IntermediateNetwork Troubleshooting 8 min read

How to Troubleshoot Network Connectivity

OSI-model approach to diagnosing any connectivity problem — from physical to application layer

Network troubleshooting without a methodology is guesswork. The most reliable approach — and the one tested on CCNA and Network+ — is to work systematically from Layer 1 upward (or Layer 7 downward, depending on the symptoms). This guide walks through the standard troubleshooting process with the exact commands used on Cisco IOS, and explains what each output tells you.

1

Verify the physical connection (Layer 1)

Before anything else, confirm the physical link is up. A connected cable that is not negotiating is the most common cause of connectivity issues and takes under 30 seconds to rule out.

Cisco IOS
! On Cisco IOS — check interface status
show interfaces GigabitEthernet0/0
show interfaces GigabitEthernet0/0 status

! Line protocol down = Layer 1 or 2 problem
! Interface is down = physical issue (cable, port, speed mismatch)
! Interface is up, line protocol is down = Layer 2 problem

The output 'GigabitEthernet0/0 is down, line protocol is down' means the physical link has failed — check the cable, SFP, or whether the far end is shut down. 'Is up, line protocol is down' means Layer 1 is fine but Layer 2 is failing (often a duplex or encapsulation mismatch).

2

Check interface errors and duplex settings (Layer 1–2)

A link that is 'up' but dropping packets is often caused by a duplex mismatch or high CRC error rate. Check the error counters on both ends.

Cisco IOS
show interfaces GigabitEthernet0/0

! Look for:
! Input errors — usually CRC errors from duplex mismatch
! Output drops — transmit queue overflow
! Runts — frames smaller than 64 bytes (duplex mismatch indicator)
! Giants — frames larger than 1518 bytes

! Check duplex and speed
show interfaces GigabitEthernet0/0 | include duplex
show interfaces GigabitEthernet0/0 | include speed

High CRC errors + runts on one side of a link almost always means a duplex mismatch — one end is full-duplex, the other is half-duplex. The half-duplex side sees collisions as CRC errors.

3

Verify Layer 2 — ARP and MAC addresses

If the physical and data-link layers are up, verify that ARP is resolving and the MAC address table is populated correctly.

Cisco IOS
! On a Cisco switch — check MAC address table
show mac address-table

! Check specific VLAN
show mac address-table vlan 10

! On a router — check ARP table
show arp

! If ARP is missing, try pinging the target first to trigger ARP
ping 192.168.1.1
show arp

If the MAC address table on a switch is empty for a port, but the interface is up/up, check whether the connected device is powered on and actually sending traffic.

4

Test Layer 3 — IP reachability with ping

Use ping to confirm IP connectivity. Always start with the local gateway, then the remote destination. Use extended ping on Cisco to control the source interface.

Cisco IOS
! Basic ping
ping 192.168.1.1

! Extended ping — specify source interface (important for routing tests)
ping
Protocol [ip]:
Target IP address: 10.0.0.1
Repeat count [5]: 5
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.1.1

! Ping with larger packet to test MTU
ping 10.0.0.1 size 1500 repeat 10

Never conclude a route is working from a ping sourced from the router itself. Use the 'source' option to ping from the subnet that real traffic will use. A router can ping its own interface but fail to forward transit traffic if the return route is missing.

5

Trace the path — traceroute

If ping fails, traceroute identifies exactly where packets are being dropped. Each line in the output represents one hop, and a timeout (*) at a specific hop tells you where routing breaks down.

Cisco IOS
! Standard traceroute
traceroute 10.0.0.1

! Extended traceroute — specify source
traceroute
Protocol [ip]:
Target IP address: 10.0.0.1
Source address: 192.168.1.1

! On Windows (for comparison)
tracert 10.0.0.1

Three asterisks (***) at a hop doesn't always mean the hop is dropping packets — many devices rate-limit or block ICMP TTL-exceeded messages. If the traceroute succeeds at hop N+1, hop N is filtering ICMP, not dropping traffic.

6

Verify the routing table (Layer 3)

If traceroute fails at a router hop, check that router's routing table for the destination. Missing routes and incorrect next-hops are the most common Layer 3 failures.

Cisco IOS
! Show full routing table
show ip route

! Check specific destination
show ip route 10.0.0.0
show ip route 10.0.0.1

! Check for default route
show ip route 0.0.0.0

! Example output:
! C  192.168.1.0/24 is directly connected, GigabitEthernet0/0
! S  10.0.0.0/8 [1/0] via 192.168.1.254
! O  172.16.0.0/16 [110/2] via 192.168.1.254

! If destination is missing — check protocol-specific tables
show ip ospf neighbor
show ip bgp summary
show ip eigrp neighbors

The routing table shows the best path, not all paths. If you suspect a routing protocol issue, check the protocol-specific topology table (e.g., 'show ip ospf database') to see all known routes before the best-path selection.

7

Check ACLs and NAT (Layer 3–4)

If routes exist but traffic still fails, an ACL may be dropping packets or NAT may be misconfigured. ACLs are applied per interface in a direction (in/out).

Cisco IOS
! Check all ACLs and their match counts
show access-lists

! Check which ACLs are applied to an interface
show ip interface GigabitEthernet0/0 | include access list

! Check NAT translations
show ip nat translations
show ip nat statistics

! Debug ACL hits (use with caution in production)
debug ip packet detail

ACL implicit deny: every Cisco ACL ends with an implicit 'deny any'. If no explicit permit rule matches, the packet is silently dropped with no log entry (unless you add 'permit ip any any log' at the end for testing).

8

Test application layer — telnet to port

If IP connectivity works but a specific application fails, test the specific TCP port using telnet as a quick port scanner.

Cisco IOS / Terminal
! Test if a TCP port is open (telnet as port scanner)
telnet 10.0.0.1 80
telnet 10.0.0.1 443
telnet 10.0.0.1 22

! On Cisco IOS
telnet 10.0.0.1 /port 80

! Connection refused = host reachable, port closed
! No response / timeout = host unreachable or port filtered by ACL/firewall

On Windows, telnet may need to be enabled (Control Panel → Programs → Turn Windows features on/off → Telnet Client). Alternatively use 'Test-NetConnection -ComputerName 10.0.0.1 -Port 80' in PowerShell.

Key tips

  • Always start at Layer 1 — most connectivity issues are physical. 'Plug it in properly' solves more problems than any show command.

  • Ping the default gateway first, then the next hop, then the destination — isolate the failure domain before chasing complex causes.

  • Use 'show interfaces' error counters to distinguish physical (high CRC/runts) from software (drops) problems.

  • On Cisco routers, always use extended ping with a specified source when testing routing — a router can reach its own interface even when transit routing is broken.

  • Document what changed before the problem started — 90% of connectivity issues follow a configuration change.

Frequently asked questions

What is the OSI troubleshooting approach?

Work from Layer 1 (physical) upward: Physical → Data Link → Network → Transport → Application. Confirm each layer is functioning before moving to the next. This prevents you from chasing complex routing problems when the cable is unplugged.

My ping works but the application doesn't — what next?

Ping proves Layer 3 connectivity but not Layer 4 (TCP/UDP). Test the specific port using telnet (e.g., 'telnet 10.0.0.1 80'). If the port is filtered, check ACLs and firewalls. If it's rejected, the service isn't listening on that port.

What does 'U.U.U' mean in Cisco ping output?

'U' means the router received an ICMP 'Destination Unreachable' response — a router along the path actively rejected the packet, usually because of a missing route or an explicit ACL deny. This is different from '.' (timeout) where no response was received.

Related glossary terms

Browse full glossary →

Practice with real exam questions

Apply what you just learned with exam-style practice questions.

Related guides