Troubleshooting Guide
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: Safety messages
- Chapter 3: New in this document
- Chapter 4: Data collection required for Technical Support cases
- Chapter 5: Troubleshooting planning fundamentals
- Chapter 6: Troubleshooting fundamentals
- Chapter 7: Troubleshooting tool fundamentals
- Chapter 8: Log and trap fundamentals
- Chapter 9: Log configuration using ACLI
- Configuring a UNIX system log and syslog host
- Configuring secure forwarding
- Installing root certificate for syslog client
- Configuring logging
- Configuring the remote host address for log transfer
- Configuring system logging to external storage
- Configuring system message control
- Extending system message control
- Viewing logs
- Configuring ACLI logging
- Chapter 10: Log configuration using EDM
- Chapter 11: SNMP trap configuration using ACLI
- Chapter 12: SNMP trap configuration using EDM
- Chapter 13: Traps reference
- Chapter 14: Hardware troubleshooting
- Chapter 15: Software troubleshooting
- Chapter 16: Software troubleshooting tool configuration using ACLI
- Using ACLI for troubleshooting
- Using software record dumps
- Using trace to diagnose problems
- Using trace to diagnose IPv6 problems
- Viewing and deleting debug files
- Configuring port mirroring
- Configuring global mirroring actions with an ACL
- Configuring ACE actions to mirror
- Clearing ARP information for an interface
- Flushing routing, MAC, and ARP tables for an interface
- Pinging an IP device
- Running a traceroute test
- Showing SNMP logs
- Using trace to examine IS-IS control packets
- Viewing the metric type of IS-IS route in TLVs – detailed
- Viewing the metric type of IS-IS route in TLVs – summarized
- Chapter 17: Software troubleshooting tool configuration using EDM
- Chapter 18: Layer 1 troubleshooting
- Chapter 19: Operations and Management
- CFM fundamentals
- CFM configuration using ACLI
- Autogenerated CFM
- Configuring explicit mode CFM
- Displaying SPBM nodal configuration
- Configuring simplified CFM SPBM
- Triggering a loopback test (LBM)
- Triggering linktrace (LTM)
- Triggering a Layer 2 ping
- Triggering a Layer 2 traceroute
- Triggering a Layer 2 tracetree
- Triggering a Layer 2 tracemroute
- Using trace CFM to diagnose problems
- Using trace SPBM to diagnose problems
- CFM configuration using EDM
- Autogenerated CFM
- Configuring explicit CFM
- Configuring Layer 2 ping
- Initiating a Layer 2 traceroute
- Viewing Layer 2 traceroute results
- Configuring Layer 2 IP ping
- Viewing Layer 2 IP Ping results
- Configuring Layer 2 IP traceroute
- Viewing Layer 2 IP traceroute results
- Triggering a loopback test
- Triggering linktrace
- Viewing linktrace results
- Configuring Layer 2 tracetree
- Viewing Layer 2 tracetree results
- Configuring Layer 2 trace multicast route on a VLAN
- Configuring Layer 2 tracemroute on a VRF
- Viewing Layer 2 trace multicast route results
- CFM configuration example
- Chapter 20: Upper layer troubleshooting
- Troubleshooting SNMP
- Troubleshooting DHCP
- Troubleshooting DHCP Relay
- Troubleshooting client connection to the DHCP server
- Troubleshooting IPv6 DHCP Relay
- IPv6 DHCP Relay switch side troubleshooting
- IPv6 DHCP Relay server side troubleshooting
- IPv6 DHCP Relay client side troubleshooting
- Enabling trace messages for IPv6 DHCP Relay
- Troubleshooting IPv6 VRRP
- VRRP transitions
- Enabling trace messages for IPv6 VRRP troubleshooting
- Risks associated with enabling trace messages
- VRRP with higher priority running as backup
- Downgrading or upgrading from releases that support different key sizes
- Troubleshooting IPv6 connectivity loss
- Troubleshooting TACACS+
- Troubleshooting RSMLT
- Chapter 21: Unicast routing troubleshooting
- Chapter 22: Multicast troubleshooting
- Chapter 23: Multicast routing troubleshooting using ACLI
- Viewing IGMP interface information
- Viewing multicast group trace information for IGMP snoop
- Viewing IGMP group information
- Showing the hardware resource usage
- Using PIM debugging commands
- Determining the protocol configured on the added VLAN
- Determining the data stream learned with IP Multicast over Fabric Connect on the VLAN
- Displaying the SPBM multicast database
- Troubleshooting IP Multicast over Fabric Connect for Layer 2 VSNs
- Troubleshooting IP Multicast over Fabric Connect for Layer 3 VSNs
- Troubleshooting IP Multicast over Fabric Connect for IP Shortcuts
- Defining the IS-IS trace flag for IP multicast
- Chapter 24: Multicast routing troubleshooting using EDM
- Viewing IGMP interface information
- Viewing IGMP snoop trace information
- Viewing IGMP group information
- Viewing multicast group sources
- Viewing multicast routes by egress VLAN
- Enabling multicast routing process statistics
- Determining the data stream learned when IP Multicast over Fabric Connect is configured on the VLAN
- Showing the SPBM multicast database
- Chapter 25: Transparent Port UNI feature troubleshooting using ACLI
- Chapter 26: Troubleshooting MACsec
- Chapter 27: Troubleshooting MACsec using EDM
- Chapter 28: Troubleshooting Fabric Attach
- Troubleshooting Fabric Attach using the ACLI
- Troubleshooting Fabric Attach using the EDM
- Fabric Attach troubleshooting example
Parameter Description
pass-auth Specifies if password authentication is enabled or
disabled. The default is enabled.
enable Specifies if SSH secure mode is enabled. False is
disabled. Secure is enabled.
Unable to log on by any means (Telnet, rlogin, or SSH)
If you cannot log on by any means, perform the following steps.
Procedure
1. Check whether the TACACS+ server runs properly and try to restart the TACACS+ server.
2. Check whether you enabled both TACACS+ and RADIUS on the switch.
show radius
show tacacs
If TACACS+ fails, RADIUS can take over the authentication, authorization, and accounting
(AAA) process.
3. Check whether you configured the TACACS+ server to unencrypted mode, as the switch
always sends encrypted TACACS+ messages.
4. Check whether you configured the switch properly. In particular, check the IP address and
key.
show tacacs
5. Check whether you configured the encryption key, connection mode (single connection or
per-session connection), and TCP port number the same on the TACACS+ server and
switch.
6. If the server connects directly, check whether the administrative and operation status of the
port is up:
show interface gigabitethernet {slot/port[/sub-port][-slot/port[/
sub-port]][,...]}
7. If the server is connected in a network, check whether the switch has a route configured to
the server network:
show ip route
Example
Check whether you enabled both TACACS+ and RADIUS on the switch:
Switch:1>enable
Switch:1(config)#show tacacs
Global Status:
Upper layer troubleshooting
January 2017 Troubleshooting 242
Comments on this document? infodev@avaya.com