Troubleshooting Guide
Table Of Contents
- Contents
- Chapter 1: Introduction
- Chapter 2: Safety messages
- Chapter 3: New in this document
- Chapter 4: Data collection required for Technical Support cases
- Chapter 5: Troubleshooting planning fundamentals
- Chapter 6: Troubleshooting fundamentals
- Chapter 7: Troubleshooting tool fundamentals
- Chapter 8: Log and trap fundamentals
- Chapter 9: Log configuration using ACLI
- Configuring a UNIX system log and syslog host
- Configuring secure forwarding
- Installing root certificate for syslog client
- Configuring logging
- Configuring the remote host address for log transfer
- Configuring system logging to external storage
- Configuring system message control
- Extending system message control
- Viewing logs
- Configuring ACLI logging
- Chapter 10: Log configuration using EDM
- Chapter 11: SNMP trap configuration using ACLI
- Chapter 12: SNMP trap configuration using EDM
- Chapter 13: Traps reference
- Chapter 14: Hardware troubleshooting
- Chapter 15: Software troubleshooting
- Chapter 16: Software troubleshooting tool configuration using ACLI
- Using ACLI for troubleshooting
- Using software record dumps
- Using trace to diagnose problems
- Using trace to diagnose IPv6 problems
- Viewing and deleting debug files
- Configuring port mirroring
- Configuring global mirroring actions with an ACL
- Configuring ACE actions to mirror
- Clearing ARP information for an interface
- Flushing routing, MAC, and ARP tables for an interface
- Pinging an IP device
- Running a traceroute test
- Showing SNMP logs
- Using trace to examine IS-IS control packets
- Viewing the metric type of IS-IS route in TLVs – detailed
- Viewing the metric type of IS-IS route in TLVs – summarized
- Chapter 17: Software troubleshooting tool configuration using EDM
- Chapter 18: Layer 1 troubleshooting
- Chapter 19: Operations and Management
- CFM fundamentals
- CFM configuration using ACLI
- Autogenerated CFM
- Configuring explicit mode CFM
- Displaying SPBM nodal configuration
- Configuring simplified CFM SPBM
- Triggering a loopback test (LBM)
- Triggering linktrace (LTM)
- Triggering a Layer 2 ping
- Triggering a Layer 2 traceroute
- Triggering a Layer 2 tracetree
- Triggering a Layer 2 tracemroute
- Using trace CFM to diagnose problems
- Using trace SPBM to diagnose problems
- CFM configuration using EDM
- Autogenerated CFM
- Configuring explicit CFM
- Configuring Layer 2 ping
- Initiating a Layer 2 traceroute
- Viewing Layer 2 traceroute results
- Configuring Layer 2 IP ping
- Viewing Layer 2 IP Ping results
- Configuring Layer 2 IP traceroute
- Viewing Layer 2 IP traceroute results
- Triggering a loopback test
- Triggering linktrace
- Viewing linktrace results
- Configuring Layer 2 tracetree
- Viewing Layer 2 tracetree results
- Configuring Layer 2 trace multicast route on a VLAN
- Configuring Layer 2 tracemroute on a VRF
- Viewing Layer 2 trace multicast route results
- CFM configuration example
- Chapter 20: Upper layer troubleshooting
- Troubleshooting SNMP
- Troubleshooting DHCP
- Troubleshooting DHCP Relay
- Troubleshooting client connection to the DHCP server
- Troubleshooting IPv6 DHCP Relay
- IPv6 DHCP Relay switch side troubleshooting
- IPv6 DHCP Relay server side troubleshooting
- IPv6 DHCP Relay client side troubleshooting
- Enabling trace messages for IPv6 DHCP Relay
- Troubleshooting IPv6 VRRP
- VRRP transitions
- Enabling trace messages for IPv6 VRRP troubleshooting
- Risks associated with enabling trace messages
- VRRP with higher priority running as backup
- Downgrading or upgrading from releases that support different key sizes
- Troubleshooting IPv6 connectivity loss
- Troubleshooting TACACS+
- Troubleshooting RSMLT
- Chapter 21: Unicast routing troubleshooting
- Chapter 22: Multicast troubleshooting
- Chapter 23: Multicast routing troubleshooting using ACLI
- Viewing IGMP interface information
- Viewing multicast group trace information for IGMP snoop
- Viewing IGMP group information
- Showing the hardware resource usage
- Using PIM debugging commands
- Determining the protocol configured on the added VLAN
- Determining the data stream learned with IP Multicast over Fabric Connect on the VLAN
- Displaying the SPBM multicast database
- Troubleshooting IP Multicast over Fabric Connect for Layer 2 VSNs
- Troubleshooting IP Multicast over Fabric Connect for Layer 3 VSNs
- Troubleshooting IP Multicast over Fabric Connect for IP Shortcuts
- Defining the IS-IS trace flag for IP multicast
- Chapter 24: Multicast routing troubleshooting using EDM
- Viewing IGMP interface information
- Viewing IGMP snoop trace information
- Viewing IGMP group information
- Viewing multicast group sources
- Viewing multicast routes by egress VLAN
- Enabling multicast routing process statistics
- Determining the data stream learned when IP Multicast over Fabric Connect is configured on the VLAN
- Showing the SPBM multicast database
- Chapter 25: Transparent Port UNI feature troubleshooting using ACLI
- Chapter 26: Troubleshooting MACsec
- Chapter 27: Troubleshooting MACsec using EDM
- Chapter 28: Troubleshooting Fabric Attach
- Troubleshooting Fabric Attach using the ACLI
- Troubleshooting Fabric Attach using the EDM
- Fabric Attach troubleshooting example
To modify a port mirroring instance, first disable the instance. Also, to change a port or MLT entry,
first remove whichever parameter is attached to the entry, and then add the required entry.
ACLs, ACEs, and port mirroring
You can configure an ACL or an ACE to perform the mirroring operation. To do so, you can
configure the ACL global action to mirror, or you can configure the ACE action to mirror. If you use
the global action, mirroring applies to all ACEs that match in an ACL.
To decouple flow-based mirrors from port-based mirrors, ACEs use a parameter called mirror, which
you can configure to specific mirror to MLT ID, VLAN, port, or port list.
You can use filters to reduce the amount of mirrored traffic. To use filters with port mirroring, you
must use an ACL-based filter. Apply an ACL to the mirrored port in the egress and ingress
directions. Traffic patterns that match the ACL or ACE with an action of permit are forwarded to the
destination and also to the mirroring port. Traffic patterns that match an ACE with an action of drop
(deny) are not forwarded to the destination, but still reach the mirroring port For example, for an ACL
or ACE with a match action of permit and debug mirroring enabled, packets are mirrored to the
specified mirroring destination on the ACE. If you enable a port or VLAN filter, that filter is the
mirroring filter.
You can specify more than one mirroring destination by using multiple ACEs. Use each ACE to
specify a different destination.
You can configure a port-based and a flow-based mirroring filter on the same port. If such a case
occurs, then the flow-based mirror takes precedence.
For more information about how to configure ACLs and ACEs, see Configuration - QoS and ACL-
Based Traffic Filtering Avaya Virtual Services Platform 4000 Series, NN46251-502.
Port mirroring considerations and restrictions
Although you can configure Virtual Services Platform 4000 to monitor both ingress and egress
traffic, some restrictions apply:
• VSP 7000 and VSP 8000 do not support true egress mirroring. Of the VOSS platforms, only
VSP 4000 supports true egress mirroring.
On the VSP 7000 and VSP 8000, egress mirrored packets can differ from the packets
egressing the port due to the hardware limitation.
• Mirrored traffic shares ingress queue and fabric bandwidth with normal traffic and therefore can
impact normal traffic. Therefore, use these features with this potential consequence in mind
and enable them only for troubleshooting, debugging, or for security purposes such as packet
sniffing, intrusion detection, or intrusion prevention.
• You can configure as many ingress mirroring flows as you have filters.
• To avoid VLAN members from seeing mirrored traffic, you must remove mirroring (destination)
ports from all VLANs.
• The MAC drops an errored packet, for example, packets that are too short or too long. Control
packets consumed by the MAC (802.3x flow control) are also not mirrored.
• Certain control packets generated by the CP, such as CFM, STG BPDUs, SONMP, EAPOL,
LACP, VLACP, TDP, and LLDP cannot be egress mirrored due to HW limitations.
• VSP 4000 supports a maximum of 256 IPv6 ingress port/vlan security ACL/filters. IPv6 ingress
QoS ACL/Filters and IPv6 Egress Security and QoS ACL/Filters are not supported.
Port mirroring
January 2017 Troubleshooting 33
Comments on this document? infodev@avaya.com