Huawei V200R001C01, AR2200-S Troubleshooting Manual

Huawei AR2200-S Series Enterprise Routers

V200R001C01

Troubleshooting

Issue 01

Date 2012-01-06

HUAWEI TECHNOLOGIES CO., LTD.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang Shenzhen 518129 People's Republic of China

Website: http://www.huawei.com

Email: support@huawei.com

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

i

DANGER

WARNING

CAUTION

TIP

NOTE

Huawei AR2200-S Series Enterprise Routers Troubleshooting About This Document

About This Document

Intended Audience

This document describes the procedure for troubleshooting various services supported by the AR2200-S in terms of common causes, flowchart, troubleshooting procedure, alarms and logs, and case studies.

This document is intended for:

l System maintenance engineers

l Commissioning engineers

l Network monitoring engineers

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol

Description

Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury.

Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury.

Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results.

Indicates a tip that may help you solve a problem or save time.

Provides additional information to emphasize or supplement important points of the main text.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

ii

Huawei AR2200-S Series Enterprise Routers Troubleshooting About This Document

Command Conventions

The command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.

{ x | y | ... }

[ x | y | ... ]

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

*

Change History

Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues.

Changes in Issue 01 (2010-01-06)

Initial commercial release.

Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected.

Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

iii

Huawei AR2200-S Series Enterprise Routers Troubleshooting Contents

1 Hardware

About This Chapter

1.1 Board Registration Troubleshooting

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

1

Huawei AR2200-S Series Enterprise Routers Troubleshooting 1 Hardware

1.1 Board Registration Troubleshooting

1.1.1 A Board Fails to Be Registered

Common Causes

This fault is commonly caused by one of the following:

l The board is starting.

l The board was reset.

Troubleshooting Flowchart

The troubleshooting roadmap is as follows:

l Check whether the board is starting.

l Check whether the board is in an unregistered state after the board has finished startup.

l Check whether the board was reset. If the board was reset, locate the cause.

Figure 1-1 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

2

A board

fails to be

registered

Was board

reset?

Locate fault

according to

instructions

Is fault

rectified?

Seek

technical

support

End

No

Yes

Is board

starting?

No

Wait for the board

to complete

startup

Yes

Huawei AR2200-S Series Enterprise Routers Troubleshooting 1 Hardware

Figure 1-1 A board fails to be registered

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

NOTE

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide to Huawei technical support personnel.

Step 1 Check whether the board is starting.

A board takes several minutes to complete registration after power-on. This period is called the startup time. The startup times for specific boards are follows:

l The startup time of the SRU is less than 3 minutes. If the device restarts after the system

software is upgraded, the startup time is less than 5 minutes.

l The startup time of an LPU is less than 5 minutes. If the LPU needs to synchronize an update

from the SRU, the startup time is less than 10 minutes.

3

Huawei AR2200-S Series Enterprise Routers Troubleshooting 1 Hardware

l If the board is still within its startup time, wait until it starts.

l If the board has exceeded its startup time, run the display device command to check the

board status. If the Register field of the board is displayed as Unregistered, go to step 2.

Step 2 Check whether the board was reset.

l Run the display reset-reason [ slot slot-id ] command. If no information about board

resetting is displayed, the board has never been registered. Connect the board to a terminal with a serial cable and check whether the system software has been loaded to the board correctly. For details, see Board Software Loading Troubleshooting.

l If information about board resetting is displayed, rectify the fault according to the

instructions in the command output.

If the fault persists, go to step 3.

Step 3 Collect the following information and contact Huawei technical support personnel.

l Results of the preceding troubleshooting procedure

l Configuration file, log file, and alarm file of the AR2200-S

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

4

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

2 System

About This Chapter

2.1 CPU Troubleshooting

2.2 Telnet Troubleshooting

2.3 SSH Troubleshooting

This chapter describes common causes of the fault that the user fails to log in to the server through SSH, and provides the corresponding troubleshooting flowcharts and examples.

2.4 Mirroring Troubleshooting

This chapter describes common causes of mirroring faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

2.5 SNMP Troubleshooting

2.6 NQA Troubleshooting

2.7 NTP Troubleshooting

2.8 CWMP Troubleshooting

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

5

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

2.1 CPU Troubleshooting

2.1.1 CPU Usage Is High

Common Causes

CPU usage is the percentage of the time during which the CPU executes codes to the total time period. CPU usage is an important index to evaluate device performance.

To view CPU usage, run the display cpu-usage command. If you see that CPU usage exceeds 70%, CPU usage is high. A high CPU usage will cause service faults, for example, BGP route flapping, frequent VRRP active/standby switchovers, and even failed device login.

High system CPU usage occurs when CPU usage of some tasks remains high. This fault is commonly caused by one of the following:

l A large number of packets are sent to the CPU when loops or DoS packet attacks occur.

l STP flapping frequently occurs and a large number of TC packets are received, causing the

device to frequently delete MAC address entries and ARP entries.

l The device generates a large number of logs, consuming a lot of CPU resources.

Troubleshooting Flowchart

Figure 2-1 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

6

CPU usage is high

Seek technical

support

Is fault

rectified?

Is fault

rectified?

Is fault

rectified?

Analyze packet

features to filter out

attack packets

Suppress TC-BPDUs

Eliminate the loop

Collect log files and

contact the Huawei

technical support

personnel

End

Yes

No

Yes

No

Yes

Are a large

number of logs

generated?

Does a loop occur on the

network?

Are a

large number of

TC packets

received?

Are a

large number of

packets sent to the

CPU?

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Figure 2-1 CPU usage is high

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

Step 1 Check the names of tasks with a high CPU usage.

NOTE

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

The following procedures can be performed in any sequence.

The command output in the following procedures varies based on the device model. The following procedures describe how to view related information.

Run the display cpu-usage command to check the CPU usage of each task .

Record the names of tasks with CPU usage exceeding 70%.

7

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

NOTE

CPU usage of 70% does not necessarily affect services. Services may not be affected when some tasks consume 70% of CPU resources, but may be affected when some tasks consume 30% of CPU resources. This outcome depends on the actual situation.

Step 2 Check whether a large number of packets are sent to the CPU.

Run the display cpu-defend statistics command to check statistics about the packets sent to the CPU and focus on the Drop field.

<Huawei> display cpu-defend statistics all

----------------------------------------------------------------------- Packet Type Pass Packets Drop Packets

----------------------------------------------------------------------- 8021X 0 0 arp-miss 1 0 arp-reply 5 0 arp-request 1450113 25597 bfd 0 0 bgp 0 0 dhcp-client 114693 136586 dhcp-server 0 0 dns 0 0 fib-hit 0 0 ftp 717 0 fw-dns 0 0 fw-ftp 0 0 fw-http 0 0 fw-rtsp 0 0 fw-sip 0 0 gvrp 0 0 http 798 0 hw-tacacs 0 0 icmp 10 0 igmp 0 0 ipsec 0 0 isis 0 0 lacp 0 0 lldp 33959 0 ntp 0 0 ospf 1569 0 pim 0 0 pppoe 0 0 radius 0 0 rip 0 0 snmp 0 0 ssh 0 0 stp 0 0 tcp 7671 0 telnet 71149 0 ttl-expired 656 0 udp-helper 0 0 unknown-multicast 6 0 unknown-packet 94189 0 vrrp 0 0

-----------------------------------------------------------------------

l If the value of the Drop field of a certain type of packets is great and CPU usage is high,

packet attacks occur. Go to step 6.

l If the value of the Drop field is within the specified range, go to step 3.

Step 3 Check whether a large number of TC packets are received.

If STP is enabled on a device, the device deletes MAC address entries and ARP entries when receiving TC-BPDUs. If an attacker sends pseudo TC-BPDUs to attack the device, the device will receive a large number of TC-BPDUs within a short period and frequently deletes MAC address entries and ARP entries. As a result, the device CPU usage becomes high.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

8

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Run the display stp command to check statistics about the received TC packets and TCN packets.

<Huawei> display stp interface Eth2/0/1

----[CIST][Port2(Ethernet2/0/1)][FORWARDING]---- Port Protocol :Enabled Port Role :Designated Port Port Priority :128 Port Cost(Dot1T ) :Config=auto / Active=199999 Designated Bridge/Port :4096.00e0-fc01-0005 / 128.2 Port Edged :Config=default / Active=disabled Point-to-point :Config=auto / Active=true Transit Limit :147 packets/hello-time Protection Type :None Port STP Mode :MSTP Port Protocol Type :Config=auto / Active=dot1s PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20 TC or TCN send :1 TC or TCN received :0 BPDU Sent :124008 TCN: 0, Config: 0, RST: 0, MST: 124008 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0

l If a large number of TC packets and TCN packets are received, run the stp tc-protection

command in the system view to suppress TC-BPDUs. After this command is used, only three TC packets are processed within a Hello interval by default. Run the stp tc-protection threshold command to set the maximum number of TC packets that can be processed. To change the hello interval, run the stp timer hello command.

[Huawei] stp tc-protection [Huawei] stp tc-protection threshold 5 [Huawei] stp timer hello 200

l If a small number of TC packets are received, go to step 4.

Step 4 Check whether loops occur on the network.

When multiple interfaces of a device belong to the same VLAN, if a loop occurs between two interfaces, packets are forwarded only between these interfaces in the VLAN. Consequently, CPU usage of the device becomes high.

Run the display current-configuration command to check whether the device is enabled to generate an alarm when MAC address flapping is detected.

# loop-detect eth-loop alarm-only #

l If this function is not configured, run the loop-detect eth-loop alarm-only command to

configure this function. If a loop occurs on the network, an alarm is generated when two interfaces of the device learn the same MAC address entry. For example:

Feb 22 2011 18:42:50 Huawei L2IFPPI/4/MAC_FLAPPING_ALARM:OID

1.3.6.1.4.1.2011.5.25.42.2.1.7.12The mac-address has flap value . (L2IfPort=0,entPhysicalIndex=0, BaseTrapSeverity=4, BaseTrapProbableCause=549, BaseTrapEventType=1, MacAdd=0000-c0a8-0101,vlanid=100, FormerIfDescName=Ethernet1/0/0,CurrentIfDescName=Ethernet1/0/1,DeviceName=HUAWE I)

Check the interface connection and networking information based on the alarm:

– If no ring network is required, shut down one of the two interfaces based on the networking

diagram.

– If the ring network is required, disable loop detection and enable loop prevention

protocols, such as STP.

l If the loop-detect eth-loop alarm-only command is used on the device but no alarm is

generated, go to step 5.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

9

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Step 5 Check whether a large number of logs are generated on the device.

The device generates diagnostic information or logs continuously in some cases, for example, attacks occur on the device, an error occurs during device operation, or an interface frequently alternates between Up and Down states. If the storage device is frequently read or written, CPU usage becomes high.

Run the display logbuffer command to check whether a large number of logs are generated. If a certain log is repeatedly generated, go to step 6.

Step 6 Collect the following information and contact Huawei technical support personnel:

l Results of the preceding troubleshooting procedure

l Configuration files, log files, and alarm files of the device

----End

Relevant Alarms and Logs

Relevant Alarms

None

Relevant Logs

None

2.2 Telnet Troubleshooting

2.2.1 The User Fails to Log in to the Server Through Telnet

Common Causes

This fault is commonly caused by one of the following:

l The route is unreachable, and the user cannot set up a TCP connection with the server.

l The number of users logging in to the server reaches the upper threshold.

l An ACL is configured in the VTY user interface view.

l The access protocol specified in the VTY user interface view is incorrect. For example,

when the access protocol is configured to SSH through the protocol inbound ssh command, the user cannot log in to the server through Telnet.

Troubleshooting Flowchart

Figure 2-2 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

10

No

The user fails to log

in to the server through

Telnet

Can the client

successfully ping the

server?

Locate and

rectify the fault

End

Is the fault

rectified?

Yes

Increase the

maximum number of users allowed to log in

Is the fault

rectified?

Is the user access

type set to

all or telnet?

Is the fault

rectified?

Set the user

access type to all

or telnet

Does the IP address

of the user exist in the

ACL?

Is the fault

rectified?

Yes

Permit the IP

address of the

user in the ACL

Is the authentication

mode configured?

Is the fault

rectified?

Configure the

authentication

mode

Seek technical

support

Yes

No

Yes

Are all the current

VTY channels in use?

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Figure 2-2 Troubleshooting flowchart for the fault that the client fails to log in to the server through Telnet

Troubleshooting Procedure

NOTE

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

11

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Procedure

Step 1 Check whether the Telnet client can ping through the server.

Run the ping command to check the network connectivity. If the ping fails, the Telnet connection cannot be established between the user and server.

If the ping fails, see The Ping Operation Fails to locate the problem so that the Telnet client can ping through the server.

Step 2 Check whether the number of users logging in to the server reaches the upper threshold.

Log in to the server through a console interface and then run the display users command to check whether all the current VTY channels are in use. By default, a maximum of 5 users can log in to the server through VTY channels. Run the display user-interface maximum-vty command to view the allowed maximum number of login users.

<Huawei> display user-interface maximum-vty Maximum of VTY user:5 <Huawei> display users User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag + 0 CON 0 00:00:00 no Username : Unspecified

34 VTY 0 00:13:39 TEL 10.138.78.107 no Username : Unspecified

If the number of users logging in to the server reaches the upper threshold, you can run the userinterface maximum-vty vty-number command to increase the maximum number of users

allowed to log in to the server through VTY channels to 15.

<Huawei> system-view [Huawei] user-interface maximum-vty 15

Step 3 Check that an ACL is configured in the VTY user interface view.

[Huawei] user-interface vty 0 4 [Huawei-ui-vty0-4] display this user-interface vty 0 4 acl 2000 inbound authentication-mode aaa user privilege level 3 idle-timeout 0 0

If an ACL is configured but the IP address of the client to be permitted is not specified in the ACL, the user cannot log in to the server through Telnet. To enable a user with a specific IP address to log in to the server through Telnet, permit the IP address of the user in the ACL.

Step 4 Check that the access protocol configured in the VTY user interface view is correct.

[Huawei] user-interface vty 0 4 [Huawei-ui-vty0-4] display this user-interface vty 0 4 authentication-mode aaa user privilege level 3 idle-timeout 0 0 protocol inbound ssh

Run the protocol inbound { all | ssh | telnet } command to configure the user access protocol. By default, the user access protocol is Telnet.

l If the user access protocol is SSH, the user cannot log in to the server through Telnet.

l If the user access protocol is "all", the user can log in to the server through Telnet or SSH.

Step 5 Check that the authentication mode is configured in the user interface view.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

12

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

l If you run the authentication-mode password command to configure the authentication

mode for the user logging in to the server through the VTY channel to password, run the set authentication password command to set the authentication password.

l If you run the authentication-mode aaa command to configure the authentication mode to

aaa, you should run the local-user command to add a local user.

l If you run the authentication-mode none command to configure the authentication mode

to none, the authentication mode does not affect your login.

Step 6 If the fault persists, collect the following information and contact Huawei technical support

personnel:

l Results of the preceding troubleshooting procedures

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

2.3 SSH Troubleshooting

This chapter describes common causes of the fault that the user fails to log in to the server through SSH, and provides the corresponding troubleshooting flowcharts and examples.

2.3.1 The User Fails to Log in to the Server Through SSH

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for the fault that the user fails to log in to the server through SSH.

Common Causes

This fault is commonly caused by one of the following:

l The route is unreachable and the user cannot set up a TCP connection with the server.

l SSH services are not enabled.

l SSH is not configured in the user interface VTY view.

l The RSA public key is not configured on the SSH server and the client.

l The user service type, authentication type, and user authentication service type are not

configured.

l The number of users logging in to the server reaches the upper threshold.

l An ACL is configured in the user interface VTY view.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

13

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

l SSH versions of the server and the client are inconsistent.

l The initial authentication function is not enabled on the SSH client.

Troubleshooting Flowchart

None.

Troubleshooting Procedure

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Procedure

Step 1 Check whether the SSH client and SSH server can communicate with each other.

On the SSH client and SSH server, run the ping command to check the network connectivity. If the ping fails, the SSH connection cannot be established between the user and the server.

Check whether packet loss occurs on the network and the user access is stable.

Step 2 Check whether the SSH service on the SSH server is started.

Log in to the SSH server by means of Telnet and run the display ssh server status command to view the configuration of the SSH server. The SFTP service is used as an example.

<Huawei> display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP server :Disable

The command output shows that the SFTP server is not enabled. The user can log in to the server through SSH only after SSH services are enabled in the system. Run the following command to enable the SSH server.

<Huawei> system-view [Huawei] sftp server enable

Step 3 On the SSH server, check that the access protocol configured in the VTY user interface view is

correct.

[Huawei] user-interface vty 0 4 [Huawei-ui-vty0-4] display this user-interface vty 0 4 authentication-mode aaa user privilege level 3 idle-timeout 0 0 protocol inbound ssh

Run the protocol inbound { all | ssh | telnet } command to configure the user access protocol. By default, the user access protocol is Telnet. If the user access protocol is set to Telnet, the user cannot log in to the server through SSH. If the user access protocol is set to SSH or "all", the user can log in to the server through SSH.

Step 4 Check whether an RSA public key is configured on the SSH server.

When serving as an SSH server, a device must be configured with a local key pair.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

14

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

On the SSH server, run the display rsa local-key-pair public command to check whether the key pair is configured on the current server. if the key pair is not configured, run the rsa local- key-pair create command to create it.

[Huawei] rsa local-key-pair create The key name will be: Host The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]: 768 Generating keys...

...........................++++++++

.++++++++

...............+++++++++

......+++++++++

Step 5 (Optional) Check whether an SSH user is configured on the SSH server.

An SSH user should be configured on the SSH server. Run the display ssh user-information command to view the configuration of the SSH user. If no SSH user is configured, run the local- user user-name password { simple | cipher } password and local-user service-type ssh commands in the AAA view to create an SSH user.

NOTE

If the SFTP service is enabled, run the local-user user-name ftp-directory directory command in the AAA view to configure the SFTP directory for the SSH user.

l Create an SSH user.

[Huawei] aaa [Huawei] local-user abc password simple abc-pass [Huawei] local-user abc service-type ssh [Huawei] local-user abc ftp-directory cfcard:/ssh

l The default authentication mode of the SSH user is password. To change the authentication

mode, run the ssh user authentication-type command.

Step 6 Check whether the number of SSH login users has reached the maximum.

For the STelnet and Telnet services, both STelnet users and Telnet users log in to the server through VTY channels. The number of available VTY channels ranges from 5 to 15. When the number of users attempt to log in to the server through VTY channels is greater than 15, the new connection cannot be established between the user and the server.

Log in to the SSH server through a console interface and run the display users command to check whether all the current VTY channels are used. By default, a maximum of 5 users can log in to the server through VTY channels.

<Huawei> display user-interface maximum-vty Maximum of VTY user:5 <Huawei> display users User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag 34 VTY 0 03:31:35 TEL 10.1.1.1 pass no Username : Unspecified 35 VTY 1 03:51:58 TEL 10.1.1.2 pass no Username : Unspecified 36 VTY 2 00:10:14 TEL 10.1.1.3 pass no Username : Unspecified 37 VTY 3 02:31:58 TEL 10.1.1.4 pass no Username : Unspecified + 39 VTY 5 00:00:00 TEL 10.1.1.5 pass no Username : Unspecified

If the number of users logging in to the server reaches the upper threshold, you can run the userinterface maximum-vty vty-number command to increase the maximum number of users

allowed to log in to the server through VTY channels to 15.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

15

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

<Huawei> system-view [Huawei] user-interface maximum-vty 15

Step 7 Check that an ACL is configured in the VTY user interface view on the SSH server.

Run the user-interface command on the SSH server to enter the SSH user interface view. Then, run the display this command to check whether an ACL is configured in the VTY user interface view. If an ACL is configured, record the ACL number.

Run the display acl command on the SSH server to check whether the SSH client address is denied in an ACL. If an ACL is configured but the client address to be denied is not specified in the ACL, the user will fail to log in to the server by means of STelnet or SFTP. To enable a user with a specific IP address to log in to the server through STelnet, permit the user IP address in the ACL.

Step 8 Check the SSH versions on the SSH client and SSH server.

On the SSH server, run the display ssh server status command to check the SSH version.

<Huawei> display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP server :Disable

If the client logging in to the server adopts SSHv1, the version compatible capability needs to be enabled on the server.

<Huawei> system-view [Huawei] ssh server compatible-ssh1x enable

Step 9 Check whether first-time authentication is enabled on the SSH client.

Run the display this command in the system view on the SSH client to check whether first-time authentication is enabled.

After first-time authentication is enabled, the validity of the RSA public key of the SSH server does not need to be checked when an SFTP user logs in to the SSH server for the first time. This is because the RSA public key of the SSH server is not kept on the SFTP client.

If first-time authentication is not enabled, an SFTP user fails to log in to the SSH server. This is because checking the validity of the RSA public fails.

<Huawei> system-view [Huawei] ssh client first-time enable

Step 10 Collect the following information and contact Huawei technical support personnel:

l Results of the preceding troubleshooting procedures

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

16

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Relevant Logs

None.

2.4 Mirroring Troubleshooting

This chapter describes common causes of mirroring faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

2.4.1 Monitoring Device Does Not Receive Any Mirrored Packet After Port Mirroring Is Configured

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for the failure to mirror packets to the monitoring device by port mirroring.

Common Causes

This fault is commonly caused by one of the following:

l The mirrored port does not receive any packets.

l The mirrored port or observing port is configured incorrectly, for example, the interface

index is incorrect.

Troubleshooting Flowchart

After port mirroring is configured on the AR2200-S, the monitoring device does not receive any mirrored packets.

Figure 2-3 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

17

Rectify fault on the

link between the

router and monitored

network

Is the fault

rectified?

No

Specify correct

observing port index

Is the fault

rectified?

No

End

Seek technical

support

No

Yes

Is the fault

rectified?

Yes

No

Monitoring

device does not

receive mirrored

packets

Does mirrored

port receive

packets?

Is mirrored port configuration

correct?

Does

observing port

send packets?

Is the

observing port

Up?

No

Yes

Rectify the link fault

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Figure 2-3 Troubleshooting flowchart for the port mirroring fault

Troubleshooting Procedure

Procedure

NOTE

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Step 1 Check whether the mirrored port receives packets.

Run the display interface command multiple times to view information about the mirrored port. The Input field in the command output specifies the number of received packets. The Output field in the command output specifies the number of sent packets.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

18

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

l If the number of sent and received packets is 0 or remains unchanged, check the status of

the interface connected to the monitored network.

– If the interface status is Down, bring the interface Up.

– If the interface status is Up, no traffic is sent to the switch from the monitored network.

No action is necessary.

l If the number of packets received by the mirrored port is not 0 and keeps increasing, go to

step 2.

Step 2 Check that the mirrored port is configured correctly.

When configuring the mirrored port, ensure that the observing port index specified in the command is the same as the index of the configured observing port. Run the display port- mirroring command to check the mapping between the observing port and mirrored port and the direction of packets to which port mirroring is applied.

l If the mirrored port configuration is incorrect, run the port-mirroring to observe-port

command in the view of the mirrored port to specify the observing port index correctly.

l If the mirrored port configuration is correct, go to step 3.

Step 3 Check whether the observing port sends packets to the monitoring device.

Run the display interface command multiple times to view information about the observing port. The Output field in the command output specifies the number of packets sent by the observing port.

l If the number of sent packets is 0 or remains unchanged, check the status of the observing

port.

– If the observing port is Down, bring it to Up.

– If the observing port is Up, go to step 4.

l If the number of packets sent by the observing port is not 0 and keeps increasing, go to step

4.

Step 4 Collect the following information and contact Huawei technical support personnel:

l Results of the preceding troubleshooting procedure

l Configuration file, log file, and alarm file of the AR2200-S

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

19

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

2.4.2 Monitoring Device Does Not Receive Any Mirrored Packets After Traffic Mirroring Is Configured

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for the failure to monitor packets to the monitoring device by traffic mirroring.

Common Causes

This fault is commonly caused by one of the following:

l The link between the mirrored port and the monitored network is Down.

l No traffic policy is applied or no packets match the traffic policy.

l The observing port index specified in the traffic behavior is different from the index of the

configured observing port.

Troubleshooting Flowchart

After traffic mirroring is configured on the AR2200-S, the monitoring device does not receive any mirrored packets.

Figure 2-4 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

20

Monitoring

device does

not receive

mirrored

packets

Rectify fault on the

link between the

switch and

monitored network

Is the fault

rectified?

Configure traffic

policy and apply it

correctly

Is the fault

rectified?

Rectify link fault

Is the fault

rectified?

No

Specify correct

observing port index

in the traffic

behavior view

Is the fault

rectified?

No

Yes

No

Seek technical

support

End

Yes

No

Is observing port index correct?

Is the observing

port Up?

Does

mirrored port

receive

packets?

Does observing port send packets?

Yes

Is traffic policy

applied correctly?

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Figure 2-4 Troubleshooting flowchart for the traffic mirroring fault

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

Step 1 Check whether the mirrored port receives packets.

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Run the display interface command to view information about the mirrored port. The Input field in the command output specifies the number of received packets.

21

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

l If the number of packets received by the mirrored port is 0 or keeps unchanged, the link

between the router and the monitored network is faulty, for example, the mirrored port is Down. Rectify the link fault.

l If the number of packets received by the mirrored port is not 0 and keeps increasing, go to

step 2.

Step 2 Check whether the traffic policy is correctly applied.

1. Check whether the traffic policy is applied.

A traffic policy can be applied to an interface, a VLAN, or the system. Run the display traffic-policy policy-name applied-record command to check whether the traffic policy is applied.

l If the traffic policy is not applied, apply it in the interface view, VLAN view, or system

view based on the network requirements.

l If the traffic policy is applied, check the traffic policy configuration.

2. Check whether the traffic policy is configured correctly. Verify the traffic policy configuration by checking the traffic statistics.

Run the statistic enable command in the traffic behavior view to enable the traffic statistics function. Run the display traffic policy statistics command to check the statistics about packets matching the traffic policy.

l If the number of packets matching the traffic policy is 0, rectify the fault of the traffic

policy first.

l If the number of packets matching the traffic policy is not 0, go to step 3.

Step 3 Check whether the observing port sends packets to the monitoring device.

Run the display interface to view information about the observing port. The Output field in the command output specifies the number of packets sent by the observing port.

l If the number of packets sent by the observing port is 0 or keeps unchanged, follow these

steps:

1. Run the display interface command to check the status of the observing port. If the

observing port is in Down state, rectify the link fault. If the observing port is in Up state. Go to step b.

2. If the observing port is in Up state, check whether the observing port index specified

in the traffic behavior is the same as the index of the configured observing port. If not, run the mirroring to observe-port command to specify the correct observing port index. Otherwise, go to step 4.

l If the number of packets sent by the observing port is not 0 and keeps increasing, go to step

4.

Step 4 Collect the following information and contact Huawei technical support personnel:

l Results of the preceding troubleshooting procedure

l Configuration file, log file, and alarm file of the router

----End

Relevant Alarms and Logs

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

22

Router

Monitoring

Device

Eth2/0/0

Eth2/0/1

Internet

LAN switchA

R&D

Department

User

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Relevant Alarms

None.

Relevant Logs

None.

2.4.3 Troubleshooting Cases

This section provides several mirroring troubleshooting cases.

Mirrored Packets Cannot Be Seen on the Monitoring Device After Port Mirroring Is Configured

Fault Symptom

As shown in Figure 2-5, the R&D department connects to the Internet through the Router.

The IT department configures port mirroring on the Router to monitor traffic sent from the R&D department to the Internet. Eth2/0/0 is the mirrored port, and Eth2/0/1 is the observing port. After the configuration is complete, the IT department cannot see mirrored packets on the monitoring device when the R&D department employees access the Internet.

Figure 2-5 Network diagram of port mirroring

Fault Analysis

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

1. Run the display interface command to check whether Eth2/0/0 receives packets from users.

23

RouterA

Monitoring

Device

Sales

Department

GE2/0/0

GE2/0/1

R&D

Department

SwitchA

10.1.1.0/24

10.1.2.0/24

Internet

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

In the command output, the value of Input is not 0 and keeps increasing, indicating that Eth2/0/0 receives packets from users.

2. Check whether the mirrored port is configured correctly.

Run the display port-mirroring command. The command output shows that the mirrored port is Eth2/0/0 and the observing port is Eth2/0/3. The configuration is incorrect.

Procedure

Step 1 Run the system-view command on Router to enter the system view.

Step 2 Run the observe-port interface ethernet 2/0/1 command to configure Ethernet 2/0/1 as the

observing port.

Step 3 Run the interface ethernet 2/0/0 command to enter the view of the mirrored port.

Step 4 Run the port-mirroring to observe-port 1 inbound to observe-port inbound command to

configure port mirroring.

----End

Summary

If mirrored packets cannot be seen on the monitoring device, the possible cause is that the mirrored port or observing port is configured incorrectly.

Mirrored Packets Cannot Be Seen on the Monitoring Device After Traffic Mirroring Is Configured

Fault Symptom

As shown in Figure 2-6, the R&D department, sales department, and IT department are on different network segments.

The sales department and IT department connect to the Internet through RouterA. The IT department configures traffic mirroring on RouterA to monitor traffic sent from the R&D department to the Internet. After the configuration is complete, the IT department cannot see mirrored packets on the monitoring device.

Figure 2-6 Network diagram of traffic mirroring

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

24

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Fault Analysis

1. Run the display interface command to check whether GigabitEthernet2/0/0 receives packets from users.

In the command output, the value of Input is not 0 and keeps increasing, indicating that GigabitEthernet2/0/0 receives packets from users.

2. Check whether a traffic policy is applied.

Run the display traffic-policy policy-name applied-record command to check whether a traffic policy is applied. The command output shows that the traffic policy tp1 is applied to GigabitEthernet2/0/0.

3. Check whether the user packets match the traffic policy.

Run the statistic enable command in the traffic behavior view to enable the traffic statistics function. Run the display traffic policy statistics interface GigabitEthernet 2/0/0 inbound command to view statistics about packets matching the traffic policy. The command output shows that the number of received packets matching the traffic policy is 0, that is, the packets do not match the traffic policy.

4. Check whether the traffic classifier and the traffic behavior in the traffic policy are correctly configured.

Run the display traffic policy user-defined command to check whether the traffic behavior bound to the traffic policy contains the traffic mirroring action.

<Huawei> display traffic policy user-defined tp1 User Defined Traffic Policy Information: Policy: tp1 Classifier: default-class Behavior: be

-none Classifier: tc1 Behavior: tb1 statistic: enable Port-mirroring to observe-port 1

The preceding information indicates that the traffic classifier tc1 and the traffic behavior tb1 are bound to the traffic policy, and tb1 is configured with the traffic mirroring action.

Run the display traffic classifier user-defined command to check whether the configuration of the traffic classifier is correct. If an ACL is referenced in the traffic classifier, run the display acl command to check the ACL rules.

<Huawei> display traffic classifier user-defined tc1 User Defined Classifier Information: Classifier: tc1 Precedence: 10 Operator: AND Rule(s) : if-match acl 3000 if-match inbound-interface GigabitEthernet 1/0/0 <Huawei> display acl 3000 Advanced ACL 3000, 1 rule Acl's step is 5 rule 5 permit ip source 10.1.1.0 0.0.0.255

The preceding information indicates that the traffic classifier contains two matching rules: ACL 3000 and inbound interface GigabitEthernet1/0/0. The logical relationship between the matching rules is AND, If the rules are ANDed with each other, the packets must match all the non-ACL rules and one of the ACL rules of the traffic classifier. The inbound interface of user packets is GigabitEthernet2/0/0 but not GigabitEthernet1/0/0; therefore,

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

25

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

the packets do not match the traffic classifier and mirrored packets cannot be seen on the monitoring device.

Procedure

Step 1 Run the interface GigabitEthernet 2/0/0 command to enter the view of the mirrored port.

Step 2 Run the undo traffic-policy inbound command to delete the traffic policy from

GigabitEthernet2/0/0.

Step 3 Run the quit command to exit from the interface view.

Step 4 Run the traffic classifier tc1 command to enter the traffic classifier view.

Step 5 Run the undo if-match inbound-interface command to delete the matching rule for incoming

packets in the traffic classifier.

Step 6 Run the if-match inbound-interface GigabitEthernet 2/0/0 command to configure a new

matching rule for incoming packets onGigabitEthernet2/0/0.

Step 7 Run the quit command to exit from the traffic classifier view.

Step 8 Run the interface GigabitEthernet 2/0/0 command to enter the interface view.

Step 9 Run the traffic-policy tp1 inbound command to apply the traffic policy tp1 to

GigabitEthernet2/0/0.

----End

Summary

When configuring traffic mirroring, ensure that the traffic policy matches the packets to be mirrored. Otherwise, the packets cannot be copied to the observing port.

2.5 SNMP Troubleshooting

2.5.1 An SNMP Connection Cannot Be Established

Common Causes

This fault is commonly caused by one of the following:

l Packets cannot be exchanged between the host and the NMS.

l Configurations are incorrect.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

26

SNMP connection

fails

Can AR and NMS

ping each other?

Rectify the fault

according to The Ping

Operation Fails

Seek technical

support

End

Is

SNMP configured

correctly?

Is ACL configured

correctly?

Is fault rectified?

Modify SNMP

configuration

Is fault rectified?

Modify ACL to allow

the NMS to access

the device

Is fault rectified?

No

Yes

No

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Troubleshooting Flowchart

Figure 2-7 Troubleshooting flowchart used when an SNMP connection cannot be established

Troubleshooting Procedure

Procedure

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Step 1 Run the ping command to check whether the host and the NMS can successfully ping each other.

l If the ping fails, see The Ping Operation Fails to locate the problem so that the host and

NMS can ping each other.

Step 2 Check whether the SNMP configuration on the host is correct.

l If the ping succeeds, the host and the NMS are reachable. Go to Step 2.

l If the SNMP configuration is incorrect, modify the configuration based on Table 2-1.

l If the SNMP configuration is correct, go to step 3.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

27

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Table 2-1 SNMP configuration

Item Method Troubleshooting

Procedure

Check whether the host supports the SNMP version used by the NMS for sending a login request.

View the community string configured on the host.

If SNMPv3 is used, check whether information about the SNMP user group and users is correct.

Run the display snmp-agent sys-info version command to view the SNMP version of the host.

Run the display snmp-agent community command.

l Run the display snmp-

agent group command to

view information about the SNMPv3 user group.

l Run the display snmp-

agent usm-user

command to view the SNMPv3 user information.

If the host does not support the SNMP version, run the

snmp-agent sys-info version command to set the

SNMP version on the host.

If the community string used by the NMS for sending a login request is different from that configured on the host, run the snmp-agent community command to configure a read-write community string, which must be identical to that configured on the host.

If information is incorrect, modify the configurations.

l Run the snmp-agent

group command to view

information about the SNMPv3 user group.

l Run the snmp-agent

usm-user command to

view information about the SNMPv3 user.

Step 3 Run the display snmp-agent community command to view the community string configured

on the host.

l If the IP address from which the NMS sends login requests is denied by the ACL, run the

rule command to enable the ACL to permit the IP address from which the NMS sends login requests.

l If the IP address from which the NMS sends login requests is permitted by the ACL, go to

Step 4.

Step 4 Collect the following information and contact Huawei technical support personnel:

l Results of the preceding troubleshooting procedure

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

28

Seek technical support

The NMS fails to

receive trap messages

from the host

Are the SNMP

configuration correct?

Configure SNMP

correctly

No

Yes

View the system log and

rectified the fault based on

the table in troubleshooting

procedure

Is the fault rectified?

End

Yes

No

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Relevant Logs

None.

2.5.2 The NMS Fails to Receive Trap Messages from the Host

Common Causes

This fault is commonly caused by one of the following:

l The trap message is lost.

l The SNMP configuration on the host is incorrect. As a result, the host is unable to send

trap messages.

l No trap message is generated on the host-side service module, or the trap message is

generated on the host-side service module, but the format of the trap messages is incorrect. As a result, the trap message cannot be sent.

Troubleshooting Flowchart

Figure 2-8 Troubleshooting flowchart used when the NMS fails to receive trap messages from the host

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

29

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Troubleshooting Procedure

Context

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Procedure

Step 1 Check whether the SNMP configurations on the host are correct.

l If the SNMP configurations are correct, go to Step 2.

l If the SNMP configurations are incorrect, change the configuration based on the following

configuration cases.

Table 2-2 Typical SNMP configurations

Configuration Case Command

Configure a destination host running SNMPv2c, with the destination port number being 162 (default value), the security name being huawei, and the IP address being 192.168.1.1.

Configure a destination host running SNMPv3, with the user name being huawei. The user belongs to the user group named huawei_group and has Huawei_view as the notify rights (notify-view).

NOTE

With Huawei_view, the user can access all nodes from the iso subtree.

Configure a destination host running SNMPv3, with the user name being huawei and the IP address being

192.168.1.1.

NOTE

huawei must be an existing user name.

<Huawei> system-view [Huawei] snmp-agent target-host trap-

paramsname abc v2c securityname huawei [Huawei] snmp-agent target-host traphostname aaa address 192.168.1.1 trapparamsnam abc

# Configure a MIB view.

<Huawei> system-view [Huawei] snmp-agent mib-view Huawei_view

include iso

# Configure a user group.

[Huawei] snmp-agent group v3 huawei_group noauth read-view Huawei_view write-view Huawei_view notify-view Huawei_view

# Configure a user.

[Huawei] snmp-agent usm-user v3 huawei huawei_group

<Huawei> system-view [Huawei] snmp-agent target-host trap-

paramsname abc v3 securityname huawei authentication [Huawei] snmp-agent target-host traphostname aaa address 192.168.1.1 trapparamsname abc

Step 2 Run the display snmp-agent trap all command to check whether the trap function is enabled.

l If the trap function is not enabled, run the snmp-agent trap enable command to enable the

host to send trap messages.

l If the trap function is enabled, go to Step 3.

Step 3 Check whether the log message indicating that a specific trap is generated exists on the host.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

30

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

l If the log message indicating that a specific trap is generated does not exist on the host, the

trap is not generated. Go to Step 4.

l If the log message indicating that a specific trap is generated exists on the host, the trap has

been generated, but the NMS fails to receive the trap message. Go to Step 4.

NOTE

The log message indicating that a specific trap is generated is as follows: #Jun 10 2010 09:55:03 Quideway IFNET/2/IF_PVCDOWN:OID 1.3.6.1.6.3.1.1.5.3 Interface 109 turned into DOWN state.

Step 4 Collect the following information and contact Huawei technical support personnel:

l Results of the preceding troubleshooting procedure

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

2.6 NQA Troubleshooting

2.6.1 A UDP Jitter Test Instance Fails to Be Started

Common Causes

This fault is commonly caused by one of the following:

l The mandatory parameter of the test instance is incorrect.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

31

Is the test

type Jitter?

A UDP jitter test

instance fails to be

started

Is the

destination address

configured?

Is the

destination port

configured?

Seek technical support

Ensure that the

destination port is

configured

Is the fault

rectified?

Is the fault

rectified?

End

Yes

No

Yes

Ensure that the

destination address is

configured

Is the fault

rectified?

Yes

No

Yes

No

Ensure that the test

type is Jitter

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Troubleshooting Flowchart

Figure 2-9 Troubleshooting flowchart used when a UDP Jitter test instance fails to be started

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

All the following commands, except the display commands, are used in the NQA test instance view. The display commands can be used in any views.

Step 1 Run the display nqa-agent admin-name test-name [ verbose ] command on the NQA client or

the display this command in the NQA test instance view to check whether the test type is Jitter.

l If the test type is Jitter, go to Step 2.

l If the test type is not Jitter, run the test-type jitter command to configure the test type to

UDP Jitter.

– If the fault is rectified, go to Step 5.

– If the fault persists, go to Step 2.

Step 2 Run the display nqa-agent admin-name test-name [ verbose ] command on the NQA client or

the display this command in the NQA test instance view to check whether the destination IP address is configured.

32

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

l If the destination IP address is configured, go to Step 3.

l If the destination IP address is not configured, run the destination-address ipv4 ip-

address command in the NQA test instance view to configure the destination IP address.

– If the fault is rectified, go to Step 5.

– If the fault persists, go to Step 3.

Step 3 Run the display nqa-agent admin-name test-name [ verbose ] command on the NQA client or

the display this command in the NQA test instance view to check whether the destination port is configured.

l If the destination port is configured, go to Step 4.

l If the destination port is configured, run the destination-port port-number command in the

NQA test instance view to configure the destination port.

– If the fault is rectified, go to Step 5.

– If the fault persists, go to Step 4.

Step 4 If the fault persists, collect the following information and contact Huawei technical support

personnel:

l Results of the preceding troubleshooting procedures

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

2.6.2 A Drop Record Exists in the UDP Jitter Test Result

Common Causes

If the UDP jitter test result has drop records, the value of the "Drop operation number" field in the display nqa results command output is not 0.

This fault is commonly caused by one of the following:

l The destination IP address does not exist or the route to the network segment to which the

destination IP address belongs does not exist in the routing table.

l The source IP address is incorrect.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

33

Is the

destination address

reachable?

A drop record exists in

the UDP jitter test result

Ensure that the

destination address

exists and is

reachable

Is the

source address

configured?

Seek technical support

Is the fault

rectified?

End

Yes

No

Yes

Ensure that the

source address exists

and is reachable

Is the fault

rectified?

Yes

No

Yes

No

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Troubleshooting Flowchart

Figure 2-10 Troubleshooting flowchart used when a drop record exists in the UDP jitter test

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Step 1 Run the display ip routing-table command on the NQA client to check whether the route along

the test path exists.

l If the route exists, run the ping command to check whether devices can successfully ping

each other.

– If devices can successfully ping each other, go to Step 2.

– If devices cannot successfully ping each other, see The Ping Operation Fails.

l If the route does not exist, run the corresponding command to reconfigure the route.

Step 2 Run the display nqa-agent admin-name test-name [ verbose ] command on the NQA client or

the display this command in the NQA test instance view to check whether the source IP address is configured.

to check whether the interface configured with the source IP address exists.

– If the interface exists, run the display ip routing-table command on the NQA server to

check whether the route to the source IP address exists.

l If the source IP address is configured, run the display ip interface brief on the NQA client

– If the route exists, run the ping command to check whether the source IP address is

reachable.

34

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

– If the source IP address is reachable, go to Step 3.

– If the source IP address is unreachable, see The Ping Operation Fails.

– If the route does not exist, run the corresponding command to reconfigure the route.

– If the interface configured with the source IP address does not exist, run the corresponding

command to reconfigure IP addresses and recheck the configuration about NQA.

l If the source IP address is not configured, go to Step 3.

Step 3 If the fault persists, collect the following information and contact Huawei technical support

personnel:

l Results of the preceding troubleshooting procedures

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

2.6.3 A Busy Record Exists in the UDP Jitter Test Result

Common Causes

If the UDP jitter test result has busy records, the value of the "System busy operation number" field in the display nqa results command output is not 0.

This fault is commonly caused by one of the following:

l The VPN route instance that is configured in the UDP Jitter test instance is unreachable.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

35

A busy record exists in

the UDP jitter test result

Is the VPN instance

configured?

Is the fault

rectified?

Yes

No

Yes

No

Can devices in a VPN

ping each other?

No

Yes

End

Is the fault

rectified?

Rectify the ping fault

Configure the VPN

instance

Seek technical support

Yes

No

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Troubleshooting Flowchart

Figure 2-11 Troubleshooting flowchart used when a busy record exists in the UDP jitter test

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Step 1 Run the display nqa-agent admin-name test-name [ verbose ] command on the NQA client or

the display this command in the NQA test instance view to check whether the VPN instance is configured.

l If the VPN instance is configured, go to Step 2.

l If the VPN instance is not configured, go to Step 3.

Step 2 Run the ping -vpn-instance vpn-instance-name command on the NQA client to check whether

the destination address is reachable.

l If the destination address is reachable, go to Step 3.

l If the destination address is unreachable, see the section The Ping Operation Fails.

Step 3 If the fault persists, collect the following information and contact Huawei technical support

personnel:

l Results of the preceding troubleshooting procedures

l Configuration files, log files, and alarm files of the devices

----End

36

Is the

destination address

reachable?

A timeout record exists

in the UDP jitter test

result

Ensure that the

destination address

exists and is

reachable

Is the NQA jitter tag-

version 2?

Seek technical support

Is the fault

rectified?

End

Yes

No

Yes

Ensure that the NQA

server is configured

and is in the Active

state

Is the fault

rectified?

Yes

No

Yes

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

2.6.4 A Timeout Record Exists in the UDP Jitter Test Result

Common Causes

If the UDP jitter test result has timeout records, the value of the "operation timeout number" field in the display nqa results command output is not 0.

This fault is commonly caused by one of the following:

Troubleshooting Flowchart

l The destination address does not exist, but the route to the network segment of the

destination address exists in the routing table.

l The value of the parameter "nqa-jitter tag-version" is 2, and the receiver is not configured

with a UDP server.

Figure 2-12 Troubleshooting flowchart used when a timeout record exists in the UDP jitter test

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

37

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Troubleshooting Procedure

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Unless otherwise stated, all the following commands, except display commands that can be run in all views, need to be run in the NQA test instance view.

Procedure

Step 1 Run the ping command on the NQA client to check whether the route to the destination address

is reachable.

l If the route to the destination address is reachable, go to Step 2.

l If the route to the destination address is unreachable, see the section The Ping Operation

Fails.

Step 2 Run the display this command in the system view on the NQA client to check whether the value

of the parameter "nqa-jitter tag-version" is 2. When the value of this parameter is set to 1 (the default value), this parameter is not displayed in the configuration file. This parameter is displayed in the configuration file when its value is set to 2.

l If the value of the parameter "nqa-jitter tag-version" is 2, go to Step 3.

l If the value of the parameter "nqa-jitter tag-version" is not 2, go to Step 4.

Step 3 Run the display nqa-server command on the NQA server to check whether the nqa-server

udpecho ip-address port-number command has been configured on the NQA server.

l If the nqa-server udpecho ip-address port-number command has been configured on the

NQA server and is in the Active state, go to Step 4.

l If the nqa-server udpecho ip-address port-number command is not configured on the NQA

server, run the command to configure the NQA server. Note that the IP address of the NQA server must be identical with the destination IP address configured through the destination- address ipv4 ip-address command on the NQA client. Also, the port number configured on the NQA server must be identical with that configured through the destination-port port- number command on the NQA client.

– If the fault is rectified, go to Step 5.

– If the fault persists, go to Step 4.

Step 4 If the fault persists, collect the following information and contact Huawei technical support

personnel:

l Results of the preceding troubleshooting procedures

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

38

The UDP jitter test

result is failed or

packet loss

Is TTL configured?

Is frequency set?

Is fail-percent set?

Ensure that the

frequency value is

large than (interval x

probe-count x jitter-

packetnum)

Set fail-percent to a

proper value

Seek technical support

End

No

Yes

No

Yes

Ensure that the

packet TTL is large

enough for the packet

to reach the

destination

Yes

No

Yes

No

Is the fault

rectified?

Is the fault

rectified?

Is the fault

rectified?

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

2.6.5 The UDP Jitter Test Result Is "Failed", "No Result" or "Packet Loss"

Common Causes

The UDP jitter test result displayed in the display nqa results command output can be "failed", "no result", or "packet loss". In the command output,

l If the "Completion" field is displayed as "failed", the test fails.

l If the "Completion" field is displayed as "no result", the test has no result.

l If the "lost packet ratio" field is not 0%, packet loss occurs.

This fault is commonly caused by one of the following:

l A drop record exists in the UDP jitter test result.

l A timeout record exists in the UDP jitter test result.

l The TTL expires.

l The parameter frequency is incorrect.

Troubleshooting Flowchart

l The parameter fail-percent is incorrect.

Figure 2-13 Troubleshooting flowchart used when the UDP Jitter test result is "failed", "no result", or "packet loss"

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

39

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Troubleshooting Procedure

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

All the following commands, except the display commands, are used in the NQA test instance view. The display commands can be used in any views.

Procedure

Step 1 Run the display nqa-agent admin-name test-name [ verbose ] command on the NQA client or

the display this command in the NQA test instance view to check whether the TTL is configured.

l If the TTL is configured, you can run the ttl number command in the NQA test instance

view to set the value of the TTL to 255. If the fault persists after the TTL is set to 255, go to Step 2.

l If the TTL is not configured, you can run the ttl number command in the NQA test instance

view to set the value of the TTL to 255. If the fault persists after the TTL is set to 255, go to Step 2.

Step 2 Run the display nqa-agent admin-name test-name [ verbose ] command on the NQA agent or

the display this command in the NQA test instance view to check whether the parameter frequency is configured.

l If the parameter frequency is configured, compare the value of the frequency and that of

the (interval x probe-count x jitter-packetnum). To ensure that the UDP Jitter test instance can be complete normally, the value of the frequency must be greater than that of the (interval x probe-count x jitter-packetnum). If the value of the frequency is less than that of the (interval x probe-count x jitter-packetnum), run the frequency interval command in the NQA test instance view to increase the value of the frequency.

l If the frequency is not configured or the fault persists after a proper frequency value is set,

go to Step 3.

Step 3 Run the display nqa-agent admin-name test-name [ verbose ] command on the NQA agent or

the display this command in the NQA test instance view to check whether the parameter fail- percent is configured.

l If the fail-percent is configured, run the undo fail-percent command in the NQA test

instance view to delete the fail-percent. If the fault persists after the fail-percent is deleted, go to Step 4.

l If the fail-percent is not configured, go to Step 4.

Step 4 If the fault persists, collect the following information and contact Huawei technical support

personnel:

l Results of the preceding troubleshooting procedures

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

40

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Relevant Logs

None.

2.7 NTP Troubleshooting

2.7.1 The Clock Is Not Synchronized

Common Causes

This fault is commonly caused by one of the following:

l The link flaps.

l The link is faulty.

Troubleshooting Procedure

Context

Procedure

Step 1 Check the NTP status.

Step 2 Check the status of the NTP connection.

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

[Huawei] display ntp-service status clock status: unsynchronized clock stratum: 16 reference clock ID: none nominal frequency: 100.0000 Hz actual frequency: 99.9995 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 0.00 ms peer dispersion: 0.00 ms reference time: 14:25:55.477 UTC Jun 9 2010(CFBA22F3.7A4B76F6)

The "clock status" field is displayed as "unsynchronized", indicating that the local system clock is not synchronized with any NTP server or a reference clock.

[Huawei] display ntp-service sessions

The value of the "reference" is 0.0.0.0, specifying that the local system clock is not synchronized with any NTP server.

Step 3 Run the ping command on the NTP client to check the status of the link to the NTP server.

[Huawei] ping 20.1.14.1 PING 20.1.14.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

41

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

--- 20.1.14.1 ping statistics ---

5 packet(s) transmitted 0 packet(s) received

100.00% packet loss

l The displayed information "100.00% packetloss" indicates that the link is faulty. To locate

the fault, refer to The Ping Operation Fails.

l If the packet loss percentage is not 100.00%, the link flaps. To locate the fault, refer to The

Ping Operation Fails.

l If the packet loss percentage is 0.00%, the link is normal. Then proceed to step 4.

Step 4 If the fault persists, collect the following information and contact Huawei technical support

personnel:

l Results of the preceding troubleshooting procedures

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

The following log information indicates that the clock source with which the local device synchronizes is lost.

NTP/4/SOURCE_LOST

The following log information indicates that the local clock has synchronized with a clock source.

NTP/4/LEAP_CHANGE NTP/4/STRATUM_CHANGE NTP/4/PEER_SELE

2.8 CWMP Troubleshooting

2.8.1 Failed to Manage AR2200-S Using CWMP

Common Causes

The fault symptoms are as follows:

l The AR2200-S cannot set up a connection with the ACS.

l The ACS fails to issue configurations to the AR2200-S.

This fault is commonly caused by one of the following:

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

42

Are CWMP

settings correct?

Is any parameter not supported by

AR?

Seek technical support

Is fault rectified?

End

Yes

No

Yes

No

Is fault rectified?

Is there

a reachable route

between AR and

ACS?

CWMP fails to

manage AR

Modify the settings

Configure a

reachable route

No

Yes

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

l The CWMP settings on the AR2200-S are incorrect, for example, the setting of ACS's URL,

user name, or password is incorrect, or the CWMP function is disabled on the AR2200-S.

l There is no reachable route between the AR2200-S and the ACS.

l The AR2200-S does not support parameters in the packets received from the ACS.

Troubleshooting Flowchart

Figure 2-14 shows the troubleshooting flowchart.

Figure 2-14 CWMP troubleshooting flowchart

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

Step 1 Verify the CWMP settings on the AR2200-S.

NOTE

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Run the display cwmp configuration command in the system view to check whether the CWMP function is enabled and the ACS's URL, user name, and password are correctly set.

<Huawei> display cwmp configuration CWMP is enabled ACS URL: http://www.acs.com:80/acs ACS username: hwcpe ACS password: asd123 Inform enable status: disabled

43

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

Inform interval: 600s Inform time: Wait timeout: 30s Reconnection times: 3

l If the CWMP settings are correct, go to step 2.

l If the CWMP settings are incorrect, modify them based on Table 2-3, and run the undo

cwmp enable and cwmp enable commands to re-enable the CWMP function.

Table 2-3 CWMP settings

Item Method

Enable the CWMP

Run the cwmp enable command in the CWMP view.

function.

Configure the URL used

Run the cwmp acs url url command in the CWMP view. by the AR2200-S to connect to the ACS.

Configure the user name used by the AR2200-S to

Run the cwmp acs username username command in the

CWMP view. connect to the ACS.

Configure the ACS's password used by the

Run the cwmp acs password password command in the CWMP

view. AR2200-S to connect to the ACS.

Step 2 Check that there is a reachable route between the AR2200-S and ACS.

Run the ping command on the AR2200-S to ping the ACS.

NOTE

If you have configured the ACS's URL as a domain name, use the display dns dynamic-host command to obtain the IP address, and enter the IP address in the ping command.

<Huawei> display dns dynamic-host No Domain-name IpAddress TTL Alias 1 huawei.com 2.1.1.3 3579

l If the AR2200-S fails to ping the ACS, rectify the ping fault based on 7.1.1 The Ping

Operation Fails.

l If the AR2200-S can ping the ACS, go to step 3.

Step 3 Check whether the parameters in the packets received from the ACS are supported by the

AR2200-S.

Capture the packets exchanged between the ACS and the AR2200-S using Ethereal or other packet catchers, and check the parameters in <Name></Name>.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

44

Huawei AR2200-S Series Enterprise Routers Troubleshooting 2 System

l If the parameters are not supported by the AR2200-S, the ACS cannot manage the AR2200-

S.

l If all parameters are supported by the AR2200-S, go to step 4.

Step 4 Collect the following information and contact Huawei technical support personnel:

l Results of the preceding troubleshooting procedure

l Configuration file, log file, and alarm file of the AR2200-S

----End

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

45

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

3 Physical Connection and Interfaces

About This Chapter

3.1 Eth-Trunk Interface Troubleshooting

This chapter describes common causes of Eth-Trunk interface faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

46

RouterB

Eth2/0/2

Eth-Trunk1

RouterA

Eth2/0/3

Eth2/0/1 Eth2/0/1

Eth2/0/2

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

3.1 Eth-Trunk Interface Troubleshooting

This chapter describes common causes of Eth-Trunk interface faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

3.1.1 Eth-Trunk Interface Cannot Forward Traffic

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for the fault that an Eth-Trunk interface cannot forward traffic.

Common Causes

After an Eth-Trunk interface is configured, it cannot forward traffic.

This fault is commonly caused by one of the following:

l Eth-Trunk member interfaces are faulty.

l Configurations of Eth-Trunk member interfaces on the two ends are inconsistent.

l The number of Up Eth-Trunk member interfaces is smaller than the lower threshold.

l Negotiation between member interfaces of the Eth-Trunk interface in static LACP mode

fails.

Troubleshooting Flowchart

On the network shown in Figure 3-1, the Eth-Trunk interface cannot forward traffic.

Figure 3-1 Eth-Trunk network diagram

The troubleshooting roadmap is as follows:

l Check that Eth-Trunk member interfaces are working.

l Check information about Eth-Trunk member interfaces on both ends.

l Check that the number of Up member interfaces is greater than the configured lower

threshold.

l Check that LACP negotiation succeeds if the Eth-Trunk interface is in static LACP mode.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

Figure 3-2 shows the troubleshooting flowchart.

47

Eth-Trunk interface

cannot forward traffic

Eth-Trunk

member interfaces work

properly?

Member

interfaces on both ends

are consistent?

Modify the

configuration

End

No

Yes

Seek technical support

No

Check physical

links connecting member interfaces and rectify the link

fault

Yes

No

Yes

Number of

Up member interfaces

is below the lower

threshold?

Change the lower

threshold

Yes

Is fault

rectified?

Is fault

rectified?

Is fault

rectified?

Negotiation

between Eth-Trunk

interfaces working in

static LACP mode fails?

Locate the cause

of the negotiation

failure and modify

the configuration

Is fault

rectified?

No

Yes

No

Yes

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

Figure 3-2 Troubleshooting flowchart

Troubleshooting Procedure

Procedure

Step 1 Check that Eth-Trunk member interfaces work properly.

NOTE

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Run the display eth-trunk 1 command in any view to check the status of the Eth-Trunk interface.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

[RouterA] display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: NORMAL Hash arithmetic:According to SA-XOR-DA Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8

48

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

Operate status: down Number Of Up Port In Trunk: 0

--------------------------------------------------------------------------------

PortName Status Weight Ethernet2/0/1 Down 1 Ethernet2/0/2 Down 1 Ethernet2/0/3 Down 1

l If a member interface is Down, check the following items on the interface.

Check Item Method

Whether the interface was manually shut down

Run the interface interface-type interface-number command in the system view to enter the interface view, and then run the display this command to check the interface status. If the interface was shut down by using the shutdown command, run the undo shutdown command in the interface view.

Whether the link fails

Whether the interface fails

Replace the cable between RouterA and RouterB.

NOTE

If RouterA connects to RouterB using a twisted pair, select a new twisted pair with a proper transmission distance according to the actual distance between RouterA and RouterB.

Configure other idle interfaces as member interfaces of the EthTrunk.

If the interface remains in the Down state, go to Step 5.

l If the member interface is Up, verify that each cable is correctly connected to interfaces.

If the fault persists, go to Step 2.

Step 2 Check information about Eth-Trunk member interfaces on both ends.

Check information about member interfaces of the Eth-Trunk interface on Router A and Router B.

[RouterA] display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: NORMAL Hash arithmetic: According to SA-XOR-DA Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 8 Operate status: up Number Of Up Port In Trunk: 3

--------------------------------------------------------------------------------

PortName Status Weight Ethernet2/0/1 up 1 Ethernet2/0/2 up 1 Ethernet2/0/3 up 1 [RouterB] display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: NORMAL Hash arithmetic: According to SA-XOR-DA Least Active-linknumber: 4 Max Bandwidth-affected-linknumber: 8 Operate status: up Number Of Up Port In Trunk: 2

-------------------------------------------------------------------------------PortName Status Weight Ethernet2/0/1 up 1 Ethernet2/0/2 up 1

l Check information about member interfaces of the Eth-Trunk interface on Router B.

l If the number of member interfaces of the Eth-Trunk interface on Router A differs from

the number on Router B, add the required physical interfaces to the Eth-Trunk interface.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

49

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

l If the number of member interfaces of the Eth-Trunk interface on Router A is the same as

the number on Router B, go to Step 3.

Step 3 Check whether the Eth-Trunk interface is configured with a lower threshold of Up member

interfaces.

Run the display eth-trunk 1 command on Router A and Router B to view the configuration of the Eth-Trunk interface.

[RouterA] display eth-trunk 1 Eth-Trunk1's state information is: WorkingMode: NORMAL Hash arithmetic: According to SA-XOR-DA

Least Active-linknumber: 4 Max Bandwidth-affected-linknumber: 8 Operate status: down Number Of Up Port In Trunk: 8

-------------------------------------------------------------------------------PortName Status Weight Ethernet2/0/1 up 1 Ethernet2/0/2 up 1 Ethernet2/0/3 up 1

The preceding command output shows that the lower threshold of Up member interfaces of the Eth-Trunk interface has been set to 4. However, the number of Up member interfaces of the EthTrunk interface is actually 3, which causes the Eth-Trunk interface to go Down.

l If the Eth-Trunk interface is configured with a lower threshold of Up member interfaces

and this threshold is greater than the actual number of Up member interfaces, set the lower threshold to a smaller value.

l If the Eth-Trunk interface is not configured with a lower threshold of Up member interfaces,

go to Step 4.

Step 4 Check whether Eth-Trunk interfaces work in static LACP mode.

Run the display eth-trunk 1 command on Router A and Router B to view the configuration of the Eth-Trunk interface.

[RouterA] display eth-trunk 1 Eth-Trunk1's state information is: Local: LAG ID: 1 WorkingMode: STATIC Preempt Delay: Disabled Hash arithmetic: According to SA-XOR-DA System Priority: 32768 System ID: 0018-826f-fc7a Least Active-linknumber: 1 Max Active-linknumber: 8 Operate status: down Number Of Up Port In Trunk: 0

-------------------------------------------------------------------------------ActorPortName Status PortType PortPri PortNo PortKey PortState Weight Ethernet2/0/1 Unselect 100M 32768 264 305 11100010 1 Ethernet2/0/2 Unselect 100M 32768 265 305 11100010 1 Ethernet2/0/3 Unselect 100M 32768 266 305 11100011 1 Partner:

-------------------------------------------------------------------------------ActorPortName SysPri SystemID PortPri PortNo PortKey PortState Ethernet2/0/1 0 0000-0000-0000 0 0 0 11100011 Ethernet2/0/2 0 0000-0000-0000 0 0 0 11100011 Ethernet2/0/3 0 0000-0000-0000 0 0 0 11100011

l If the Eth-Trunk interface is configured to work in static LACP mode and no physical

interface is selected, LACP negotiation was unsuccessful. Possible causes for unsuccessful LACP negotiation are as follows:

– Member interfaces fail, causing timeout of LACP protocol packets.

To correct this problem, connect the cable to another idle interface and add the interface to the Eth-Trunk.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

50

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

– The Eth-Trunk interface on one end is configured to work in static LACP mode, but the

Eth-Trunk interface on the other end is not.

To correct this problem, make the configurations of the two ends of the Eth-Trunk link consistent.

After the configurations are corrected and LACP negotiation succeeds, the output of the display eth-trunk 1 command is as follows:

[RouterB] display eth-trunk 1 Eth-Trunk1's state information is: Local: LAG ID: 1 WorkingMode: STATIC Preempt Delay: Disabled Hash arithmetic: According to SA-XOR-DA System Priority: 32768 System ID: 0018-826f-fc7a Least Active-linknumber: 1 Max Active-linknumber: 8 Operate status: up Number Of Up Port In Trunk: 3

------------------------------------------------------------------------------

-ActorPortName Status PortType PortPri PortNo PortKey PortState Weight Ethernet2/0/1 Selected 100M 32768 264 305 11111100 1 Ethernet2/0/2 Selected 100M 32768 265 305 11111100 1 Ethernet2/0/3 Selected 100M 32768 266 305 11111100 1

Partner:

------------------------------------------------------------------------------

-ActorPortName SysPri SystemID PortPri PortNo PortKey PortState Ethernet2/0/1 32768 0018-823c-c473 32768 2056 305 11111100 Ethernet2/0/2 32768 0018-823c-c473 32768 2057 305 11111100 Ethernet2/0/3 32768 0018-823c-c473 32768 2058 305 11111100

If LACP negotiation fails after the configurations are corrected, go to Step 5.

l If the Eth-Trunk interface is not configured to work in static LACP mode, go to Step 5.

Step 5 Collect the following information and contact Huawei technical support personnel.

l Results of the preceding troubleshooting procedure

l Configuration files, log files, and alarm files of the devices

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

3.1.2 Troubleshooting Cases

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

51

RouterB

Eth2/0/1

Eth2/0/2Eth2/0/2

Eth2/0/1

Eth-Trunk1

RouterA

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

Traffic Is Not Load Balanced Between Eth-Trunk Member Interfaces Due to an Incorrect Load Balancing Mode

Fault Symptom

As shown in Figure 3-3, RouterA and RouterB communicate by using an Eth-Trunk. After the display interface command is run on RouterA, the command output shows that the outgoing traffic rate on Eth2/0/1 is 80 Mbit/s and the outgoing traffic rate on Eth2/0/2 is 20 Mbit/s. That is, outgoing traffic is not load balanced between Eth2/0/1 and Eth2/0/2.

Figure 3-3 Network diagram of Eth-Trunk load balancing

Fault Analysis

Procedure

Step 1 Run the system-view command on RouterA to enter the system view.

Step 2 Run the interface interface-type interface-number command to enter the Eth-Trunk interface

Step 3 Run the load-balance dst-mac command to set the load balancing mode to dst-mac (load

1. Run the display current-configuration command on the Routers to check the configuration of Eth-Trunk 1. The command outputs show that the load balancing mode of Eth-Trunk 1 is src-dst-ip. That is, load balancing is performed based on the ExclusiveOr result of source and destination IP addresses. RouterA and RouterB communicate at Layer 2; therefore, the load balancing mode does not apply to this scenario.

This fault is caused by the incorrect load balancing mode.

view.

balancing based on destination MAC addresses).

Run the display interface [ number [ interface-type ] ] command on RouterA to check the traffic rates on Eth2/0/1 and Eth2/0/2. You can see that traffic is load balanced on the two interfaces.

----End

Summary

In the Layer 3 communication scenario, select the IP address-based load balancing modes. In the Layer 2 communication scenario, select the MAC address-based load balancing modes.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

52

RouterA RouterB

Eth-Trunk

Eth-Trunk 1

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

Devices at the Two Ends of an Eth-Trunk Cannot Ping Each Other Due to Inconsistent Aggregation Modes

Fault Symptom

As shown in Figure 3-4, RouterA is an AR2200-S, and RouterB is a non-Huawei device. An Eth-Trunk consisting of two Ethernet links is configured between the two devices. After the configuration, the devices cannot ping each other's management IP address.

Figure 3-4 Network diagram of an Eth-Trunk

Fault Analysis

Procedure

Step 1 Disable LACP on RouterB.

1. Run the display current-configuration interface eth-trunk command on RouterA and RouterB. The command outputs show that the Eth-Trunk interfaces on the two ends belong to the same VLAN.

2. Check the connection between the member interfaces. The member interfaces on RouterA are correctly connected to the member interfaces on RouterB.

3. Run the display interface command on RouterA and RouterB to check the status of the member interfaces. All the member interfaces are in Up state.

4. Run the display trunkmembership eth-trunk command on RouterA and RouterB to check the number of member interfaces in the Eth-Trunk. The two ends contain the same number of member interfaces.

5. Run the display mac-address command on RouterA and RouterB to check their MAC address tables. The command outputs show that RouterA learns the MAC address of RouterB, but RouterB does not learn the MAC address of RouterA. The negotiation between the two ends may fail. On the network, LACP is enabled on RouterB, but RouterA uses the manual aggregation mode. RouterA does not respond to the LACP negotiation request sent by RouterB; therefore, the Eth-Trunk is Down.

RouterA and RouterB can ping each other successfully.

----End

Summary

When connecting a Huawei switch to a non-Huawei switch by using an Eth-Trunk, ensure that the two switches use the same link aggregation mode.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

53

RouterB

RouterA

Eth2/0/1 Eth2/0/1

Eth2/0/2 Eth2/0/2

Eth-Trunk 1

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

Two Ends of an Eth-Trunk Cannot Communicate Because They Have Different Numbers of Member Interfaces

Fault Symptom

Figure 3-5 shows the network diagram of an Eth-Trunk.

Figure 3-5 Networking diagram of Eth-Trunk

RouterA and RouterB cannot communicate with each other.

Fault Analysis

Procedure

Step 1 Run the system-view command to enter the system view.

Step 2 Run the interface interface-type interface-number command to enter the interface view.

Step 3 Run the eth-trunk trunk-id command to add Eth2/0/2 to Eth-Trunk 1.

1. Run the display current-configuration interface eth-trunk command on RouterA and RouterB to check the VLANs that the Eth-Trunk interfaces belong to. The command outputs show that the Eth-Trunk interfaces on the two ends belong to the same VLAN.

2. Check the connection between the member interfaces. The member interfaces on RouterA are correctly connected to the member interfaces on RouterB.

3. Run the display interface command on RouterA and RouterB to check the status of the member interfaces. All the member interfaces are in Up state.

4. Run the display trunkmembership eth-trunk command on RouterA and RouterB to check the number of member interfaces. The Eth-Trunk interface on RouterA contains two member interfaces, but the Eth-Trunk interface on RouterB contains only one member interface (Eth2/0/1). The numbers of member interfaces on the two devices are different, so they cannot communicate with each other.

Step 4 Run the return command to return to the user view, and then run the save command to save the

configuration.

After the preceding operations are completed, RouterA and RouterB can communicate with each other.

----End

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

54

Huawei AR2200-S Series Enterprise Routers Troubleshooting 3 Physical Connection and Interfaces

Summary

The two ends of an Eth-Trunk must have the same number of member interfaces; otherwise, the two ends cannot communicate with each other.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

55

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

4 LAN

About This Chapter

4.1 VLAN Troubleshooting

This chapter describes common causes of VLAN faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

4.2 MAC Address Table Troubleshooting

This chapter describes common causes of MAC address table faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

4.3 MSTP Troubleshooting

This chapter describes common causes of MPLS faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

4.4 Transparent Bridging Troubleshooting

This chapter describes common causes of transparent bridging faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

56

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

4.1 VLAN Troubleshooting

This chapter describes common causes of VLAN faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

4.1.1 Users in a VLAN Cannot Communicate with Each Other

This section describes common causes of the communication failure between users in a portbased VLAN, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

Common Causes

This fault is commonly caused by one of the following:

l The link between users is faulty.

l The interfaces connected to the users are shut down manually or the physical interfaces are

damaged.

l The device learns incorrect MAC addresses.

l Port isolation is configured on the device.

l Incorrect static Address Resolution Protocol (ARP) entries are configured on the user

terminals.

l Incorrect mappings between interfaces and MAC addresses are configured on the device.

NOTE

If users in different VLANs cannot communicate with each other, rectify the fault according to the IP Forwarding Troubleshooting.

Troubleshooting Flowchart

Figure 4-1 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

57

Users in a VLAN

cannot

communicate

Are user interfaces

in the VLAN Up?

Are terminal

IP addresses

correct?

Are the

learned MAC

address entries

correct?

Bring the interfaces to

Up state

End

Yes

No

Yes

No

Seek technical

support

No

Yes

Modify terminal IP

addresses

No

Yes

Is VLAN

configuration

correct?

Modify VLAN configuration

Yes

Is the fault

rectified?

Is the fault

rectified?

Is the fault

rectified?

No

Is port isolation

configured?

Disable port isolation

Yes

No

Are static ARP

entries on terminals

correct?

Modify static ARP

entries

Yes

Is the fault

rectified?

Is the fault

rectified?

Seek technical

support

Yes

No

Yes

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Figure 4-1 Troubleshooting flowchart for communication failure between users in a port-based VLAN

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

58

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Troubleshooting Procedure

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Procedure

Step 1 Check that the interfaces connected to the user terminals are in Up state.

Run the display interface interface-type interface-number command in any view to check the status of the interfaces.

l If the interface is in Down state, check for the cause and make the interface Up. The

following table provides the common causes and troubleshooting methods.

Cause Method

The interface was manually shut down.

Run the interface interface-type interface-number command in the system view to enter the interface view, and then run the display this command to check the interface status. If the interface was shut down by using the shutdown command, run the undo shutdown command in the interface view.

The link fails. Replace the cable between the user terminal and the Router.

NOTE

If the user terminal is connected to the Router by using a twisted pair, select a new twisted pair with a proper transmission according to the distance between the user terminal and the Router.

Duplex modes and speeds of the local

Run the speed, duplex, and negotiation auto commands to ensure

that the duplex modes and speeds of the interfaces are the same. and remote interfaces are different.

The interface is

Connect the devices using other idle interfaces. faulty.

l If the interface is Up, go to Step 2.

Step 2 Check whether the IP addresses of user terminals are in the same network segment.

l If they are in different network segments, change the IP addresses of the user terminals.

l If they are in the same network segment, go to Step 3

Step 3 Check that the MAC address entries on the Router are correct.

Run the display mac-address command on the Router to check whether the MAC addresses, interfaces, and VLANs in the learned MAC address entries are correct. If the learned MAC address entries are incorrect, run the undo mac-address mac-address vlan vlan-id command on the interface to delete the current entries so that the Router can learn MAC address entries again.

After the MAC address table is updated, check the MAC address entries again.

l If the MAC address entries are incorrect, go to Step 4.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

59

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

l If the MAC address entries are correct, go to Step 5.

Step 4 Check that the VLAN is properly configured.

l Check the VLAN configuration according to the following table.

Check Item Method

The VLAN has been created.

The interfaces have been added to the VLAN.

Run the display vlan vlan-id command in any view to check whether the VLAN has been created. If not, run the vlan command to create the VLAN.

Run the display vlan vlan-id command in any view to check whether the VLAN contains the interfaces. If not, add the interfaces to the VLAN.

NOTE

If the interfaces are located on different devices, add the interfaces connecting the devices to the VLAN.

l Add an access interface to the VLAN by using either of the

following methods:

NOTE

The default type of a router interface is hybrid. To change the interface type to access, run the port link-type Access command in the interface view.

1. Run the port default vlan command in the interface view.

2. Run the port command in the VLAN view.

l Add a trunk interface to the VLAN.

NOTE

The default type of a router interface is hybrid. To change the interface type to trunk, run the port link-type trunk command in the interface view.

Run the port trunk allow-pass vlan command in the interface view.

l Add a hybrid interface to the VLAN by using either of the

following methods:

NOTE

The default type of a router interface is hybrid. To change the interface type to hybrid, run the port link-type Hybrid command in the interface view.

1. Run the port hybrid tagged vlan command in the interface view.

2. Run the port hybrid untagged vlan command in the interface view.

Connections between interfaces and user terminals

Check the connections between interfaces and user terminals according to the network plan. If any user terminal is connected to an incorrect interface, connect it to the correct interface.

are correct.

After the preceding operations:

– If the MAC address entries are correct, go to Step 5.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

60

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

– If the MAC address entries are incorrect, go to Step 7.

Step 5 Check whether port isolation is configured.

Run the interface interface-type interface-number command in the system view to enter the interface view, and then run the display this command to check whether port isolation is configured on the interface.

l If port isolation is configured, run the undo port-isolate enable command on the interface

to disable port isolation.

l If port isolation is not configured, go to Step 6.

Step 6 Check whether correct static Address Resolution Protocol (ARP) entries are configured on the

user terminals.

l If the static ARP entries are incorrect, modify them.

l If the static ARP entries are correct, go to Step 7.

Step 7 Collect the following information and contact Huawei technical support personnel.

l Results of the preceding troubleshooting procedure

l Configuration file, log file, and alarm file of the AR2200-S

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

4.2 MAC Address Table Troubleshooting

This chapter describes common causes of MAC address table faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

4.2.1 Correct MAC Address Entries Cannot Be Generated

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for the MAC address table fault.

Common Causes

This fault is commonly caused by one of the following:

l The device fails to learn correct MAC address entries because of incorrect configuration.

l The learned MAC addresses are updated frequently because of a loop on the network.

l The MAC address learning function on the interface is disabled.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

61

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

l Blackhole MAC address entries and MAC address learning limit are configured on the

interface.

l The number of learned MAC addresses exceeds the maximum.

Troubleshooting Flowchart

MAC address entries cannot be generated on the device, so Layer 2 forwarding fails.

The troubleshooting roadmap is as follows:

l Check the binding relationship between the outbound interface and the VLAN.

l Check whether a loop occurs on the network.

l Check whether the configurations on the interface conflict or MAC address learning limit

is configured on the interface.

l Check whether the number of learned MAC addresses exceeds the limit.

Figure 4-2 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

62

Bind MAC

address,

interface, and

VLAN correctly

MAC entries

cannot be

generated

Are

configuration

incorrect?

Does loop exist?

End

Is MAC address

learning

disabled?

Is fault

rectified?

No

Remove the loop

No

Is fault

rectified?

Yes

Seek technical

support

Enable MAC

address learning

Is fault

rectified?

Yes

No

Is blackhole

MAC or MAC

learning limit

configured?

Delete blackhole

MAC or MAC

learning limit

Is fault

rectified?

No

Yes

Does

the number of

MAC entries

exceed

limit?

Delete some MAC entries

Is fault

rectified?

No

Yes

No

Yes

No

Yes

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Figure 4-2 Troubleshooting flowchart

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Step 1 Check that the configurations on the interface are correct.

Run the display mac-address command in the system view to check whether the binding relationships between the MAC address, VLAN, and interface are correct.

<Huawei> display mac-address 000f-e207-f2e0

-------------------------------------------------------------------------------

63

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

MAC Address VLAN/Bridge Learned-From Type

------------------------------------------------------------------------------0025-9e80-2494 1/- Eth 2/0/1 dynamic

------------------------------------------------------------------------------Total items displayed = 1

If not, re-configure the binding relationships between the MAC address, VLAN, and interface.

If so, go to Step 2.

Step 2 Check whether a loop on the network causes MAC address flapping.

If a loop exists on the network, use either of the following methods to prevent MAC address flapping:

l Remove the loop from the network.

l Run the loop-detect eth-loop command in the VLAN view to enable the MAC flapping

detection function. The AR2200-S checks whether a MAC address moves from one interface to another in the VLAN. If MAC address flapping occurs, the AR2200-S blocks the interface or MAC address.

If no loop exists, go to Step 3.

Step 3 Check that MAC address learning is enabled.

Check whether MAC address learning is enabled in the interface view and the VLAN view.

[Huawei-Ethernet2/0/1] display this # interface Ethernet2/0/1 mac-address learning disable port hybrid tagged vlan 10 undo negotiation auto # return

[Huawei-vlan10] display this # vlan 10 mac-address learning disable # return

If the command output contains mac-address learning disable, MAC address learning is disabled on the interface or VLAN.

l If MAC address learning is disabled, run the undo mac-address learning disable

command in the interface view or VLAN view to enable MAC address learning.

l If MAC address learning is enabled on the interface, go to Step 4.

Step 4 Check whether any blackhole MAC address entry or MAC address limiting is configured.

If a blackhole MAC address entry or MAC address limiting is configured, the interface discards packets.

1. Run the display mac-address blackhole command to check whether any blackhole MAC address entry is configured.

[Huawei] display mac-address blackhole

M-----------------------------------------------------------------------------

-MAC Address VLAN/Bridge Learned-From Type

------------------------------------------------------------------------------

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

64

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

0001-0001-0001 3333/- - blackhole

------------------------------------------------------------------------------

Total items displayed = 1

If a blackhole MAC address entry is displayed, run the undo mac-address blackhole command to delete it.

2. Run the display this command in the interface view or VLAN view.

l If the command output contains mac-limit maximum, the number of learned MAC

addresses is limited. Run either of the following commands:

– Run the undo mac-limit command in the interface or VLAN view to disable MAC

address limiting.

– Run the mac-limit command in the interface or VLAN view to increase the

maximum number of learned MAC addresses.

l Run the display this command in the interface view. If the command output contains

port-security max-mac-num or port-security enable, the number of secure dynamic

MAC addresses is limited on the interface. Run either of the following commands:

NOTE

By default, the limit on the number of secure dynamic MAC addresses is 1 after port security is enabled.

– Run the undo port-security enable command in the interface view to disable port

security.

– Run the port-security max-mac-num command in the interface view to increase

the maximum number of secure dynamic MAC addresses on the interface.

If the fault persists, go to Step 5.

Step 5 Check whether the number of learned MAC addresses has reached the maximum supported by

the AR2200-S.

Run the display mac-address summary command to check the number of MAC addresses in the MAC address table.

l If the number of learned MAC addresses has reached the maximum, no MAC address entry

can be created. Run the display mac-address command to view MAC address entries.

– If the number of MAC addresses learned on an interface is much more than devices on

the network connected to the interface, the MAC address table may be maliciously updated by an attacker. Check the device connected to the interface:

– If the interface is connected to a device, run the display mac-address command on

the device to view its MAC address table. Locate the interface connected to the malicious user according to the displayed MAC address entries. If the interface that you find is connected to another device, repeat this step until you find the user of the malicious user.

– If the interface is connected to a computer, perform either of the following operations

after obtaining permission of the administrator:

– Disconnect the computer. When the attack stops, connect the computer to the

network again.

– Run the port-security enable command on the interface to enable port security

or run the mac-limit command to set the maximum number of MAC addresses that the interface can learn to 1.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

65

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

– If the interface is connected to a hub, perform either of the following operations:

– Configure port mirroring and use a packet capture tool to observe packets

received by the interface. Analyze the packet types to locate the attacking computer. Disconnect the computer after obtaining permission of the administrator. When the attack stops, connect the computer to the hub again.

– Disconnect computers connected to the hub one by one after obtaining

permission of the administrator. If the fault is rectified after a computer is disconnected, the computer is the attacker. After it stops the attack, connect it to the hub again.

– If the number of MAC addresses on the interface is smaller than or equal to the number

of devices connected to the interface, the number of devices connected to the AR2200S has exceeded the maximum supported by the AR2200-S. Adjust network deployment.

l If the number of MAC addresses has not reached the maximum supported by the AR2200-

S, go to Step 6.

Step 6 Collect the following information and contact Huawei technical support personnel.

l Results of the preceding troubleshooting procedure

l Configuration file, log file, and alarm file of the AR2200-S

----End

Relevant Alarms and Logs

Relevant Alarms

None.

Relevant Logs

None.

4.3 MSTP Troubleshooting

This chapter describes common causes of MPLS faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

4.3.1 MSTP Topology Change Leads to Service Interruption

Common Causes

When the topology on an MSTP network changes, services are interrupted.

This fault is commonly caused by one of the following:

l MSTP is incorrectly configured.

l Physical links flap, triggering a large number of TC messages.

l An MSTP-aware device receives MSTP TC messages from clients or transparently-

transmitted MSTP TC messages.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

66

AR1

Eth2/0/1 Eth2/0/1

Eth2/0/2

Eth2/0/1

AR2

AR3

AR4

Eth2/0/1

Eth2/0/2

Root Switch: AR1

Root Switch: AR2

MSTI1:

MSTI2:

Blocked port

Root Switch: AR1

CIST(MSTI0):

Blocked port

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Troubleshooting Flowchart

Changing MSTP topology leads to service interruption on the network shown in Figure 4-3.

Figure 4-3 Networking diagram of MSTP

The troubleshooting roadmap is as follows:

l Check that the MSTP status is correct.

l Check whether the device has received TC messages.

l Check that no physical interface on the device alternates between Up and Down.

l Check that the MSTP convergence mode is Normal.

Figure 4-4 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

67

MSTP status is

correct?

MSTP recalculation

is performed?

Physical

interface on the device

alternates between Up

and Down?

MSTP

convergence mode is

Normal?

Collect information

Check and modify the

MSTP configuration

Shut down the

flapping interface

Set the MSTP

convergence mode to

Normal

Services are

interrupted or the

device is

disconnected

Yes

No

Seek technical support

Yes

No

End

Is fault rectified?

Yes

No

Yes

No

Seek technical

support

No

Yes

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Figure 4-4 Troubleshooting flowchart for service interruption due to changes in MSTP topology

Troubleshooting Procedure

Procedure

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Step 1 Check the status of interfaces on MSTP devices.

Check the role of each MSTP-enabled port in each instance.

On the network shown in Figure 4-3, there is only one MSTP ring, which means that each instance can have only one blocked interface. Run the display stp brief command on each device to check whether the status of each port is normal.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

68

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Run the display stp brief command in any view to check the MSTP status on AR1. As shown in Figure 4-3, in instances 0 and 1, AR1 functions as a root bridge and all ports on AR1 are designated ports. In instance 2, one port on AR1 is a designated port and the other port is a root port. Both ports are in the Forwarding state.

[AR1] display stp brief MSTID Port Role STP State Protection 0 Ethernet2/0/1 DESI FORWARDING NONE 0 Ethernet2/0/2 DESI FORWARDING NONE 1 Ethernet2/0/1 DESI FORWARDING NONE 1 Ethernet2/0/2 DESI FORWARDING NONE 2 Ethernet2/0/1 ROOT FORWARDING NONE 2 Ethernet2/0/2 DESI FORWARDING NONE

Run the display stp brief command in any view to check the MSTP status on AR2. As shown in Figure 4-3, in instances 2, AR2 functions as a root bridge and all ports on AR2 are designated ports. In other instances, one port on AR2 is a designated port and the other port is a root port. Both of them are in the Forwarding state.

[AR2] display stp brief MSTID Port Role STP State Protection 0 Ethernet2/0/1 ROOT FORWARDING NONE 0 Ethernet2/0/2 DESI FORWARDING NONE 1 Ethernet2/0/1 ROOT FORWARDING NONE 1 Ethernet2/0/2 DESI FORWARDING NONE 2 Ethernet2/0/1 DESI FORWARDING NONE 2 Ethernet2/0/2 DESI FORWARDING NONE

Run the display stp brief command in any view to check the MSTP status on AR3. As shown in Figure 4-3, in instance 2, one port on AR3 is an Alternate port and the other port is a root port. The Alternate port is blocked and in the Discarding state. In other instances, one port on AR3 is a designated port and the other port is a root port. Both of them are in the Forwarding state.

[AR3] display stp brief MSTID Port Role STP State Protection 0 Ethernet2/0/1 DEST FORWARDING NONE 0 Ethernet2/0/2 ROOT FORWARDING NONE 1 Ethernet2/0/1 DEST FORWARDING NONE 1 Ethernet2/0/2 ROOT FORWARDING NONE 2 Ethernet2/0/1 ALTE DISCARDING NONE 2 Ethernet2/0/2 ROOT FORWARDING NONE

Run the display stp brief command in any view to check the MSTP status on AR4. As shown in Figure 4-3, in instance 0, one port on AR4 is an Alternate port and the other port is a root port. The Alternate port is blocked and in the Discarding state. In instance 2, one port on AR4 is a designated port and the other port is a root port. Both of them are in the Forwarding state.

[AR4] display stp brief MSTID Port Role STP State Protection 0 Ethernet2/0/1 ALTE DISCARDING NONE 0 Ethernet2/0/2 ROOT FORWARDING NONE 1 Ethernet2/0/1 ALTE DISCARDING NONE 1 Ethernet2/0/2 ROOT FORWARDING NONE 2 Ethernet2/0/1 DESI FORWARDING NONE 2 Ethernet2/0/2 ROOT FORWARDING NONE

l On the network shown in Figure 4-3, each instance has only one port in the Discarding

state and the other port is in the Forwarding state. If several ports are in the Discarding state, an MSTP calculation error occurs. To solve this problem, go to Step 6.

l If the MSTP status is correct, go to Step 2.

Step 2 Check that the MSTP configuration is correct.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

69

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Run the display stp region-configuration command to view mappings between VLANs and instances.

[AR1] display stp region-configuration Oper Configuration: Format selector :0 Region name :huawei Revision level :0

Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20

l Check whether mappings between VLANs and instances are correct. If the mapping

between a VLAN and an instance is incorrect, run the instance command to map the VLAN to a specified spanning tree instance. Run the active region-configuration command to active the mapping between the VLAN and instance configured by using the instance command.

Run the display current-configuration command to view the MSTP configuration in the configuration file of the device.

l Check whether MSTP is disabled on the interfaces connecting to user terminals or the

interfaces are configured as edge interfaces.

l Check whether interfaces are added to VLANs correctly. For VLAN configurations, see

the chapter "VLAN Configuration" in the AR2200-S Configuration Guide - Ethernetlan.

l If the MSTP configuration is correct, go to Step 3.

Step 3 Check that no MSTP recalculation is performed.

Run the display stp command in any view to check whether the device has received TC messages.

[AR1] display stp

-------[CIST Global Info][Mode MSTP]-------

CIST Bridge :57344.00e0-fc00-1597 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0 .0018-826f-fc7a / 20000 CIST RegRoot/IRPC :57344.00e0-fc00-1597 / 0 CIST RootPortId :128.2 BPDU-Protection :disabled

TC or TCN received :0 TC count per hello :0

STP Converge Mode :Normal Time since last TC :2 days 14h:16m:15s

-------[MSTI 1 Global Info]-------

MSTI Bridge ID :4096.00e0-fc00-1597 MSTI RegRoot/IRPC :4096.00e0-fc00-1597 / 0 MSTI RootPortId :0.0 Master Bridge :57344.00e0-fc00-1597 Cost to Master :0

TC received :0 TC count per hello :2

l If values of the TC or TCN received, TC count per hello, TC received, and TC count per

hello fields in the command output increase, the device has received TC messages and the network topology has changed. In this case, you need to view log messages MSTP/6/ SET_PORT_DISCARDING and MSTP/6/SET_PORT_FORWARDING to check whether the role of an MSTP-enabled port changes.

– If the port role does not change, go to Step 4.

– If the port role changes, go to Step 6.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

70

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

l If the values in the TC or TCN received, TC count per hello, TC received, and TC count

per hello fields in the command output are 0s, it indicates that the device does not receive any TC message. In this case, contact Huawei technical support personnel.

Step 4 Check that no interface on the device alternates between Up and Down.

View the log message IFNET/4/IF_STATE to check whether an MSTP-enabled port alternates between Up and Down.

l If an MSTP-enabled interface alternates between Up and Down, it indicates that the

interface flaps. If a physical interface frequently alternates between Up and Down, the MSTP status of the device on the network will become unsteady. As a result, a large number of TC messages are generated; ARP entries and MAC entries are frequently deleted; services are interrupted. Run the shutdown command on the flapping interface. If services are not restored after the flapping interface is shut down, go to Step 5.

l If no interface flaps, go to Step 5.

Step 5 Check that the MSTP convergence mode is Normal.

Run the display stp command in any view to check the MSTP convergence mode of the device.

[AR1] display stp

-------[CIST Global Info][Mode MSTP]-------

CIST Bridge :57344.00e0-fc00-1597 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0 .0018-826f-fc7a / 20000 CIST RegRoot/IRPC :57344.00e0-fc00-1597 / 0 CIST RootPortId :128.2 BPDU-Protection :disabled TC or TCN received :0 TC count per hello :0

STP Converge Mode :Normal

Time since last TC :2 days 14h:16m:15s

-------[MSTI 1 Global Info]-------

MSTI Bridge ID :4096.00e0-fc00-1597 MSTI RegRoot/IRPC :4096.00e0-fc00-1597 / 0 MSTI RootPortId :0.0 Master Bridge :57344.00e0-fc00-1597 Cost to Master :0 TC received :0 TC count per hello :2

l If the convergence mode is Normal, go to Step 6.

l If the convergence mode is Fast, run the stp converge normal command to change the

convergence mode to Normal. If services are not restored after the convergence mode is changed, go to Step 6.

Step 6 Collect the following information and contact Huawei technical support personnel.

l Results of the preceding troubleshooting procedure

l Configuration files, log files, and alarm files of the device

----End

Relevant Alarms and Logs

Relevant Alarms

MSTP_1.3.6.1.4.1.2011.5.25.42.4.2.1 hwMstpiPortStateForwarding

MSTP_1.3.6.1.4.1.2011.5.25.42.4.2.2 hwMstpiPortStateDiscarding

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

71

RouterA

Eth2/0/3 Eth2/0/4

VLAN11

Eth2/0/0 Eth2/0/1

Bridge-if1

Bridge-if2

VLAN12

GE0/0/0

User 4

1.1.1.4/24

User 5

1.1.1.5/24

User 1

1.1.1.1/24

User 2

1.1.1.2/24

User 3

1.1.1.3/24

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

MSTP_1.3.6.1.2.1.17.0.2 topologyChange

Relevant Logs

MSTP/6/RECEIVE_MSTITC

VOSCPU/4/CPU_USAGE_HIGH

4.4 Transparent Bridging Troubleshooting

This chapter describes common causes of transparent bridging faults, and provides the corresponding troubleshooting flowcharts, troubleshooting procedures, alarms, and logs.

4.4.1 Layer 2 Traffic Forwarding in a Bridge Group Fails

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for a Layer 2 traffic forwarding failure within a bridge group.

Common Causes

Figure 4-5 Networking diagram for local bridging

As shown in Figure 4-5, Users 1, 2, 3, 4, and 5 belong to the same network segment but different VLANs. Local bridging is configured to allow users in VLAN 11 to communicate with User 3 but to be isolated from users in VLAN 12. That is, users that need to communicate with each other are added to the same bridge group, whereas users that do not need to communicate with each other are added to different bridge groups. The problem is that users in different bridge groups can be isolated from each other, but those in the same bridge group cannot communicate with each other. This fault is commonly caused by one of the following:

l Physical interfaces fail to be added to bridge groups.

l Member interfaces in bridge groups become faulty.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

72

Layer 2 traffic

forwarding in a

bridge group fails

Are member

interfacesin bridge

groups Up?

Troubleshoot

member

interfaces

Seek technical

support

Yes

No

Collect debugging

information

No

End

Yes

Are there

member interfaces in

bridge groups?

Add physical

interfaces to

bridge groups

Is fault

rectified?

Yes

No

Is fault

rectified?

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Troubleshooting Flowchart

Figure 4-6 shows the troubleshooting flowchart.

Figure 4-6 Troubleshooting flowchart for a Layer 2 traffic forwarding failure within a bridge

group

Troubleshooting Procedure

Context

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

Step 1 Check that every bridge group has member interfaces.

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Use Router A as an example. Run the display bridge information command on Router A to check whether the bridge group has member interfaces.

<RouterA> display bridge information Bridge 1 : Status : Undo Shutdown Bridging : IP, Others Routing : MAC learning : Enable interface :total 2 interface(s) in the bridge GigabitEthernet0/0/0 : Up

73

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Vlanif11 : Up Bridge 2 : Status : Undo Shutdown Bridging : IP, Others Routing : MAC learning : Enable interface :total 1 interface(s) in the bridge Vlanif12 : Up

l If the bridge group does not have any member interfaces, add physical interfaces to the

bridge group.

For details on how to add physical interface to a bridge group, see the chapter "Transparent Bridge Configuration" in the AR2200-S Configuration Guide - LAN.

l If the bridge group has member interfaces, go to Step 2.

Step 2 Check that member interfaces in each bridge group are Up.

Use Router A as an example. Run the display bridge information command on Router A to check the member interface status in the bridge group on Router A.

<RouterA> display bridge information Bridge 1 : Status : Undo Shutdown Bridging : IP, Others Routing : MAC learning : Enable interface :total 2 interface(s) in the bridge GigabitEthernet0/0/0 : Up Vlanif11 : Up Bridge 2 : Status : Undo Shutdown Bridging : IP, Others Routing : MAC learning : Enable interface :total 1 interface(s) in the bridge Vlanif12 : Up

l If any member interface is Down, troubleshoot the member interfaces in the bridge group.

For example, check whether the interface is up and the protocol configuration is correct.

l If all member interfaces are Up, go to Step 3.

Step 3 Collect the following information and contact Huawei technical support personnel:

l Results of the preceding troubleshooting procedure

l Configuration, log, and alarm files

----End

Relevant Alarms and Logs

Relevant Alarms

None

Relevant Logs

None

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

74

RouterA

Eth2/0/1

Eth1/0/0

RouterB

User 4User 1 User 2

1.1.1.1/24 1.1.1.2/24 2.1.1.4/24

Network

Eth2/0/0

Enterprise A Enterprise C

Eth2/0/1

Eth2/0/0

Bridge-if1

Bridge-if2

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

4.4.2 Traffic Forwarding in IP Routing of Bridge Groups Fails

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for a traffic forwarding failure in a network configured with IP routing of bridge groups.

Common Causes

Figure 4-7 Networking diagram for IP routing of bridge groups

As shown in Figure 4-7, Enterprise A and Enterprise C are on different network segments. To allow the two enterprises to communicate with each other, IP routing has been configured for bridge groups. The enterprises, however, cannot communicate with each other. This fault is commonly caused by one of the following:

l Physical interfaces fail to be added to bridge groups.

l Member interfaces in bridge groups become faulty.

l Routes between the two enterprises are unreachable.

Troubleshooting Flowchart

Figure 4-8 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

75

Traffic forwarding in

IP routing of bridge groups

fails

Are Bridge-if

interfaces Up?

Check member

interfaces in bridge

groups and rectify the

fault

Is fault

rectified?

Are routes reachable?

Is fault

rectified?

Seek technical

support

Yes

No

Yes

Enable IP routing for

bridge groups and

configure IP

addresses for Bridge-if

interfaces correctly

Collect debugging

information

No

End

Are

network-side

interfaces added to

the same bridge

group?

Is fault

rectified?

No

Yes

Add network-side

interfaces to the same

bridge group

No

Yes

Are there

member interfaces

in bridge groups?

Add physical

interfaces to bridge

groups

Is fault

rectified?

Yes

No

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

Figure 4-8 Troubleshooting flowchart for a traffic forwarding failure in a network configured with IP routing of bridge groups

Troubleshooting Procedure

Procedure

Step 1 Check that every bridge group has member interfaces.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

NOTE

Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Use Router A as an example. Run the display bridge information command on Router A to check whether the bridge group on Router A has member interfaces.

76

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

<RouterA> display bridge information Bridge 1 : Status : Undo Shutdown Bridging : IP, Others Routing : IP MAC learning : Enable interface :total 2 interface(s) in the bridge Ethernet1/0/0 : Up Ethernet2/0/0 : Up Bridge 2 : Status : Undo Shutdown Bridging : IP, Others Routing : IP MAC learning : Enable interface :total 1 interface(s) in the bridge Ethernet2/0/1 : Up

l If the bridge group does not have any member interfaces, add physical interfaces to the

bridge group as shown in Figure 4-7.

For details on how to add physical interface to a bridge group, see the chapter "Transparent Bridge Configuration" in the AR2200-S Configuration Guide - LAN.

l If the bridge group has member interfaces, go to Step 2.

Step 2 Check that every Bridge-if interface is Up.

Use Router A as an example. Run the display interface bridge-if command on Router A to check the Bridge-if interface status.

<RouterA> display interface bridge-if Bridge-if1 current state : UP

Line protocol current state : UP Last line protocol up time : 2011-01-07 15:13:49 UTC-08:00 Description:HUAWEI, AR Series, Bridge-if1 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is 1.1.1.3/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-057a-a000 Physical is BRIDGE-IF Current system time: 2011-01-07 15:27:12-08:00 Last 300 seconds input rate 0 bits/sec, 0 packets/sec Last 300 seconds output rate 0 bits/sec, 0 packets/sec Realtime 24 seconds input rate 0 bits/sec, 0 packets/sec Realtime 24 seconds output rate 0 bits/sec, 0 packets/sec Input: 11 packets,0 bytes, 10 unicast,1 broadcast,0 multicast 0 errors,0 drops,0 unknownprotocol Output:13 packets,0 bytes, 11 unicast,2 broadcast,0 multicast 0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00%

Bridge-if2 current state : UP

Line protocol current state : UP Last line protocol up time : 2011-01-07 15:25:34 UTC-08:00 Description:HUAWEI, AR Series, Bridge-if2 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is 2.2.2.3/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-057a-a000 Physical is BRIDGE-IF Current system time: 2011-01-07 15:27:12-08:00 Last 300 seconds input rate 0 bits/sec, 0 packets/sec Last 300 seconds output rate 0 bits/sec, 0 packets/sec Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec Input: 139 packets,0 bytes, 0 unicast,0 broadcast,0 multicast 0 errors,0 drops,0 unknownprotocol Output:140 packets,0 bytes, 0 unicast,0 broadcast,0 multicast

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

77

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

0 errors,0 drops Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00%

l If the Bridge-if interface is Down, troubleshoot the member interfaces in the bridge group.

For example, check whether the interface is up and the protocol configuration is correct.

l If the Bridge-if interface is Up, go to Step 3.

Step 3 Check that the routes between different bridge groups are reachable.

Run the Ping command on Router A to check whether different bridge groups can ping each other successfully.

l If the ping fails, go to Step 4.

l If the ping succeeds, go to Step 5.

Step 4 Check that IP routing is enabled for the bridge group.

Run the display bridge information command on Router A to check information about the configured bridge group.

<RouterA> display bridge information Bridge 1 : Status : Undo Shutdown Bridging : IP, Others Routing : IP MAC learning : Enable interface :total 2 interface(s) in the bridge Ethernet1/0/0 : Up Ethernet2/0/0 : Up Bridge 2 : Status : Undo Shutdown Bridging : IP, Others Routing : IP MAC learning : Enable interface :total 1 interface(s) in the bridge Ethernet2/0/1 : Up

l If IP routing is not enabled for the bridge group, run the routing ip command in the bridge

group view to enable IP routing.

l If IP routing has been enabled for the bridge group, check whether the IP address is correctly

configured for the Bridge-if interface. For details, see the chapter "The Ping Operation Fails" in the AR2200-S Troubleshooting - IP Forwarding and Routing.

If different bridge groups still cannot ping each other successfully after the preceding steps are complete, go to Step 5.

Step 5 Check that the network-side interfaces on Router A and Router B are added to the same bridge

group.

Run the display this command on Router A and Router B to check the configuration on network- side interfaces.

# Check the network-side interface configuration on Router A.

<RouterA> system-view [RouterA] interface ethernet2/0/1 [RouterA-Ethernet2/0/1] display this # interface Ethernet2/0/1 bridge 2 undo shutdown # return

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

78

Huawei AR2200-S Series Enterprise Routers Troubleshooting 4 LAN

# Check the network-side interface configuration on Router B.

<RouterB> system-view [RouterB] interface ethernet2/0/1 [RouterB-Ethernet2/0/1] display this # interface Ethernet2/0/1 bridge 2 undo shutdown # return

l If the network-side interfaces on Router A and Router B are added to the same bridge group,

go to Step 6.

l If the network-side interfaces on Router A and Router B are not added to the same bridge

group, see the chapter "Transparent Bridge Configuration" in the AR2200-S Configuration Guide - LAN Access and MAN Access to add the network-side interfaces to the same bridge group.

Step 6 Collect the following information and contact Huawei technical support personnel.

l Results of the preceding troubleshooting procedure

l Configuration, log, and alarm files

----End

Relevant Alarms and Logs

Relevant Alarms

None

Relevant Logs

None

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

79

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

5 WAN

About This Chapter

5.1 E1/T1 Troubleshooting

5.2 FR Troubleshooting

5.3 MFR Troubleshooting

5.4 DCC Troubleshooting

5.5 ISDN Troubleshooting

5.6 PPPoE Troubleshooting

5.7 PPP Troubleshooting

5.8 xDSL Troubleshooting

This chapter describes how to locate and troubleshoot common xDSL faults with examples.

5.9 3G Troubleshooting

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

80

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

5.1 E1/T1 Troubleshooting

5.1.1 E1/T1 Interface in Up State Fails to Correctly Send and Receive Data

Common Causes

This fault occurs in the following situations:

l No data is sent or received on the serial interface.

l Data is incorrectly sent or received on the serial interface.

This fault is commonly caused by one of the following:

l The CPLD logic version of the E1/T1 board is incorrect.

l Timeslots of the remote interface are incorrectly bound.

Troubleshooting Flowchart

Figure 5-1 shows the troubleshooting flowchart.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

81

Ensure that

configurations of

physical interfaces

on both ends are

the same

E1/T1 interface in Up state fails to correctly

send and receive data

No

Yes

End

Is fault

rectified?

No

Ensure that

configurations of

serial interfaces on

both ends are the

same

No

Is fault

rectified?

Yes

Seek technical support

Undo shut down

the serial interface

Is fault

rectified?

Yes

No

Reset the serial

interface

Is fault

rectified?

Ensure that the

cable is properly

connected to the

serial interface

No

Yes

Is fault

rectified?

No

Yes

No

Are

configurations of

physical interfaces on

both ends the

same?

Are

configurations of

serial interfaces on

both ends the

same

Is the physical

status of the serial

interface Up?

Is the serial interface

sending data?

Does the serial

interface receive error

packets?

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

Figure 5-1 E1/T1 interface in Up state failing to correctly send and receive data

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

NOTE

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Step 1 Check that the local and remote interfaces have the same configurations.

Run the display this command in the controller interface view to check the controller interface configuration.

[Huawei]controller e1 1/0/0 [Huawei-E1 1/0/0]display this [V200R001C00B000] # controller E1 1/0/0

82

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

channel-set 0 timeslot-list 1 frame-format crc4 clock master # return

Check whether physical attributes of the local and remote controller interfaces are the same. For example, check whether their frame formats are both CRC4, whether their encoding and decoding modes are both HDB3, whether both of them are configured not to invert data, and whether their timeslots bound to form a channel are the same. In addition, check whether the two controller interfaces are configured to work in master clock mode and slave clock mode respectively.

l If the two controller interfaces have different configurations or frequently alternate between

Up and Down states, reconfigure the two interfaces.

l If the two controller interfaces have the same configurations and remain Up, go to step 2.

Step 2 Check that the local and remote serial interfaces have the same configurations.

Run the display this command in the serial interface view to check the serial interface configuration.

[Huawei-E1 1/0/0]int serial 1/0/0:0 [Huawei-Serial1/0/0:0]display this [V200R001C00B000] # interface Serial1/0/0:0 link-protocol ppp timer hold 0 ip address 1.1.1.2 255.255.255.0 # return

Check whether the two serial interfaces have the same protocol configurations and physical attributes, whether they are encapsulated with PPP, and whether they use the default 16-bit CRC. Check whether they have been shut down.

NOTE

If interfaces on both ends have different CRC configurations, communication between them will fail because of CRC errors.

l If the two serial interfaces have different configurations, reconfigure them.

l If the two serial interfaces have the same configurations but cannot correctly send or receive

data, go to step 3.

Step 3 Check whether the local and remote serial interfaces are sending and receiving data.

Run the display this interface command in the serial interface view to check the serial interface status.

[Huawei-Serial1/0/0:0] display this interface Serial1/0/0:0 current state : UP Line protocol current state : UP Last line protocol up time : 2008-01-08 02:59:55 UTC-05:13 Description:HUAWEI, AR Series, Serial1/0/0:0 Interface Route Port,The Maximum Transmit Unit is 1500, Hold timer is 0(sec) Derived from E1 1/0/0, Timeslot(s) Used: 1, baudrate is 64000 bps Internet Address is 1.1.1.2/24 Link layer protocol is PPP LCP opened, IPCP opened Last physical up time : 2008-01-08 02:59:52 UTC-05:13 Last physical down time : 2008-01-07 22:40:43 UTC-05:13 Current system time: 2008-01-08 03:33:42-05:13

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

83

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

Last 300 seconds input rate 213795 bytes/sec 1710360 bits/sec 4276 packets/sec Last 300 seconds output rate 213796 bytes/sec 1710368 bits/sec 4276 packets/sec Input: 140727 packets, 12665430 bytes length errors: 0, giants: 0 CRC: 0, align errors: 0 aborts: 0, no buffers: 0 Output: 0 packets, 0 bytes too long errors: 0

Input bandwidth utilization : 0.00% Output bandwidth utilization : 0.00%

l Check whether the two serial interfaces are sending data. If they are not sending data, upper-

layer negotiation packets are not sent. Run the shutdown or undo shutdown command on them to enable the upper layer to send packets.

l If the two serial interfaces are sending and receiving data, go to step 4.

Step 4 Check whether the local and remote serial interfaces have sent and received error packets.

Run the display this interface command in the serial interface view to check the serial interface status.

[Huawei-Serial1/0/0:0] display this interface Serial1/0/0:0 current state : UP Line protocol current state : UP Last line protocol up time : 2011-03-24 13:52:40 Description:HUAWEI, AR Series, Serial1/0/0:0 Interface Route Port,The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Derived from E1 4/0/0, Timeslot(s) Used: 1-31, baudrate is 1984000 bps Internet Address is 192.168.22.2/24 Link layer protocol is PPP LCP opened, IPCP opened Last physical up time : 2011-03-24 13:46:02 Last physical down time : 2011-03-24 13:46:02 Current system time: 2011-03-24 14:03:31 Last 300 seconds input rate 213795 bytes/sec 1710360 bits/sec 4276 packets/sec Last 300 seconds output rate 213796 bytes/sec 1710368 bits/sec 4276 packets/sec

Input: 2779788 packets, 138980787 bytes length errors: 0, giants: 0 CRC: 1, align errors: 0 aborts: 0, no buffers: 1 Output: 2780617 packets, 139022246 bytes too long errors: 0

Input bandwidth utilization : 86.21% Output bandwidth utilization : 86.21%

l Check whether the two serial interfaces have received a large number of CRC error packets.

If so, check whether the cable between them is properly installed.

l If the fault persists after the cable is properly installed, go to step 5.

Step 5 Collect the following information and contact Huawei technical support personnel.

l Results of the preceding troubleshooting procedure

l Configuration files, log files, and alarm files of the device

----End

Relevant Alarms and Logs

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

84

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

Relevant Alarms

l Controller interface Up alarm: Nov 28 2007 21:13:47+08:00 AR2220 %%01IFPDT/4/

IF_STATE(l)[4]:Interface E1 1/0/0 has turned into UP state.

l Controller interface Down alarm: Nov 28 2007 21:13:41+08:00 AR2220 %%01IFPDT/4/

IF_STATE(l)[0]:Interface E1 1/0/0 has turned into DOWN state.

l Serial interface Up alarm: May 11 2011 17:21:30 AR2220 %%01IFNET/4/LINK_STATE

(l)[3332]:The line protocol PPP IPCP on the interface Serial1/0/0:0 has entered the UP state.

l Serial interface Down alarm: May 11 2011 17:21:26 AR2220 %%01IFNET/4/

LINK_STATE(l)[3330]:The line protocol PPP IPCP on the interface Serial41/0/0:0 has entered the DOWN state.

Relevant Logs

None

5.2 FR Troubleshooting

5.2.1 Local Device Fails to Ping the Remote Device When the Link Protocol Status of Their Connected FR Interfaces Is Up

Common Causes

A ping failure may occur in the following scenarios:

l Basic FR is configured.

l A PVC group is configured.

This fault is commonly caused by one of the following:

l In the scenario where basic FR is configured:

1. No IP address is assigned to the interface.

2. The mapping between the PVC and peer IP address is not generated.

3. The mapping between the PVC and peer IP address is generated but no route is

generated.

l In the scenario where a PVC group is configured:

1. No priority is configured for PVCs in the PVC group.

2. The default PVC is not specified in the PVC group and some priorities are not

configured for PVCs in the PVC group.

NOTE

If a ping operation is performed between two indirectly connected devices, check whether static routes are configured on the two devices in addition to checking the preceding items.

Troubleshooting Flowchart

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

85

Configure a PVC

on the interface

A ping failure occurs

when the link protocol

status of two FR

interfaces is Up

No

Yes

End

Is fault

rectified?

No

Delete

unnecessary PVCs

Yes

No

Is fault

rectified?

No

Seek technical support

Assign IP

addresses to the

interfaces

Is fault

rectified?

Yes

No

Is InARP enabled? Enable InARP

Is fault

rectified?

Configure the

mapping

No

Yes

Is fault

rectified?

No

Yes

No

Configure

reachable routes

Is fault

rectified?

No

Yes

YesNo

Is a PVC

configured on the

DCE-side interface?

Does

the number

of PVCs on the DTE-side

interface reach the

threshold?

Are IP addresses

assigned to interfaces

on both ends?

Is the mapping

between the PVC and

peer IP address

generated?

Do both ends have

reachable routes to

each other?

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

Figure 5-2 shows the troubleshooting flowchart in the scenario where basic FR is configured.

Figure 5-2 Troubleshooting flowchart for a ping failure when basic FR is configured

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

Figure 5-3 shows the troubleshooting flowchart in the scenario where a PVC group is

configured.

86

Check the

physical status of

the interfaces

A ping failure occurs

when the link protocol

status is Up

No

Yes

End

Is fault

rectified?

No

Yes

No

Is fault

rectified?

No

Seek technical support

Yes

Is the PVC

group status of

interfaces Active?

Are all the

priorities in a PVC

group configured for

PVCs?

Configure

priorities for

PVCs

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

Figure 5-3 Troubleshooting flowchart for a ping failure when a PVC group is configured

Troubleshooting Procedure

Procedure

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

NOTE

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

l In the scenario where basic FR is configured:

1. Check that a PVC is configured on the DTE-side interface.

Run the display fr pvc-info interface serial command in the system view to check whether there is PVC information.

[Huawei]display fr pvc-info interface Serial 2/0/0:2 PVC statistics for interface Serial2/0/0:2 (DTE, physical UP) DLCI = 300, USAGE = UNUSED (00000000), Serial2/0/0:2 create time = 2008/01/03 19:05:54, status = ACTIVE InARP = Enable, PVC-GROUP = NONE in packets = 0, in bytes = 0 out packets = 0, out bytes = 0

– If no PVC information is displayed, no PVC exists on the interface. Configure the

PVC on the DCE-side interface. If you are sure that the PVC exists on the DCEside interface, you can also configure PVC on the DTE-side interface.

– If the value of the status field is INACTIVE, there is a possibility that no PVC

exists on the DCE-side interface. Configure the PVC on the DCE-side interface.

– If the value of the status field is ACTIVE, the PVC functions properly. Go to step

2.

87

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

NOTE

If a sub-interface is configured on the DTE-side interface, configure a DLCI for the subinterface.

2. Check that the number of PVCs configured on the DTE-side interface does not exceed

the threshold.

Run the display fr pvc-info command on the DTE-side interface to check the configured PVCs.

[Huawei]display fr pvcinfo

PVC statistics for interface Serial2/0/0:2 (DTE, physical UP) DLCI = 300, USAGE = UNUSED (00000000), Serial2/0/0:2 create time = 2008/01/03 19:05:54, status = ACTIVE InARP = Enable, PVC-GROUP = NONE in packets = 0, in bytes = 0 out packets = 0, out bytes = 0

If the number of configured PVCs has reached the threshold, no more PVCs can be created. The AR2200-S supports a maximum of 512 PVCs.

– If the number of configured PVCs has exceeded the threshold, delete unnecessary

PVCs.

– If the number of configured PVCs does not exceed the threshold, go to step 3.

3. Check that IP addresses have been assigned to interfaces on both ends.

Run the display this command in the FR interface view to check whether an IP address is assigned to the interface.

[Huawei-Serial2/0/0:2]display this [ V200R001C00B110] # interface Serial2/0/0:2 link-protocol fr ip address 7.7.7.2

255.255.255.0 # return

– If no IP address is assigned to the interface, assign an IP address to this interface.

– If an IP address has been assigned to the interface, go to step 4.

4. Check that InARP is enabled on the interface.

Run the display this command on the interface to check the interface configuration.

[Huawei-Serial2/0/0:2]display this [ V200R001C00B110] # interface Serial2/0/0:2 link-protocol

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

88

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

fr undo fr inarp ip address 7.7.7.2

255.255.255.0 # return

– If the undo fr inarp command has been run on the interface, InARP has been

disabled on the interface. Run the fr inarp on the interface to enable InARP.

– If InARP has been enabled on the interface, go to step 5.

5. Check that the mapping between the PVC and peer address has been generated.

Run the display fr map-info command to check whether the mapping between the PVC and peer address is generated.

[Huawei-Serial2/0/0:2]display fr mapinfo Map Statistics for interface MFR0/0/0 (DCE) DLCI = 100, bridge 1, MFR0/0/0 create time = 2008/01/03 18:25:22, status = ACTIVE encapsulation = ietf, vlink = 0, broadcast Map Statistics for interface Serial2/0/0:2 (DTE) DLCI = 300, IP INARP 7.7.7.1, Serial2/0/0:2 create time = 2008/01/04 15:19:45, status = ACTIVE encapsulation = ietf, vlink = 9, broadcast

– If no mapping is generated, configure the mapping between the PVC and peer

address.

– If the mapping has been generated, go to step 6.

6. Check that both ends have reachable routes to each other.

Run the display fib command to check the routing table.

[Huawei-Serial2/0/0:0]display this [ V200R001C00B130] # interface Serial2/0/0:0 link-protocol fr fr interface-type dce fr dlci 22 ip address 7.7.7.2

255.255.255.0 # return [Huawei-Serial2/0/0:0]display fib Route Flags: G - Gateway Route, H - Host Route, U - Up Route S - Static Route, D - Dynamic Route, B - Black Hole Route

-------------------------------------------------------------------------

----- FIB Table:

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

89

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

Total number of Routes : 17

Destination/Mask Nexthop Flag TimeStamp Interface TunnelID

7.7.7.1/32 7.7.7.1 HU t[2917] S2/0/0:0 0x0

7.7.7.255/32 127.0.0.1 HU t[2907] InLoop0 0x0

7.7.7.2/32 127.0.0.1 HU t[2907] InLoop0 0x0

50.1.1.255/32 127.0.0.1 HU t[2519] InLoop0 0x0

50.1.1.1/32 127.0.0.1 HU t[2519] InLoop0 0x0

192.168.0.255/32 127.0.0.1 HU t[495] InLoop0 0x0

192.168.0.23/32 127.0.0.1 HU t[495] InLoop0 0x0

36.1.1.255/32 127.0.0.1 HU t[492] InLoop0 0x0

36.1.1.2/32 127.0.0.1 HU t[492] InLoop0 0x0

255.255.255.255/32 127.0.0.1 HU t[484] InLoop0 0x0

127.255.255.255/32 127.0.0.1 HU t[484] InLoop0 0x0

127.0.0.1/32 127.0.0.1 HU t[484] InLoop0 0x0

127.0.0.0/8 127.0.0.1 U t[484] InLoop0 0x0

36.1.1.0/24 36.1.1.2 U t[492] VT3 0x0

192.168.0.0/24 192.168.0.23 U t[495] GE0/0/0 0x0

50.1.1.0/24 50.1.1.1 U t[2519] S2/0/1:15 0x0

7.7.7.0/24 7.7.7.2 U t[2907] S2/0/0:0 0x0

In the command output, the local IP address is 7.7.7.2, the peer IP address is 7.7.7.1, and the information in bold indicates the correct routing entry.

– If the preceding routing entry is not displayed, configure this route.

– If the preceding routing entry is displayed, go to step 7.

7. Collect the following information and contact Huawei technical support personnel.

– Results of the preceding troubleshooting procedure

– Configuration files, log files, and alarm files of the device

l In the scenario where a PVC group is configured:

1. Check that the PVC group status of FR interfaces on both ends is Active.

Run the display fr pvc-group command to check the PVC group status.

[Huawei-Serial2/0/0:0]display fr pvcgroup PVC-GROUP-name State TosType INARP Interface Type PhyStatus 1 Active PRECEDENCE Enable Serial2/0/0:0 DTE Up

– If the PVC group status is not displayed as Active, check the physical status of the

interfaces.

– If the PVC group status has been displayed as Active, go to step 2.

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

90

Huawei AR2200-S Series Enterprise Routers Troubleshooting 5 WAN

2. Check that all the priorities in a PVC group are configured for PVCs in the PVC group.

Run the display this command in the interface view to check the interface configuration.

[Huawei-Serial2/0/0:0]display this interface Serial2/0/0:0 link-protocol fr fr pvc-group 1 fr dlci 22 fr dlci 33 fr ip precedence 22 0 4 fr ip precedence 33 default ip address 7.7.7.2

255.255.255.0 # return

NOTE

Two types of priorities are available for IP packets: IP precedence and DSCP. The IP preference value ranges from 0 to 7, and the DSCP value ranges from 0 to 63. If no default PVC is specified, all the priorities need to be configured for PVCs in a PVC group. Only one type of priority (either the IP precedence or DSCP) can be configured for PVCs in a PVC group.

– If some priorities in the PVC group are not configured for PVCs in the PVC group,

reconfigure priorities for PVCs.

– If all the priorities have been configured for PVCs in the PVC group, go to step 3.

3. Collect the following information and contact Huawei technical support personnel.

– Results of the preceding troubleshooting procedure

– Configuration files, log files, and alarm files of the device

----End

Relevant Alarms and Logs

Relevant Alarms

When the link protocol status of an FR interface alternates between Up and Down states, the following alarms are generated:

FR/4/TRAP:OID 1.3.6.1.2.1.10.32.0.1 Interface 9 DLCI 22 turns into 2 state (invalid(1), active (2),inactive(3)).

%%01IFNET/4/LINK_STATE(l)[3]:The line protocol on the interface Serial1/0/0:0 has entered the UP state.

Relevant Logs

None

Issue 01 (2012-01-06) Huawei Proprietary and Confidential

91

Huawei V200R001C01, AR2200-S Troubleshooting Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

About This Document

Contents

1 Hardware

1.1 Board Registration Troubleshooting

1.1.1 A Board Fails to Be Registered

2 System

2.1 CPU Troubleshooting

2.1.1 CPU Usage Is High

2.2 Telnet Troubleshooting

2.2.1 The User Fails to Log in to the Server Through Telnet

2.3 SSH Troubleshooting

2.3.1 The User Fails to Log in to the Server Through SSH

2.4 Mirroring Troubleshooting

2.4.1 Monitoring Device Does Not Receive Any Mirrored Packet After Port Mirroring Is Configured

2.4.2 Monitoring Device Does Not Receive Any Mirrored Packets After Traffic Mirroring Is Configured

2.4.3 Troubleshooting Cases

2.5 SNMP Troubleshooting

2.5.1 An SNMP Connection Cannot Be Established

2.5.2 The NMS Fails to Receive Trap Messages from the Host

2.6 NQA Troubleshooting

2.6.1 A UDP Jitter Test Instance Fails to Be Started

2.6.2 A Drop Record Exists in the UDP Jitter Test Result

2.6.3 A Busy Record Exists in the UDP Jitter Test Result

2.6.4 A Timeout Record Exists in the UDP Jitter Test Result

2.6.5 The UDP Jitter Test Result Is "Failed", "No Result" or "Packet Loss"

2.7 NTP Troubleshooting

2.7.1 The Clock Is Not Synchronized

2.8 CWMP Troubleshooting

2.8.1 Failed to Manage AR2200-S Using CWMP

3 Physical Connection and Interfaces

3.1 Eth-Trunk Interface Troubleshooting

3.1.1 Eth-Trunk Interface Cannot Forward Traffic

3.1.2 Troubleshooting Cases

4 LAN

4.1 VLAN Troubleshooting

4.1.1 Users in a VLAN Cannot Communicate with Each Other

4.2 MAC Address Table Troubleshooting

4.2.1 Correct MAC Address Entries Cannot Be Generated

4.3 MSTP Troubleshooting

4.3.1 MSTP Topology Change Leads to Service Interruption

4.4 Transparent Bridging Troubleshooting

4.4.1 Layer 2 Traffic Forwarding in a Bridge Group Fails

4.4.2 Traffic Forwarding in IP Routing of Bridge Groups Fails

5 WAN

5.1 E1/T1 Troubleshooting

5.1.1 E1/T1 Interface in Up State Fails to Correctly Send and Receive Data

5.2 FR Troubleshooting

5.2.1 Local Device Fails to Ping the Remote Device When the Link Protocol Status of Their Connected FR Interfaces Is Up