Preface No single troubleshooting resource can anticipate every possible glitch that can be encountered in internetworks. But any significant contribution that can be made toward preventing connectivity blockages is a step in the right direction. We hope that this publication contributes to the body of knowledge that makes networks more manageable.
Using This Publication • The chapters in Part 6, “Troubleshooting Other Internetwork Problems,” provide information on troubleshooting CiscoWorks installations, and on troubleshooting security implementations, including TACACS troubleshooting and password recovery. • Appendixes provide supplemental troubleshooting information, including information on creating core dumps, memory maps for different Cisco routers, technical support information, and a list of references and recommended reading.
C H A P TER 1 Troubleshooting Overview Internetworks come in a variety of topologies and levels of complexity—from single-protocol, point-to-point links connecting cross-town campuses, to highly meshed, large-scale wide-area networks (WANs) traversing multiple time zones and international boundaries. The industry trend is toward increasingly complex environments, involving multiple media types, multiple protocols, and often interconnection to “unknown” networks.
General Problem-Solving Model Figure 1-1 General Problem-Solving Model Define problem Gather facts Consider possibilities based on facts Create action plan Implement action plan Observe results (If symptoms stop…) (If symptoms persist…) Repeat process Problem resolved; terminate process The following steps detail the problem-solving process outlined in Figure 1-1: Step 1 When analyzing a network problem, make a clear problem statement.
Preparing for Network Failure Step 6 Whenever you change a variable, be sure to gather results. Generally, you should use the same method of gathering facts that you used in Step 2 (that is, working with the key people affected in conjunction with utilizing your diagnostic tools). Step 7 Analyze the results to determine whether the problem has been resolved. If it has, then the process is complete.
Preparing for Network Failure 1-6 Book Title
C H A P TER 2 Troubleshooting Tools This chapter presents information about the wide variety of tools available to assist you in troubleshooting your internetwork, including information on using router diagnostic commands, using Cisco network management tools, and third-party troubleshooting tools. Using Router Diagnostic Commands Cisco routers provide numerous integrated commands to assist you in monitoring and troubleshooting your internetwork.
Using Router Diagnostic Commands — show interfaces fddi — show interfaces atm — show interfaces serial — show controllers—This command displays statistics for interface card controllers. For example, the show controllers mci command provides the following fields: MCI 0, controller type 1.1, microcode version 1.
Using debug Commands Using debug Commands The debug privileged exec commands can provide a wealth of information about the traffic being seen (or not seen) on an interface, error messages generated by nodes on the network, protocol-specific diagnostic packets, and other useful troubleshooting data.
Using Router Diagnostic Commands In many situations, using third-party diagnostic tools can be more useful and less intrusive than using debug commands. For more information, see the section “Third-Party Troubleshooting Tools” later in this chapter. Using the ping Command To check host reachability and network connectivity, use the ping exec (user) or privileged exec command. After you log in to the router or access server, you are automatically in user exec command mode.
Using Cisco Network Management Tools Using Cisco Network Management Tools Cisco offers several network management products that provide design, monitoring, and troubleshooting tools to help you manage your internetwork. The following three internetwork management tools are useful for troubleshooting internetwork problems: • CiscoWorks internetwork management software, a set of Simple Network Management Protocol (SNMP)–based tools.
Third-Party Troubleshooting Tools TrafficDirector multilayer traffic summary provides a quick, high-level assessment of network loading and protocol distributions. Network managers then “zoom in” on a specific segment, ring, switch port, or trunk link and apply real-time analysis and diagnostic tools to view hosts, conversations, and packet captures. TrafficDirector threshold monitoring enables users to implement a proactive management environment.
TDRs and OTDRs Cable testers (scanners) also enable you to check physical connectivity. Cable testers are available for shielded twisted pair (STP), unshielded twisted pair (UTP), 10BaseT, and coaxial and twinax cables.
Third-Party Troubleshooting Tools Monitors collect information such as packet sizes, the number of packets, error packets, overall usage of a connection, the number of hosts and their MAC addresses, and details about communications between hosts and other devices. This data can be used to create profiles of LAN traffic as well as to assist in locating traffic overloads, planning for network expansion, detecting intruders, establishing baseline performance, and distributing traffic more efficiently.
C H A P TER 3 Troubleshooting Hardware and Booting Problems This chapter provides procedures for troubleshooting hardware and booting problems. Although it provides specific procedures for some Cisco products, always refer to your hardware installation and maintenance publication for more detailed information about your specific platform, including descriptions of specific LEDs, configuration information, and additional troubleshooting information.
Booting the Router • • • • • • • • • • • • Booting: Router Partially Boots from Flash and Displays Boot Prompt Booting: Router Cannot Netboot from TFTP Server Booting: Router Cannot Netboot from Another Router Booting: Timeouts and Out-of-Order Packets Prevent Netbooting Booting: Invalid Routes Prevent Netbooting Booting: Client ARP Requests Timeout during Netboot Booting: Undefined Load Module Error When Netbooting Booting: Router Hangs After ROM Monitor Initializes Booting: Router Is Stuck in ROM Monito
Fault-Tolerant Boot Strategies Fault-Tolerant Boot Strategies Although netbooting is useful, network or server failures can make netbooting impossible. After you have installed and configured the router’s Flash memory, configure the boot sequence for the router to reduce the impact of a server or network failure. The following order is recommended: 1 Boot an image from Flash memory. 2 Boot an image using a netboot. 3 Boot from a ROM image.
Troubleshooting Hardware • Programmable ROM labels. (This information is printed on the physical chip, and an example is shown in Figure 3-1.) Figure 3-1 An Example of a Boot ROM Label—Boot ROM Version 11.1(2) U30 v11 1(2) RS P2-ROMMON O17-2111-04 Cisco Systems • • NVRAM configurations for client and adjacent routers.
Cisco 7500 Series Startup When the 7500 series system has initialized successfully, the system banner should be displayed on the console screen. If it is not displayed, make sure that the console terminal is properly connected to the RSP console port and that the terminal is set correctly. The system banner should look similar to the following: System Bootstrap, Version 4.6(5), SOFTWARE Copyright (c) 1986-1995 by cisco Systems RSP2 processor with 16384 Kbytes of memory ### [...
Troubleshooting Hardware Possible Problem Area Solution Cooling subsystem Step 1 Check to see whether the blower is operating when you start up the system. If the blower is not operating, there might be a problem with the blower or the +24 V DC power: • If the Output Fail LED is on, there might be a problem with the +24V DC supply to the blower or fan tray at either the power supply or the blower control board.
Cisco 7000 Series Startup Cisco 7000 Series Startup When you start up a Cisco 7000 series router, the following should occur: • The DC OK LED should go on and should remain on as long as the system is receiving source power. • • The fans should be operating. • The Enabled LED on the Switch Processor (SP) or Silicon Switch Processor (SSP) and each interface processor should go on when the RP has completed initialization of the interface processor or SP (or SSP) for operation.
Troubleshooting Hardware Table 3-2 Hardware: Cisco 7000 Series Startup Problems and Solutions Possible Problem Area Solution Power subsystem Step 1 Check to see whether the DC OK LED is on. Step 2 If the LED is not on but the fans are operating and LEDs on the processor modules are on, the Power Supply LED might be faulty. Step 3 If the LED is not on and there is no other activity, make sure the power switch is fully in the on position.
Cisco 4000 and Cisco 3000 Series Startup Possible Problem Area Solution Processor subsystem Step 1 Check to see whether the RP1 LEDs come on when system power is turned on. Step 2 If none of the RP LEDs come on, make sure that both the fan and power supply are functioning properly. Step 3 If the power supply and fans appear operational but none of the RP LEDs are on, an improperly connected RP, SP2 (or SSP3), or interface processor might have hung the bus.
Troubleshooting Hardware When the system has initialized successfully, the system banner should be displayed on the console screen. The system banner should look similar to the following: System Bootstrap, Version 4.14(9), SOFTWARE Copyright (c) 1986-1994 by cisco Systems 4000 processor with 16384 Kbytes of main memory Loading xx-j-mz.112-0.15 at 0x4A790, size = 3496424 bytes [OK] F3: 8988+3487404+165008 at 0x12000 Self decompressing the image : ###[...
Cisco 2500 Series Startup Table 3-3 outlines the areas where Cisco 4000 and Cisco 3000 series startup problems may occur and describes solutions to those problems. Table 3-3 Hardware: Cisco 4000 and Cisco 3000 Series Startup Problems and Solutions Possible Problem Area Solution Power and cooling subsystems Step 1 Check to see whether the blower is operating. If it is not, check the AC power input, AC power source, router circuit breaker, and power supply cable.
Troubleshooting Hardware When the system has initialized successfully, the system banner should be displayed on the console screen. The system banner should look similar to the following: System Bootstrap, Version (3.3), SOFTWARE Copyright (c) 1986-1993 by cisco Systems 2500 processor with 16384 Kbytes of main memory Unknown or ambiguous service arg - udp-small-servers Unknown or ambiguous service arg - tcp-small-servers Booting igs-in-l.
Cisco 2000 Series Startup Table 3-4 Hardware: Cisco 2500 Series Startup Problems and Solutions Possible Problem Area Solution Power and cooling subsystems Step 1 If the Power LED is off, make sure the power supply is plugged in to the wall receptacle and that the cable from the power supply to the router is connected. Step 2 If the system shuts down after being on a short time, there might have been a thermal-induced shutdown caused by a faulty fan, or the power to the system might have been lost.
Troubleshooting Hardware Possible Problem Solution Bootup problem Step 1 Check to see whether the fan is operating. If it is not, check the fan or the 12V power supply. Step 2 If the system shuts down after being on for a short time, check the power supply. Step 3 If the power supply appears operational, the router might have shut down due to overheating. Ensure that the chassis intake and exhaust vents are clear.
Catalyst 3000 Series Startup • Processor and interface subsystem—This subsystem includes the supervisor engine module (which contains the system operating software), the network interfaces, and all associated cabling. Table 3-6 outlines the areas where Catalyst 5000 series startup problems may occur and describes solutions to those problems.
Troubleshooting Hardware • • The fan should begin operating and should stay on while power is applied to the system. On some models, the DIAG LED should come on, stay on for the duration of the system’s self-test diagnostics, and then turn off. While booting, the console screen displays a script and system banner, which should be similar to the following: Cisco Catalyst Boot Firmware P/N 57-1327-02, Copyright 1995 - Initiating bootstrapping sequence. - Boot image integrity check...Passed.
Catalyst 2900 Series Startup Table 3-7 outlines the areas where Catalyst 3000 series startup problems may occur and describes solutions to those problems. Table 3-7 Hardware: Catalyst 3000 Series Startup Problems and Solutions Possible Problem Area Solution Power and cooling subsystems Step 1 Check to see whether the Power LED is on. If it is not on and the fans are not running, check the AC power cord and the AC receptacle the cord is plugged in to.
Troubleshooting Hardware When the system boot is complete, the supervisor engine module initializes the switching modules. The status LED on each switching module goes on when initialization has been completed, and the console screen displays a script and system banner similar to the following: BOOTROM Version 2.
Catalyst 1600 Token Ring Switch Startup Possible Problem Area Solution Series processor and interface subsystem Step 1 Check the supervisor engine module Status and Link LEDs. These should both be green if all diagnostic and self-tests were successful and ports are operational. For more information about interpreting the supervisor engine module LEDs, refer to the user guide for your switch. Step 2 Check the LEDs on individual interface modules.
Troubleshooting Hardware Table 3-10 outlines the possible LightStream 2020 problems and describes solutions to those problems. Table 3-10 Hardware: LightStream 2020 Startup Problems and Solutions Possible Problem Solution System initialization problem Step 1 Make sure power cords and data cables are firmly connected at both ends. Step 2 Make sure all cards (front and back of the chassis) are firmly seated in the midplane and screwed securely to the chassis.
LightStream 2020 Startup Possible Problem Solution Network processor problems If the NP fails to power up, check its access card at the back of the chassis. An NP requires an NPAC6; it cannot operate with any other kind of access card. If the system fails to boot, it could indicate either a problem with the NP, a problem with the NP’s hard disk drive, or a problem with the software on the hard drive.
Troubleshooting Hardware Possible Problem Solution Interface module problems The following tips will help you distinguish between problems in a line card and problems in an access card: • Run the manufacturing diagnostics and check the information provided for the access card. • Swap another line card of the same type. If the second card has the same problem as the first one, the access card is probably at fault.
LightStream 2020 Startup Possible Problem Solution Interface module problems The packet line card is compatible with the following access cards: — FDDI access card — Ethernet access card — Fiber Ethernet access card — T1 circuit emulation access card — E1 circuit emulation access card The NP is compatible with the following access card: — NPAC • If an FDDI7 module does not pass traffic, make sure the FDDI cables for each port are attached to the proper connectors.
Troubleshooting Hardware Possible Problem Solution Disk assembly problems Disk assembly problems are indicated by the following symptoms: • The node fails to boot. • Files become corrupted. • In a system with two NPs, the primary NP appears to fail and the backup takes over. The failed NP might pass diagnostics. • The system fails to read or write floppy disks. In the case of a write failure, check the write protect switch on the disk.
Troubleshooting Booting Problems Note Before accessing the chassis interior and removing any cards, turn off power to the chassis. Use extreme caution around the chassis. Potentially harmful voltages are present. Note To prevent damage to components that are sensitive to electrostatic discharge (ESD), attach ESD protection before opening a chassis. Make certain that the power cord is connected but that power is off.
Troubleshooting Booting Problems Possible Problem Solution Incorrect or corrupted image (exec does not function) Step 1 Check the configuration register using the show version exec command. Set the register to boot from Flash memory. For information about configuration register settings, refer to your hardware installation and maintenance documentation. Step 2 Power cycle the router. Step 3 Within the first 60 seconds of booting, press the Break key to access the ROM monitor.
Booting: Vector Error Occurs When Booting from Flash Memory Possible Problem Solution Incorrect or corrupted image (exec functions) Step 1 Obtain the correct system image. If necessary, contact your technical support representative to determine which image is appropriate. Step 2 Use the copy tftp flash privileged exec command to retrieve the image. Step 3 Check the configuration register using the show version exec command. Set the register to boot from Flash memory.
Troubleshooting Booting Problems Figure 3-2 Booting: Vector Error Occurs When Booting from Flash Memory Possible Problem Solution Compressed system image Step 1 Power-cycle the router. Step 2 Within the first 60 seconds of booting, press the Break key to access the ROM monitor. Step 3 At the ROM monitor prompt (>), enter o/r to set the configuration register to boot from ROM. Step 4 Enter b to boot the router. The router enters setup mode. Step 5 Press Ctrl-C to bypass the setup.
Booting: Router Partially Boots from Flash and Displays Boot Prompt Possible Problem Solution Router hardware problem Troubleshoot router hardware as discussed earlier in this chapter. 1 TFTP = Trivial File Transfer Protocol Booting: Router Partially Boots from Flash and Displays Boot Prompt Symptom: When a user is booting a Cisco 2000, Cisco 2500, Cisco 3000, or Cisco 4000 series router from Flash memory, the boot process halts and the console displays the boot prompt [router(boot)>].
Troubleshooting Booting Problems Possible Problem Solution Missing boot system flash global configuration command Step 1 Use the show running-config privileged exec command to determine whether the configuration includes a boot system flash global configuration command entry. Use the show startup-config privileged exec command to determine whether the boot system flash command is included in the configuration stored in NVRAM2. Step 2 Check the order of the boot system commands.
Booting: Router Cannot Netboot from TFTP Server Possible Problem Solution Network is disconnected or isolated Step 1 Boot the router from ROM or Flash memory if possible. Step 2 Use the ping exec command to send a message to the broadcast address (255.255.255.255). Step 3 If there is no response from the server, use the show arp exec command to look for an entry in the ARP table that is associated with the server. Step 4 Use the show ip route exec command to view the IP routing table.
Troubleshooting Booting Problems Possible Problem Solution Missing or misconfigured default gateway specification Step 1 Use the show running-config privileged exec command to view the router configuration. Check for the ip default-gateway global configuration command, which defines a default gateway. Syntax: ip default-gateway ip-address Syntax Description: • ip-address—IP address of the router.
Booting: Timeouts and Out-of-Order Packets Prevent Netbooting Table 3-14 Booting: Router Cannot Netboot from Another Router Possible Problem Solution Missing or incorrect tftp-server global configuration command Step 1 Use the show running-config privileged exec command to determine whether the tftp-server system global configuration command is missing or incorrectly specified.
Troubleshooting Booting Problems Table 3-15 outlines the problems that might cause this symptom and describes solutions to those problems. Table 3-15 Booting: Timeouts and Out-of-Order Packets Prevent Netbooting Possible Problem Solution Link is saturated Step 1 Boot the router from ROM and ping the TFTP server. Determine whether timeouts and out-of-order packets appear. Step 2 Check local network concentrators for excessive collisions on the same network.
Booting: Client ARP Requests Timeout During Netboot Possible Problem Solution Bad routing paths on neighbor routers Step 1 Verify that neighbor routers can ping the server. Step 2 Use the trace exec command to determine the path to the server. Step 3 Use the show arp privileged exec command to examine the ARP1 tables or the show ip route privileged exec command to view the IP routing table. Verify that the server is listed and that the routing table entries are appropriate.
Troubleshooting Booting Problems Possible Problem Solution Intermediate routers have ARP filtering enabled Step 1 Boot the router from ROM. Step 2 Make sure you can ping the server from the router. Step 3 Use the copy running-config tftp privileged exec command to test TFTP connectivity to the server. Step 4 If the preceding steps are successful, check the configuration at the intermediate router using the show arp exec command.
Booting: Router Hangs After ROM Monitor Initializes Table 3-18 Booting: Undefined Load Module Error When Netbooting Possible Problem Solution Filename mismatch Step 1 If you are booting manually, refer to the user guide for your router to see the proper command-line format. Step 2 Check the router configuration file. Compare the filename specified in the boot system filename [address] global configuration command entry with the actual router image filename. Make sure they match.
Troubleshooting Booting Problems Booting: Router Is Stuck in ROM Monitor Mode Symptom: Router is stuck in ROM monitor mode. When a user is booting a router from ROM, the system boots into ROM monitor mode but does not boot the complete system image. Table 3-20 outlines the problems that might cause this symptom and describes solutions to those problems.
Booting: Local Timeouts Occur When Booting from ROM Possible Problem Solution Router hardware problem Check all hardware for damage, including cabling (broken wire), adapters (loose pin), router ports, and so forth. For more information, refer to the hardware troubleshooting information discussed earlier in this chapter. Booting: Local Timeouts Occur When Booting from ROM Symptom: “Local timeout” error messages are generated when a user is booting from ROM.
Troubleshooting Booting Problems Possible Problem Solution Flow control configured on the terminal conflicts with the EIA/TIA-232 control signals supported by the access server console port (RJ-45 to DB-25) Step 1 Check whether flow control is configured on your terminal. Step 2 Disable all flow control on the terminal. With flow control enabled, the terminal will wait indefinitely for a CTS1 signal because the RJ-45 console port on the access server does not assert CTS.
C H A P TER 4 Troubleshooting Ethernet Ethernet was developed by Xerox Corporation’s Palo Alto Research Center (PARC) in the 1970s. Ethernet was the technological basis for the IEEE 802.3 specification, which was initially released in 1980. Shortly thereafter, Digital Equipment Corporation, Intel Corporation, and Xerox Corporation jointly developed and released an Ethernet specification (Version 2.0) that is substantially compatible with IEEE 802.3. Together, Ethernet and IEEE 802.
Ethernet and IEEE 802.3 Physical Connections IEEE 802.3 specifies several different physical layers, whereas Ethernet defines only one. Each IEEE 802.3 physical layer protocol has a name that summarizes its characteristics. The coded components of an IEEE 802.3 physical-layer name are shown in Figure 4-1. Figure 4-1 IEEE 802.
Troubleshooting Ethernet Figure 4-2 Ethernet and IEEE 802.3 Frame Formats Ethernet 7 1 6 S Field Length, Preamble O Destination in bytes address F 6 2 46-1500 4 Source address Type Data FCS 46-1500 4 802.2 header and data FCS IEEE 802.3 7 1 6 S Field Length, Preamble O Destination address in bytes F 6 2 Source Length address SOF = start-of-frame delimiter FCS = frame check sequence Both Ethernet and IEEE 802.
Troubleshooting Ethernet Media Problem Suggested Actions Excessive noise Step 1 Use the show interfaces ethernet exec command to determine the status of the router’s Ethernet interfaces. The presence of many CRC errors but not many collisions is an indication of excessive noise. Step 2 Check cables to determine whether any are damaged. Step 3 Look for badly spaced taps causing reflections.
show interfaces ethernet show interfaces ethernet unit [accounting] show interfaces ethernet [slot | port] [accounting] (for the Cisco 7200 series and Cisco 7500) show interfaces ethernet [type slot | port-adapter | port] (for ports on VIP cards in the Cisco 7500 series routers) Syntax Description • • unit—Must match a port number on the selected interface. • • • slot—Refer to the appropriate hardware manual for slot and port information.
Troubleshooting Ethernet show interfaces ethernet Field Descriptions Field Description Ethernet...is up...is administratively down Indicates whether the interface hardware is currently active and whether it has been taken down by an administrator. “Disabled” indicates that the router has received more than 5,000 errors in a keepalive interval, which is 10 seconds by default.
show interfaces ethernet Field Descriptions Field Description Five minute input rate, Five minute output rate Average number of bits and packets transmitted per second in the past five minutes. If the interface is not in promiscuous mode, it senses network traffic it sends and receives (rather than all network traffic). The five-minute input and output rates should be used only as an approximation of traffic per second during a given five-minute period.
Troubleshooting Ethernet 4-64 Book Title Field Description collisions Number of messages retransmitted due to an Ethernet collision. This is usually the result of an overextended LAN (Ethernet or transceiver cable too long, more than two repeaters between stations, or too many cascaded multiport transceivers). A packet that collides is counted only once in output packets. interface resets Number of times an interface has been completely reset.
C H A P TER 5 Troubleshooting Fiber Distributed Data Interface The Fiber Distributed Data Interface (FDDI) standard was produced by the ANSI X3T9.5 standards committee in the mid-1980s. During this period, high-speed engineering workstations were beginning to tax the capabilities of existing local-area networks (LANs)—primarily Ethernet and Token Ring. A new LAN was needed that could easily support these workstations and their new distributed applications.
FDDI Technology Basics fiber. Because of these characteristics, single-mode fiber is often used for interbuilding connectivity, and multimode fiber is often used for intrabuilding connectivity. Multimode fiber uses light-emitting diodes (LEDs) as the light-generating devices, whereas single-mode fiber generally uses lasers.
Traffic Types Figure 5-2 FDDI Nodes: DAS, SASs, and Concentrator FDDI DAS Concentrator SAS SAS SAS Each FDDI DAS has two ports, designated A and B. These ports connect the station to the dual FDDI ring. Therefore, each port provides a connection for both the primary and the secondary ring, as shown in Figure 5-3.
FDDI Technology Basics figure, when Station 3 fails, the dual ring is automatically wrapped in Stations 2 and 4, forming a single ring. Although Station 3 is no longer on the ring, network operation continues for the remaining stations. Figure 5-4 Station Failure, Ring Recovery Configuration Station 1 MAC B Station 4 A Ring wrap Station 2 Ring wrap A B B A MAC MAC A B Failed station Station 3 Figure 5-5 shows how FDDI compensates for a wiring failure.
Frame Format As FDDI networks grow, the possibility of multiple ring failures grows. When two ring failures occur, the ring is wrapped in both cases, effectively segmenting the ring into two separate rings that cannot communicate with each other. Subsequent failures cause additional ring segmentation. Optical bypass switches can be used to prevent ring segmentation by eliminating failed stations from the ring. This is shown in Figure 5-6.
FDDI Technology Basics Figure 5-7 FDDI Frame Format Data frame Preamble Start delimiter Frame control Destination Source address address Data FCS End delimiter Frame status Token Preamble Start delimiter Frame control End delimiter The fields of an FDDI frame are as follows: • • Preamble—Prepares each station for the upcoming frame. • Frame control—Indicates the size of the address fields, whether the frame contains asynchronous or synchronous data, and other control information.
Troubleshooting FDDI • Scrambling—When no data is being sent, FDDI transmits an idle pattern that consists of a string of binary ones. When this signal is sent over twisted-pair wire, the EMI is concentrated at the fundamental frequency spectrum of the idle pattern, resulting in a peak in the frequency spectrum of the radiated interference. By scrambling FDDI data with a pseudo-random sequence prior to transmission, repetitive patterns are eliminated.
Troubleshooting FDDI When you’re troubleshooting FDDI media in a Cisco router environment, the show interfaces fddi command provides several key fields of information that can assist in isolating problems. The following section provides a detailed description of the show interfaces fddi command and the information it provides.
show interfaces fddi Sample Displays The following is a sample partial display of FDDI-specific data from the show interfaces fddi command on a Cisco 7500 series router: Router> show interfaces fddi 3/0 Fddi3/0 is up, line protocol is up Hardware is cxBus Fddi, address is 0000.0c02.adf1 (bia 0000.0c02.adf1) Internet address is 131.108.33.14, subnet mask is 255.255.255.
Troubleshooting FDDI Field Description Fddi is {up | down | administratively down} Gives the interface processor unit number and tells whether the interface hardware is currently active and can transmit and receive or whether it has been taken down by an administrator. line protocol is {up | down} Indicates whether the software processes that handle the line protocol consider the interface usable. Hardware Provides the hardware type, followed by the hardware address.
show interfaces fddi Field Description neighbor State of the neighbor: • A—Indicates that the CMT1 process has established a connection with its neighbor. The bits received during the CMT signaling process indicate that the neighbor is a Physical A type DAS2 or concentrator that attaches to the primary ring IN and the secondary ring OUT when attaching to the dual ring.
Troubleshooting FDDI Field Description ECM is... ECM is the SMT entity coordination management, which overlooks the operation of CFM and PCM. The ECM state can be one of the following: • out—Router is isolated from the network. • in—Router is actively connected to the network. This is the normal state for a connected router. • trace—Router is trying to localize a stuck beacon condition. • leave—Router is allowing time for all the connections to break before leaving the network.
show interfaces fddi Field Description LER Link error rate. Upstream | downstream neighbor Displays the canonical MAC address of outgoing upstream and downstream neighbors. If the address is unknown, the value will be the FDDI unknown address (0x00 00 f8 00 00 00). Last input Number of hours, minutes, and seconds since the last packet was successfully received by an interface. Useful for knowing when a dead interface failed.
Troubleshooting FDDI Field Description overrun Number of times the serial receiver hardware was unable to hand received data to a hardware buffer because the input rate exceeded the receiver’s ability to handle the data. ignored Number of received packets ignored by the interface because the interface hardware ran low on internal buffers. These buffers are different from the system buffers mentioned previously in the buffer description.
C H A P TER 6 Troubleshooting Token Ring The Token Ring network was originally developed by IBM in the 1970s. It is still IBM’s primary local-area network (LAN) technology, and is second only to Ethernet/IEEE 802.3 in general LAN popularity. The IEEE 802.5 specification is almost identical to, and completely compatible with, IBM’s Token Ring network. In fact, the IEEE 802.5 specification was modeled after IBM Token Ring, and continues to shadow IBM’s Token Ring development.
Token Passing Figure 6-1 Data rates Stations/segment Topology Media Signaling Access method Encoding IBM Token Ring Network/IEEE 802.5 Comparison IBM Token Ring Network IEEE 802.5 4 or 16 Mbps 4 or 16 Mbps 280 (shielded twisted pair) –2 (unshielded twisted pair) 250 Star Not specified Twisted pair Not specified Baseband Baseband Token passing Token passing Differential Manchester Differential Manchester Token Passing Token Ring and IEEE 802.
Physical Connections Physical Connections IBM Token Ring network stations are directly connected to MAUs, which can be wired together to form one large ring (as shown in Figure 6-2). Patch cables connect MAUs to adjacent MAUs. Lobe cables connect MAUs to stations. MAUs include bypass relays for removing stations from the ring.
Frame Formats device fails, its frame may continue to circle the ring. This can prevent other stations from transmitting their own frames and essentially lock up the network. The active monitor can detect such frames, remove them from the ring, and generate a new token. The IBM Token Ring network’s star topology also contributes to overall network reliability.
Data/Command Frames Data/Command Frames Data/command frames vary in size, depending on the size of the information field. Data frames carry information for upper-layer protocols; command frames contain control information and have no data for upper-layer protocols. In data/command frames, a frame control byte follows the access control byte. The frame control byte indicates whether the frame contains data or control information. In control frames, this byte specifies the type of control information.
Troubleshooting Token Ring Media Problem Suggested Actions Ring speed mismatch Step 1 Check the ring speed specification on all nodes attached to the Token Ring backbone. The ring speed configured for all stations must be the same (either 4 Mbps or 16 Mbps). Use the show running-config privileged exec command to determine which speed is specified on the router. Step 2 If necessary, modify ring speed specifications for clients, servers, and routers.
show interfaces tokenring Media Problem 3 RPS conflict 1 2 3 Suggested Actions Step 1 Use the no lnm rps interface configuration command to disable the RPS function on the router that you are trying to insert into the ring. Step 2 Try to insert the router into the ring. Step 3 If you can insert the router with RPS disabled, there is a conflict between RPS implementations. Contact your technical support representative for more information.
Troubleshooting Token Ring Sample Display The following is sample output from the show interfaces tokenring command: Router# show interfaces tokenring TokenRing 0 is up, line protocol is up Hardware is 16/4 Token Ring, address is 5500.2000.dc27 (bia 0000.3000.072b) Internet address is 150.136.230.203, subnet mask is 255.255.255.
show interfaces tokenring Field Description keepalive Indicates whether keepalives are set. ARP type: Type of Address Resolution Protocol assigned. Ring speed: Speed of Token Ring—4 or 16 Mbps. {Single ring | multiring node} Indicates whether a node is enabled to collect and use source routing information (RIF) for routable Token Ring protocols. Group Address: Interface’s group address, if any.
Troubleshooting Token Ring 6-88 Book Title Field Description CRC The cyclic redundancy checksum generated by the originating LAN station or far-end device does not match the checksum calculated from the data received. On a LAN, this usually indicates noise or transmission problems on the LAN interface or the LAN bus itself. A high number of CRCs is usually the result of a station transmitting bad data. frame Number of packets received incorrectly having a CRC error and a noninteger number of octets.
C H A P TER 7 Troubleshooting TCP/IP In the mid-1970s, the Defense Advanced Research Projects Agency (DARPA) became interested in establishing a packet-switched network to provide communications between research institutions in the United States. DARPA and other government organizations understood the potential of packet-switched technology and were just beginning to face the problem virtually all companies with networks now have—communication between dissimilar computer systems.
The Network Layer Figure 7-1 The Internet Protocol Suite and the OSI Reference Model Internet Protocol suite OSI reference model 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Link 1 Physical NFS FTP, Telnet, SMTP, SNMP XDR RPC TCP, UDP Routing protocols IP ICMP ARP, RARP Not specified Creation and documentation of the Internet Protocol suite closely resemble an academic research project. The protocols are specified in documents called Requests for Comments (RFCs).
Addressing The fields of the IP packet are as follows: • • • Version—Indicates the version of IP currently used. • • Total length—Specifies the length of the entire IP packet, including data and header, in bytes. • Flags—A 3-bit field of which the low-order 2 bits control fragmentation. One bit specifies whether the packet can be fragmented; the second bit specifies whether the packet is the last fragment in a series of fragmented packets.
The Network Layer Figure 7-3 Class A Class A, B, and C Address Formats 0 Network Class B Host 1 0 Host Network Class C 1 1 0 Network Host IP networks can also be divided into smaller units, called subnets. Subnets provide extra flexibility for network administrators. For example, assume that a network has been assigned a Class B address, and all the nodes on the network currently conform to a Class B address format.
Internet Routing Figure 7-5 A Sample Subnet Mask Class A 0 0 1 0 0 0 1 0 address Subnet mask, 8 subnet bits . 1 . Class A 0 0 1 0 0 0 1 0 address Subnet mask, 16 subnet bits . 1 . . 0 . . 0 . . 0 . 34.0.0.0 . 1 . . 0 . . 0 . 255.255.0.0 . 0 . . 0 . . 0 . 34.0.0.0 . 1 . . 1 . . 0 . 255.255.255.
The Network Layer IP routing protocols are dynamic. Dynamic routing calls for routes to be calculated at regular intervals by software in the routing devices. This contrasts with static routing, where routes are established by the network administrator and do not change until the network administrator changes them. An IP routing table consists of destination address/next hop pairs. A sample entry, shown in Figure 7-7, is interpreted as meaning “to get to network 34.1.0.
The Transport Layer IRDP offers several advantages over other methods of discovering addresses of neighboring routers. Primarily, it does not require hosts to recognize routing protocols, nor does it require manual configuration by an administrator. Router advertisement messages allow hosts to discover the existence of neighboring routers, but not which router is best to reach a particular destination.
Upper-Layer Protocols • Window—Specifies the size of the sender’s receive window (that is, buffer space available for incoming data). • • • • Checksum—Indicates whether the header was damaged in transit. Urgent pointer—Points to the first urgent data byte in the packet. Options—Specifies various TCP options. Data—Contains upper-layer information. UDP UDP is a much simpler protocol than TCP and is useful in situations where the reliability mechanisms of TCP are not necessary.
IP Multicast IP Multicast The Internet Protocol suite was designed for communications between two computers using unicast addresses (that is, an address specifying a single network device). To send a message to all devices connected to the network, a single network device uses a broadcast address. These two forms of addressing have until now been sufficient for transferring traditional data (such as files and virtual terminal connections).
IP Multicast Figure 7-9 Packet Flow in UDP Flooding Workstation A Interfaces are in blocking state Interfaces are in forwarding state Router Subnetwork 1 Router Subnetwork 2 Subnetwork 3 Workstation C Workstation B Workstation D UDP packets Subnet Broadcast Subnet broadcast (defined in RFC 922) supports the sending of packets to all the subnets of a particular network number. Packet duplication occurs when there are alternative paths in a network.
Internet Group Membership Protocol Whenever there is a duplicate path in the network, a duplicate packet is delivered. Because many multicast applications are data intense, packet duplication is a significant disadvantage of subnet broadcast. Internet Group Membership Protocol Internet Group Membership Protocol (IGMP), defined in RFC 1112, relies on Class D IP addresses for the creation of multicast groups.
IP Multicast Multicast Open Shortest Path First Multicast Open Shortest Path First (MOSPF) is an extension to OSPF, which is a unicast routing protocol that requires each router in a network to be aware of all available links in the network. Each OSPF router calculates routes from itself to all possible destinations. MOSPF works by including multicast information in OSPF link states. MOSPF calculates the routes for each source/multicast group pair when the router receives traffic for that pair.
Troubleshooting TCP/IP Troubleshooting TCP/IP This section presents protocol-related troubleshooting information for Transmission Control Protocol/Internet Protocol (TCP/IP) connectivity and performance problems. This chapter focuses on general TCP/IP problems and on routing problems related to RIP, the Interior Gateway Routing Protocol (IGRP), Enhanced IGRP, OSPF, the Border Gateway Protocol (BGP), and the Hot Standby Router Protocol (HSRP).
Troubleshooting TCP/IP Possible Problem Solution Default gateway is not specified or is misconfigured on local or remote host If hosts are not running routed, a default gateway should be configured. Step 1 Determine whether the local and remote hosts have a default gateway specification. Use the following UNIX command: unix-host% netstat -rn Check the output of this command for a default gateway specification.
TCP/IP: Local Host Cannot Access Remote Host Possible Problem Solution Routing is not enabled on one or more routers Step 1 Use the trace exec command to isolate the problem router (or routers). Syntax: trace [protocol] [destination] Syntax Description: • protocol—(Optional) Protocols that can be used are AppleTalk, CLNS2, IP, and VINES. • destination —(Optional) Destination address or host name on the command line.
Troubleshooting TCP/IP Possible Problem Solution Routing is misconfigured on one or more routers Narrow down the specific symptoms and troubleshoot the problem using the procedures outlined later in this chapter. For example, check the routing tables on various routers using the show ip route privileged exec command.
TCP/IP: Routes Learned from the Wrong Interface or Protocol TCP/IP: Routes Learned from the Wrong Interface or Protocol Symptom: Routes in the routing table were learned from the wrong interface or protocol. For example, networks that should be reached through one interface are shown in the routing table to be reachable through another interface instead. This problem occurs only in a multiprotocol environment (see the section “Split Horizon Example,” later in this chapter).
Troubleshooting TCP/IP RIP routing information learned by Router 2 from Router 1 is redistributed into the IGRP domain. IGRP routing updates are sent to Router 3 from Router 2. If split horizon is disabled on Router 3, Router 3’s updates to Router 2 will include information about network 193.10.1.0 (which was originally learned from RIP updates sent from Router 1 to Router 2).
TCP/IP: Routing Not Functioning Properly on New Interface TCP/IP: Routing Not Functioning Properly on New Interface Symptom: A new interface is added to a router, but when routing is configured, it does not function properly on the new interface. Table 7-5 outlines the problems that might cause this symptom and describes solutions to those problems.
Troubleshooting TCP/IP Possible Problem Solution No active interfaces are configured with an IP address (OSPF2 only) OSPF uses an IP address on the router as its router ID. Therefore, to configure the OSPF protocol on a router, you need at least one active interface configured with an IP address.
TCP/IP: Host Connections Fail Using Certain Applications TCP/IP: Host Connections Fail Using Certain Applications Symptom: Connection attempts using some applications are successful, but attempts using other applications fail. For instance, you might be able to ping a host successfully, but Telnet connections fail. Table 7-6 outlines the problems that might cause this symptom and describes solutions to those problems.
Troubleshooting TCP/IP Misconfigured Access List Example Misconfigured access lists can cause connectivity and performance problems. In the environment shown in Figure 7-12, the network administrator can successfully reach Router Z from Router X using the telnet and ping commands. However, when attempts are made to trace the route using the trace command, the connection fails.
TCP/IP: Problems Forwarding BOOTP and Other UDP Broadcasts Possible Problem Solution Missing or misconfigured ip helper-address specification Step 1 Use the debug ip udp privileged exec command on the router that should be receiving packets from the host. Check the output of the command to see whether packets are being received from the host. Caution: This debug command can use considerable CPU cycles on the router. Do not enable it if your network is heavily congested.
Troubleshooting TCP/IP Possible Problem Solution UDP broadcast forwarding is disabled on specific UDP ports Step 1 Use the show running-config privileged exec command on the router and look for any no ip forward-protocol udp global configuration command entries. Such entries disable the forwarding of UDP traffic out specific ports.
TCP/IP: Poor Performance TCP/IP: Poor Performance Symptom: Performance for one or more network hosts is slow. Connections to servers take an excessive amount of time to establish. Table 7-8 outlines the problems that might cause this symptom and describes solutions to those problems. Table 7-8 TCP/IP: Poor Performance Possible Problem Solution Misconfigured resolv.conf file on DNS client Check the /etc/resolv.conf file on DNS clients.
Troubleshooting TCP/IP RIP/IGRP: Routes Missing from Routing Table Symptom: Routes are missing from the routing table. Hosts on one network cannot access hosts on a different network. Error messages stating “host or destination unreachable” are generated. The problem might be occurring in an internetwork running only RIP or IGRP, or a combination of the two. Table 7-9 outlines the problems that might cause this symptom and describes solutions to those problems.
RIP/IGRP: Routes Missing from Routing Table Possible Problem Solution Misconfigured route filtering Step 3 If distribute-list commands are configured on the router, disable them using the no version of the command. For example, to disable an incoming filter that references access list 10, enter the following command: C7500(config)#no distribute-list 10 in Step 4 After disabling all distribution lists on the router, use the clear ip route privileged exec command to clear the routing table.
Troubleshooting TCP/IP Possible Problem Solution Subnet mask mismatch Problems occur when two or more interfaces on the same major network have different subnet masks configured. Step 1 Use the show running-config privileged exec command to view the configuration of each router in the major network. Step 2 Use the show ip interface privileged exec command. Check the subnet mask specified for each interface.
RIP/IGRP: Routes Missing from Routing Table Possible Problem Solution Routes are not being redistributed properly between autonomous systems or between routing protocols This problem is restricted to environments in which route redistribution is being performed between autonomous systems or between multiple routing protocols. Step 1 Use the show running-config privileged exec command on routers that border multiple networks running different routing protocols.
Troubleshooting TCP/IP Table 7-10 Host and Router Subnet Mask Mismatch Example Routing Information Host Value Router Value Destination IP address 192.31.7.49 192.31.7.49 Subnet mask 255.255.255.240 255.255.255.224 Interpreted address Subnet address 48, host 1 Subnet address 32, host 17 The host interprets the IP address 192.31.7.49 as being Host 1 on the third subnet (subnet address 48).
OSPF: Routers Not Establishing Neighbors OSPF: Routers Not Establishing Neighbors Symptom: OSPF routers are not establishing neighbor relationships properly. The result is that routing information is not exchanged between routers. Table 7-11 outlines the problems that might cause this symptom and describes solutions to those problems.
Troubleshooting TCP/IP Possible Problem Solution Mismatched Hello or dead timers, E-bits (set for stub areas), area IDs, authentication types, or network masks The values set for the Hello timer and dead timer intervals, E-bits (this bit is set if the router is configured in a stub area), area IDs, authentication types, and network masks should all be the same throughout an OSPF area and in some cases the entire OSPF network.
OSPF: Routes Missing from Routing Table Possible Problem Solution Access list is misconfigured Step 1 Use the show access-list privileged exec command on suspect routers to see whether there are IP access lists configured on the router. Step 2 If there are IP access lists enabled on the router, disable them using the appropriate commands.
Troubleshooting TCP/IP Table 7-12 outlines the problems that might cause this symptom and describes solutions to those problems. Table 7-12 OSPF: Routes Missing from Routing Table Possible Problem Solution OSPF routers not establishing neighbors Follow the procedures outlined in the section “OSPF: Routers Not Establishing Neighbors” earlier in this chapter.
OSPF: Routes Missing from Routing Table Possible Problem Solution Interface network type mismatch on Frame Relay WAN In an OSPF Frame Relay environment, if one end of the link is a multipoint interface and the other end is a point-to-point interface, by default the multipoint interface will advertise the link as a non-broadcast network and the point-to-point interface will advertise the link as a point-to-point network.
Troubleshooting TCP/IP Possible Problem Solution Misconfigured route filtering Step 1 Use the show running-config command to check suspect routers. Step 2 See if there are any distribute-list in or distribute-list out router configuration commands configured on the router. The distribute-list in command prevents specific information learned in LSAs1 from being included in the OSPF routing table.
IP Enhanced IGRP: Routers Not Establishing Neighbors Possible Problem Solution Virtual link is misconfigured Step 1 Check the configuration of the routers at each end of the virtual link using the show running-config privileged exec command. Look for area area-id virtual-link router-id router configuration command entries. These commands are used to configure the virtual link. Step 2 Use the show ip ospf exec command to find the router ID (IP address) of the routers.
Troubleshooting TCP/IP Possible Problem Solution Misconfigured or missing network router configuration command Step 1 Use the show ip eigrp neighbors exec command on an Enhanced IGRP router. Make sure that all directly connected Enhanced IGRP routers appear in the output. Step 2 If some connected routers are not shown in the output, use the show running-config privileged exec command to view the configuration of the suspect routers.
IP Enhanced IGRP: Routes Missing from Routing Table IP Enhanced IGRP: Routes Missing from Routing Table Symptom: Routes are missing from the routing table of routers running Enhanced IGRP. Hosts on one network cannot access hosts on a different network. Hosts on the same network might or might not be able to communicate. The problem might occur in internetworks running only Enhanced IGRP or in an internetwork running Enhanced IGRP and another routing protocol.
Troubleshooting TCP/IP Possible Problem Solution Hello interval or hold-time value mismatch Step 1 Use the show running-config privileged exec command on all routers in the network. Step 2 Look for ip hello-interval eigrp and ip hold-time eigrp interface configuration command entries. The values configured by these commands should be the same for all IP routers on the network. At minimum, backbone routers should be configured with the same hello interval and hold-time values.
IP Enhanced IGRP: Router Stuck in Active Mode Possible Problem Solution Active timer value is misconfigured Step 1 Check the configuration of each Enhanced IGRP router by using the show running-config privileged exec command. Step 2 Look for the timers active-time router configuration command entry associated with the router eigrp global configuration command entry. The active timer determines the maximum period of time that an Enhanced IGRP router will wait for replies to its queries.
Troubleshooting TCP/IP BGP: Routes Missing from Routing Table Symptom: BGP routers and networks are not advertised to other routers. Routers do not receive routing information from other routers. Some hosts cannot communicate with hosts in other areas, and routing table information is incomplete. Table 7-16 outlines the problems that might cause this symptom and describes solutions to those problems.
BGP: Routers Not Advertising Routes BGP: Routers Not Advertising Routes Symptom: BGP routers are not advertising routes. Routing updates from a BGP router do not contain information about certain network destinations that should be advertised. Table 7-17 outlines the problems that might cause this symptom and describes solutions to those problems.
Troubleshooting TCP/IP Possible Problem Solution Misconfigured aggregate-address command The aggregate-address router configuration command allows BGP to specify a summary address for one or more specific network addresses. For example, to summarize the addresses 195.10.20.0 and 195.10.130.0, use the aggregate address 195.10.0.0. Problems can occur under the following circumstances: • The aggregate address summarizes addresses that are not in the router’s BGP routing table.
HSRP: Hosts Cannot Reach Remote Networks Possible Problem Solution Default gateway is not specified or is incorrectly specified on local or remote hosts Step 1 Determine whether local and remote hosts have a default gateway specification. Use the following UNIX command: host% netstat -rn Check the output of this command for a default gateway specification. Step 2 In a network running HSRP, hosts must use the hot standby IP address as their default gateway specification.
Troubleshooting TCP/IP Possible Problem Solution HSRP is not configured or is misconfigured Step 1 Try to ping the hot standby IP address. If the ping is unsuccessful, proceed to Step 2. If the ping is successful, proceed to Step 4. Step 2 Use the show standby privileged exec command to see information about the HSRP configuration. If the command does not return any output, HSRP is not configured on the router interface.
C H A P TER 8 Troubleshooting Novell IPX NetWare is a network operating system (NOS) and related support services environment created by Novell, Inc., and introduced to the market in the early 1980s. Then, networks were small and predominantly homogeneous; local-area network (LAN) workgroup communication was new; and the idea of a personal computer (PC) was just becoming popular.
Media Access Figure 8-1 NetWare and the OSI Reference Model OSI reference model 7 6 Application NetWare Applications Presentation NetBIOS emulator 5 Session 4 Transport 3 Network 2 Link NetWare shell (client) RPCbased NetWare application Core Protocol (NCP) LU 62 support RPC SPX IPX 1 Physical Ethernet/ IEEE 802.3 Token Ring/ IEEE 802.5 FDDI ARCnet PPP Media Access NetWare runs on Ethernet/IEEE 802.3, Token Ring/IEEE 802.5, Fiber Distributed Data Interface (FDDI), and ARCnet.
The Network Layer Figure 8-2 IPX Packet Format Checksum Packet length Transport control Packet type Destination network Destination node Destination socket Source network Source node Source socket Upper-layer data The fields of the IPX packet are as follows: • • Checksum—A 16-bit field that is set to ones. • Transport control—An 8-bit field that indicates the number of routers the packet has passed through.
The Transport Layer Figure 8-3 Ethernet, IEEE 802.3, and IPX Encapsulation Formats Ethernet Standard IEEE 802.3 IPX Destination address Destination address Destination address Source address Source address Source address Type Length Length Upper-layer data 802.2 header CRC CRC IPX data 802.2 data CRC To route packets in an internetwork, IPX uses a dynamic routing protocol called the Routing Information Protocol (RIP).
Troubleshooting Novell IPX NetWare also supports the Network Basic Input/Output System (NetBIOS) session-layer interface specification from IBM and Microsoft. NetWare’s NetBIOS emulation software allows programs written to the industry-standard NetBIOS interface to run within the NetWare system. NetWare application-layer services include NetWare Message Handling Service (NetWare MHS), Btrieve, NetWare loadable modules (NLMs), and various IBM connectivity features.
Troubleshooting Novell IPX Possible Problem Solution Misconfigured client or server Step 1 Make sure the software on both clients and servers is the current version, is configured correctly, and has loaded correctly. On clients, check the network drivers and the configuration specified in the net.cfg file. Step 2 On servers, make certain that SAPs1 are being generated properly and that any NLMs2 are loaded properly. Use the track on command to monitor routing and SAP activity.
Novell IPX: Client Cannot Connect to Server on Remote LAN Possible Problem Solution Media problem Step 1 Check all cabling and connections. Make sure cables are not damaged and that all connections are correct and make proper contact. Step 2 Use the show interfaces exec command to check for input or output errors or other indications of problems on the media. Step 3 If the command output shows excessive errors, use the clear interface counter privileged exec command to clear the interface counters.
Troubleshooting Novell IPX Possible Problem Solution Mismatched Ethernet encapsulation methods Step 1 Use the show ipx interface privileged exec command to check the encapsulation type specified in the router configuration. By default, Cisco routers use Novell’s Frame Type Ethernet 802.3 encapsulation. (Cisco refers to this as novell-ether encapsulation.) Step 2 Compare the encapsulation type configured on router interfaces with the encapsulation type that is being used by clients and servers.
Novell IPX: Clients Cannot Connect to Server over PSN Possible Problem Solution Duplicate network numbers Every network number must be unique throughout the entire Novell IPX internetwork. A duplicate network number will prevent packets from being forwarded properly. Step 1 Use the show ipx servers and the show ipx route privileged exec commands. Check the output of these commands for server addresses that have been learned from the wrong interface.
Troubleshooting Novell IPX Note Procedures for troubleshooting connectivity problems not specific to PSN environments are described in the section “Novell IPX: Client Cannot Connect to Server on Remote LAN” earlier in this chapter. Table 8-3 outlines the problems that might cause this symptom and describes solutions to those problems.
Novell IPX: Client Cannot Connect to Server over ISDN Possible Problem 5 Misconfigured LMI type (Frame Relay only) Frame Relay broadcast queue full (Frame Relay only) Solution Step 1 Use the debug frame-relay lmi privileged exec command to see the LMI type being used by the Frame Relay switch. Step 2 The LMI type is determined by your Frame Relay provider. Make sure you use the LMI type specified by the provider.
Troubleshooting Novell IPX Note Procedures for troubleshooting connectivity problems not specific to ISDN environments are described in the section “Novell IPX: Client Cannot Connect to Server on Remote LAN” earlier in this chapter. Procedures for troubleshooting ISDN connectivity problems not specific to IPX environments are described in Chapter 17, “Troubleshooting ISDN Connections.” Table 8-4 outlines the problems that might cause this symptom and describes solutions to those problems.
Novell NetBIOS: Applications Cannot Connect to Server over Router Possible Problem Solution Missing ipx type-20-propagation commands Step 1 Missing ipx helper-address command Use the debug ipx packet privileged exec command or a network analyzer to look for Novell packets with a specification of type 20. Caution: Exercise caution when using the debug ipx packet command. Because debugging output is assigned high priority in the CPU process, it can render the system unusable.
Troubleshooting Novell IPX IPX RIP: No Connectivity over IPX RIP Router Symptom: IPX RIP routers are blocking connections. Clients cannot connect to servers over one or more routers running IPX RIP. Note Procedures for troubleshooting connectivity problems not specific to IPX RIP routing are described in the section “Novell IPX: Client Cannot Connect to Server on Remote LAN” earlier in this chapter. Table 8-6 outlines the problems that might cause this symptom and describes solutions to those problems.
IPX RIP: No Connectivity over IPX RIP Router Possible Problem Solution Missing ipx network commands on interface To enable IPX protocol processing on an interface, enter the ipx network number interface configuration command: ipx network network [encapsulation encapsulation-type [secondary]] Syntax Description: • network—Network number. This is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range 1 to FFFFFFFE.
Troubleshooting Novell IPX Possible Problem Solution Router not propagating RIP updates Step 1 Use the debug ipx routing activity privileged exec command on the router. Look for routing updates sent by the router out each interface. Step 2 If you do not see RIP updates being sent out the interfaces, try disabling RIP routing using the no ipx routing global configuration command and then reenabling it using the ipx routing command.
IPX RIP: SAP Updates Not Propagated by Router Possible Problem Solution Routes not redistributed correctly Step 4 Make certain redistribution is configured between IPX RIP and the desired protocols. Make sure all the desired networks are specified for redistribution. Note: Route redistribution is enabled automatically between IPX RIP and Enhanced IGRP1 and between IPX RIP and NLSP.2 For detailed information on configuring route redistribution, see the Network Protocols Configuration Guide, Part 1.
Troubleshooting Novell IPX Possible Problem Solution SAP timer mismatch Step 1 Use the show running-config privileged exec command to view the router configuration. Look for ipx sap-interval interface configuration command entries.
IPX RIP: SAP Updates Not Propagated by Router Possible Problem Solution Misconfigured SAP filters Step 1 Use the show access-lists privileged exec command on suspect routers to see whether there are Novell IPX access lists configured. Use the show running-config privileged exec command to see whether there are SAP filters that use any of the configured access lists. At the end of this chapter is a list of Novell SAPs that includes the SAP description and hex and decimal values.
Troubleshooting Novell IPX Possible Problem Solution Novell servers not processing SAP updates as quickly as router is generating them Step 1 Use the show interfaces privileged exec command to check for output drops. Step 2 If there are excessive drops, use the show ipx servers exec command on the router. Compare the output of this command with the output of the display servers system console command on Novell servers.
IPX Enhanced IGRP: No Connectivity over IPX Enhanced IGRP Router IPX Enhanced IGRP: No Connectivity over IPX Enhanced IGRP Router Symptom: IPX Enhanced IGRP routers are blocking connections. Clients cannot connect to servers over one or more routers running IPX Enhanced IGRP. Note Procedures for troubleshooting connectivity problems not specific to IPX Enhanced IGRP routing are described in the section “Novell IPX: Client Cannot Connect to Server on Remote LAN” earlier in this chapter.
Troubleshooting Novell IPX Possible Problem Solution IPX Enhanced IGRP not configured or is misconfigured on the router Step 4 Check the router configuration for an ipx router eigrp autonomous-system-number global configuration command and associated ipx network interface configuration commands. Step 5 If these commands are not present, configure the Enhanced IGRP process and then assign it to the appropriate interfaces with the ipx network commands.
IPX Enhanced IGRP: No Connectivity over IPX Enhanced IGRP Router Possible Problem Solution Misconfigured filters Step 1 Use the show access-lists privileged exec command on suspect routers to see whether there are Novell IPX access lists configured. Step 2 Use the show running-config privileged exec command to view the router configuration. See whether access lists are specified in an ipx input-network-filter or ipx output-network-filter interface configuration command.
Troubleshooting Novell IPX IPX Enhanced IGRP: Routers Not Establishing Neighbors Symptom: IPX Enhanced IGRP routers do not establish neighbors properly. Routers that are known to be connected do not appear in the neighbor table. Note Procedures for troubleshooting IPX Enhanced IGRP problems not specific to establishing neighbors are described in the section “IPX Enhanced IGRP: No Connectivity over IPX Enhanced IGRP Router” earlier in this chapter.
IPX Enhanced IGRP: SAP Updates Not Propagated by Router IPX Enhanced IGRP: SAP Updates Not Propagated by Router Symptom: Novell SAP packets are not forwarded through a router running IPX Enhanced IGRP. Clients might be unable to connect to servers over one or more routers, or they might connect only intermittently.
Troubleshooting Novell IPX Possible Problem Solution SAP updates are being sent incrementally rather than periodically Connectivity problems can occur when LAN interfaces are configured to send incremental (not periodic) SAP updates on segments that have attached Novell clients or servers. Incremental SAP updates are sent only when there is a change in the SAP table. Link problem Step 1 Use the show running-config privileged exec command to view the router configuration.
IPX Enhanced IGRP: Router Stuck in Active Mode Note Occasional messages of this type are not a cause for concern. This is how an Enhanced IGRP router recovers if it does not receive replies to its queries from all its neighbors. However, if these error messages occur frequently, you should investigate the problem. For a more detailed explanation of Enhanced IGRP Active mode, see the section “Enhanced IGRP and Active/Passive Modes” later in this chapter.
Troubleshooting Novell IPX Table 8-11 IPX Enhanced IGRP: Router Stuck in Active Mode Possible Problem Solution Active timer value is misconfigured Step 1 The active timer specifies the maximum period of time that an Enhanced IGRP router will wait for replies to its queries. If the active timer value is set too low, there might not be enough time for all the neighboring routers to send their replies to the active router.
Novell IPX: Intermittent Connectivity Possible Problem Solution Flapping route Step 1 Check for a flapping serial route (caused by heavy traffic load) by using the show interfaces privileged exec command. Flapping is a routing problem where an advertised route between two nodes alternates (flaps) back and forth between two paths due to a network problem that causes intermittent interface failures. You might have a flapping route if there are large numbers of resets and carrier transitions.
Troubleshooting Novell IPX Possible Problem Solution RIP timer mismatch You can change RIP timer values on servers running NetWare 4.x or later. Mismatches between routers and servers can cause connectivity problems. Step 1 Use the show ipx interfaces privileged exec command on the router to view the state of IPX interfaces. Look for output similar to the following: C4500#show ipx interface [...] Updates each 60 seconds, aging multiples RIP: 3 SAP: 3 [...
Novell IPX: Slow Performance Possible Problem Solution SAP updates dropped from hub router’s output queue Slow serial lines can cause the router to drop SAP packets before they are transmitted. Router is stuck in active mode (EIGRP only) Step 1 Use the show interfaces serial exec command and examine the output queue drops field. A large number of dropped packets might indicate that SAP updates are being dropped before they can be transmitted across the serial link.
Troubleshooting Novell IPX Possible Problem Solution Novell servers not processing SAP updates as quickly as router is generating them Step 1 Use the show interfaces privileged exec command to check for output drops. Step 2 If there are excessive drops, use the show ipx servers exec command on the router. Compare the output of this command with the output of the display servers system console command on Novell servers.
Novell SAPs Novell SAPs The list of Novell SAPs in Table 8-14 is unverified information contributed from various sources. Novell, in an official capacity, does not and has not provided any of this information.
Novell SAPs 8-170 Book Title Decimal Hex SAP Description 82 0052 QuickLink (Cubix) 83 0053 Print Queue User 88 0058 Multipoint X.25 Eicon Router 96 0060 STLB/NLM 100 0064 ARCserve 102 0066 ARCserve 3.
Novell SAPs Decimal Hex SAP Description 309 0135 Netware Naming Services Profile 311 0137 Netware 386 Print Queue or NNS Print Queue 321 0141 LAN Spool Server (Vap, Intel) 338 0152 IRMALAN Gateway 340 0154 Named Pipe Server 358 0166 NetWare Management 360 0168 Intel PICKIT Comm Server or Intel CAS Talk Server 369 0171 UNKNOWN 371 0173 Compaq 372 0174 Compaq SNMP Agent 373 0175 Compaq 384 0180 XTree Server or XTree Tools 394 018A UNKNOWN Running on a Novell Server 4
Novell SAPs 8-172 Book Title Decimal Hex SAP Description 776 0308 COM or VERMED 1 778 030a Galacticomm’s Worldgroup Server 780 030c Intel Netport 2 or HP JetDirect or HP Quicksilver 800 0320 Attachmate Gateway 807 0327 Microsoft Diagnostiocs 808 0328 WATCOM SQL server 821 0335 MultiTech Systems Multisynch Comm Server 835 2101 Performance Technology Instant Internet 853 0355 Arcada Backup Exec 858 0358 MSLCD1 865 0361 NETINELO 894 037e Twelve Novell file servers in th
Novell SAPs Decimal Hex SAP Description 1075 0433 Synoptics 281x Advanced SNMP Agent 1092 0444 Microsoft NT SNA Server 1096 0448 Oracle 1100 044c ARCserve 5.
Novell SAPs 8-174 Book Title Decimal Hex SAP Description 30467 7703 MODEM 32770 8002 NetPort Printers (Intel) or LANport 32776 8008 WordPerfect Network Version 34238 85BE Cisco Enhanced Interior Routing Protocol (EIGRP) 34952 8888 WordPerfect Network Version or Quick Network Management 36864 9000 McAfee’s NetShield anti-virus 38404 9604 CSA-NT_MON 46760 b6a8 Ocean Isle Reachout Remote Control 61727 f11f Site Lock Metering VAP/NLM 61951 f1ff Site Lock 62723 F503 SCA-NT
C H A P TER 9 Troubleshooting AppleTalk In the early 1980s, as Apple Computer, Inc., was preparing to introduce the Macintosh computer, Apple engineers knew that networks would become a critical need. They wanted to ensure that a Macintosh-based network was a seamless extension of the revolutionary Macintosh user interface. With these two goals in mind, Apple decided to build a network interface into every Macintosh and to integrate that interface into the desktop environment.
AppleTalk Technology Basics Figure 9-1 AppleTalk and the OSI Reference Model OSI Reference Model AppleTalk protocols 7 Application AppleTalk Filing Protocol (AFP) PostScript 6 Presentation 5 Session 4 Transport AppleTalk Data Stream Protocol (ADSP) Routing Table Maintenance Protocol (RTMP) Zone Information Protocol (ZIP) AppleTalk Update-Based Routing Protocol (AURP) AppleTalk Session Protocol (ASP) AppleTalk Echo Protocol (AEP) Printer Access Protocol (PAP) AppleTalk Transmission Protocol
The Network Layer baseband signaling, and runs on shielded twisted-pair media at 230.4 kbps. The physical interface is EIA/TIA-422 (formerly RS-422), a balanced electrical interface supported by EIA/TIA-449 (formerly RS-449). LocalTalk segments can span up to 300 meters and support a maximum of 32 nodes. The Network Layer This section describes AppleTalk network-layer concepts and protocols.
The Network Layer Figure 9-2 The AppleTalk Address Selection Process I’d like to use address 37 Sorry, I’m address 37 Macintosh How about address 22? Macintosh Macintosh Macintosh Address 22 it is! Macintosh Macintosh Macintosh Macintosh Macintosh Network Entities AppleTalk identifies several network entities. The most elemental is a node, which is simply any device connected to an AppleTalk network.
Datagram Delivery Protocol Figure 9-3 AppleTalk Entities Zone C Node Network 1 Router Network 2 Node Node Network 3 Router Router Network 4 Node Node Node Zone B Network 5 Router Node Zone A Datagram Delivery Protocol AppleTalk’s primary network-layer protocol is the Datagram Delivery Protocol (DDP). DDP provides connectionless service between network sockets. Sockets can be assigned either statically or dynamically.
The Transport Layer RTMP The protocol that establishes and maintains AppleTalk routing tables is RTMP. RTMP routing tables contain an entry for each network that a datagram can reach. Each entry includes the router port that leads to the destination network, the node ID of the next router to receive the packet, the distance in hops to the destination network, and the current state of the entry (good, suspect, or bad).
AURP Figure 9-5 A Sample AppleTalk ZIT Network number Zone 1 My 2 Your 3 Marketing 4 Documentation 5-5 Sales AURP AURP allows a network administrator to connect two or more AppleTalk internetworks through a foreign network (such as Transmission Control Protocol/Internet Protocol [TCP/IP]) to form an AppleTalk wide-area network (WAN). The connection is called a tunnel, which functions as a single, virtual data link between the AppleTalk internetworks, as shown in Figure 9-6.
The Transport Layer The main function of AURP is to maintain accurate routing tables for the entire AppleTalk WAN by the exchange of routing information between exterior routers. In addition, AURP encapsulates AppleTalk data packets with the headers required by the foreign network. AURP uses the principle of split horizons (which states that it is never useful to send information about a route back in the direction from which the information came) to limit the propagation of routing updates.
ATP ATP ATP is suitable for transaction-based applications such as those found in banks or retail stores. ATP transactions consist of requests (from clients) and replies (from servers). Each request/reply pair has a particular transaction ID. Transactions occur between two socket clients. ATP uses exactly once (XO) and at-least-once (ALO) transactions. XO transactions are used in situations where performing the transaction more than once would be unacceptable.
Troubleshooting AppleTalk • • • • • • • • • • • • • • AppleTalk: Connections to Services Drop AppleTalk: Interface Fails to Initialize AppleTalk AppleTalk: Port Stuck in Restarting or Acquiring Mode AppleTalk Enhanced IGRP: Clients Cannot Connect to Servers AppleTalk Enhanced IGRP: Routers Not Establishing Neighbors AppleTalk Enhanced IGRP: Routes Missing from Routing Table AppleTalk Enhanced IGRP: Poor Performance AppleTalk Enhanced IGRP: Router Stuck in Active Mode AURP: Routes Not Propagated Through AU
AppleTalk Configuration and Troubleshooting Tips Preventive Action Description When you change a router or interface configuration, enable the debug apple error privileged exec command to log errors The debug apple error privileged exec command tracks the progress and status of changes in the internetwork and alerts you to any errors. You can also run this command periodically when you suspect network problems. In a stable network, this command returns no output.
Troubleshooting AppleTalk In software releases prior to Cisco IOS Release 11.0, the ping appletalk exec command serves a similar function. Use this command to verify that a node is reachable from the router (for example, ping appletalk 2.24 pings AppleTalk node 2.24). The following display shows input to and output from the user ping command: Router> ping appletalk 2.24 Type escape sequence to abort. Sending 5, 100-byte AppleTalk Echoes to 2.
AppleTalk: Users Cannot Access Zones or Services The following steps outline bringing up an interface in discovery mode: Step 1 Bring up the interface in discovery mode (using the appletalk cable-range 0-0 interface configuration command). When a router is in discovery mode, the router changes its configuration to match the advertised cable range if the advertised cable range is different from that configured on the router.
Troubleshooting AppleTalk Table 9-2 AppleTalk: Users Cannot Access Zones or Services Possible Problems Solution Configuration mismatch Step 1 Use the show appletalk interface exec command. Check the output for a “port configuration mismatch” message. If the command output contains a “mismatch” message, the router configuration disagrees with that of the listed neighbor.
AppleTalk: Users Cannot Access Zones or Services Possible Problems Solution Phase 1 and Phase 2 rule violations Step 1 Use the show appletalk globals exec command to determine whether the internetwork is in compatibility mode. Step 2 Enable the appletalk name-lookup-interval global configuration command and use the show appletalk neighbors exec command to determine which specific neighbor (by NBP1 name) is in compatibility mode.
Troubleshooting AppleTalk The following is sample output from the show appletalk interface command when a configuration mismatch exists: Ethernet 0 is up, line protocol is up AppleTalk routing disabled, Port configuration mismatch AppleTalk cable range is 4-5 AppleTalk address is 4.252, Valid AppleTalk zone is “Maison Vauquer” AppleTalk port configuration conflicts with 4.
AppleTalk: Zones Missing from Chooser As shown in Table 9-3, Forward Request packets do not exist in Phase 1. Only Phase 2 routers know what to do with them. Phase 1 routers that receive Forward Request packets simply drop them. AppleTalk: Zones Missing from Chooser Symptom: Certain zones do not appear in the Chooser. The zones are not visible from multiple networks. In some cases, when the Chooser is opened, the zone list changes.
Troubleshooting AppleTalk Possible Problems Solution Route flapping (unstable route) Excessive traffic load on internetworks with many routers can prevent some routers from sending RTMP1 updates every 10 seconds as they should. Because routers begin to age out routes after missing two consecutive RTMP updates, the inconsistent arrival of RTMP updates can result in constant route changes. Step 1 Use the show interfaces exec command to check the traffic load. Check the load for each interface.
AppleTalk: No Devices in Chooser Possible Problems Solution ZIP storm A ZIP storm occurs when a router propagates a route for which it currently has no corresponding zone name; the route is then propagated by downstream routers. Note: Cisco routers provide a firewall against ZIP storms in the internetwork. If a Cisco router receives a routing update from a neighbor, it does not propagate that new route until it receives the accompanying zone name.
Troubleshooting AppleTalk Possible Problems Solution Misconfigured access lists Step 1 Use the show appletalk access-list exec command on routers in the path from source to destination. Step 2 Disable any access lists (or just those on a particularly suspect router) using the no appletalk access-group interface configuration command. Step 3 After disabling access lists, check whether devices appear in the Chooser.
AppleTalk: Network Services Intermittently Unavailable Possible Problems Solution Route flapping (unstable route) Excessive traffic load on internetworks with many routers can prevent some routers from sending RTMP updates every 10 seconds as they should. Because routers begin to age out routes after missing two consecutive RTMP updates, the inconsistent arrival of RTMP updates can result in constant route changes. Step 1 Use the show interfaces exec command to check the traffic load.
Troubleshooting AppleTalk Possible Problems Solution Route flapping (unstable route) Turning on debug apple events will not cause apple event-logging to be maintained in nonvolatile memory. Only turning on apple event-logging explicitly will store it in nonvolatile memory. Furthermore, if apple event-logging is already enabled, turning on or off debug apple events will not affect apple event-logging.
AppleTalk: Old Zone Names Appear in Chooser (Phantom Zones) Possible Problems Solution ZIP storm Step 1 Use the show appletalk traffic command to check the field showing the number of ZIP requests: Router#sh apple traffic [...] ZIP: 44 received, 35 sent, 6 netinfo [...] Router# Compare this output with the output shown by the command 30 seconds later. Step 2 If the traffic counters for ZIP requests are incrementing very rapidly (by more than 10 every 30 seconds) a ZIP storm is probably occurring.
Troubleshooting AppleTalk Possible Problems Solution Configuration mismatch Step 1 Use the show appletalk interface exec command. Check the output for a “port configuration mismatch” message. If the command output contains a “mismatch” message, the router configuration disagrees with that of the listed neighbor. If the command output does not include the “mismatch” message, use the clear apple interface privileged exec command on the interface in question.
AppleTalk: Interface Fails to Initialize AppleTalk Possible Problems Route flapping (unstable route) Solution Excessive traffic load on internetworks with many routers can prevent some routers from sending RTMP updates every 10 seconds as they should. Because routers begin to age out routes after missing two consecutive RTMP updates, the inconsistent arrival of RTMP updates can result in constant route changes. Step 1 Use the show interfaces exec command to check the traffic load.
Troubleshooting AppleTalk Table 9-9 AppleTalk: Interface Fails to Initialize AppleTalk Possible Problems Solution Configuration mismatch Step 1 Use the show appletalk interface exec command. Check the output for a “port configuration mismatch” message. If the command output contains a “mismatch message,” the router configuration disagrees with that of the listed neighbor.
AppleTalk Enhanced IGRP: Clients Cannot Connect to Servers Possible Problems Solution Router is in discovery mode, and no seed router exists on the network Step 1 Put the router in nondiscovery mode by assigning a network number or cable range to the problem interface using the appletalk address or appletalk cable-range interface configuration command. Step 2 If the problem persists, consult your technical support representative for more assistance.
Troubleshooting AppleTalk AppleTalk Enhanced IGRP: Routers Not Establishing Neighbors Symptom: AppleTalk Enhanced IGRP routers do not establish neighbors properly. Routers that are connected do not appear in the neighbor table. Table 9-12 outlines the problems that might cause this symptom and describes solutions to those problems.
AppleTalk Enhanced IGRP: Routes Missing from Routing Table Possible Problem Solution Timer values are mismatched Step 1 Use the show appletalk eigrp neighbors exec command. Make sure that all directly connected AppleTalk Enhanced IGRP routers appear in the output. Step 2 Examine the uptime field in the show appletalk eigrp neighbors output. A continuously resetting uptime counter indicates that hello packets from the neighboring router are arriving sporadically.
Troubleshooting AppleTalk Possible Problem Solution Older version of the Cisco IOS software If problems persist, upgrade to the latest release of the Cisco IOS software. AppleTalk Enhanced IGRP: Poor Performance Symptom: Network performance in an AppleTalk Enhanced IGRP environment is poor. Connections between clients and servers are slow or unreliable. Table 9-14 outlines the problems that might cause this symptom and describes solutions to those problems.
AppleTalk Enhanced IGRP: Router Stuck in Active Mode Possible Problems Solution Active timer value is misconfigured The active timer determines the maximum period of time that an Enhanced IGRP router will wait for replies to its queries. If the active timer value is set too low, there might not be enough time for all the neighboring routers to send their replies to the Active router.
Troubleshooting AppleTalk If the Enhanced IGRP router loses the connection to a network, it becomes active for that network. The router sends out queries to all its neighbors in order to find a new route to the network. The router remains in Active mode until it has either received replies from all its neighbors or until the active timer, which determines the maximum period of time a router will stay active, has expired.
ARA: ARA Client Unable to Connect to ARA Server Note On other media, routes with no zone set are the result of other problems, such as ZIP storms. See the sections “AppleTalk: Zones Missing from Chooser” and “AppleTalk: Network Services Intermittently Unavailable” in this chapter for more information. Table 9-17 outlines the problem that might cause this symptom and describes solutions to that problem.
Troubleshooting AppleTalk Possible Problems Solution Missing arap network command entry Step 1 Use the show running-config privileged exec command to view the router configuration. If you are running Cisco IOS Release 10.2 or later, look for an arap network global configuration command entry. Step 2 Configure the arap network global configuration command to enable ARA on the router or access server.
ARA: Cannot Send or Receive Data over ARA Dialin Connection Possible Problems Solution MNP4 Link Request packets sent by client ARA stack are responded to by the serving modem instead of the ARA server Step 1 Check the version numbers of the ARA software on the client and the Cisco IOS software on the access server. If you are using ARA version 1.0 or Cisco IOS software prior to Release 10.2, it is advisable to upgrade to ARA 2.0 and Cisco IOS Release 10.2 or later. ARA 2.
Troubleshooting AppleTalk Possible Causes Suggested Actions MNP5 enabled on answering modem Step 1 Check to see whether the answering modem has MNP5 error correction enabled. Step 2 If MNP5 is enabled on the answering modem, disable it. For information on checking or changing the modem configuration, refer to the modem documentation. Step 1 Use the show appletalk route and show appletalk zones privileged exec commands to determine whether the router can see its ARA routes and zones.
C H A P TER 10 Troubleshooting IBM This chapter focuses on connectivity and performance problems associated with bridging and routing in IBM-based networks. When troubleshooting IBM-based networks, it is important to have a knowledge of Synchronous Data Link Control (SDLC) and source-route bridging (SRB). The following sections provide an overview of SDLC and SRB. SDLC IBM developed the SDLC protocol in the mid-1970s for use in Systems Network Architecture (SNA) environments.
SDLC • • Multipoint—Involves one primary and multiple secondaries. • Hub go-ahead—Involves an inbound and an outbound channel. The primary uses the outbound channel to communicate with the secondaries. The secondaries use the inbound channel to communicate with the primary. The inbound channel is daisy-chained back to the primary through each secondary. Loop—Involves a loop topology, with the primary connected to the first and last secondaries.
SRB • Supervisory (S) frames—These frames provide control information. They request and suspend transmission, report on status, and acknowledge the receipt of I frames. They do not have an information field. • Unnumbered (U) frames—These frames, as the name suggests, are not sequenced. They are used for control purposes. For example, they are used to initialize secondaries. Depending on the function of the unnumbered frame, its control field is 1 or 2 bytes.
SRB Since its initial proposal, IBM has offered a new bridging standard to the IEEE 802 committee: the source-route transparent (SRT) bridging solution. SRT bridging eliminates pure SRBs entirely, proposing that the two types of LAN bridges be transparent bridges and SRT bridges. Although SRT bridging has support, SRBs are still widely deployed. SRB Algorithm SRBs are so named because they assume that the complete source-to-destination route is placed in all inter-LAN frames sent by the source.
Frame Format • • • • First frame received Response with the minimum number of hops Response with the largest allowed frame size Various combinations of the above criteria In most cases, the path contained in the first frame received will be used. After a route is selected, it is inserted into frames destined for Host Y in the form of a routing information field (RIF). A RIF is included only in those frames destined for other LANs.
Troubleshooting IBM Troubleshooting IBM This section focuses on connectivity and performance problems associated with bridging and routing in IBM-based networks. This section covers specific IBM-related symptoms, the problems that are likely to cause each symptom, and the solutions to those problems.
Local SRB: Host Cannot Connect to Server Possible Problem Solution Ring number mismatch A router interface configured for bridging fails to insert into a ring when it detects a ring number mismatch, and posts an error message to the console. Step 1 Get the ring number (specified in hexadecimal) from IBM SRBs (either by examining the configuration of other SRBs or from the system administrator).
Troubleshooting IBM Possible Problem Solution End system does not support RIF4 Step 1 Place a network analyzer on the same ring to which the end system is connected. Step 2 Look for RIF frames sent from the end system (RIF frames have the high-order bit of the source MAC5 address set to 1). Step 3 If no RIF frames are found, the end system does not support RIF and cannot participate in source routing. If the protocol is routable, you can route the protocol or configure transparent bridging.
Local SRB: Host Cannot Connect to Server Possible Problem Solution Hop count exceeded Use the show protocol route command to check the hop count values on routers and bridges in the path. Packets that exceed the hop count are dropped. Alternatively, you can enable the debug source event privileged exec command to see whether packets are being dropped because the hop count has been exceeded. Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable.
Troubleshooting IBM Local SRB: Routing Does Not Function Symptom: Routed protocols are not forwarded properly by routers in a local SRB environment. SRBs bridge traffic normally. Table 10-2 outlines the problems that might cause this symptom and describes solutions to those problems.
RSRB: Host Cannot Connect to Server (Peers Not Open) Possible Problem Solution Missing or misconfigured source-bridge remote-peer command on the router Step 1 Use the show source-bridge exec command to check for remote peers. If the output shows that peers are open, refer to the section “RSRB: Host Cannot Connect to Server (Peers Open)” later in this chapter. Step 2 If the output shows that peers are not open, use the show running-config privileged exec command to view the router configuration.
Troubleshooting IBM Possible Problem Solution End system not generating explorer traffic Step 1 Use the show source-bridge privileged exec command to see whether the explorer count is incrementing. Step 2 If the explorer count is not incrementing, use the show running-config privileged exec command to view the router configuration. Check for a source-bridge spanning interface configuration command on the local and remote routers.
RSRB: Host Cannot Connect to Server (Peers Open) 2 FST = Fast Sequenced Transport RSRB: Host Cannot Connect to Server (Peers Open) Symptom: Hosts cannot make connections to servers across a router configured as an RSRB. The output of the show source-bridge privileged exec command shows that SRB peers are open. The following is an example of output from the show source-bridge command: ionesco#show source-bridge [...] Peers: state TCP 150.136.92.92 TCP 150.136.93.93 open [...
Troubleshooting IBM Possible Problem Solution End system misconfiguration Step 2 Check the command output for the MAC address of the workstation or server. If the MAC address is not present in the output, check the configuration of the end system. Step 3 If the problem persists, use a network analyzer to check network traffic generated by the end system. If you do not have a network analyzer, use the debug token-ring and the debug source-bridge commands.
RSRB: NetBIOS Client Cannot Connect to Server Possible Problem Solution Misconfigured T1 timers If you are not using local acknowledgment, misconfigured T1 timers can cause periodic timeouts. WAN link problem Step 1 Use a network analyzer to see how long it takes for packets to travel from one end of the network to the other. Step 2 Use a ping test to the remote router and note the round-trip delay. Compare this value with the configured T1 timer values on end systems.
Troubleshooting IBM Possible Problem Incorrect mapping of NetBIOS name cache server-to- client mapping Solution The following is an example of the show netbios-cache exec command: cantatrice#show netbios-cache HW Addr 1000.5a89.449a 1000.5a8b.14e5 1000.5a25.1b12 1000.5a25.1b12 1000.5a8c.7bb1 1000.5a8b.6c7c 1000.5a31.df39 1000.5ada.47af 1000.5a8f.
Translational Bridging: Client Cannot Connect to Server Possible Problem Solution Misconfigured source-bridge command Step 1 For each router on which NetBIOS name caching is enabled, use the show source-bridge command to obtain the version of the remote connection. The value specified should be 2 or 3. If the value is 1, connections will not get through, and you must modify your configuration.
Troubleshooting IBM Possible Problem Solution Media problem Verify the line using the show interfaces exec command. If the interface or line protocol is down, troubleshoot the media. For LAN media, refer to the chapter that covers your media type. Ethernet–to–Token Ring address mapping is misconfigured Step 1 Ethernet–to–Token Ring address mapping is misconfigured Step 2 Use the show bridge exec command to verify the existence of the Ethernet station.
Translational Bridging: Client Cannot Connect to Server Possible Problem Solution Ethernet–to–Token Ring address mapping is misconfigured Step 3 Use the show rif exec command to determine whether the target Token Ring station is visible on the internetwork. When configured for translational bridging, the router extracts the RIF of a packet received from the Token Ring network and saves it in a table. The router then transmits the packet on the Ethernet network.
Troubleshooting IBM Possible Problem Solution Cisco and non-Cisco translational bridges in parallel Step 1 Check for translational bridges in parallel with the Cisco translational bridge. If there are any parallel non-Cisco translational bridges, loops will probably be created. Step 2 Because implementing translational bridging defeats the spanning-tree mechanism of both transparent bridging and SRB environments, you must eliminate all loops caused by inserting the translational bridge.
SDLC: Router Cannot Communicate with SDLC Device Possible Problem Solution Trying to bridge protocols that embed the MAC address in the Information field of the MAC frame (such as IP ARP, Novell IPX, or AARP) If MAC addresses are embedded in the Information field of the MAC frame, bridges will be unable to read the address. Bridges will therefore be unable to forward the traffic. Media problem 1 Step 1 If you are attempting to bridge this type of protocol, route the protocol instead.
Troubleshooting IBM Possible Problem Solution Physical layer problem Note: On some Cisco platforms, such as the Cisco 7000 running a recent Cisco IOS release, the output of the show interfaces command will indicate the state of line signals. If the router is full-duplex DCE1, check for DTR2 and RTS3. If these signals are not high, proceed to Step 5. If these signals are high, the interface should be up. If it is not, contact your technical support representative.
SDLC: Router Cannot Communicate with SDLC Device Possible Problem Solution Link-layer problem (router is primary) Step 1 Use the debug sdlc privileged exec command4 to see whether the router is sending SNRMs.5 Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff.
Troubleshooting IBM Possible Problem Solution Link-layer problem (router is primary) Example: The following example prevents phase shifting of the data with respect to the clock: interface serial 0 dce-terminal-timing enable Step 5 Make sure that the device and the router are using the same signal coding (NRZ8 or NRZI9). NRZ is enabled by default on the router. To enable NRZI encoding, use the nrzi-encoding interface configuration command.
SDLC: Router Cannot Communicate with SDLC Device Possible Problem Solution Link-layer problem (router is secondary) Step 1 Use the debug sdlc privileged exec command to see whether the router is receiving SNRMs. Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff.
Troubleshooting IBM Possible Problem Solution Link-layer problem (router is secondary) Example: In the following example, serial interface 1 is configured for NRZI encoding: interface serial 1 nrzi-encoding Step 7 Try reducing the line speed to 9600 bps using the clock rate interface configuration command. Use the clock rate interface configuration command to configure the clock rate for the hardware connections on serial interfaces such as NIMs and interface processors to an acceptable bit rate.
SDLC: Client Cannot Connect to Host over Router Running SDLLC Possible Problem Solution SDLC timing problems Step 1 Place a serial analyzer on the serial line attached to the source station and monitor packets. Step 2 If duplicate packets appear, check the router configuration using the show running-config privileged exec command. Check to see whether the local-ack keyword is present in the configuration.
Troubleshooting IBM Possible Problem Solution Router not sending test frames to FEP1 Step 1 With the debug sdllc and debug llc2 packet privileged exec commands enabled on the router, check whether the router is sending test frames to the FEP. Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable. For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff.
SDLC: Client Cannot Connect to Host over Router Running SDLLC Possible Problem 2 XID not sent by router Solution Step 1 With the debug sdllc and debug llc2 packet privileged exec commands enabled on the router, check whether the router is sending XID frames to the FEP. Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable.
Troubleshooting IBM 1 2 FEP = front-end processor XID = exchange of identification Virtual Token Ring Addresses and SDLLC The sdllc traddr command specifies a virtual Token Ring MAC address for an SDLC-attached device (the device you are spoofing to look like a Token Ring device). The last two hexadecimal digits of the virtual MAC address must be 00. The router then reserves any virtual ring address that falls into the range xxxx.xxxx.xx00 to xxxx.xxxx.xxff for the SDLLC serial interface.
SDLC: Sessions Fail over Router Running STUN Possible Problem Solution Peers are not open Step 1 Use the show stun exec command to see whether the peers are open. If the peers are open, one of the other problems in this table is probably the cause. The following is sample output from the show stun command: Router# show stun This peer: 131.108.10.1 Serial0 -- 3174 Controller for test lab (group 1 [sdlc]) state rx-pkts tx-pkts drops poll 7[ 1] IF Serial1 open 20334 86440 5 8P 10[ 1] TCP 131.108.8.
Troubleshooting IBM Possible Problem Solution No reply to SNRMs or XIDs Step 1 Use the show stun command to see whether the peers are open. If the peers are not open, see the first problem in this table. Step 2 If the peers are open, use the debug stun packet privileged exec command on the remote end. Check for SNRMS or XIDs from the primary arriving as NDI packets. Step 3 If SNRMs or XIDs are not arriving, refer to the preceding problem in this table.
CIP: CLAW Connection Does Not Come Up Possible Problem Solution SDLC physical or link-layer problem Step 1 Use the show interfaces exec command on the link connecting to the primary device. Make sure that the interface and line protocol are both up. Step 2 If the interface or line protocol is not up, make sure the devices are powered up and connected correctly. Check the line to make sure it is active. Check for clocking, address misconfigurations, correct NRZ or NRZI specifications, and so forth.
Troubleshooting IBM Possible Problem Solution CIP devices not online to host Step 1 Check the mainframe to see whether the CIP devices are online to the host. Step 2 If the CIP devices are not online, vary them online. If devices do not come online, see the section “CIP: CIP Will Not Come Online to Host” later in this chapter. Step 3 Check whether the TCP/IP device has been started. Step 4 If the device has not been started, start it.
CIP: Router Cannot ping Host or Host Cannot ping Router Possible Problem 1 CHPID not online to host Solution Step 1 Make sure the Enabled LED on the CIP card is on. If it is not on, refer to the section “CIP: No Enabled LED On” earlier in this chapter. Step 2 Use the show extended channel slot/port subchannel command and check for the SIGNAL flag in the output. Step 3 If the SIGNAL flag is not present, check whether the CHPID is online to the host. If it is not, configure it to come online.
Troubleshooting IBM CIP: Host Cannot Reach Remote Networks Symptom: Mainframe host cannot access networks across a router. Table 10-17 outlines the problem that might cause this symptom and describes solutions to that problem. Table 10-17 CIP: Host Cannot Reach Remote Networks Possible Problem Solution Missing or misconfigured IP routes Step 1 If the mainframe host is unable to communicate with networks on the other side of the router, try to ping the remote network from the router.
CIP: Host Running Routed Has No Routes Possible Problem Solution RIP not properly configured on the router Step 1 Use the show running-config privileged exec command to view the router configuration. Make sure RIP is configured on the router. If RIP is not configured, configure it. Step 2 Check the configuration to see whether there are network statements for each of the networks that should be advertised in RIP updates. If they are missing, add them to the configuration.
Troubleshooting IBM 10-248 Book Title
C H A P TER 11 Troubleshooting DECnet Digital Equipment Corporation (Digital) developed the DECnet protocol family to provide a well-thought-out way for its computers to communicate with one another. The first version of DECnet, released in 1975, allowed two directly attached PDP-11 minicomputers to communicate. In more recent years, Digital has included support for nonproprietary protocols, but DECnet remains the most important of Digital’s network product offerings.
The Network Layer Figure 11-1 DNA and the OSI Reference Model OSI reference model 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Link 1 Physical DNA DNA applications DNA name service DNA session control OSI applications OSI presentation OSI session NSP, TP0, TP2, TP4 ES-IS IS-IS Connectionless (CLNP, CLNS) Connection-oriented (X.25, CMNP) Various link-access protocols As Figure 11-1 shows, DNA supports a variety of media and link implementations.
DECnet Phase IV Routing Frame Format Figure 11-2 A DNA Phase IV Routing Layer Header Field length, in bytes 1 2 2 1 Routing flags Destination node Source node Nodes traversed The first field in a DNA Phase IV routing header is the routing flags field, which includes: • • A return-to-sender bit that, if set, indicates that the packet is returning to the source. • An intraLAN bit, which is on by default.
The Network Layer Addressing DECnet addresses are not associated with the physical networks to which the nodes are connected. Instead, DECnet locates hosts using area/node address pairs. An area’s value ranges from 1 to 63, inclusive. A node address can be between 1 and 1,023, inclusive. Therefore, each area can have 1,023 nodes, and approximately 65,000 nodes can be addressed in a DECnet network. Areas can span many routers, and a single cable can support many areas.
The Transport Layer Figure 11-5 DECnet Level 1 and Level 2 Routers Level 1 router End system Level 1 router Level 2 router Level 2 router Area 10 Level 2 router Level 1 router Level 2 router Level 1 router End system Area 5 End systems send routing requests to a designated Level 1 router. The Level 1 router with the highest priority is elected to be the designated router. If two routers have the same priority, the one with the larger node number becomes the designated router.
Upper-Layer Protocols control technique, where the receiver tells the sender how many messages it can accept. NSP can also respond to congestion notifications from the network layer by reducing the number of outstanding messages it will tolerate. Upper-Layer Protocols Above the transport layer, DECnet supports its own proprietary upper-layer protocols as well as standard OSI upper-layer protocols. DECnet application protocols use the DNA session control protocol and the DNA name service.
Using DECnet in a Multiprotocol Environment Using DECnet in a Multiprotocol Environment It is important to remember that DECnet changes the MAC addresses of router interfaces. This behavior can cause problems for other protocols that are already enabled on the router.
Troubleshooting DECnet Possible Problem Solution Misconfigured end node Step 1 Check the end node configuration using the show executor characteristics NCP1 command. Step 2 Make sure that the end node type (nonrouting Phase IV, routing Phase IV, area), node address, node name, and routing and link parameters are correctly specified. Step 3 Check the circuit characteristics using the show known circuit characteristics NCP command.
DECnet: Connections to DEC Hosts Fail over Router (End Node Problem) Possible Problem Solution Unrecognized object With this problem, users see the message “connect failed, unrecognized object.” Step 1 Use the tell NCP command to determine whether the object is defined on the target node.
Troubleshooting DECnet Step 3 Use the NCP to enable event logging: $ MCR NCP NCP> SET logging MONITOR KNOWN Events NCP> DEFINE logging MONITOR KNOWN Events NCP> SET logging MONITOR STATE ON NCP> DEFINE logging MONITOR STATE ON Step 4 Exit NCP: NCP> Exit Step 5 To monitor network events from a console terminal, enter the following command at the VMS system prompt: $ REPLY/ENABLE = NETWORK (This command is equivalent to the terminal monitor privileged exec command.
DECnet: Connections to DEC Hosts Fail over Router (Router Problem) Possible Problem Solution Actual cost to the destination area is more than the configured cost Step 1 Use the show decnet interface exec command to determine the configured maximum cost to the destination area. Step 2 Use the show decnet route exec command to determine the actual cost to the destination area. Step 3 If the actual cost is more than the configured maximum cost, increase the maximum cost configured on the router.
Troubleshooting DECnet Possible Problem Solution Node address out of range Step 1 Use the show running-config privileged exec command to view router configurations. Check to see whether the decnet max-address global configuration command has been configured. This command sets the highest DECnet node number allowed in the area. Note: The decnet max-address command specifies the highest node number allowed in an area, not the maximum number of node addresses allowed in an area.
DECnet: Router or End Node Sees Incorrect Designated Router Possible Problem Solution Hello packets are not being exchanged Step 1 Use the debug decnet adj privileged exec command to determine whether the router is sending hello packets and whether hellos are being received. Step 2 Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable.
Troubleshooting DECnet Possible Problem Solution Priority of the expected designated router is not configured correctly Step 1 Use the show decnet interface exec command to determine which router is the designated router. Note the priority of the router that is shown in the command output. Step 2 If the designated router identified in the output is not the correct router, use the show decnet interface command on the expected designated router and the actual designated router.
DECnet: Routers Not Establishing Adjacencies Possible Problem Solution Adjacency between nodes is not bidirectional Step 1 Use the show decnet route exec command to see whether the adjacency with the expected designated router is in a “down” or “initializing” state. Step 2 Use the debug decnet adj privileged exec command to determine whether hello packets are being exchanged. Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable.
Troubleshooting DECnet Possible Problem Solution More than 32 routers on the network DECnet limits the number of adjacencies that can be established by a router to 32. Step 1 Enable the debug decnet events privileged exec command to determine whether the adjacency is being rejected. Enable this command on one router at a time. Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable.
DECnet: Routers Not Establishing Adjacencies Possible Problem Solution Adjacency between routers is not bidirectional Step 1 Use the show decnet route exec command to see if the adjacency with the expected designated router is in a “down” or “initializing” state. Step 2 If you are troubleshooting a nonbroadcast multiaccess network (such as Frame Relay or X.25), make sure that map statements are properly configured.
Troubleshooting DECnet DECnet: Routing Node Adjacencies Toggle Up and Down Symptom: Routing adjacencies toggle up and down. Output such as the following appears repeatedly on the DEC system console: %%%%%%%%%%% OPCOM 30-JUN-1993 1:25:07.45 %%%%%%%%%%%% Message from user DECNET on The Bay DECnet event 4.16, adjacency rejected From NODE 12.1 (The Bay), 30-JUN-1993 1:25:07.45 Circuit UNA-0, Adjacent node = 1.101 (Vax1) %%%%%%%%%%% OPCOM 30-JUN-1993 1:25:07.
DECnet: No Phase IV Connectivity over Phase V Backbone Possible Problem Solution Misconfigured addresses Step 1 Use the show interfaces command to confirm that CLNS and DECnet Phase IV are both configured on ISO CLNS backbone routers. Step 2 Make sure that the decnet conversion global configuration command is configured on backbone routers to allow DECnet Phase IV–to–ISO CLNS conversion.
Troubleshooting DECnet Table 11-8 OSI NSAP–to–DECnet Phase IV Address Conversion OSI NSAP Address (Hex) OSI Are a DECnet Address (Decimal) Phase-IV Compatible 49.1111.0012.AA00.0400.0149.20 18 18.257 Yes 49.1111.0009.AA00.0400.BC04.20 9 1.188 No—OSI area does not match the DECnet area 49.1111.0041.AA00.0400.FFFF.20 65 63.1023 No—OSI area is greater than 63 49.1111.000E.AA00.0400.0000.20 14 0.0 No—DECnet address in NSAP station ID is invalid 49.1111.0009.0800.2B05.8297.
DECnet: Poor Performance Possible Problem Solution Timer mismatch Step 1 Use the show decnet interface exec command on all routers in the network. Verify that the values configured for hello timers and routing update timers are consistent among all routers in the network. The following is example output from the show decnet interface command: C4500#show decnet interface [...
Troubleshooting DECnet 11-270 Book Title
C H A P TER 12 Troubleshooting ISO CLNS This chapter presents protocol-related troubleshooting information for International Organization for Standardization (ISO) Connectionless Network Service (CLNS) protocol connectivity and performance problems. ISO CLNS is a network layer standard that is part of the Open System Interconnection (OSI) protocol suite.
ISO CLNS Technology Basics ISO CLNS Addressing Addresses in the ISO network architecture are referred to as NSAP addresses and network entity titles (NETs). Each node in an OSI network has one or more NETs. In addition, each node has many NSAP addresses. Each NSAP address differs from one of the NETs for that node in only the last byte (see Figure 12-1). This byte is called the n-selector. Its function is similar to the port number in other protocol suites.
ISO CLNS Addressing Figure 12-2 IS-IS NSAP Addressing Structure IDP AFI DSP IDI 1 HO-DSP System ID Variable IS-IS area address 6 S 1 System address An IS-IS NSAP address is divided into two parts: an area address (AA) and a system ID. Level 2 routing uses the AA. Level 1 routing uses the system ID address. The NSAP address is laid out as follows: • • • The n-selector (S) is the last byte of the NSAP address. The system ID is found between the area address and the n-selector byte.
Troubleshooting ISO CLNS 2 47.0004 47.0005.000c.0002.0000.0231.00 3 47.0005.0003 47.0005.000c.0001.0000.1234.00 4 47.0005.000c 47.0005.000c.0004.0000.0011.00 5 47.0005 47.0005.000c.0002.0000.0231.00 Table 12-2 Hierarchical Routing Examples Datagram Destination NSAP Address Table Entry Number Used 47.0005.000c.0001.0000.3456.01 1 47.0005.000c.0001.6789.2345.01 1 47.0004.1234.1234.1234.1234.01 2 47.0005.0003.4321.4321.4321.01 3 47.0005.000c.0004.5678.5678.01 4 47.0005.0001.0005.
ISO CLNS: Host Cannot Access Hosts on Local or Remote Network Table 12-3 outlines the problems that might cause this symptom and describes solutions to those problems. Table 12-3 ISO CLNS: Host Cannot Access Hosts on Local or Remote Network Possible Problem Solution Missing or misconfigured default gateway specification Step 1 Determine whether a default gateway is specified in the adjacency table of the host attempting to make a connection.
Troubleshooting ISO CLNS Possible Problem Solution ES host is not running ES-IS5 protocol Step 1 Use the appropriate host commands to verify that an ES-IS process is running. If necessary, initiate the ES-IS process on the host. Step 2 Check the adjacency database on the host and verify that it has an entry for its directly connected router. Step 3 Use the debug clns packet privileged exec command on the Level 1 router to verify that it sees and forwards packets from the ES.
ISO CLNS: Host Cannot Access Hosts on Local or Remote Network Possible Problem Solution Router between hosts is down Step 1 Use the trace exec command to check connectivity between routers and the source ES. Step 2 If the trace fails at a router, use the show clns neighbors exec command to see which neighboring routers and ESs are recognized. Sample Display: The following is sample output from the show clns neighbors command.
Troubleshooting ISO CLNS ISO CLNS: Host Cannot Access Hosts in Same Area Symptom: Hosts cannot access other hosts in the same area. The hosts might be on the same network or they might be in a different network in the same area. Table 12-4 outlines the problems that might cause this symptom and describes solutions to those problems.
ISO CLNS: Host Cannot Access Hosts in Different Area Possible Problem Solution ES host is not running ES-IS protocol Step 1 Use the appropriate host commands to verify that an ES-IS process is running. If necessary, initiate the ES-IS process on the host. Step 2 Check the adjacency database on the host and verify that it has an entry for its directly connected router.
Troubleshooting ISO CLNS Table 12-5 ISO CLNS: Host Cannot Access Hosts in Different Area Possible Problem Solution Level 2 routers are not routing packets to the correct area Step 1 Use the trace command to verify that Level 1 routers are routing packets to the nearest Level 2 router.
ISO CLNS: Host Cannot Access Hosts in Different Area Possible Problem Solution Router between hosts is down Step 1 Use the trace exec command to check connectivity between routers and the source ES. Sample Display: The following display shows an example of ISO CLNS trace output: router# trace Protocol [ip]: clns Target CLNS address: thoth Timeout in seconds [3]: Probe count [3]: Minimum Time to Live [1]: Maximum Time to Live [30]: Type escape sequence to abort. Tracing the route to THOTH (55.0006.0100.
Troubleshooting ISO CLNS ISO CLNS: Connections Fail Using Certain Protocols Symptom: Host connections fail using certain protocols. Hosts might be able to connect to other hosts using some protocols but are unable to connect using others. Table 12-6 outlines the problems that might cause this symptom and describes solutions to those problems.
ISO CLNS: Users Cannot Make Connections over Parallel Path Possible Problem Solution Routing has not converged Step 1 Use the show clns route privileged exec command to view the CLNS routing table. Examine the table for routes listed as “possibly down.” This indicates that the routing protocol has not converged. Step 2 Wait for the routing protocol to converge. Use the show clns route command again to see whether the routes are now up.
Troubleshooting ISO CLNS ISO CLNS: Redistribution Causes Routing Problems Symptom: Route redistribution does not work properly and causes routing problems. Traffic does not get through a router that is redistributing routes between two different routing areas or domains—typically IS-IS and ISO-IGRP. Observed symptoms range from poor performance to no communication at all. Table 12-8 outlines the problems that might cause this symptom and describes solutions to those problems.
ISO CLNS: Redistribution Causes Routing Problems Possible Problem Solution Missing or misconfigured default-metric command Step 1 Use the show running-config exec command to view the router configuration. Look for a default-metric router configuration command entry. Step 2 If the default-metric router configuration command or the distance router configuration command is missing, add the appropriate version of the missing command.
Troubleshooting ISO CLNS Possible Problem Solution Redistribution feedback loop exists Redistribution between an IS-IS cloud and an ISO-IGRP cloud should be performed only at a single point. If it is not, routing information can be advertised back into one of the clouds, causing routing feedback loops.
ISO CLNS: Poor Performance Possible Problem Bridge or repeater in parallel with router Solution The following is sample output from the show clns neighbors detail command: router# show clns neighbors detail System Id SNPA Interface State Holdtime Type Protocol 000.0000.0007 aa00.0400.6408 Ethernet0 Init 291 IS ES-IS Area Address(es): 47.0005.80FF.F500.0000.0003.0020 0000.0C00.0C35 0000.0c00.0c36 Ethernet1 Up 94 L1 IS-IS Area Address(es): 47.0004.004D.0001 39.0001 0800.2B16.24EA aa00.0400.
Troubleshooting ISO CLNS 12-288 Book Title
C H A P TER 13 Troubleshooting Banyan VINES Banyan Virtual Integrated Network Service (VINES) implements a distributed network operating system based on a proprietary protocol family derived from Xerox Corporation’s Xerox Network Systems (XNS) protocols (see Chapter 14, “Troubleshooting XNS”). VINES uses a client/server architecture in which clients request certain services, such as file and printer access, from servers.
The Network Layer The Network Layer VINES uses the VINES Internetwork Protocol (VIP) to perform Layer 3 activities (including internetwork routing). VINES also supports its own Address Resolution Protocol (ARP), its own version of the Routing Information Protocol (RIP) called the Routing Table Protocol (RTP), and the Internet Control Protocol (ICP), which provides exception handling and special routing cost information. ARP, ICP, and RTP packets are encapsulated in a VIP header.
VIP Figure 13-3 The VINES Address Selection Process Broadcast any servers? 1 Client Server 1 Server 2 I’m here 2 Client I’m here Server 1 Server 2 Server 1 Server 2 Server 1, please assign me an address 3 Client Your address is Server 1, Node 8001 4 Client Server 1 Server 2 Dynamic address assignment is not unique in the industry (AppleTalk also uses this process), but it is certainly not as common as static address assignment.
The Network Layer When a VINES server receives a packet, it checks whether the packet is destined for another server or if it’s a broadcast. If the current server is the destination, the server handles the request appropriately. If another server is the destination, the current server either forwards the packet directly (if the server is a neighbor) or routes it to the next server in line. If the packet is a broadcast, the current server checks whether the packet came from the least-cost path.
RTP • Transport control—Consists of several subfields. If the packet is a broadcast packet, two subfields are provided: class (bits 1 through 3) and hop-count (bits 4 through 7). If the packet is not a broadcast packet, four subfields are provided: error, metric, redirect, and hop count. The class subfield specifies the type of node that should receive the broadcast. For this purpose, nodes are broken into various categories having to do with the type of node and the type of link the node is on.
The Transport Layer ARP ARP entities are classified as either address resolution clients or address resolution services. Address resolution clients are usually implemented in client nodes, whereas address resolution services are typically provided by service nodes. An ARP packet has an 8-byte header consisting of a 2-byte packet type, a 4-byte network number, and a 2-byte subnetwork number.
Troubleshooting Banyan VINES At Layer 7, VINES offers file-service and print-service applications, as well as StreetTalk, which provides a globally consistent name service for an entire internetwork. VINES also provides an integrated applications development environment under several operating systems, including DOS and UNIX. This development environment allows third parties to develop both clients and services that run in the VINES environment.
Troubleshooting Banyan VINES VINES: Clients Cannot Communicate with Servers over Router Symptom: Clients cannot connect to VINES servers over one or more routers. Clients might or might not be able to connect to servers on their directly connected networks. Table 13-1 outlines the problems that might cause this symptom and describes solutions to those problems.
VINES: Clients Cannot Communicate with Servers over Router Possible Problem Solution Missing vines serverless or vines arp-enable commands A network that does not have an attached server must be configured with the vines serverless broadcast and vines arp-enable router configuration commands. Note: These commands are enabled by default in Cisco IOS Release 10.3 and later. Step 1 Use the show running-config privileged exec command on routers attached to networks with no VINES servers attached.
Troubleshooting Banyan VINES VINES: Client Cannot Connect to Server over PSN Symptom: Clients cannot connect to VINES servers across a packet-switched network (PSN). Clients can connect to local VINES servers. Table 13-2 outlines the problems that might cause this symptom and describes solutions to those problems.
VINES: Client on Serverless Network Cannot Connect to Server over PSN Possible Problem Solution Address mapping error Step 1 Use the show running-config privileged exec command to view the configuration of the router. Step 2 For X.25 environments, make sure that LAN protocol-to-X.121 address mapping specified in the x25 map vines interface configuration command entries use the VINES addresses and X.121 addresses of the destination routers.
Troubleshooting Banyan VINES Possible Problem Solution Address mapping error Syntax Description: • protocol—Supported protocol, bridging, or logical link control keywords: appletalk, decnet, dlsw, ip, ipx, llc2, rsrb, vines, and xns. • protocol-address—Destination protocol address. • dlci—DLCI number used to connect to the specified protocol address on the interface. • broadcast—(Optional) IETF2 form of Frame Relay encapsulation.
C H A P TER 14 Troubleshooting XNS The Xerox Network Systems (XNS) protocols were created by Xerox Corporation in the late 1970s and early 1980s. They were designed to be used across a variety of communication media, processors, and office applications. Several XNS protocols resemble the Internet Protocol (IP) and Transmission Control Protocol (TCP), developed by the Defense Advanced Research Projects Agency (DARPA) for the U.S. Department of Defense (DoD).
The Network Layer Figure 14-1 Field length, in bytes The IDP Packet Format 2 2 1 4 6 2 4 6 2 0-546 A B C D E F G H I J Data ABCDEFGHI J- 1 Checksum Length Transport control Packet type Destination network number Destination host number Destination socket number Source network number Source host number Source socket number The fields of the IDP packet are as follows: • Checksum—A 16-bit field that helps gauge the integrity of the packet after it traverses the internetwork.
The Transport Layer multicasts deliver packets to all members of the group within the entire internetwork, whereas global broadcasts deliver packets to all internetwork addresses. One bit in the host number indicates a single versus a multicast address. All ones in the host field indicate a broadcast address. To route packets in an internetwork, XNS uses the dynamic routing scheme RIP.
Troubleshooting XNS This section covers the most common network issues in XNS environments: • • • XNS: Clients Cannot Connect to Servers over Router XNS: XNS Broadcast Packets Not Forwarded by Router XNS: Clients Cannot Connect to Server over PSN XNS: Clients Cannot Connect to Servers over Router Symptom: Clients cannot make connections to XNS servers across a router. Clients might be able to connect to servers on their directly connected networks.
XNS: Clients Cannot Connect to Servers over Router Possible Problem Solution Mismatched router network number Step 3 Compare the network numbers. If they do not match, reconfigure the router or the server, as appropriate, with the correct network number. To reconfigure the router, use the following command: xns network number The argument number is the network number, in decimal format. Every XNS interface in a system must have a unique XNS network number.
Troubleshooting XNS Possible Problem Solution Backdoor bridge between segments Step 1 Use the show xns traffic exec command to determine whether the bad hop count field is incrementing. The XNS network updates by default occur every 30 seconds: C4000#show xns traffic Rec: 3968 total, 0 format errors, 0 checksum errors, 0 bad hop count, 3968 local destination, 0 multicast [...] Step 2 If this counter is increasing, use a network analyzer to look for packet loops on suspect segments.
XNS: XNS Broadcast Packets Not Forwarded by Router XNS: XNS Broadcast Packets Not Forwarded by Router Symptom: XNS servers do not respond to broadcast requests from clients. Table 14-2 outlines the problems that might cause this symptom and describes solutions to those problems.
Troubleshooting XNS Possible Problem Solution Missing or misconfigured xns helper-address command Example: In the following example, the server at address 0000.0c00.23fe receives all broadcasts on network 51: xns helper-address 51.0000.0c00.23fe Step 4 If the command is present, make sure the MAC address specified in this command is a type of broadcast. Following is an example of an all-nets broadcast: interface ethernet 0 xns helper-address -1.ffff.ffff.
XNS: Clients Cannot Connect to Server over PSN XNS: Clients Cannot Connect to Server over PSN Symptom: Clients cannot connect to servers across a PSN. Clients can communicate with servers located on the local network. Table 14-3 outlines the problems that might cause this symptom and describes solutions to those problems.
Troubleshooting XNS Possible Problem Solution Encapsulation mismatch Syntax: encapsulation encapsulation-type Syntax Description: encapsulation-type—One of the following keywords: • atm-dxi—Asynchronous Transfer Mode-Data Exchange Interface. • bstun—Block Serial Tunnel. • frame-relay—Frame Relay (for serial interface). • hdlc—HDLC protocol for serial interface. This encapsulation method provides the synchronous framing and error detection functions of HDLC without windowing or retransmission. • lapb—X.
C H A P TER 15 Troubleshooting Serial Line Problems This chapter presents general troubleshooting information and a discussion of tools and techniques for troubleshooting serial connections.
Troubleshooting Using the show interfaces serial Command Figure 15-1 Output drops CRC errors Input errors Output of the HDLC show interface serial Command monet>show interfaces serial 0 Serial 0 is up, line protocol is up Interface status line Hardware is MCI Serial Internet address is 131.108.156.98, subnet mask is 255.255.255.
Serial Lines: show interfaces serial Status Line Conditions Status Line Condition Serial x is up, line protocol is down (DTE mode) Possible Problem Solution • Local or remote router is misconfigured Step 1 • Keepalives are not being sent by remote router • Leased-line or other carrier service problem—noisy line, or misconfigured or failed switch • Timing problem on cable (SCTE5 not set on CSU/DSU) If the line protocol comes up, a telephone company problem or a failed remote router is the likely probl
Troubleshooting Using the show interfaces serial Command Status Line Condition Possible Problem Solution Serial x is up, line protocol is down (DCE6 mode) • Missing clockrate interface configuration command Step 1 Syntax: • DTE device does not support or is not set up for SCTE mode (terminal timing) clock rate bps Syntax Description: • bps—Desired clock rate in bits per second: 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 250000, 500000, 800000, 1000000, 1300000, 20000
Serial Lines: Increasing Output Drops on Serial Link Status Line Condition Possible Problem Solution Serial x is administratively down, line protocol is down • Router configuration includes the shutdown interface configuration command Step 1 Check the router configuration for the shutdown command. Step 2 Use the no shutdown interface configuration command to remove the shutdown command.
Troubleshooting Using the show interfaces serial Command Possible Problem Solution Input rate to serial interface exceeds bandwidth available on serial link Step 1 Minimize periodic broadcast traffic such as routing and SAP1 updates by using access lists or by other means. For example, to increase the delay between SAP updates, use the ipx sap-interval interface configuration command.
Serial Lines: Increasing Input Drops on Serial Link Serial Lines: Increasing Input Drops on Serial Link Input drops appear in the output of the show interfaces serial exec command (refer to Figure 15-1) when too many packets from that interface are still being processed in the system. Symptom: Increasing number of input drops on serial link. Table 15-3 outlines the possible problem that might cause this symptom and describes solutions to that problem.
Troubleshooting Using the show interfaces serial Command Possible Problem Solution The following problems can result in this symptom: Note: Cisco strongly recommends against the use of data converters when you are connecting a router to a WAN or serial network. • Faulty telephone company equipment Step 1 Use a serial analyzer to isolate the source of the input errors. If you detect errors, it is likely that there is a hardware problem or a clock mismatch in a device that is external to the router.
Serial Lines: Troubleshooting Serial Line Input Errors Input Error Type (Field Name) Framing errors (frame) Possible Problem Solution A framing error occurs when a packet does not end on an 8-bit byte boundary for one of the following reasons: Step 1 Ensure that the line is clean enough for transmission requirements. Shield the cable if necessary. Make certain you are using the correct cable. Step 2 Make sure the cable is within the recommended length (no more than 50 feet [15.
Troubleshooting Using the show interfaces serial Command Serial Lines: Increasing Interface Resets on Serial Link Interface resets that appear in the output of the show interfaces serial exec command (see Figure 15-1) are the result of missed keepalive packets. Symptom: Increasing interface resets on serial link. Table 15-6 outlines the possible problems that might cause this symptom and describes solutions to those problems.
Using the show controllers Command Possible Problem Solution The following problems can result in this symptom: Step 1 Check hardware at both ends of the link (attach a breakout box or a serial analyzer and test to determine source of problems).
Using the show controllers Command Figure 15-2 show controllers cbus Command Output Harold>show controllers cbus Microcode Switch Processor 5, hardware version 11.1, microcode version 10.7 version Microcode loaded from system 512 Kbytes of main memory, 128 Kbytes cache memory Interface and 4 256 byte buffers, 4 1024 byte buffers, 312 1520 byte buffers 1024 byte system buffer attached cable Restarts: 0 line down, 0 hung output, 0 controller error information FSIP 0, hardware version 1.
Using the show controllers Command Figure 15-3 show controllers Command Output Maude>show controllers BRI unit 0 D Chan Info: Layer 1 is DEACTIVATED D channel is deactivated [. . .] 0 missed datagrams, 0 overruns, 0 bad frame addresses 0 bad datagram encapsulations, 0 memory errors 0 transmitter underruns B1 Chan Info: Layer 1 is DEACTIVATED B channel 1 is deactivated [. . .
Using debug Commands Figure 15-4 show controllers mci Command Output Electrical interface identified as type UNKNOWN, suggesting a hardware failure or improperly connected cable. MCI 1, controller type 1.1, microcode version 1.8 128 Kbytes of main memory, 4 Kbytes cache memory 16 system TX buffers, largest buffer size 1520 Restarts: 0 line down, 0 hung output, 0 controller error Interface 0 is Ethernet1, station address 0000.0c00.
Using Extended ping Tests • debug frame-relay events—Determines whether exchanges are occurring between a router and a Frame Relay switch. • debug ppp negotiation—Shows Point-to-Point Protocol (PPP) packets transmitted during PPP startup, where PPP options are negotiated. • debug ppp packet—Shows PPP packets being sent and received. This command displays low-level packet dumps.
Using Extended ping Tests In general, perform serial line ping tests as follows: Step 1 Put the CSU or DSU into local loopback mode. Step 2 Configure the extended ping command to send different data patterns and packet sizes. Figure 15-6 and Figure 15-7 illustrate two useful ping tests, an all-zeros 1500-byte ping and an all-ones 1500-byte ping, respectively. Step 3 Examine the show interfaces serial command output (see Figure 15-1) and determine whether input errors have increased.
Troubleshooting Clocking Problems Figure 15-7 1500 byte packet size All ones ping All-Ones 1500-Byte ping Test zounds#ping Protocol [ip]: Target IP address: 192.169.51.22 Repeat count [5]: 100 Datagram size [100]: 1500 Timeout in seconds [2]: Extended commands [n]: y Source address: 192.169.51.
Troubleshooting Clocking Problems When the DCE device uses SCTE instead of its internal clock to sample data from the DTE, it is better able to sample the data without error even if there is a phase shift in the cable between the CSU/DSU and the router. Using SCTE is highly recommended for serial transmissions faster than 64 kbps. If your CSU/DSU does not support SCTE, see the section “Inverting the Transmit Clock” later in this chapter.
Clocking Problem Solutions Aborts on one end suggests that the other end is sending bad information or that there is a line problem. Note Always refer to the show interfaces serial command output (see Figure 15-1) and log any changes in error counts or note if the error count does not change. Clocking Problem Solutions Table 15-8 outlines suggested remedies for clocking problems, based on the source of the problem.
Adjusting Buffers Inverting the Transmit Clock If you are attempting serial connections at speeds greater than 64 kbps with a CSU/DSU that does not support SCTE, you might have to invert the transmit clock on the router. Inverting the transmit clock compensates for phase shifts between the data and clock signals. The specific command used to invert the transmit clock varies between platforms. On a Cisco 7000 series router, enter the invert-transmit-clock interface configuration command.
Tuning System Buffers Tuning System Buffers There are two general buffer types on Cisco routers: hardware buffers and system buffers. Only the system buffers are directly configurable by system administrators. The hardware buffers are specifically used as the receive and transmit buffers associated with each interface and (in the absence of any special configuration) are dynamically managed by the system software itself.
Adjusting Buffers • misses identifies the number of times a buffer has been requested and the RP detected that additional buffers were required. (In other words, the number of buffers in the free list has dropped below min.) The misses counter represents the number of times the RP has been forced to create additional buffers. • trims identifies the number of buffers that the RP has trimmed from the pool when the number of buffers in the free list exceeded the number of max allowed buffers.
Implementing Hold Queue Limits Implementing Hold Queue Limits Hold queues are buffers used by each router interface to store outgoing or incoming packets. Use the hold-queue interface configuration command to increase the number of data packets queued before the router will drop packets. Increase these queues by small increments (for instance, 25%) until you no longer see drops in the show interfaces output. The default output hold queue limit is 100 packets.
Special Serial Line Tests In general, start with the default number of queues when implementing priority queues. After enabling priority queuing, monitor output drops with the show interfaces serial exec command. If you notice that output drops are occurring in the traffic queue you have specified to be high priority, increase the number of packets that can be queued (using the queue-limit keyword option of the priority-list global configuration command).
CSU and DSU Loopback Tests CSU and DSU Local Loopback Tests for HDLC or PPP Links Following is a general procedure for performing loopback tests in conjunction with built-in system diagnostic capabilities: Step 1 Place the CSU/DSU in local loop mode (refer to your vendor documentation). In local loop mode, the use of the line clock (from the T1 service) is terminated, and the DSU is forced to use the local clock.
Detailed Information on the show interfaces serial Command Figure 15-10 debug serial interface Command Output router# debug serial interface 1 missed keepalive Serial1: Serial1: Serial1: Serial1: Serial1: Serial1: Serial1: Serial1: HDLC HDLC HDLC HDLC HDLC HDLC HDLC HDLC myseq myseq myseq myseq myseq myseq myseq myseq 636119, 636120, 636121, 636122, 636123, 636124, 636125, 636126, mineseen mineseen mineseen mineseen mineseen mineseen mineseen mineseen 636119, 636120, 636121, 636122, 636123, 636124
show interfaces serial show interfaces serial To display information about a serial interface, use the show interfaces serial privileged exec command: show interfaces serial [number] [accounting] show interfaces serial [number [:channel-group] [accounting] (Cisco 4000 series) show interfaces serial [slot | port [:channel-group]] [accounting] (Cisco 7500 series) show interfaces serial [type slot | port-adapter | port] [serial] (ports on VIP cards in the Cisco 7500 series) show interfaces serial [type slot |
Detailed Information on the show interfaces serial Command Sample Displays The following is sample output from the show interfaces command for a synchronous serial interface: Router# show interfaces serial Serial 0 is up, line protocol is up Hardware is MCI Serial Internet address is 150.136.190.203, subnet mask is 255.255.255.
show interfaces serial output hang Number of hours, minutes, and seconds (or never) since the interface was last reset because of a transmission that took too long. When the number of hours in any of the last fields exceeds 24, the number of days and hours is printed. If that field overflows, asterisks are printed. Output queue, drops input queue, drops Number of packets in output and input queues.
Detailed Information on the show interfaces serial Command 15-342 Book Title bytes output Total number of bytes, including data and MAC encapsulation, transmitted by the system. underruns Number of times that the transmitter has been running faster than the router can handle. This might never be reported on some interfaces. output errors Sum of all errors that prevented the final transmission of datagrams out of the interface being examined.
C H A P TER 16 Troubleshooting Dialin Connections This chapter describes procedures for troubleshooting dialin connections.
Establishing a Reverse Telnet Session to a Modem Use the following procedure to configure a Cisco router to automatically attempt to discover what kind of modem is connected to the line and then to configure the modem: Step 1 To discover the type of modem attached to your router, use the modem autoconfigure discovery line configuration command. Step 2 When the modem is successfully discovered, configure the modem automatically using the modem autoconfigure type modem-name line configuration command.
Interpreting show line Output Step 5 After successfully making the Telnet connection, enter AT and make sure the modem replies with OK. Figure 16-1 shows a typical Hayes-compatible modem command string. Be certain to check the documentation for your specific modem to verify the exact syntax of these commands.
Interpreting show line Output Figure 16-2 show line Command Output Modem control enabled Line speed Choncie# show line 1 Tty Typ Tx/Rx 1 AUX 38400/38400 Hardware flow control enabled Modem state EXEC timeout configured Modem hardware state A Modem - inout Roty AccO AccI - Uses 0 Noise 0 Overruns 0/0 Line 1, Location: "", Type: "" Length: 24 lines, Width: 80 columns Baud rate (TX/RX) is 38400/38400, no parity, 2 stopbits, 8 databits Status: No Exit Banner Capabilities: Hardware Flowcontrol In, H
Interpreting show line Output Modem State Modem Hardware State Meaning Ready — If the modem state is Ready instead of Idle, there are three possibilities: • Modem control is not configured on the access server or router. Configure the access server or router with the modem inout line configuration command. • A session exists on the line. Use the show users exec command and use the clear line privileged exec command to stop the session if desired. • DSR is high.
Interpreting show line Output Modem State Modem Hardware State Meaning Ready CTS DSR DTR RTS There are two possibilities for the presence of the DSR string instead of the noDSR string in the Modem hardware state field: • Incorrect cabling (either rolled MDCE, or straight MDTE, but without the pins moved). See Table 16-2 for information on the recommended cabling configuration. • The modem is configured for DCD always high. Reconfigure the modem so that DCD is only high on CD.
Troubleshooting Dialin Connections Troubleshooting Dialin Connections This section presents troubleshooting information for dialin connectivity problems. It describes specific dialin connections symptoms, the problems that are likely to cause each symptom, and the solutions to those problems. Dialin: No Connectivity Between Modem and Router Symptom: The connection between a modem and a Cisco access server or router does not work.
Troubleshooting Dialin Connections Possible Causes Suggested Actions Hardware problem Step 1 Verify that you are using the correct cabling and that all connections are good. Step 2 Check all hardware for damage, including cabling (broken wires), adapters (loose pins), access server ports, and modem. Step 3 See Chapter 3, “Troubleshooting Hardware and Booting Problems,” for more information on hardware troubleshooting.
Dialin: Modem Does Not Dial Possible Causes Suggested Actions Modem hardware problem Check the modem’s physical connection. Make sure the modem is on and is connected securely to the correct port. Make sure the transmit and receive indicator lights flash when the chat script is running. No interesting packets defined Step 1 Use the show running-config privileged exec command to view the router configuration.
Troubleshooting Dialin Connections Dialin: Modem Does Not Answer Symptom: When attempting to open a dialin connection to a modem, the modem does not answer the call. Table 16-4 outlines the problems that might cause this symptom and describes solutions to those problems. Table 16-4 Dialin: Modem Does Not Answer Possible Causes Suggested Actions Incorrect cabling Step 1 Check the cabling between the modem and the access server or router.
Dialin: Modem Hangs Up Shortly After Connecting Possible Causes Suggested Actions Wrong telephone line attached to remote modem Step 1 Make sure you are using the correct telephone line. Replace the remote modem with a telephone and call again. If the phone rings, you are using the correct telephone line. Step 2 Contact the telephone company to make sure that the line is good. Step 1 Make sure the remote modem is attached to a router or other device that is asserting DTR.
Troubleshooting Dialin Connections Possible Causes Suggested Actions Modem speed setting is not locked Step 4 When you are certain the access server or router line is configured for the desired speed, initiate a reverse Telnet session to the modem on that line. For more information, see the section “Establishing a Reverse Telnet Session to a Modem” earlier in this chapter. Step 5 Use a modem command string that includes the lock DTE speed command for your modem.
Dialin: Dialin Client Receives No exec Prompt Possible Causes Suggested Actions Chat script problem Step 1 Enter the debug chat privileged exec command. If you see the output “Success” at the end of the chat script, the chat script completed successfully. Step 2 Make the timeout in the chat script longer at the point where it fails. Step 3 If the problem persists, verify that the command response to each chat script step is correct.
Troubleshooting Dialin Connections Possible Causes Suggested Actions Flow control is not enabled, is enabled only on one device (either DTE or DCE), or is misconfigured Step 2 Configure hardware flow control on the line using the flowcontrol hardware line configuration command. Example: The following example sets hardware flow control on line 7: line 7 flowcontrol hardware Note: If for some reason you cannot use flow control, limit the line speed to 9600 bps.
Dialin: Dialin Client Receives No exec Prompt Possible Causes Suggested Actions Modem speed setting is not locked Step 5 Use a modem command string that includes the lock DTE speed command for your modem. See your modem documentation for exact configuration command syntax. Note: The lock DTE speed command, which might also be referred to as port rate adjust or buffered mode, is often related to the way in which the modem handles error correction. This command varies widely from one modem to another.
Troubleshooting Dialin Connections Dialin: Dialin Session Sees “Garbage” Symptom: Attempts to establish remote dialin sessions over a modem to a Cisco access server or router return “garbage” and ultimately result in no connection to the remote site. Users might see a “Connection Closed by Foreign Host” message. Table 16-7 outlines the problems that might cause this symptom and describes solutions to those problems.
Dialin: Dialin Session Ends Up in Existing Session Possible Causes Suggested Actions Modem speed setting is not locked Step 3 Use the show line exec command again and confirm that the line speed is set to the desired value. Step 4 When you are certain that the access server or router line is configured for the desired speed, initiate a reverse Telnet session to the modem via that line. For more information, see the section “Establishing a Reverse Telnet Session to a Modem.
Troubleshooting Dialin Connections Possible Causes Suggested Actions Modem control is not enabled on the access server or router Step 1 Use the show line exec command on the access server or router. The output for the auxiliary port should show inout or RIisCD in the Modem column. This indicates that modem control is enabled on the line of the access server or router. For an explanation of the show line output, see the “Using debug Commands” section earlier in this chapter.
Dialin: Modem Cannot Send or Receive Data Possible Causes Suggested Actions Modem speed setting is not locked Step 1 Use the show line exec command on the access server or router. The output for the auxiliary port should indicate the currently configured Tx and Rx speeds. For an explanation of the output of the show line command, see the “Using debug Commands” section earlier in this chapter.
Troubleshooting Dialin Connections Possible Causes Suggested Actions Hardware flow control not configured on local or remote modem or router Step 1 Use the show line aux-line-number exec command and look for the following in the Capabilities field (see Figure 16-2): Capabilities: Hardware Flowcontrol In, Hardware Flowcontrol Out If there is no mention of hardware flow control in this field, hardware flow control is not enabled on the line.
Dialin: Modem Cannot Send or Receive IP Data Possible Causes Suggested Actions Misconfigured dialer map commands Step 1 Use the show running-config privileged exec command to view the router configuration. Check the dialer map command entries to see whether the broadcast keyword is specified. Step 2 If the keyword is missing, add it to the configuration.
Troubleshooting Dialin Connections Note For general problems associated with a modem that cannot send or receive data, refer to the section “Dialin: Modem Cannot Send or Receive Data” earlier in this chapter. Note For information on troubleshooting IP problems not specific to dialin connections, refer to Chapter 7, “Troubleshooting TCP/IP.” Table 16-10 outlines the problems that might cause this symptom and describes solutions to those problems.
Dialin: Modem Cannot Send or Receive IP Data Possible Causes Suggested Actions Hardware flow control not configured on local or remote modem or router Step 2 Configure hardware flow control on the line using the flowcontrol hardware line configuration command. To set the method of data flow control between the terminal or other serial device and the router, use the flowcontrol line configuration command. Use the no form of this command to disable flow control.
Troubleshooting Dialin Connections Possible Causes Suggested Actions Misconfigured dialer map commands Step 1 Use the show running-config privileged exec command to view the router configuration. Check the dialer map command entries to see whether the broadcast keyword is specified. Step 2 If the broadcast keyword is missing, add it to the configuration.
Dialin: Modem Cannot Send or Receive IP Data Possible Causes 1 DNS server not specified on router or workstation Suggested Actions Step 1 Check to see whether the workstation and router both have DNS information specified. On the router, use the show running-config privileged exec command to see whether DNS is configured. For information on verifying the workstation configuration, refer to the vendor documentation.
Troubleshooting Dialin Connections Dialin: Modem Cannot Send or Receive IPX Data Symptom: After a dialin connection is established, a modem cannot send or receive Novell IPX data. Note For general problems associated with a modem that cannot send or receive data, refer to the section “Dialin: Modem Cannot Send or Receive Data” earlier in this chapter. Note For information on troubleshooting Novell IPX problems not specific to dialin connections, refer to Chapter 8, “Troubleshooting Novell IPX.
Dialin: Modem Does Not Disconnect Properly Dialin: Modem Does Not Disconnect Properly Symptom: Modem does not disconnect properly. Connections to the modem do not terminate when the quit command is entered. Table 16-12 outlines the problems that might cause this symptom and describes solutions to those problems. Table 16-12 Dialin: Modem Does Not Disconnect Properly Possible Causes Suggested Actions Modem is not sensing DTR Enter the Hangup DTR modem command string.
Troubleshooting Dialin Connections Dialin: Link Goes Down Too Soon Symptom: After a dialin connection is established, the link goes down again too quickly. Table 16-13 outlines the problems that might cause this symptom and describes solutions to those problems. Table 16-13 Dialin: Link Goes Down Too Soon Possible Causes Suggested Actions Dialer timeout is too short Step 1 Use the show running-config privileged exec command to view the router configuration.
Dialin: Poor Performance Table 16-15 outlines the problems that might cause this symptom and describes solutions to those problems. Table 16-15 Dialin: Poor Performance Possible Causes Suggested Actions Error correction is not configured on the modem Make certain the modem is configured for error correction. For the exact syntax of the command, see your modem documentation.
Troubleshooting Dialin Connections Possible Causes Suggested Actions Flow control is not enabled, is enabled only on one device (either DTE or DCE), or is misconfigured Syntax Description: • none—Turns off flow control. • software—Sets software flow control. An optional keyword specifies the direction: in causes the Cisco IOS software to listen to flow control from the attached device, and out causes the software to send flow control information to the attached device.
C H A P TER 17 Troubleshooting ISDN Connections Integrated Services Digital Network (ISDN) refers to a set of digital services that are becoming available to end users. ISDN involves the digitization of the telephone network so that voice, data, text, graphics, music, video, and other source material can be provided to end users from a single end-user terminal over existing telephone wiring.
ISDN Services typically found in digital private branch exchanges (PBXs), that performs Layer 2 and 3 protocol functions and concentration services. An NT1/2 device also exists; it is a single device that combines the functions of an NT1 and an NT2. A number of reference points are specified in ISDN. These reference points define logical interfaces between functional groupings such as TAs and NT1s.
Layer 1 ISDN Primary Rate Interface (PRI) service offers 23 B channels and one D channel in North America and Japan, yielding a total bit rate of 1.544 Mbps (the PRI D channel runs at 64 kbps). ISDN PRI in Europe, Australia, and other parts of the world provides 30 B plus one 64-kbps D channel and a total interface rate of 2.048 Mbps. The PRI physical layer specification is ITU-T I.431.
Layer 2 technique ensures that only one terminal can transmit its D message at one time. After successful D message transmission, the terminal has its priority reduced by being required to detect more continuous ones before transmitting. Terminals cannot raise their priority until all other devices on the same line have had an opportunity to send a D message. Telephone connections have higher priority than all other services, and signaling information has a higher priority than nonsignaling information.
Troubleshooting ISDN Figure 17-4 ISDN Circuit-Switched Call Stages Router call Calling DTE Calling DCE Called DCE Called DTE Called router Pick up Set up Set up Set up ACK Information ding Call procee Alerting Alerting dication Ring back in Connect Pick up Connect n ck indicatio Stop ring ba Ringing Connect AC K Information Flow Information Information Flow Flow Flow Information Hang up Disconnect Disconnect Release Release Release co mplete Release co mplete Troubleshootin
Troubleshooting ISDN • • • • • ISDN: Second B Channel Comes Up Too Late ISDN: Second B Channel Comes Up Too Early ISDN: Slow Performance ISDN: Line Disconnects Too Slowly ISDN: Line Disconnects Too Quickly ISDN: Router Does Not Dial Symptom: Router configured for ISDN does not dial. Table 17-1 outlines the problems that might cause this symptom and describes solutions to those problems.
ISDN: Router Does Not Dial Possible Problem Solution No dialer group configured Step 1 Use the show running-config privileged exec command to view the router configuration. Check whether there are dialer-group interface configuration command entries present for the interface. Step 2 If the local interface does not belong to a dialer group, configure the interface as part of a dialer group by using the dialer-group group-number interface configuration command.
Troubleshooting ISDN ISDN: Dial Does Not Go Through BRI Symptom: ISDN router using a Basic Rate Interface (BRI) port successfully dials, but the call does not go through. Table 17-2 outlines the problems that might cause this symptom and describes solutions to those problems. Table 17-2 ISDN: Dial Does Not Go Through BRI Possible Problem Solution Speed setting mismatch Step 1 Use the show running-config privileged exec command to view the router configuration.
ISDN: Dial Does Not Go Through BRI Possible Problem Solution Number in use Step 1 Turn on ISDN debugging using the following privileged exec commands: C4000#debug isdn event ISDN events debugging is on C4000#debug isdn q931 ISDN Q931 packets debugging is on Caution: Because debugging output is assigned high priority in the CPU process, it can render the system unusable.
Troubleshooting ISDN Possible Problem Solution Port not attached to proper device or port Step 1 The ISDN BRI port of a router must be attached to an NT12 device. In ISDN, NT1 is a device that provides the interface between the customer premises equipment and central office switching equipment. If the router does not have an internal NT1, obtain and connect an NT1 to the BRI port. (The Cisco 1004 router has an internal NT1. An internal NT1 is optional in the Cisco 2524 and 2525 routers.
ISDN: Dial Does Not Go Through PRI ISDN: Dial Does Not Go Through PRI Symptom: ISDN router using a PRI port successfully dials, but the call does not go through. Table 17-3 outlines the problems that might cause this symptom and describes solutions to those problems. Table 17-3 ISDN: Dial Does Not Go Through PRI Possible Problem Solution Speed setting mismatch Step 1 Use the show running-config privileged exec command to view the router configuration.
Troubleshooting ISDN Possible Problem Solution Mismatched framing or linecoding Step 1 Use the show controllers t1 privileged exec command to see the framing and linecoding types currently configured on the MIP1 card. Step 2 Compare the configured framing and linecoding with those configured on the CSU2. (Refer to the vendor documentation for information on how to check the CSU configuration.) The framing and linecoding configured on the MIP card and the CSU must be the same.
ISDN: Dial Does Not Go Through PRI Possible Problem Solution Incorrect cable Step 1 Make sure you using a straight-through DB-15 cable. Step 2 If you are using any other cable, replace it with a straight-through DB-15 cable. Port not attached to proper device or port The ISDN PRI port of a router must be attached to a CSU device. If the port is not connected to a CSU, obtain a CSU and attach the PRI port to it. Layer 1 logic states hung Step 1 Check the status lights of the CSU.
Troubleshooting ISDN ISDN: No Communication with Remote Router Symptom: ISDN connection attempts are successful, but attempts to ping or otherwise communicate with the remote ISDN router interface fail. Table 17-4 outlines the problems that might cause this symptom and describes solutions to those problems. Table 17-4 ISDN: No Communication with Remote Router Possible Problem 1 CHAP misconfigured Solution Step 1 Use the debug ppp chap privileged exec command. Step 2 Try to ping the remote router.
ISDN: No Communication End-to-End Possible Problem 5 PPP encapsulation not configured on interface No route to remote network Solution Step 1 Use the show running-config privileged exec command to view the interface state. Check the output to see whether the encapsulation ppp interface configuration command is present. Step 2 If PPP encapsulation is not configured, configure the interface with the encapsulation ppp command.
Troubleshooting ISDN Table 17-5 outlines the problems that might cause this symptom and describes solutions to those problems. Table 17-5 ISDN: No Communication End-to-End Possible Problem Solution No default gateway configured on end systems Step 1 Check the configuration of local and remote end systems. Make certain that end systems are configured with a default-gateway specification. Step 2 If an end systems is not configured with a default gateway, you must configure one.
ISDN: Second B Channel Does Not Come Up Possible Problem Solution Missing or misconfigured dialer load-threshold command Step 1 Use the show running-config privileged exec command to view the router configuration. Check for a dialer load-threshold interface configuration command entry.
Troubleshooting ISDN ISDN: Second B Channel Comes Up Too Late Symptom: When using a second B channel as a backup connection to a single destination, the load on the first B channel is higher than desired before the second B channel comes up. Table 17-7 outlines the problem that might cause this symptom and describes solutions to that problem.
ISDN: Second B Channel Comes Up Too Early ISDN: Second B Channel Comes Up Too Early Symptom: When using a second B channel as a backup connection to a single destination, the second B channel comes up before the load on the first B channel is high enough. Table 17-8 outlines the problem that might cause this symptom and describes solutions to that problem.
Troubleshooting ISDN ISDN: Slow Performance Symptom: ISDN connections are successfully established and communication occurs, but performance across the link is slow. Table 17-9 outlines the problems that might cause this symptom and describes solutions to those problems.
ISDN: Line Disconnects Too Slowly ISDN: Line Disconnects Too Slowly Symptom: ISDN connections are successfully established but idle connections do not disconnect quickly enough. Table 17-10 outlines the problems that might cause this symptom and describes solutions to those problems. Table 17-10 ISDN: Line Disconnects Too Slowly Possible Problem Solution No dialer hold-queue command configured Step 1 Use the show running-config privileged exec command to view the router configuration.
Troubleshooting ISDN Possible Problem Solution dialer fast-idle time too high Step 1 Use the show running-config privileged exec command to view the router configuration. Check for a dialer fast-idle interface configuration command entry. This command does not appear in the configuration unless it has been changed from the default. Syntax: dialer fast-idle seconds The fast-idle timer is activated if there is contention for a line.
ISDN: Line Disconnects Too Quickly ISDN: Line Disconnects Too Quickly Symptom: ISDN connections are successfully established, but connections disconnect too quickly when idle. Table 17-11 outlines the problems that might cause this symptom and describes solutions to those problems. Table 17-11 ISDN: Line Disconnects Too Quickly Possible Problem Solution Misconfigured dialer idle-timeout command Step 1 Use the show running-config privileged exec command to view the router configuration.
Troubleshooting ISDN 17-396 Book Title
C H A P TER 18 Troubleshooting Frame Relay Connections Frame Relay was originally conceived as a protocol for use over ISDN interfaces. Initial proposals to this effect were submitted to the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), formerly the Consultative Committee for International Telegraph and Telephone (CCITT), in 1984.
Frame Relay Technology Basics performed at higher protocol layers. Greater performance and efficiency is therefore possible without sacrificing data integrity. Frame Relay is designed with this approach in mind. It includes a cyclic redundancy check (CRC) algorithm for detecting corrupted bits (so the data can be discarded), but it does not include any protocol mechanisms for correcting bad data (for example, by retransmitting it at this level of protocol). Another difference between Frame Relay and X.
Frame Format Figure 18-1 The Frame Relay Frame Field length, in bytes 1 2 Variable 2 1 Flags Address Data FCS Flags The 10-bit DLCI value is the heart of the Frame Relay header. It identifies the logical connection that is multiplexed into the physical channel. In the basic (not extended by the LMI) mode of addressing, DLCIs have local significance; that is, the end devices at two different ends of a connection may use a different DLCI to refer to that same connection.
Frame Relay Technology Basics LMI Message Format The previous section describes the basic Frame Relay protocol format for carrying user data frames. The consortium Frame Relay specification also includes the LMI procedures. LMI messages are sent in frames distinguished by an LMI-specific DLCI (defined in the consortium specification as DLCI = 1023). The LMI message format is shown in Figure 18–3.
Network Implementation Figure 18-4 Global Addressing Exchange San Jose Pittsburgh DLCI = 12 DLCI = 13 Router Router Switch Switch Switch Switch Switch WAN RouterRouter DLCI = 14 Los Angeles DLCI = 15 Router Atlanta In Figure 16–4, note that each interface has its own identifier. Suppose that Pittsburgh must send a frame to San Jose. The identifier for San Jose is 12, so Pittsburgh places the value 12 in the DLCI field and sends the frame into the Frame Relay network.
Troubleshooting Frame Relay Figure 18-5 A Hybrid Frame Relay Network Token Ring Router Frame Relay interface Ethernet WAN T1 MUX Non-Frame Relay interface T1 MUX Frame Relay interface Token Ring Non-Frame Relay interface PBX Router Ethernet Video/teleconference A public Frame Relay service is deployed by putting Frame Relay switching equipment in the central offices of a telecommunications carrier.
Frame Relay: Frame Relay Link Is Down Frame Relay: Frame Relay Link Is Down Symptom: Connections over a Frame Relay link fail. The output of the show interfaces serial exec command shows that the interface and line protocol are down or that the interface is up and the line protocol is down. Table 18–1 outlines the problems that might cause this symptom and describes solutions to those problems.
Troubleshooting Frame Relay Possible Problem 5 DLCI inactive or deleted DLCI assigned to wrong subinterface Solution Step 1 Use the show frame-relay pvc exec command to view the status of the interface’s PVC. Step 2 If the output shows that the PVC6 is inactive or deleted, there is a problem along the path to the remote router. Check the remote router or contact your carrier to check the status of the PVC. Step 1 Use the show frame-relay pvc privileged exec command to check the assigned DLCIs.
Frame Relay: Cannot ping Remote Router Frame Relay: Cannot ping Remote Router Symptom: Attempts to ping the remote router across a Frame Relay connection fail. Table 18–2 outlines the problems that might cause this symptom and describes solutions to those problems. Table 18-2 Frame Relay: Cannot ping Remote Router Possible Problem Solution Encapsulation mismatch Step 1 When connecting Cisco devices with non-Cisco devices, you must use IETF encapsulation on both devices.
Troubleshooting Frame Relay Possible Problem Solution frame-relay map command missing Syntax Description: • protocol—Supported protocols: AppleTalk, DECnet, IP, XNS, IPX, and VINES. • protocol-address—Address for the protocol. • dlci—DLCI number for the interface. • broadcast—(Optional) Broadcasts should be forwarded to this address when multicast is not enabled. • ietf—(Optional) IETF form of Frame Relay encapsulation.
Frame Relay: Cannot ping End-to-End Frame Relay: Cannot ping End-to-End Symptom: Attempts to ping devices on a remote network across a Frame Relay connection fail. Table 18–3 outlines the problems that might cause this symptom and describes solutions to those problems. Table 18-3 Frame Relay: Cannot ping End-to-End Possible Problem Solution Split horizon problem In a hub-and-spoke Frame Relay environment, you must configure subinterfaces in order to avoid problems with split horizon.
Troubleshooting Frame Relay 18-408 Book Title
C H A P TER 19 Troubleshooting X.25 Connections In the 1970s, a set of protocols was needed to provide users with wide-area network (WAN) connectivity across public data networks (PDNs). PDNs such as Telnet and TYMNET had achieved remarkable success, but it was felt that protocol standardization would increase subscriptions to PDNs by providing improved equipment compatibility and lower cost. The result of the ensuing development effort was a group of protocols, the most popular of which is X.25. X.
X.25 Technology Basics Figure 19-1 The X.25 Model PSN DCE DTE PSE DTE DCE PSE PSE DCE DTE PSN A DTE can be a terminal that does not implement the complete X.25 functionality. A DTE is connected to a DCE through a translation device called a packet assembler/disassembler (PAD). The operation of the terminal-to-PAD interface, the services offered by the PAD, and the interaction between the PAD and the host are defined by ITU-T Recommendations X.28, X.3, and X.29, respectively. The X.
X.25 Frame Format Figure 19-2 X.25 and the OSI Reference Model X.25 OSI Reference Model 7 6 5 Userdefined process Packetswitching network 4 3 X.25 packet level 2 X.25 frame level 1 X.25 physical level DTE Packet interface Frame interface Physical interface DTE/DCE interface DCE End-to-end communication between DTEs is accomplished through a bidirectional association called a virtual circuit.
X.25 Frame Format Figure 19-3 An X.25 Frame Packet Packet-level header Flag Frame-level control and address User data Data Layer 3 X.25 FCS Flag Layer 2 X.25 Frame Bit stream Layer 1 X.25 Layer 3 The Layer 3 X.25 header is made up of a general format identifier (GFI), a logical channel identifier (LCI), and a packet type identifier (PTI). The GFI is a 4-bit field that indicates the general format of the packet header. The LCI is a 12-bit field that identifies the virtual circuit.
Layer 2 The addressing fields that make up the X.121 address are necessary only when an SVC is used, and then only during call setup. After the call is established, the PSN uses the LCI field of the data packet header to specify the particular virtual circuit to the remote DTE. Layer 3 X.25 uses three virtual circuit operational procedures: call setup, data transfer, and call clearing. Execution of these procedures depends on the virtual circuit type being used. For a PVC, Layer 3 X.
Troubleshooting X.25 • Data—Carries upper-layer data. Its size and format vary, depending on the Layer 3 packet type. The maximum length of this field is set by agreement between a PSN administrator and the subscriber at subscription time. • FCS—Ensures the integrity of the transmitted data. Layer 1 Layer 1 X.25 uses the X.21 bis physical-layer protocol, which is roughly equivalent to EIA/TIA-232-C (formerly RS-232-C). X.21 bis was derived from ITU-T Recommendations V.24 and V.
X.25: No Connections over X.25 Link The [no] debug lapb command displays information on the X.25 Layer 2 protocol. It is useful to users who are familiar with LAPB. You can use the debug lapb command to determine why X.25 interfaces or LAPB connections are going up and down. It is also useful for identifying link problems, as evidenced when the show interfaces command displays a large number of rejects or frame errors over the X.25 link. Note Exercise care when using debug commands.
Troubleshooting X.25 Possible Problem Solution Link is down Use the show interfaces serial exec command to determine whether the link is down. If the link is down, refer to Chapter 15, “Troubleshooting Serial Line Problems.” Incorrect cabling or bad router hardware Step 1 Use the show interfaces serial exec command to determine the status of the interface. Step 2 If the interface is down, refer to Chapter 15, “Troubleshooting Serial Line Problems.
X.25: Excess Serial Errors on X.25 Link Possible Problem Solution Misconfigured x25 map command Step 1 Use the show running-config privileged exec command to view the router configuration. Look for x25 map interface configuration command entries. Step 2 Make sure that x25 map commands specify the correct address mappings. To retract a prior mapping, use the no form of the x25 map command with the appropriate network protocol(s) and X.
Troubleshooting X.25 19-418 Book Title Possible Problem Solution Incorrect cabling or bad router hardware Step 1 Use the show interfaces serial exec command to determine the status of the interface. Step 2 If the interface is down, refer to Chapter 15, “Troubleshooting Serial Line Problems.” If the interface is up but the line protocol is down, check the LAPB state in the output of the show interfaces serial command.
C H A P TER 20 Troubleshooting Transparent Bridging Environments Transparent bridges were first developed at Digital Equipment Corporation (Digital) in the early 1980s. Digital submitted its work to the Institute of Electrical and Electronic Engineers (IEEE), which incorporated the work into the IEEE 802.1 standard. Transparent bridges are very popular in Ethernet/IEEE 802.
Transparent Bridging Technology Basics Bridging Loops Without a bridge-to-bridge protocol, the transparent bridge algorithm fails when there are multiple paths of bridges and local-area networks (LANs) between any two LANs in the internetwork. Figure 20-2 illustrates such a bridging loop. Figure 20-2 Inaccurate Forwarding and Learning in Transparent Bridging Environments Host A Network 2 Bridge B Bridge A Network 1 Host B Suppose Host A sends a frame to Host B.
The Spanning-Tree Algorithm The STA uses a conclusion from graph theory as a basis for constructing a loop-free subset of the network’s topology. Graph theory states the following: “For any connected graph consisting of nodes and edges connecting pairs of nodes, there is a spanning tree of edges that maintains the connectivity of the graph but contains no loops.” Figure 20-3 illustrates how the STA eliminates loops. The STA calls for each bridge to be assigned a unique identifier.
Transparent Bridging Technology Basics Figure 20-4 A Transparent Bridge Network After STA Is Run Z V Bridge 1 Bridge 2 Bridge 3 Y W X Bridge 5 Bridge 4 V Active port Blocking port The spanning-tree calculation occurs when the bridge is powered up and whenever a topology change is detected. The calculation requires communication between the spanning-tree bridges, which is accomplished through configuration messages (sometimes called bridge protocol data units, or BPDUs).
Troubleshooting Transparent Bridging • Flag—A one-byte field, of which only the first 2 bits are used. The topology change (TC) bit signals a topology change. The topology change acknowledgment (TCA) bit is set to acknowledge receipt of a configuration message with the TC bit set. • • Root ID—Identifies the root bridge by listing its 2-byte priority followed by its 6-byte ID. • • Bridge ID—Identifies the priority and ID of the bridge sending the message.
Troubleshooting Transparent Bridging Possible Causes Suggested Actions Hardware or media problem Step 1 Use the show bridge exec command to see whether there is a connectivity problem. If there is, the output will not show any MAC1 addresses in the bridging table. Step 2 Use the show interfaces exec command to determine whether the interface and line protocol are up. Step 3 If the interface is down, troubleshoot the hardware or the media.
Transparent Bridging: No Connectivity Possible Causes Suggested Actions Input and output queues full Excessive multicast or broadcast traffic can cause input and output queues to overflow, resulting in dropped packets. Host is down Step 1 Use the show interfaces command to look for input and output drops. Drops suggest excessive traffic over the media.
Troubleshooting Transparent Bridging Transparent Bridging: Sessions Terminate Unexpectedly Symptom: Connections in a transparently bridged environment are successfully established, but sessions sometimes terminate abruptly. Table 20-2 outlines the problems that might cause this symptom and describes solutions to those problems.
Transparent Bridging: Looping and Broadcast Storms Occur Possible Causes Suggested Actions No spanning tree implemented Step 1 Examine a topology map of your internetwork to check for possible loops. Step 2 Eliminate any loops that exist or make sure that the appropriate links are in backup mode. Step 3 If broadcast storms and packet loops persist, use the show interfaces exec command to obtain input and output packet count statistics.
Troubleshooting Transparent Bridging 20-430 Book Title
C H A P TER 21 Troubleshooting ATM Switching Environments This chapter describes the Asynchronous Transfer Mode (ATM) technology on which the LightStream 2020 multiservice ATM switch (LS2020 switch) is based. ATM is a communications standard based on cell relay techniques. The next sections discuss cell relay and ATM technology. They also contrast ATM techniques with time-division multiplexing (TDM) and other packet-handling technologies.
Technologies Compared ATM contrasts with TDM in the way it allocates communications channels. In TDM, communications channels are divided into fixed periods of time called frames. The frames are divided into a fixed number of time slots of equal duration (see Figure 21-1). Each user is assigned certain time slots within each frame. As Figure 21-1 indicates, a user can be given more than one time slot in a frame.
Placing User Data into ATM Cells Figure 21-3 The OSI Reference Model Layer 6: Presentation layer Layer 6: Presentation layer Layer 5: Session layer Layer 5: Session layer Layer 4: Transport layer Layer 4: Transport layer Layer 3: Network layer Layer 3: Network layer Layer 2: Data link layer Layer 2: Data link layer Layer 1: Physical layer Layer 1: Physical layer Physical media The data link layer is concerned with data transmission between two network switches.
ATM Label Switching ATM Label Switching ATM uses label switching, a technique in which a simple label is placed in the header of each cell. The label provides information used in transporting the cell across the next hop in the network. Networks that do not use label switching usually require each packet (or cell) to contain the explicit address of the final destination. ATM uses label switching because it is simpler, thereby making faster switching possible.
Virtual Channel Connections and Virtual Paths Figure 21-5 VPI/VCI value Cell Passing Through a Boston Switch Input ports Output ports Data 5 Boston M VPI/VCI value 1 6 2 7 Data Incoming cell = Path of cell through Boston switch 3 To next ATM switch in network X Switch Outgoing cell In all cases, transporting cells through the use of label switching requires a connection.
The ATM Cell Figure 21-7 VC1 VC2 VCN VC1 VC2 VCN VC1 VC2 VCN VCCs Transported Within VPs VP1 VP2 VC1 VC2 VCN VC1 VC2 VCN VC1 VC2 VCN VP1 Physical link in public or private network VP2 VPn VPn VP=Virtual path VC=Virtual channel The ATM Cell The ATM cell is the fixed-length transmission unit defined by the ATM standard. An ATM cell contains two major types of information: the payload and the header. The payload is the information to be transferred through an ATM network.
The ATM Adaptation Layer Table 21-2 Fields in an ATM Cell Header Header Field Name Location in Header Description First 4 bits of Byte 1 Controls the flow of traffic across the user network interface and thus into the ATM network. VPI2 Second 4 bits of Byte 1 and the first 4 bits of Byte 2 Identifies a particular VPC3. A VPC is a group of virtual connections carried between two points and may involve several ATM links. VPIs provide a way to bundle traffic heading to the same destination.
The ATM Adaptation Layer When ATM cells are transferred through a network, each cell is processed in isolation from all other cells. All processing decisions are made based on the cell header; no processing of the data in the payload field occurs. Figure 21-11 shows some examples of AAL processing.
The ATM Layer The AAL is divided into two sublayers: the convergence sublayer (CS) and the segmentation and reassembly sublayer (SAR; see Figure 21-12).
Placing Cells on a Physical Transport Medium Placing Cells on a Physical Transport Medium After the data is packaged into 53-byte ATM cells, the cells are transferred to the physical layer, where they are placed on a physical transport medium, such as fiber optic cable or coaxial cable. The process of placing cells on the physical medium takes place in two sublayers: the physical medium dependent (PMD) sublayer and the transmission convergence (TC) sublayer.
Troubleshooting ATM Switching Environments Troubleshooting ATM Switching Environments This section presents troubleshooting information for connectivity and performance problems in ATM switching environments. The chapter begins with general information about checking ports, performing loopback tests, and using the ping command on a LightStream 2020 ATM switch.
Troubleshooting ATM Switching Environments Checking Bit Rates This procedure outlines the steps for determining whether the bit rate for a port is correctly configured. This procedure applies only to low-speed line cards: Step 1 Use the show port port-number all command to display information about a port. Step 2 Check the Measured Bit Rate field to ensure that the specified bit rate is legal. If the bit rate is not legal, use the set port c.p characteristics dce-bitrate-bps or set port c.
Using the ping Command Looping Trunk Ports This procedure outlines the steps for looping data through a trunk, the physical and logical connections between two LightStream 2020 trunk ports. If you know that data is not passing on a trunk between two trunk ports, follow these steps to set up a remote loop on one of the trunk ports: Step 1 Enter the set port port-number loop remote command. The port is set to testing mode and the loopback test begins automatically.
Troubleshooting ATM Switching Environments The following steps describe how to perform a ping test from a LightStream 2020 ATM switch: Step 1 Log in as root on the LightStream 2020 switch from which you want to send ICMP echo packets. Step 2 Enter the ping [packet-size] hostname command (where packet-size is the size of the packets to send and hostname is the name or IP address of the host). The packet size argument is optional. The default packet size is 64 bytes.
ATM Switching: Frame Relay Port Does Not Come Up Possible Problem Solution Framing type mismatch Step 1 Check to see whether both ends of the trunk are configured to use the same framing type (PLCP, HEC, or G.804). Enter the show port command. If there is a mismatch, the display for both ports will indicate “DS3 other failure.” Step 2 Change the framing type on one of the ports, as appropriate, using the set port c.p characteristics framing type {plcp | t3-hec | q-804} command.
Troubleshooting ATM Switching Environments Possible Problem Solution LMI1 Step 1 Use the show port port-number all command to see whether the Normal Packets Received counter is incrementing. A packet should be received every 10 seconds from the Frame Relay host. Step 2 If the counter is not incrementing, check the Discarded Received Packets statistic. If the Discarded Received Packets entry is incrementing, the packets are coming in but on a different DLCI2.
ATM Switching: Virtual Circuit Fails to Be Created Possible Problem Solution Virtual circuit not configured on both endpoints Step 1 Use the show port command to verify that the virtual circuit is configured on both endpoints. The virtual circuit must be configured on both endpoints for the circuit to be created. Step 2 If one endpoint does not have the virtual circuit configured, reconfigure the endpoint.
Troubleshooting ATM Switching Environments Possible Problem Solution Not enough bandwidth Step 1 If there is not enough bandwidth available to support the virtual circuit, the circuit cannot be created. Check the cells available attribute to determine how much bandwidth is available (that is, how much has not been allocated to other virtual circuits). Use the show port c.p all command to display all port attributes (name, status, statistics, physical, frameforward, framerelay, DLCI, VCI, PVC, VPI).
ATM Switching: Partial Data Delivered over Virtual Circuit ATM Switching: Partial Data Delivered over Virtual Circuit Symptom: Partial data is delivered over a Frame Relay, frame forwarding, UNI, or CBR virtual circuit. Table 21-7 outlines the problems that might cause this symptom and describes solutions to those problems. Table 21-7 ATM Switching: Partial Data Delivered over Virtual Circuit Possible Problem Solution Network congestion Check whether the network is congested.
Troubleshooting ATM Switching Environments 21-450 Book Title
C H A P TER 22 Troubleshooting LAN Switching Environments This chapter presents troubleshooting information for connectivity and performance problems in LAN switching environments. Troubleshooting LAN Switching Environments The sections in this chapter describe specific LAN switching symptoms, the problems that are likely to cause each symptom, and the solutions to those problems.
Troubleshooting LAN Switching Environments Possible Problem Incorrect or faulty cabling Power supply problem Hardware problem 1 Solution Step 1 Check whether the Connected LED on the LAN switch port is on. Step 2 If the LED is not on, check to make sure you are using the correct cable and that it is properly and securely attached. For example, make sure that you are not using a rolled cable where a straight-through cable is required, or vice versa. Step 3 Make sure the cable is correctly wired.
LAN Switching: Cannot Access Out-of-Band Management Possible Problem Solution Subnet mask configuration error Step 1 Check to see whether you can ping the switch from a device in the same subnet. Step 2 Check the subnet mask on the device from which you are pinging. Check the subnet mask on the LAN switch. Step 3 Determine whether the subnet mask on either device is incorrectly specified. If it is, reconfigure the switch or the device, as appropriate, with the correct subnet mask.
Troubleshooting LAN Switching Environments Possible Problem Solution Incorrect cabling Figure 22-1 A null-modem cable is needed when attaching a LAN switch directly to terminals or other stations. A straight-through cable is needed when attaching the switch to a modem. Figure 22-1 illustrates the pin connections to use when you connect the Catalyst 1600 to a terminal using a null-modem EIA/TIA-232 cable, or to a modem using a straight-through EIA/TIA-232 cable.
LAN Switching: Catalyst 1600 Does Not Forward Source-Routed Frames Possible Problem Port ring speed incorrect Solution Step 1 Make sure the port ring speed is correct for the ring connected to the port. The options are 4 Mbps and 16 Mbps. Step 2 Check the ring speed by reading the port LEDs or LCD panel. Step 3 You can change the ring speed using the TrueView Catalyst 1600 Manager or by connecting a terminal to the serial interface and using the set port ifspeed command.
Troubleshooting LAN Switching Environments Possible Problem Ring number misconfigured Solution Step 1 Check the ring number of each Token Ring switch port and make sure each port has a different ring number. Check the ring number by reading the LCD panel. Step 2 If two Catalyst 1600 devices are connected by their Token Ring switch ports, make sure the ring number is identical for both Token Ring ports.
LAN Switching: Poor Performance Possible Problem Full- or half-duplex settings incorrect Solution Step 1 Check the switch port statistics. The following steps can be performed with the use of the Cisco TrueView Catalyst 1600 Manager application.
Troubleshooting LAN Switching Environments 22-458 Book Title
C H A P TER 23 Troubleshooting CiscoWorks Problems This chapter presents troubleshooting information for problems commonly encountered when using CiscoWorks. This chapter first provides basic procedures for checking your CiscoWorks installation. It then describes specific CiscoWorks symptoms, the problems that are likely to cause each symptom, and the solutions to those problems. Symptoms, problems, and solutions are not provided for every CiscoWorks application.
Testing Basic Connectivity and Setup Step 5 Try a Management Information Base (MIB) browse of the device from the base platform. On Netview/6000, choose Tools, MIB-Browser, SNMP. On HP OpenView, choose Monitor, MIB Values, Browse MIB: SNMP. On SunNetManager, choose the device and then select a Quick Dump of SNMP. If MIB values are not returned for the device, check the documentation for your base platform and re-check the snmp-server information in the router.
CiscoWorks Environment Variables CiscoWorks Environment Variables Frequently, misconfigured environment variables cause problems in the operation of CiscoWorks. The following sections describe the default values, descriptions, and locations of CiscoWorks environment variables for each platform. Default Variable Values The following sections provide the default values assigned to the CiscoWorks environment variables for each platform.
CiscoWorks Environment Variables • • • SYBASE—/opt/CSCOcw/sybase PATH—$NMSROOT/bin, /$NMSROOT/etc, $SYBASE/bin DSQUERY—CW_SYBASE If you did not load your software in the default directories, your values should point to the locations you chose. Use the printenv UNIX command to see the current environment variable settings. For descriptions of these variables, see the section “Descriptions of Environment Variables” later in this chapter.
Troubleshooting CiscoWorks Troubleshooting CiscoWorks This section discusses troubleshooting procedures for connectivity problems related to CiscoWorks. It describes specific CiscoWorks symptoms, the problems that are likely to cause each symptom, and the solutions to those problems. CiscoWorks: No Devices in Application Window Symptom: No devices appear in the windows of CiscoWorks applications (such as Configuration Management or Configuration Snap-In Manager).
Troubleshooting CiscoWorks Table 23-3 CiscoWorks: Sybase Login Fails Possible Problem Solution Misconfigured environment Step 1 Check the environment settings for your CiscoWorks installation using the printenv command. Make sure the settings shown point to the directories where you installed CiscoWorks. Step 2 If any of these variables point at the wrong location, Sybase logins fail. Set any incorrect variables to the proper value and attempt to use the CiscoWorks application again.
CiscoWorks: Sybase Login Fails On AIX, HP-UX, and SunOS, the $SYBASE interfaces file should resemble the following: ## CW_BACKUP_SERVER on oak ## Services: ## query tcp (3001) ## master tcp (3001) CW_BACKUP_SERVER 5 5 query tcp ether oak 3001 master tcp ether oak 3001 ## CW_SYBASE on oak ## Services: ## query tcp ## master tcp (10000) (10000) CW_SYBASE 0 0 query tcp ether oak 10000 master tcp ether oak 10000 On the AIX, HP-UX, and SunOS platforms, the entries in the $SYBASE interfaces file take the foll
Troubleshooting CiscoWorks If you are using Solaris and the IP address of the management station has changed, you must recalculate the decimal-to-hexadecimal IP address specification, as shown in the following example: CW_SYBASE 0 0 query tli tcp /dev/tcp \x000207d0ab44766a0000000000000000 master tli tcp /dev/tcp \x000207d0ab44766a0000000000000000 ## 7d0 = 2000 port number ## ab = 171 ## 44 = 68 ## 76 = 118 ## 6a = 106 ## IP address = 171.68.118.
Configuration Snap-In Manager: Cannot Modify DoItNow Table 23-5 Configuration Management: Device-to-Database or Database-to-Device Does Not Run Possible Problem Solution Basic connectivity or setup problem Perform the steps outlined in the section “Testing Basic Connectivity and Setup” earlier in this chapter. TFTP problem Perform the steps outlined in the section “Testing Basic TFTP Connectivity” earlier in this chapter.
Troubleshooting CiscoWorks 23-470 Book Title
C H A P TER 24 Troubleshooting Security Implementations This chapter outlines troubleshooting information relating to security implementations. The first part of the chapter describes problems commonly encountered in Terminal Access Controller Access Control System (TACACS+) and XTACACS security implementations. The section “Recovering a Lost Password” describes password-recovery procedures for common Cisco router platforms.
Troubleshooting TACACS+ and XTACACS Table 24-1 outlines the problems that might cause this symptom and describes solutions to those problems. Table 24-1 TACACS+: Errors Unarchiving Source File Possible Problem Solution Archive file was not transferred using FTP binary (image) mode The TACACS+ archive file must be transferred using FTP binary (image) mode. FTP the tac_plus.2.1.tar file again, using binary transfer mode. From the FTP command line, enter the image command to set the image mode.
TACACS+: Daemon Not Up and Running TACACS+: Daemon Not Up and Running Symptom: The TACACS+ daemon is not running. Table 24-3 outlines the problems that might cause this symptom and describes solutions to those problems. Table 24-3 TACACS+: Daemon Not Up and Running Possible Problem Solution TACACS+ has not been launched Launch TACACS+ with the command tac_plus -C configuration filename.
Troubleshooting TACACS+ and XTACACS TACACS+: Users Cannot Log In Using TACACS+ Symptom: Users cannot log in using TACACS+. Either users cannot get the “Username” prompt or they get the prompt but authentication or authorization fails. Table 24-5 outlines the problems that might cause this symptom and describes solutions to those problems.
XTACACS: Errors Decompressing File Possible Problem Solution CHAP4 Step 1 is misconfigured Use the show running-config privileged exec command to make sure your configuration includes the following global configuration command: aaa authentication ppp default if-needed tacacs+ Step 2 If the command is not present, add it to the configuration. Step 3 In addition, check the configuration of the async interface being used. Use the show running-config privileged exec command.
Troubleshooting TACACS+ and XTACACS Possible Problem Solution Insufficient disk space Make sure there is sufficient disk space for the expanded xtacacsd.tar.z or xtacacsd.tar file. If there is not enough space on your UNIX system, free up enough disk space to accommodate decompression of the file. XTACACS requires about 350 KB. XTACACS: Cannot Compile Daemon Symptom: Attempts to compile the XTACACS daemon result in errors.
XTACACS: Slow Response from Daemon Possible Problem Solution XTACACS has not been launched Launch the XTACACS daemon with the command xtacacsd -s -l. XTACACS not specified in /etc/services file Step 1 tacacs 49/udp Step 2 xtacacsd executable does not exist Check the /etc/services file for the following line: This line must be included in the file. If the line is not present, add the line to the file. Check the directory where you installed xtacacsd for the xtacacsd file.
Troubleshooting TACACS+ and XTACACS Possible Problem Solution Missing login tacacs command Step 1 Use the show running-config privileged exec command on the router to see whether the login tacacs line configuration command is present. Step 2 If the command is not present, add the command on each line that should use XTACACS.
Recovering a Lost Password Possible Problem Solution CHAP is misconfigured Step 1 Use the show running-config privileged exec command to make sure the router is configured for CHAP authentication. The router configuration should include the following interface configuration commands for each async interface that should use CHAP authentication: encapsulation ppp ppp authentication chap ppp use-tacacs Step 2 If the commands are not present, add them to the configuration.
Recovering a Lost Password Table 24-11 Configuration Registers for Specific Cisco Platforms and Software Platform (and Software, if Applicable) Software Configuration Register Hardware Configuration Register (Jumper) Hardware Configuration Register (DIP Switch) Cisco 2000 series Yes — — Cisco 2500 series Yes — — Cisco 3000 series Yes — — Cisco 4000 series Yes — — Cisco 7000 series running Software Release 9.17(4) or later (Flash/netboot) or Cisco IOS Release 10.
Password-Recovery Procedure: Platforms Running Current Cisco IOS Releases • Cisco 7000 series routers running Software Release 9.17(4) through 9.21 from ROM Some of these platforms are configurable in software. Others require that you physically change the position of the configuration register jumper on the processor card. Figure 24-1 Figure 24–1 shows diverging paths, when necessary, to take you through the steps required for the platform and software with which you are working.
Recovering a Lost Password Step 7 Answer no to all the setup questions. Step 8 Enter the enable exec command at the Router> prompt. Step 9 Enter the show startup-config or show configuration privileged exec command to see whether your password is cleartext (is not encrypted) or if it is encrypted. Step 10 If your password is cleartext, proceed to Step 14. or If your password is encrypted, continue with Step 11.
Password-Recovery Procedure: Platforms Running Current Cisco IOS Releases The following example sets the password letmein on virtual terminal line 4: line vty 4 password letmein login Syntax: To specify a password on a line, use the password line configuration command: password password Syntax Description: • password—Character string that specifies the line password. The first character cannot be a number. The string can contain any alphanumeric characters, including spaces, up to 80 characters.
Recovering a Lost Password Step 18 Change the software configuration register to its original value by using the config-register global configuration command. You must enter 0x and then the software configuration register value that you recorded in Step 3. Using the sample value 2102, the command would be config-register 0x2102.
Password-Recovery Procedure: Platforms Running Current Cisco IOS Releases Figure 24-1 Password Recovery: Platforms Running Current Cisco IOS Releases and Recent Software Releases Troubleshooting Security Implementations 24-485
Recovering a Lost Password Lost password Platform? Cisco 2000, 2500, 3000, 4000 series; Cisco 7000 series running Software Release 9.17(4) or later (Flash/netboot) or Cisco IOS Release 10.0 or later (ROM); Cisco IGS running Software Release 9.1 or later Power cycle the router Cisco CGS, MGS, AGS, AGS+ running Software Release 9.1(7) or later; Cisco 7000 series running Software Releases 9.17(4) through 9.
Password-Recovery Procedure: Platforms Running Recent Software Releases Password-Recovery Procedure: Platforms Running Recent Software Releases The Cisco CGS, MGS, AGS, and AGS+ platforms, and Cisco 7000 series routers running software prior to Cisco IOS Release 10.0 from ROM, all have their configuration registers in hardware, so you must physically change the position of the configuration register jumper during the password-recovery process.
Recovering a Lost Password • • Password-Recovery Procedure: IGS Running Software Prior to Software Release 9.1 Password-Recovery Procedure: Cisco 500-CS Communication Server Note To complete this procedure, you must have a terminal or a personal computer (running terminal emulation software) connected to the console port of the router. Following is the password-recovery procedure for Cisco platforms running recent software releases: Step 1 Power down the router.
Password-Recovery Procedure: Platforms Running Recent Software Releases • local—(Optional) Selects local password checking. Authentication is based on the username specified with the username global configuration command. • tacacs—(Optional) Selects the TACACS-style user ID and password-checking mechanism.
Recovering a Lost Password It might be necessary to remove the processor card to gain access to the jumper. Consult your hardware documentation for complete instructions on removing and inserting the processor card if necessary. If you had to remove the processor card, reinsert it before continuing. Step 15 Power up the router. Use your new or recovered password to gain access to the router.
Password-Recovery Procedure: Platforms Running Earlier Software Releases Figure 24-2 Password Recovery: Platforms Running Earlier Software Releases Lost password Cisco CGS, MGS, AGS, AGS+ running Software Release 9.1(6) or earlier; Cisco 7000 series running Software Release 9.
Recovering a Lost Password Step 6 Enter privileged mode by issuing the enable exec command. Step 7 Enter the show configuration privileged exec command to see whether the password is cleartext (is not encrypted) or if it is encrypted. If the password is cleartext, go to Step 12. or If the password is encrypted, continue with Step 8. Step 8 If the password is encrypted, enter the configure memory privileged exec command. This writes the stored configuration into running memory.
Password-Recovery Procedure: IGS Running Software Prior to Software Release 9.1 Example: The following example removes the password from virtual terminal lines 1 to 4: line vty 1 4 no password Step 11 Use the write memory privileged exec command to write the configuration into running memory. Proceed to Step 13. Step 12 If you have lost the enable password, locate the enable-password global configuration command entry in the configuration and record the password.
Recovering a Lost Password Figure 24-3 Password Recovery: IGS Running Software Release Prior to 9.
Password-Recovery Procedure: IGS Running Software Prior to Software Release 9.1 To enable password checking at login, use the login line configuration command: login [local | tacacs] Syntax Description: • local—(Optional) Selects local password checking. Authentication is based on the username specified with the username global configuration command. • tacacs—(Optional) Selects the TACACS-style user ID and password-checking mechanism.
Recovering a Lost Password Password-Recovery Procedure: Cisco 500-CS Communication Server Lost passwords cannot be recovered from Cisco 500-CS communication servers. The only way to recover from a lost password is to return the communication server to its factory default configuration using the reset button located on the top of the case. The following procedure describes how to restore the Cisco 500-CS to its default configuration. Note When you perform this procedure, your configuration will be lost.
A P P E N D I X A Creating Core Dumps When a router crashes, it is sometimes useful to obtain a full copy of the memory image (called a core dump) to identify the cause of the crash. Core dumps are generally useful only to your technical support representative. Note Use the commands discussed in this appendix only under the direction of a technical support representative. Creating a core dump while the router is functioning in a network can disrupt network operation.
The write core Command A Core Dump Creation Example The following example configures a router to use FTP to dump a core file to the FTP server at 172.17.92.2 when it crashes: ip ftp username red ip ftp password blue exception protocol ftp exception dump 172.17.92.2 Creating an Exception Memory Core Dump During the debugging process, you can cause the router to create a core dump and reboot when certain memory size parameters are violated.
The show version Command Appendix B, “Memory Maps,” provides an example of show stacks output and memory map information that can help you determine whether a system crash was caused by a software or hardware problem. The show version Command The show version command displays the image type, version number, and function sets that identify the exact software that is running on your router. Also displayed is the current configuration register setting.
show Commands Maintenance releases are indicated by a whole number (x) within the parentheses. Each periodic maintenance release number is incremented sequentially—for example, 10.2(2), 10.2(3), 10.2(4), 10.2(5), and so on. Maintenance releases are periodic revisions of major releases. These are fully regression tested releases incorporating the most recent bug fixes.
A P P E N D I X B Memory Maps This appendix presents memory maps for selected product platforms, processors, and interface cards. Memory map information is useful for technically qualified users who understand concepts of low-level operating systems, bus structures, and address mapping in computer systems. When using this appendix, be aware of the distinct difference between program counter values and operand addresses.
Memory Maps and Troubleshooting Bus Error The system encounters a bus error when the processor tries to use a device or a memory location that either does not exist or does not respond properly. Bus errors typically indicate either a software bug or a hardware problem. The address the processor was trying to access when the system crashed provides a key as to whether the failure is due to software or hardware. If the operand address is valid, the problem is probably in the hardware.
show stacks Command Figure B-1 show stacks Command Output Showing the Software Program Counter Address ROUTER> show stacks Minimum process stacks: Free/Size Name 972/1000 env delay init 866/1000 Router Init 556/1000 Init 638/1000 RSRB Connector 1230/2000 Virtual Exec Interrupt level stacks: Level Called Free/Size 1 306611 952/1000 3 22294573 496/1000 5 2986 968/1000 Name env-flash Multiport Communications Interfaces Console UART System was restarted by error - Software forced crash, PC 0x4854E GS Softw
Memory Maps Memory Maps The following tables summarize memory map information for the various Cisco platforms: • • • • • Table B-1 describes the Cisco 1000 memory map. • Table B-7 describes the Cisco 4000 memory map; Table B-8 describes the Cisco 4000 memory map of onboard resources. • Table B-9 describes the Cisco 4500 memory map; Table B-10 describes the Cisco 4500 memory map of onboard resources. • • • • • • • Table B-11 describes the Cisco 7000 memory map.
Memory Maps Address Description Comments 00000000–0017FFFF CPU and packet memory (DRAM) 1.
Memory Maps Address Bit Width Description Comments 08000000–081FFFFF 8/16 Onboard boot EPROMs (remapped) 1 or 2 MB, when PCMCIA Flash memory card is installed Table B-4 Address Description Comments 00000000–00FFFFFF Main memory DRAM — 01000000–011FFFFF Secondary DRAM — 02000000–0201FFFF NVRAM — 02100000–02100FFF Channel B: 68302 registers — 02101000–02101FFF Channel B: 63802 RAM — 02110000 System control register 1 — 02110002 System control register 2 — 02110100 System sta
Memory Maps Table B-6 Cisco 3104 and Cisco 3204 Memory Map of Onboard Registers and Chips Address Description Comments 021000F2–021000F3 Base address register for 68302 — 021000F4–021000F7 System control register for 68302 — 02101000–021013FF System RAM for 68302 — 02101400–021017FF Parameter RAM for 68302 — 02101800–02101FFF Internal registers for 68302 — 02110000 System control register 1 — 02110002 System control register 2 — 02110004 System control register 3 — 02110006 Sy
Memory Maps Address Bit Width Description Comments 03000000–031FFFFF 2 MB — 03000000–033FFFFF 4 MB — 2 03000000–037FFFFF 8 MB — 05000000 System DRAM Upper 16 MB of 32-MB configuration Shared (I/O) memory 8-, 16-, 32-bit unaligned access supported; 1–16 MB 06000000–060FFFFF 1 MB — 06000000–063FFFFF 4 MB — 06000000–067FFFFF 8 MB — 04000000–05FFFFFF Undefined — 07000000–07FFFFFF Undefined — 06000000–06FFFFFF 32 08000000–08FFFFFF 32 I/O expansion NIM slots 08000000–080FF
Memory Maps Table B-9 Cisco 4500 Memory Map Address Bit Width Description Comments 60000000–61FFFFFF 64 System DRAM Capable of 8- to 64-bit access, cached 60000000–607FFFFF 8 MB — 60000000–60FFFFFF 16 MB — 60000000–61FFFFFF 32 MB — Boot EPROM — BFC00000–BFC1FFFF 128 KB — BFC00000–BFC7FFFF 512 KB — BFC00000–BFC7FFFF 8 3E000000–3EFFFFFF 8 Onboard resources — 30000000–30FFFFFF 32 System Flash memory EPROM — 30000000–303FFFFF 4 MB — 30000000–307FFFFF 8 MB — 30000000–3
Memory Maps Address Description Comments 11120200 Environmental monitor control 16 bits 11120300 Environmental monitor status 32 bits 11130000 Diagnostic bus — 11131000 ID PROM — 11140000 NVRAM — 1115FC00 Environmental monitor NVRAM base address — 1115FFFF Real time calendar bit — 11200000–11FFFFFF Reserved 14 MB reserved 12000000 Onboard Flash memory — 14000000 External Flash memory — Table B-12 B-512 Book Title Cisco 7200 Series (NPE-150) Memory Map–Hardware Memory Ba
Memory Maps Memory Base Memory Limit Size Device 0x0 4B80 0000 0x0 4B8F FFFF 1 MB PCI PM, first 1M, byte swap 0x0 4B90 0000 0x0 4BFF FFFF 7 MB PCI PM, larger PM, byte swap (reserved) 0x0 4C00 0000 0x0 4C0F FFFF 1 MB PCI Alias PM, first 1M, no byte swap 0x0 4C10 0000 0x0 4C7F FFFF 7 MB PCI Alias PM, larger PM, no swap (reserved) 0x0 4C80 0000 0x0 4C8F FFFF 1 MB PCI Alias PM, first 1M, byte swap 0x0 4C90 0000 0x0 4CFF FFFF 7 MB PCI Alias PM, larger PM, byte swap (reserved) 0x0 4D0
Memory Maps Address Description Comments 000000–3FFFFF ROM 4 MB or less 400000–407FFF EEPROM (NVRAM) 32 KB 420000–427FFF LCD registers (not used) — 428000–42FFFF Future hardware — 430000–440000 Reserved — 460000–460004 LANCE registers Ethernet controller registers 500000–50007F Octal UART 0 — 500400–50047F Octal UART 1 — 600000–7FFFFF Onboard RAM — 800000–BFFFFF 2-MB SIMM expansion — 800000–FFFFFF 8-MB SIMM expansion — Table B-15 RP/Cisco 7000 Series Memory Map Address
Memory Maps Address Bit Width Description Comments 11131000 ID PROM — 11140000 NVRAM — 1115FC00 Environmental monitor NVRAM base address — Real time calendar bit 1 bit (bit 0) 11200000–11FFFFFF Reserved 14 MB reserved 12000000 Onboard Flash memory — 14000000 External Flash memory — 1115FFFF Table B-16 1 RSP Memory Map Address Bit Width Description 80000000–FFFFFFFF Available for expansion 60000000–77FFFFFF Main memory Common 40000000–5FFFFFFF Packet memory canonical addr
Memory Maps Address Slot 4 EA0000 Slot 5 EC0000 Slot 6 EE0000 Slot 7 F00000 Slot 8 F20000 Slot 9 F40000 Slot 10 F60000 Slot 11 F80000 Slot 12 Multibus Memory Space Assignment Address Description Comments 20000000–2000FFFF Memory card 64 KB 20010000–2002FFFF CSC-R16 card Unit 0 address, 128 KB 20030000–2004FFFF CSC-R16 card Unit 1 address, 128 KB 20050000–2006FFFF CSC-R16 card Unit 2 address, 128 KB 20070000–2008FFFF CSC-R16 card Unit 3 address, 128 KB 20090000–200AFFFF
Memory Maps Address Description Size (in Hex) Comments 201000B2 CSC-R16M card 2 Unit 1 201000B4 CSC-R16M card 2 Unit 2 201000B6 CSC-R16M card 2 Unit 3 201000B8 CSC-R16M card 2 Unit 4 201000BA CSC-R16M card 2 Unit 5 201000BC CSC-R16M card 2 Unit 6 201000BE CSC-R16M card 2 Unit 7 201000C0 MLP 20 Unit 0 201000E0 MLP 20 Unit 1 20100100 3 MB 100 Unit 0 20100200 3 MB 100 Unit 1 20100300 3 MB 100 Unit 2 20100400 3 MB 100 Unit 3 20100500 Interlan 10 Unit 0
Memory Maps Address Description Size (in Hex) Comments 2010C0C0 CSC-MCI card 40 Unit 3 2010C100 CSC-MCI card 40 Unit 4 2010C140 CSC-MCI card 40 Unit 5 2010C180 CSC-MCI card 40 Unit 6 2010D000–2010 FFFF Unused — — Table B-19 CSC/3 Memory Map Address Description Comments 00000000–003FFFFF RAM — 01000000–0107FFFF ROML — 0108FFFF–010FFFFF ROMH — 02000000–020FFFFF Multibus memory — 02100000–0210FFFF Multibus I/O — 02110000–02110001 16 System control register — 021
Memory Maps Address Description Comments 20B0000–20BFFFF Multibus NVRAM (CSC/2, CSC/3, CSC/4 cards) Cards with 32 KB RAM only go through 0x20B7FFF. 2040000–20405FF CSC-16 card asynchronous lines (CSC/2, CSC/3, CSC/4 cards) Each UART1 is 0x20 bytes; there are two lines per UART. 2010000–20AFFFF Shared memory on CSC-R16 cards Units 0–4. Each card has 0x20000 bytes of memory.
Memory Maps Address B-520 Book Title Bit Width Description Comments 00000000–00FFFFFF RAM — 01000000–013FFFFF ROML — 01400000–017FFFFF ROMH — 02000000–020FFFFF Multibus memory — 02100000–0210FFFF Multibus I/O — 02110000–02110001 16 System control register — 02110100–02110103 32 System status register — 02120000 8 Counter timer — 02120040 8 Counter control register — 02120100–0212013F Serial ports — 020B0000–020B7FFF NVRAM Over Multibus
A P P E N D I X C Technical Support Information When you have a problem that you cannot resolve, the resource of last resort is your Cisco Systems technical support representative. To analyze a problem, your technical support representative will need certain information about the situation and the symptoms you are experiencing. To speed the problem isolation and resolution process, present this data when you contact your representative.
Gathering Information About Your Internetwork • Output from general show commands: show interfaces show controllers show processes {cpu | mem} show buffer show mem summary • Output from protocol-specific show commands: show protocol route show protocol traffic show protocol interfaces show protocol arp show appletalk globals (AppleTalk only) show ipx servers (Novell IPX only) • • • • Output from relevant debug privileged exec commands Output from protocol-specific ping and trace diagnostic tests, as a
Remote Console Port and Auxiliary Port Access Remote Console Port and Auxiliary Port Access You can access a router from a remote location without a router being connected to a network by dialing directly to the console or auxiliary port on a router. In general, the console port is recommended because it displays router startup messages, whereas the auxiliary port does not provide this information.
Providing Data to Your Technical Support Representative In order to use the router’s auxiliary port for remote access, you must include several configuration commands. The required commands are as follows: line aux 0 modem inout If you are using software prior to Cisco IOS 11.1, set the modem options as specified for the console port. If you are using Cisco IOS 11.
CCO Troubleshooting Services Available 24 hours a day, seven days a week, CCO provides a wealth of standard and value-added services to Cisco’s customers and business partners. CCO services include product information, software updates, release notes, technical tips, the Bug Navigator, the Troubleshooting Engine, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO C-526 Book Title
A P P E N D I X E Troubleshooting Worksheets To isolate problems in your internetwork, you must first compile all the relevant facts and then methodically address each suspect problem. The following troubleshooting worksheets can help you in this process. Use these worksheets as guidelines to assist you in developing your own worksheets—worksheets tailored to your own internetworking environment.
1 Symptoms reported: 2 Network topology map—attach separate sheet(s) 3 Network protocols implemented: 4 Protocols routed: 5 Protocols bridged: E-530 Book Title
6 Points of contact to external networks: 7 Internetwork equipment (including network address, vendor, model, and function): 8 Suspect end system and internetwork nodes (including network address, vendor, model, and function): 9 Applications being used on the network (FTP, sendmail, NFS, NetWare, and so forth): 10 Symptoms and possible problems: Symptom Possible Problems Troubleshooting Worksheets E-531
Symptom Possible Problems 11 Action plan for each problem: Problem E-532 Action Plan Book Title
Problem Action Plan 12 Action outcomes: Problem Action Result/Outcome Troubleshooting Worksheets E-533
Problem E-534 Action Book Title Result/Outcome
