N10-009 Network Troubleshooting Study Guide for the CompTIA Network+

General Information

This is study material for the CompTIA Network+ N10-009 exam, which replaced the old Network+ N10-008 exam as of December 20, 2024. Be sure you are studying for the right test.

Nearly one-fourth of the questions (24%) on the CompTIA Network+ N10-009 exam revolve around network troubleshooting. As you might expect, about 80% of these questions begin with a scenario.

Troubleshooting Methodology

The CompTIA Network+ N10-009 exam identifies seven distinct steps that can be used to troubleshoot networking issues and problems. You will need to be able to identify and explain the basic concepts and methods used for each step in the correct order.

Identify the Problem

When faced with a networking problem, the first step is to identify the problem. To do this, you will need to gather and use information to narrow the scope of the potential causes of the problem.

Gather Information

When troubleshooting a network, a technician needs to ask the right questions of others and of themselves to gather as much information as possible on the source of the problem. Information can be gathered from various sources, including end users, logs, and error messages.

Question Users

Questioning users is an integral component of the information-gathering process. When questioning users, the goal is to elicit as much helpful information as possible by guiding the user through what has occurred and asking the user to attempt some simple tasks, such as pinging a server or accessing a website via the Internet Protocol (IP) address rather than the domain name. It is also important to determine if the problem is isolated to a single user or if multiple users are affected.

Identify Symptoms

When networking problems are reported, they can be generalized in nature, such as an inability to connect to the internet. As a network technician, you need to be able to identify the actual symptoms or indicators of the problem by extracting information from the user and the device. For instance, you can ask what other strange behavior was noticed before the problem occurred and whether any error messages were displayed.

Identify Changes

Another method of identifying the problem is to determine if anything has changed prior to the current problem. There could be recent changes in the system, such as updates or the installation of new applications. Also, look for changes to the environment (were other nearby devices affected in the same way?) and changes in the problem itself (has the problem always occurred in the same way?). This will help you understand the root of the problem.

Duplicate the Problem

Another useful method to use in identifying the problem is to attempt to duplicate the problem if possible. If the problem can be duplicated, each step in the duplication process should be detailed, which can help you identify the triggering or contributing cause of the problem.

Approach Multiple Problems Individually

When faced with multiple problems on a device, it is important to approach each problem as a separate and individual issue rather than as a whole. By drilling down into each individual problem, you may be able to identify a root cause that could be contributing to the other problems on the device.

Establish a Theory of Probable Cause

The second step in the troubleshooting methodology is to establish a theory of probable cause. This is your hypothesis for what is likely causing the problem. Multiple sources can be used to establish your theory, including other network technicians, vendor documentation, and online resources.

Question the Obvious

When establishing a theory, always be sure to first eliminate the obvious causes, both physical and logical. Obvious physical causes may include a faulty wire or connection or a device that is not powered on or plugged in. Obvious logical causes can include simple mistakes, such as entering the incorrect password, passphrase, or service set identifier (SSID), or more complex problems, including port, routing, and IP configuration problems, incorrect interfaces, firewall and access control list (ACL) problems, and certificate or licensing issues.

Consider Multiple Approaches

Multiple approaches can and should be considered to establish a theory of probable cause. In the networking environment, there are three standard approaches based on the Open Systems Interconnection (OSI) model.

Top-to-Bottom/Bottom-to-Top OSI Model

The top-to-bottom and bottom-to-top approaches use the layers of the OSI model to methodically work through a problem to establish a probable cause. The top-to-bottom approach begins at the application layer, or Layer 7, and works down through the OSI layers to identify the lowest layer at which the problem occurs. The bottom-to-top approach begins at the physical layer, or Layer 1, and works up through the OSI layers to identify the first layer at which the problem occurs.

Divide-and-Conquer

The divide-and-conquer approach also uses the layers of the OSI model to identify the probable location of the problem, but it is not limited to beginning at the top or bottom of the OSI layers. A layer is chosen and tested for proper functionality. Based on the results at the chosen beginning layer, the layer above or below is then evaluated for problems, and so forth, until the likely layer is identified.

Test the Theory

Once a theory is established, the third step is to test the theory to determine if it is indeed the cause of the problem. The test will either confirm the theory or allow you to rule it out as a potential cause of the problem.

If your theory is confirmed, determine the next steps to resolve the problem. You will move to the fourth step (discussed below) and determine what should be done to resolve the problem. When determining next steps, the potential effects of the fix should also be evaluated and considered.
If your theory is not confirmed, establish a new theory to test. If all theories have been exhausted, escalate the problem to a more senior network technician or the system manager.

Establish a Plan of Action

The fourth step in the network troubleshooting methodology is to establish a plan of action to resolve the problem once the cause has been verified. Once a plan of action has been devised, test the plan if possible to ensure the plan is effective and to identify any potential effects the plan may have on the device or network.

Implement the Solution

When the plan of action has been established and tested, with the potential effects identified, it is time to implement the solution. Remember, however, a networking environment is highly complex, and a network technician should be aware of their own limitations and escalate as necessary.

Verify Full System Functionality

Once a solution has been implemented, the next step is to verify full system functionality. A solution may have unintended consequences on the system and create more problems than the original problem. Once the system is fully functional, implement preventive measures to avoid a recurrence of the same problem.

Document What Was Learned

The seventh and final step of the network troubleshooting methodology is to document all findings from the entire process. Documentation can include as much information as you feel is relevant, but it should at least include these details:

a description of the problem and the conditions around it
the device details, including the operating system (OS) and software versions, device model or type, and network interface information
if and how the problem was reproduced
the theories and solutions tested
the solution that was successfully used
lessons learned from the experience, including how the problem can be avoided in the future

Connectivity Issues

Connectivity issues are common in the network environment and can be caused by logical or physical problems within the network. Given a scenario, you should be able to troubleshoot the problem and employ the use of the most appropriate tool for the situation.

Cable Issues

The backbone of a network is the cables that are used to connect devices at Layer 1, or the physical layer. When evaluating cable issues, it is important to know the specifications of the particular cable or interface being used to identify potential causes of common issues that may affect the network’s cabling and interfaces.

Incorrect Cable

In a network environment, it is important to be aware of the specifications, proper usage, and limitations of different types of cables. The type of cable used is also dictated in part by the application the cable will be used for. There are multiple common types or configurations of cables that can be used in different situations. Attempting to use the wrong type of cable will result in connectivity issues.

Single-Mode vs. Multimode

Fiber-optic cables have two primary types, single-mode and multimode. A single-mode fiber carries a single light signal down a tightly clad core.. A single-mode fiber’s smaller core reduces signal dispersion, allowing for high-speed data transmission over long distances. A multimode fiber is capable of carrying multiple light signals down a loosely clad core. A multimode fiber’s larger core allows for increased bandwidth on a single fiber, but it is only effective over short distances due to increasing signal dispersion as the light travels further away from the source.

1 Fiber Modes (FIXED).jpg

Retrieved from: https://commons.wikimedia.org/wiki/File:Fiber_Types.svg https://commons.wikimedia.org/wiki/File:Multimode_vs_Single_Mode_Fiber.png

Shielded Twisted Pair (STP) vs. Unshielded Twisted Pair (UTP)

Copper Ethernet cables can be either STP or UTP cables. STP cables are twisted-pair cables that are contained within a foil or mesh outer layer to protect against electromagnetic interference. UTP cables are twisted-pair cables that are contained in a non-metal outer jacket.

Category 5/6/7/8

Category 5/6/7/8 cables each have unique specifications for use including data transmission capabilities, distance capabilities, and use case scenarios.

Category 5 (Cat 5) cables are commonly used in a home or small business environment, category 6 (Cat 6) cables are commonly used in larger business environments or small data centers, category 7 (Cat 7) cables are commonly used in high-performance environments such as data centers, and category 5 (Cat 8) cables are primarily used in extremely high-speed environments such as very large data centers (think Google), providing extreme data transmission speeds over short distances.

Signal Degradation

Signal degradation is the loss or weakening of signal strength during data transmission. Signal degradation can be caused by multiple factors, including cable quality, distance, interference, or obstructions.

Crosstalk

Crosstalk occurs when the signals of two adjacent wires transmitting current bleed into one another. Crosstalk can be minimized by placing the wires at a 90-degree angle to one another or twisting them together. The tighter the twist, the lower the occurrence of crosstalk.

Interference

Electromagnetic interference (EMI), also known as radio frequency interference (RFI), occurs when an electrical path or circuit is affected in a negative way by the electromagnetic field of another source. EMI and RFI only affect copper cables, as fiber-optic cables are immune to this type of interference.

Attenuation

Attenuation is the degradation of a signal as it traverses a cable or wire. The rate of attenuation is dependent on the type of cable or wire being used, with copper attenuating more quickly than fiber-optic cabling.

Improper Termination

Improper termination occurs when the connector on the end of a networking cable, such as an RJ45 Ethernet connector, is poorly or incorrectly terminated, resulting in crosstalk, interference, or attenuation, among other issues. Improper termination may include wires attached in the incorrect pinout order, too much untwisting by the termination point, damaged wires, insecure crimping, or incorrect connectors.

Transmitter (TX)/Receiver (RX) Transposed

To create a connection between two devices, the correct type of cable is required, either straight-through or crossover. This depends on the devices being connected, which dictates what pins are used for transmitting and receiving data. If the incorrect cable is used, the transmission and reception may be switched, a problem known as TX/RX reverse or transposed.

For example, connecting a switch and a PC requires a crossover cable, where the PC uses pins 1 and 2 to transmit and pins 3 and 6 to receive, while the switch uses pins 1 and 2 to receive and pins 3 and 6 to transmit. The TX/RX would be reversed if a straight-through cable was used, resulting in both the PC and switch using pins 1 and 2 to transmit and pins 3 and 6 to receive.

Interface Issues

The interface is the portion of a device or system the user interacts with to execute commands and complete other functions. When an interface experiences an issue, an error or alert message may appear. Errors and alerts can also be detected using the previous interface statistics and monitoring statuses. You should be familiar with common errors and alerts regarding interfaces.

Increasing Interface Counters

An interface counter is a numerical value that tracks network interface activity, such as sent and received packets and bytes, transmission or receive errors, or collisions. An increase in any of these interface counters may indicate problems in the network interface.

Cyclic Redundancy Check (CRC)

A CRC is an error detection tool used to identify data that has been corrupted in some manner by assigning a checksum value to blocks of data and comparing the original checksum value to the current value. An excessive number of CRC errors may indicate an issue in the network or interface.

Runts

A runt is a packet that does not meet the minimum packet size requirements of the transmission, and it is also commonly caused by collisions or faulty NICs. Runts will be dropped.

Giants

A giant is a packet that exceeds the maximum packet size of the transmission and has an incorrect frame check sequence (FCS). A giant is commonly the result of a MTU misconfiguration, jumbo frame mismatches, or a faulty network interface card (NIC) and will be dropped.

Drops

A drop refers to a sudden interruption or loss of connectivity of a network interface, often resulting in packets being discarded. Drops may be caused by physical cabling issues, network congestion, or improper configurations.

Port Status

The port status refers to the current operational state of a port on a networking device. The port status of an interface can provide information on the current state of the interface, including up/down status, current links, administrative information, errors, and speed. Light-emitting diode (LED) status indicators are visual signals on networking devices that indicate the status of connections on the device. The standard color coding for LED status indicators is green for good (flashing indicates traffic is being actively sent or received), amber for potential problems, and no light for no connection.

Error Disabled

The error disabled port status indicates that a port has been shut down due to a critical error such as a bad cable, security configuration error, or duplex mismatch.

Administratively Down

An administratively down port status indicates that the port has been manually shut down by a network administrator, preventing all send and receive traffic on the port. A port may be configured administratively down for routine maintenance, security concerns, or isolation, among other reasons.

Suspended

A suspended port status indicates that a port is not currently communicating with other ports but is available and ready for communications. A suspended port is commonly caused due to misconfiguration or a missing link in the Link Aggregation Control Protocol (LACP).

Hardware Issues

Hardware is the backbone of a network. Due to the extensive nature of hardware, there are numerous issues that may arise. Possible hardware problems include power problems, cable problems, or hardware device problems.

Power over Ethernet (PoE)

PoE and PoE+ are the transmission of electrical power and data over a standard twisted pair Ethernet connection. A PoE cable is an Ethernet cable that has the ability to provide DC power as well as data to a connected device, such as an IP phone, security camera, or Wi-Fi access point. PoE, as specified in the IEEE 802.3af standard, provides up to 15 watts of DC power, while PoE+, as specified in the IEEE 802.3at standard, provides up to 30 watts of DC power.

Power Budget Exceeded

PoE connections have a maximum allowable power distribution. When the devices connected via a PoE connection draw an excessive amount of power, the power budget is exceeded, leading to potential malfunction or complete shutdown.

Incorrect Standard

PoE provides power based on the previously identified IEEE 802.3 standards. When a PoE device is not receiving power compliant with one of the standards, it can result in device malfunction or damage.

Transceivers

A transceiver, which is a device that can both receive and transmit, is located within a device and converts electrical signals to the correct Ethernet specification for communications with the other end.

Mismatch

A mismatch occurs when communicating components or devices are using incompatible connections, configurations, or protocols resulting in connectivity issues. For example, transceiver mismatch occurs when the transceivers on either end do not match, such as one device using a small form-factor pluggable (SFP) transceiver while the other uses an enhanced small form-factor pluggable (SFP+) transceiver. Another example of a mismatch occurs when communicating devices are using different encryption protocols, duplex settings, or cipher suites.

Signal Strength

Transceivers send and receive electrical signals for communications. Weakened signal strength may be caused by multiple factors, including transmission distance, loose or dirty connectors, environmental factors such as heat or humidity, or faults in the transceiver itself.