, ever, 324 00:20:18,776 --> 00:20:20,216 period, done, [inaudible] end of story. 325 00:20:20,576 --> 00:20:25,926 In a switch environment, there should never be a collision because full duplex means both sides, 326 00:20:25,926 --> 00:20:31,466 as long-- to their hearts content, they can send at 100 megabits per second and receive 327 00:20:31,466 --> 00:20:34,506 at 100 megabits per second at the same, we won't have a collision. 328 00:20:34,896 --> 00:20:36,316 Collision shouldn't happen. 329 00:20:36,526 --> 00:20:40,006 Now, let me do this, I actually beforehand kind of messed around. 330 00:20:41,106 --> 00:20:47,156 And I tweet my FastEthernet0/16 interface. 331 00:20:47,156 --> 00:20:50,896 Now, I fixed it, you know [inaudible], I put it, all I did was hardcode it to half duplex 332 00:20:50,896 --> 00:20:53,726 at 100 megabits per second, did some file transfers because I wanted 333 00:20:53,726 --> 00:20:55,336 to show you, this-- it is showing up. 334 00:20:55,336 --> 00:20:58,756 Now, if you got, you always got to put this in perspective. 335 00:20:58,756 --> 00:21:07,176 You have to go, "Okay, total, I had 352,000 of that 6,000 work collisions, that would be-- 336 00:21:07,176 --> 00:21:12,456 well, I would say, even saying like 10 or 12, the key is, is this continuing to happen? 337 00:21:12,456 --> 00:21:14,076 You'll hit the upper a couple of times. 338 00:21:14,226 --> 00:21:17,596 Take a look, do I continue to see this counter moving up, 339 00:21:17,596 --> 00:21:19,716 because if I do, it's still a problem. 340 00:21:20,196 --> 00:21:21,886 If not, then it should be okay. 341 00:21:22,026 --> 00:21:23,456 Now, I caused this. 342 00:21:23,456 --> 00:21:28,366 I actually went in and hardcoded it to be half duplex, but that's something 343 00:21:28,366 --> 00:21:33,146 that immediately will signal us to where-- okay, something is colliding on the other side. 344 00:21:33,146 --> 00:21:36,606 Now, you might be saying, "Okay, what's up, you got collisions 345 00:21:36,826 --> 00:21:40,976 and then you got late collisions, what's up with that?" 346 00:21:40,976 --> 00:21:46,176 Difference between those is really when did the collision happen? 347 00:21:46,696 --> 00:21:50,796 See, there're normal collisions and then there're late collisions. 348 00:21:52,446 --> 00:21:55,546 Don't you love when you make those brilliant statements and your like, 349 00:21:55,636 --> 00:21:58,966 "Yeah that was really what we just saw there, right?" 350 00:21:59,156 --> 00:22:01,556 So, normal collision-- what's the difference. 351 00:22:01,556 --> 00:22:06,376 Normal collision is in the hub world, you know, if this was a hub, 352 00:22:07,006 --> 00:22:10,326 you've got all the different devices that are listening, right? 353 00:22:10,406 --> 00:22:14,106 They're all listening to see if they can send, because only one person can send at a time. 354 00:22:14,106 --> 00:22:18,686 So this guy, you know, he's kind of got this big old ear, he's listening to the cable 355 00:22:18,936 --> 00:22:20,956 to try and hear if anybody is talking. 356 00:22:21,126 --> 00:22:23,136 Well, this guy has got a bigger ear, he's listening too. 357 00:22:23,336 --> 00:22:28,826 And the way that the timers work is if there is a collision that's going to happen, 358 00:22:29,056 --> 00:22:33,686 it's always going to be within the first 32 bytes of the frame. 359 00:22:34,106 --> 00:22:35,486 So as this guy is starting to send, 360 00:22:35,736 --> 00:22:40,106 a normal collision will always happen within the first 32 bytes. 361 00:22:40,646 --> 00:22:45,306 Just the way that they engineer the timers of how they listen, how they sent, 362 00:22:45,486 --> 00:22:47,096 you know that the collision will always happen there. 363 00:22:47,416 --> 00:22:52,846 A late collision means this guy got, you know, he's sending, you know, 364 00:22:52,846 --> 00:22:56,846 1,500 byte packet which is as big as they can be on a normal Ethernet cable. 365 00:22:57,036 --> 00:23:02,516 And somewhere around byte 732, you know, that he detected data coming 366 00:23:02,516 --> 00:23:04,116 in at the same time he was trying to send, 367 00:23:04,376 --> 00:23:07,926 that means that's beyond the normal Ethernet standard. 368 00:23:07,926 --> 00:23:12,766 You know, if you're in a hub world in normal collisions, collisions will happen all the time 369 00:23:12,766 --> 00:23:15,846 in a hub world but it's always going to happen within the first 32 bytes. 370 00:23:15,846 --> 00:23:18,626 If you go beyond that, it's considered a late collision. 371 00:23:19,016 --> 00:23:24,296 Late collisions are always indicative of a duplex mismatch. 372 00:23:24,576 --> 00:23:29,346 I mean, it's like, if you see those taking up, hands down, you've got a duplex mismatch. 373 00:23:29,536 --> 00:23:35,936 This could happen for instance, if I plug my switch into a hub and I've got a bunch 374 00:23:35,936 --> 00:23:38,396 of devices on that hub that are all talking. 375 00:23:38,556 --> 00:23:42,996 Then I would expect to see a bunch of normal collisions, because hubs cause collision. 376 00:23:43,246 --> 00:23:45,946 But in a-- if it's a late collision, 377 00:23:45,946 --> 00:23:49,476 then it's definitely something is connected and there is a duplex mismatch. 378 00:23:50,636 --> 00:23:54,486 Now, you know, that's a lot of time just to talk about speed and duplex mismatches, 379 00:23:54,486 --> 00:23:58,116 but it really is a big issue, it happens commonly, 380 00:23:58,256 --> 00:24:00,896 and it also exposes you to the interface counters. 381 00:24:01,046 --> 00:24:03,636 So now you have a counter argument if somebody is like, 382 00:24:03,636 --> 00:24:04,996 "It's the network," and they point at you. 383 00:24:04,996 --> 00:24:06,966 You go, "No, I'm looking here." 384 00:24:07,266 --> 00:24:09,826 Well, not a good example there. 385 00:24:09,826 --> 00:24:12,016 Well, yeah, is it the network if that's the case. 386 00:24:12,016 --> 00:24:15,286 But, you can look at your statistics and be like, "No, 387 00:24:15,286 --> 00:24:17,496 I'm seeing packets send, packets receive." 388 00:24:17,746 --> 00:24:21,116 Now, you got to keep in mind that you want to make sure you trace it end to end. 389 00:24:21,116 --> 00:24:22,856 So, for instance if there saying, "Oh, well, 390 00:24:22,856 --> 00:24:25,176 the connections are slow," and you go, "Well, to what?" 391 00:24:25,176 --> 00:24:28,696 They go, "Well, from that host over there, you know, Joe's [phonetic] computer 392 00:24:28,926 --> 00:24:34,116 over to our server," that where I saw-- you got to keep eyes right here and say, "Okay, well, 393 00:24:34,366 --> 00:24:38,736 looks like everything is good there," but also you got to check this link and check this link. 394 00:24:38,736 --> 00:24:43,546 Make sure the whole way through where we don't have any those collisions or duplex mismatches 395 00:24:43,546 --> 00:24:47,856 or anything like that, because Joe could just be one victim of a bigger issue 396 00:24:47,856 --> 00:24:53,016 that maybe Joe just happens to be first one to report, so follow the path. 397 00:24:53,016 --> 00:24:56,046 Now, you also saw when we saw this, you know, you're able to really get a lot 398 00:24:56,046 --> 00:24:57,766 of those key statistics and compare. 399 00:24:58,196 --> 00:25:03,776 Now, looking at this, there's stuff, I mean, this output initially, 400 00:25:03,776 --> 00:25:05,576 if you knew the Cisco can be overwhelming. 401 00:25:05,576 --> 00:25:08,176 Its like, "Oh, what is a runt, what's a watch-- 402 00:25:08,176 --> 00:25:12,056 , you know, what's a babble, you know, what does that mean? 403 00:25:12,056 --> 00:25:15,826 I mean, there's a lot under here where it's like, well what is all of that? 404 00:25:15,906 --> 00:25:19,556 Now, some of them are common, you know, what I just showed you, you know, knowing collisions, 405 00:25:19,556 --> 00:25:21,426 that's common, knowing packets input and output. 406 00:25:21,766 --> 00:25:24,806 Other-- I mean, if somebody-- I'll tell you frankly, if somebody walked up to me right now 407 00:25:24,806 --> 00:25:25,746 and they're like, "What's a babble?" 408 00:25:26,336 --> 00:25:31,206 I'd immediately think, my 4-month old kind of, he's like, [inaudible], like, I wouldn't know, 409 00:25:31,326 --> 00:25:33,366 that I have to look at a reference book. 410 00:25:33,596 --> 00:25:35,966 But if somebody told me, ask me, "What's a collision?" 411 00:25:35,966 --> 00:25:37,196 Immediately, I'd know the answer. 412 00:25:37,446 --> 00:25:38,896 What's a CRC here? 413 00:25:38,986 --> 00:25:39,906 That's a big one. 414 00:25:40,206 --> 00:25:44,686 CRC, cyclical redundancy check, is every single frame when you send it, 415 00:25:44,686 --> 00:25:46,296 it's the little piece at the very end of it. 416 00:25:46,296 --> 00:25:50,826 I think we talked about this early on in the nugget, which makes sure it's a little hash 417 00:25:51,266 --> 00:25:54,816 that is run on that packet before it's sent that says, "Okay, 418 00:25:54,816 --> 00:25:59,796 I run this all through a big algorithm and if anything in these changes, by the time it's gets 419 00:25:59,796 --> 00:26:03,796 from point A to point B, the CRC won't match and it will be considered a bad packet." 420 00:26:03,796 --> 00:26:08,366 So if I see a whole bunch of CRC errors, I'm going to be like, "Oh, this may be a bad cable, 421 00:26:08,956 --> 00:26:12,466 maybe this cable is going by some interference like fluorescent lighting, 422 00:26:12,466 --> 00:26:14,516 I've got it wound around a fluorescent light or, you know, 423 00:26:14,516 --> 00:26:21,066 something that's really causing our data to kind to get messed up between point A and point B." 424 00:26:21,066 --> 00:26:23,396 So, some of these are going to be key counters. 425 00:26:23,396 --> 00:26:26,726 I have to say that's probably the-- between input and output collisions 426 00:26:26,726 --> 00:26:29,246 and all that, those are the key ones. 427 00:26:29,526 --> 00:26:32,606 The other stuff, I mean, that's what reference books are made for. 428 00:26:32,966 --> 00:26:36,186 You won't know-- you won't be asked to quote what a babble is. 429 00:26:36,496 --> 00:26:40,296 So, that kind of leads me into the last piece. 430 00:26:40,476 --> 00:26:44,076 Joe is reporting an issue or someone is coming to you and saying well, 431 00:26:44,286 --> 00:26:47,876 "Where is Joe in the network," or "We're having this IP address, 432 00:26:47,876 --> 00:26:49,086 this is causing a lot of issues." 433 00:26:49,156 --> 00:26:51,346 What I said when I started this whole nugget. 434 00:26:51,516 --> 00:26:52,306 Where are they? 435 00:26:52,866 --> 00:26:54,426 Now, if you're in a big company. 436 00:26:54,536 --> 00:26:57,256 A lot of times, they'll have monitoring software that kind of pull it all. 437 00:26:57,256 --> 00:26:59,596 You go to web interface and say, "Where is this MAC address?" 438 00:26:59,596 --> 00:27:02,306 And he's like, [inaudible] and kind just spits it out, and you go, "Oh, okay, it's over there." 439 00:27:02,596 --> 00:27:05,596 But most people don't have those kinds of tools at their disposal. 440 00:27:05,906 --> 00:27:08,756 Most people will start something like this, like let's say they go, "Okay, 441 00:27:08,756 --> 00:27:16,636 well that's 172.30.100.1, you know, and maybe Joe is, you know, whatever IP address. 442 00:27:16,636 --> 00:27:17,876 Where are they in the network? 443 00:27:17,876 --> 00:27:21,046 The first thing that you're going to do is open a command prompt 444 00:27:21,776 --> 00:27:24,466 from A device that's on that same network. 445 00:27:24,816 --> 00:27:29,186 And I would say, "Okay, let's do a ping, 172.30.100.1. 446 00:27:29,186 --> 00:27:32,706 Okay, I'm getting a reply, good, because that tells me I can get 447 00:27:32,706 --> 00:27:35,716 to that IP address which means I can do an arp-a. 448 00:27:36,126 --> 00:27:37,336 Oh, what is this? 449 00:27:37,386 --> 00:27:39,716 This gives me the ARP table on my computer. 450 00:27:40,056 --> 00:27:41,096 Remember what ARP is? 451 00:27:41,236 --> 00:27:42,546 Address Resolution Protocol. 452 00:27:42,706 --> 00:27:47,816 When I ping this, my computer has to send a broadcast to find out what MAC address 453 00:27:47,946 --> 00:27:51,436 that IP address really has, and it's going to cash that in its ARP table. 454 00:27:51,766 --> 00:27:54,026 So I can do arp-a and hit the enter key, 455 00:27:54,176 --> 00:27:57,526 and see all of the MAC address that my computer knows about. 456 00:27:57,756 --> 00:28:03,866 And there it is, I go-- okay, right there, is 172.30.100.1 as well 457 00:28:03,866 --> 00:28:05,806 as 6, as well as 16, as well as 25. 458 00:28:05,806 --> 00:28:09,276 You know, I see all of these IP addresses that at some point my computer learned 459 00:28:09,276 --> 00:28:12,896 about dynamically on the network and has added to its ARP table. 460 00:28:13,086 --> 00:28:18,066 So, now, I can go to my switch and I can say, "Okay, I want to see-- 461 00:28:18,356 --> 00:28:20,996 give a show of the MAC address table." 462 00:28:21,996 --> 00:28:27,766 And some versions of the IOS is MAC dash Address Table, some is MAC Space Address, you know, 463 00:28:27,766 --> 00:28:29,586 just kind of use question mark to figure that out. 464 00:28:29,586 --> 00:28:32,206 And I can see right here, okay, I've got all these MAC addresses. 465 00:28:32,206 --> 00:28:36,926 Now, keep in mind in a large network, this is going to be pure overwhelming. 466 00:28:36,926 --> 00:28:41,526 I mean, you'll have 50 pages of MAC addresses that have been learned on this device. 467 00:28:41,526 --> 00:28:44,796 So, a lot of times, you know, using a little filter action is going 468 00:28:44,796 --> 00:28:45,686 to be-- come in really handy. 469 00:28:45,686 --> 00:28:50,996 Well, we're going to say, "Okay, well, I see the MAC address right here, ends in 01-01, 470 00:28:51,336 --> 00:28:56,486 and I know Cisco doesn't do dashes, they use periods, so I'll do include 0101. 471 00:28:56,786 --> 00:29:01,676 And now, look at that, it spits out right there exactly what I'm looking for. 472 00:29:01,676 --> 00:29:06,856 I'll go, "Okay, that MAC address is located on FastEthernet0/18. 473 00:29:07,446 --> 00:29:10,796 Now, I know you're going like, "Okay, well, wait a second." 474 00:29:11,106 --> 00:29:11,736 So, what is that? 475 00:29:12,106 --> 00:29:13,246 So, oh it's the same way. 476 00:29:13,426 --> 00:29:14,296 So, what's that, so what's that? 477 00:29:14,296 --> 00:29:16,076 I mean, what's up, is this broken? 478 00:29:16,406 --> 00:29:19,816 How do I have all these MAC addresses on one port? 479 00:29:19,816 --> 00:29:21,046 I mean I don't get it. 480 00:29:21,526 --> 00:29:24,666 Well, a lot of times, if I've got switch, you know, this is my environment, 481 00:29:24,666 --> 00:29:30,996 I've got a switch with my computer plugged into it, and that is up length on FastEthernet0/18 482 00:29:31,216 --> 00:29:33,906 to another switch, and that goes to another switch 483 00:29:33,906 --> 00:29:35,426 and another switch and so on and so forth. 484 00:29:35,426 --> 00:29:40,256 So, as all the devices that are plugged in here and here and here communicate, well, 485 00:29:40,256 --> 00:29:42,566 they are all coming in this one interface. 486 00:29:43,286 --> 00:29:48,696 So from my switches perspective right here, it's learning, you know, MAC address A, B, C, D, 487 00:29:48,696 --> 00:29:52,306 it's learning all of them on that one interface and that's fine, that's normal. 488 00:29:52,496 --> 00:29:56,746 But what that tells me is, you know, if I'm on the search, if I'm like, "Okay, it looks like, 489 00:29:56,866 --> 00:30:01,976 you know, I've got to go out, you know, let's say this is FastEthernet0/18. 490 00:30:02,216 --> 00:30:06,236 I've got to go out that port to find it, and I see it a ton of MAC addresses on that port 491 00:30:06,236 --> 00:30:07,446 that tells me that's another switch. 492 00:30:07,696 --> 00:30:12,176 So I have to tell that to that switch and find out what's going on over there, 493 00:30:12,176 --> 00:30:16,066 and we'll get into things later on like show CDP neighbors 494 00:30:16,466 --> 00:30:17,976 which is actually not running right now. 495 00:30:18,236 --> 00:30:22,966 But that will tell me what the next switch in line is and I can actually tell that to 496 00:30:22,966 --> 00:30:24,896 that switch and do the same show command from there. 497 00:30:25,256 --> 00:30:29,376 But, you know, for instance if I was trying to find my computer, you know, 498 00:30:29,376 --> 00:30:35,366 I know my computer right here is 172.30.100.39 that's my IP address. 499 00:30:35,366 --> 00:30:37,726 Now, it's not going to show up in the ARP table because it's me. 500 00:30:37,726 --> 00:30:39,766 I don't have to figure out my MAC address. 501 00:30:39,766 --> 00:30:45,336 For me, I do an IPconfig forward slash all and I would come up here and say, "Well, 502 00:30:45,516 --> 00:30:49,086 let's say I've got-- there's my MAC address, I use-- 503 00:30:49,086 --> 00:30:54,046 the first four digits are sometimes shared, common between many different devices. 504 00:30:54,426 --> 00:31:00,706 The last four are usually unique, not always but usually, to where my device will not have 505 00:31:00,796 --> 00:31:02,756 that same last four digits as another. 506 00:31:02,886 --> 00:31:08,236 So, I can come here and do a show MAC address table and zoom in and say, "Show me 6c32." 507 00:31:09,476 --> 00:31:11,336 And immediately I go, "Okay, great. 508 00:31:11,556 --> 00:31:17,506 This guy has out FastEthernet0/16 and I can zoom in there and locate that device. 509 00:31:17,696 --> 00:31:22,026 Now, comes the fun part of, "Okay, I know it's plugged in there, now, where does that go." 510 00:31:22,066 --> 00:31:25,936 And that's where a good documented physical network layout is good, 511 00:31:25,936 --> 00:31:30,356 and hopefully whatever company did your cabling, allows you to be able to go, "Okay, 512 00:31:30,356 --> 00:31:33,536 let's run that con-- okay, that connects to that and that ends up going 513 00:31:33,536 --> 00:31:37,266 out to whatever port that's located on wall jack 9. 514 00:31:38,276 --> 00:31:43,736 So, finding any device in your network can be done just through a series of ARP commands. 515 00:31:43,736 --> 00:31:51,236 You know, do an arp-a on your PC, and by the way even though it's Cisco, Cisco does expect you 516 00:31:51,236 --> 00:31:56,236 to know some of those commands from the PC like arp-a, like IPconfig, like ping. 517 00:31:56,236 --> 00:31:58,996 It's where you can test the different devices that way. 518 00:31:59,186 --> 00:32:01,136 If you're on the switch by the way, the switch can ARP as well. 519 00:32:01,416 --> 00:32:05,966 I can do a show ARP on the switch and find out what IP addresses it's resolved. 520 00:32:06,096 --> 00:32:08,376 Then you might say, "Well, that's odd. 521 00:32:08,726 --> 00:32:12,916 How come the switch only sees this one IP address in this ARP table, 522 00:32:12,916 --> 00:32:17,406 but we've got all of the-- I mean won't you expect to see all those in this ARP table?" 523 00:32:17,836 --> 00:32:19,566 Well, remember the switch is perspective. 524 00:32:20,796 --> 00:32:29,436 The switch is located on the 10.1.1.10 network, so the only things that it's going to be able 525 00:32:29,436 --> 00:32:33,086 to ARP for are things that are in that subnet. 526 00:32:33,476 --> 00:32:38,006 Now, I'm-- I just-- to do this nugget, I plugged in a whole bunch of other devices. 527 00:32:38,006 --> 00:32:42,486 I up length this little lab switch to the rest of my network, so I could get a bunch 528 00:32:42,486 --> 00:32:46,526 of MAC address that's showing up that are on-- we'll call it Jeremy's production network, 529 00:32:46,526 --> 00:32:48,026 but the switch is on that network. 530 00:32:48,566 --> 00:32:53,096 It's, you know, layer two, it may have those MAC addresses, but at layer 3, 531 00:32:53,096 --> 00:32:55,046 its IP address is not on the same network. 532 00:32:55,386 --> 00:33:01,526 So, it's, you know, it just all of that is going through the switch, not to the switch. 533 00:33:01,806 --> 00:33:05,636 So the ARP table of the switch is things that are going to the switch like I want 534 00:33:05,636 --> 00:33:07,676 to communicate with you CBT switch. 535 00:33:08,026 --> 00:33:13,046 All of these other things are just going-- I don't care who you are CBT switch, 536 00:33:13,206 --> 00:33:16,736 I'm going through you to reach whatever destination I'm trying to get to, 537 00:33:16,796 --> 00:33:18,736 so that's why we see the discrepancy there. 538 00:33:19,156 --> 00:33:23,946 So, we've have seen how we can kind of fight back if somebody says, the network is slow, 539 00:33:24,136 --> 00:33:28,866 speed and duplex, that's almost always where that issues is at, or could bad cabling, 540 00:33:28,866 --> 00:33:30,706 look for those CRC errors and things like. 541 00:33:30,826 --> 00:33:36,746 We looked at the key interface counters and how to locate devices using a series of ARP 542 00:33:36,746 --> 00:33:38,486 and show MAC Address Table Commands. 543 00:33:38,796 --> 00:33:41,656 I hope this has been informative for you and I'd like to thank you for viewing. 55411