The Network Freaks

configuration tips

Network Troubleshooting from the CLI

paulino.moraes@gmail.com 0

Introduction to Network Troubleshooting from the CLI

Have you ever need to troubleshoot a network issue from a workstation that doesn’t have all your fancy network troubleshooting and automation tools (happens to me all the time!). The Command Line Interface (CLI) remains an essential toolset for troubleshooting, diagnosing, and maintaining reliable networks. CLI commands offer direct, granular access to network devices, enabling engineers to swiftly identify root causes and remediate problems without relying solely on graphical interfaces or automated scripts. From simple connectivity checks to advanced protocol diagnostics, network troubleshooting from CLI equips engineers with speed, flexibility, and precision.

In this article, we’ll go into CLI-driven network troubleshooting, introduces three practical examples, and break down the networking principles underpinning key commands. By mastering CLI skills, network engineers can efficiently tackle outages, performance drops, VLAN misconfigurations, and complex routing issues—all critical for maintaining resilient and secure enterprise networks.

Example 1: Connectivity and Layer 3 Diagnostics with PING and TRACEROUTE

CLI commands such as ping and traceroute (sometimes implemented as tracert in Windows environments) are foundational to network troubleshooting. These commands can be used from both most client workstations and the CLI of networking equipment.

Networking Principles Explained

  • PING Command: Utilizes ICMP (Internet Control Message Protocol) to test connectivity between devices. By sending echo requests and waiting for replies, ping checks Layer 3 (Network Layer) of the OSI Model, revealing packet loss, latency, and unreachable hosts.
  • TRACEROUTE Command: Tracks the path packets take from source to destination, displaying each network hop. It leverages TTL (Time-To-Live) values, incrementing them to discover routers along the route. This helps pinpoint where network failures or delays occur.

Real-World Usage

When users report slow or failed connectivity, engineers log in via SSH (Secure Shell) to devices and run ping to verify endpoint reachability. Traceroute provides a map of the packet’s journey, highlighting where drops or slow responses begin—key for diagnosing WAN issues or routing protocol misconfigurations.

Example 2: Diagnosing Interface and VLAN Problems with SHOW Commands

If you can get direct access to a console port on a network device or establish a remote connection through SSH or telnet (please stop using telnet if you are), you can gain access to more powerful troubleshooting commands. Most enterprise switches and routers support show commands, which deliver real-time status information about interfaces, VLANs, and protocols.

Networking Principles Explained

  • Show Interfaces: Reveals layer 1 (Physical Layer) and layer 2 (Data Link Layer) details. Engineers examine output for errors (CRC errors, drops, collisions), link state, and speed/duplex settings.
  • Show VLAN / Show VTP (VLAN Trunking Protocol): Displays VLAN configuration, assigned interfaces, and VLAN status. This is vital for uncovering VLAN misconfigurations, missing VLANs, or trunking problems that break network segmentation.
  • Show Running-Config: Provides the active configuration for all device settings, essential for verifying protocol setups or firewall rules impacting traffic.

Real-World Usage

If devices cannot communicate on the same subnet, engineers use CLI to show interface statuses and VLAN assignments. A single missed VLAN or incorrect port mode can disrupt large portions of a network. The CLI allows immediate inspection and change, often within seconds.

Example 3: Advanced Troubleshooting – Packet Inspection and Routing Protocol Checks

Network engineers often use packet inspection and routing protocol checks to resolve sophisticated problems, especially in multi-protocol, multi-vendor environments.

Networking Principles Explained

  • Packet Inspection via CLI (e.g., debug or monitor commands): Allows engineers to capture and analyze packet details at the device level. Inspecting TCP/IP headers reveals malformed packets, retransmissions, or security blockages.
  • Routing Protocol Checks: CLI commands like show ip route, show ip ospf neighbor, and show bgp summary diagnose routing table issues, neighbor state, and convergence problems. These commands review Layer 3 (Network Layer) and Layer 4 (Transport Layer) interactions, which are key to scalable networking.

Real-World Usage

For intermittent connectivity or route flapping, engineers execute CLI debug commands to inspect packet flows. They check routing states to ensure protocols such as OSPF (Open Shortest Path First) or BGP (Border Gateway Protocol) are stable. CLI-based troubleshooting can uncover authentication failures, timer mismatches, or rogue route advertisements that graphical interfaces may not reveal.

Practical Workflow for CLI-Based Network Troubleshooting

  1. Remote Access: Establish SSH remote troubleshooting sessions to switches, routers, or wireless controllers for secure CLI interaction.
  2. Initial Diagnostics: Use ping and traceroute for baseline connectivity and path analysis.
  3. Interface & VLAN Checks: Run show interfaces and VLAN commands, correcting errors or configuring trunk ports as needed.
  4. Packet Inspection: Employ real-time CLI tools for packet analysis and TCP/IP troubleshooting.
  5. Routing Verification: Assess routing tables and protocol states to ensure dynamic routing is functioning as intended.

Why CLI Is Critical for Network Engineers

CLI networking commands offer unmatched visibility and control. They can be executed in all environments—local, remote, automated, and during outages. CLI access is often available when web interfaces are unreachable, making it indispensable during crisis response and upgrades.

Key CLI advantages:

  • Speed and direct access to device internals
  • Scriptable for automation and bulk network changes
  • Ability to diagnose both standard and edge-case symptoms
  • Trusted by engineers for both routine and emergency troubleshooting

Related Acronyms Explained

  • CLI (Command Line Interface): Text-based way to interact with network devices, typically via terminal or SSH.
  • SSH (Secure Shell): Protocol for secure, encrypted remote device management.
  • ICMP (Internet Control Message Protocol): Used for ping/traceroute operations.
  • VLAN (Virtual Local Area Network): Logical subnet for grouping devices, enhancing security and management.
  • VTP (VLAN Trunking Protocol): Cisco protocol that propagates VLAN information across switches.
  • TCP/IP (Transmission Control Protocol/Internet Protocol): Suite of communication protocols providing end-to-end connectivity and reliability.
  • OSPF (Open Shortest Path First): Link-state routing protocol for large enterprise networks.
  • BGP (Border Gateway Protocol): Protocol governing Internet routing between autonomous systems.

Conclusion

Mastery of network troubleshooting from CLI is a hallmark of the modern network engineer. CLI commands—ping, traceroute, show interfaces, packet debugs, and routing protocol checks—enable deep diagnosis and quick remediation across LAN, WAN, and cloud deployments. By understanding the principles behind each command and integrating CLI skills into daily workflows, engineers ensure robust, efficient, and resilient network operations.

Whether resolving simple connectivity issues, dissecting VLAN misconfigurations, or navigating complex protocol failures, CLI-driven troubleshooting remains the gold standard for network reliability.

TheNetworkFreaks

Related Story

Leave a Reply

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *