ZyXEL XS 3700-24, XS 1920-12, XS 3900-48 Troubleshooting Manual
1/132
www.zyxel.com
Switch Series
ES 3500 Series
GS 1920 Series / 2210 Series / 3700 Series
XGS 2210 Series / 3700 Series / 4500 Series
XS 1920-12 / 3700-24/ 3900-48
Firmware Version 4.00~4.30
Edition 1, 9/2016
Troubleshooting Guide
Default Login Details
LAN Port IP Address
https://192.168.1.1
User Name
admin
Password
1234
2/132
www.zyxel.com
1! How%to%Troubleshoot%Switch%Related%Issues%......................................................%3!
2! Symptom%of%Troubleshooting%...........................................................................%7!
3! Basic%Information%.............................................................................................%9!
4! Hardware%Monitor%Status%...............................................................................%11!
5! Switch%Auto-Reboot,%Crash%.............................................................................%15!
6! Troublesh ooting%for%Loop%...............................................................................%16!
7! Troubleshooting%for%VLAN%..............................................................................%25!
8! Troubleshooting%for%Multicast%........................................................................%37!
9! Troubleshooting%for%Layer%2%IGMP%Snooping%...................................................%44!
10! Troubleshooting%for%L3%IGMP%Routing%..........................................................%56!
11! Troubleshooting%for%Multicast%VLAN%Registration%........................................%64!
12! Troublesh ooting%for%IP%Source%Guard%...........................................................%76!
13! Troublesh ooting%for%DHCP%Relay%..................................................................%86!
14! Troublesh ooting%for%DHCP%Server%................................................................%97!
15! Troublesh ooting%for%ACL%............................................................................%105!
16! Troublesh ooting%for%Routing%......................................................................%116!
17! Troublesh ooting%for%CPU%high%....................................................................%128!
18! Troublesh ooting%for%PoE%............................................................................%129!
3/132
www.zyxel.com
1 How to Troubleshoot Switch Related Issues
This document describes the necessary process for troubleshooting
Zyxel Switch related issues.
STEP 1: Information Gathering
Start by gathering basic and general information. This is necessary for
the following reasons:
l Attempt to locally reproduce issue.
l Gain perspective over customer’s network architecture.
l Quickly identify devices.
You can verify which information is relevant for troubleshooting by
reviewing “Basic information”.
STEP 2: Identifying the Symptom
Analyze the problem that your customer is experiencing. Avoid using
subjective responses. Rely on objective responses.
Example of subjective responses:
l The <device> stopped working sometimes.
l <Device> crashes all the time.
l All devices cannot access the Internet.
Example of objective responses:
l <Device> undergoes unexpected reboot sometimes.
l Console CLI does not show any output.
l Bob’s laptop cannot access the Internet.
Once you can clearly identify the symptom and the affected devices,
refer to “Symptom of Troubleshooting” and locate the symptom that
best matches customer’s description.
4/132
www.zyxel.com
STEP 3: Following the Troubleshooting Guides
Each symptoms will have a list of corresponding Troubleshooting Steps
that you will need to look through.
Example:
If customer encounters symptom involving “PC cannot communicate
with other devices”, they will start the troubleshooting process by
reviewing the following order:
- Troubleshooting of VLAN
- Troubleshooting of Loop
- Troubleshooting of IP Source Guard
- Troubleshooting of Routing
- Troubleshooting of ACL
STEP 4: The Troubleshooting Process
Most of the Troubleshooting guide follows the common schema:
START: refers to where the troubleshooting process begins.
Initiate: refers to how the symptom is triggered.
5/132
www.zyxel.com
Verify: indicates whether the issue is resolved or not.
FINISH: is achieved when symptom related to this feature has either
been resolved, or never encountered in the first place. Reaching
this process will usually inform you to proceed to the next
troubleshooting guide/agenda.
Reconfigure: refers to the common possible misconfigurations that
may cause the observable symptoms.
OTHERS: this is achieved when symptom is caused by software
malfunction or inter-operability issues between other devices. You
will ultimately end-up in this section when all possible
reconfigurations fails to pass the Verify stage. The OTHERS section
will be occasionally updated as CSO continues to find new and
unique problems.
If you end-up in the OTHERS section but cannot proceed further,
then kindly consult with Zyxel’s CSO.
Example:
6/132
www.zyxel.com
7/132
www.zyxel.com
2 Symptom of Troubleshooting
Following are some common issue symptom report from customer, according to the
symptoms of these problems, you can follow the below step and it will help you
speed up to identify the cause of the problem.
1. Switch randomly crash.
Troubleshooting Step:
l Crash
2. Abnormal Status with PWR, SYS, ALM LED
Troubleshooting Step:
l HW Monitor
3. PC cannot communicate with other devices.
Troubleshooting Step:
l VLAN
l LoopGuard
l IP Source Guard
l Routing
l ACL
4. Client cannot get ip address from DHCP Server
Troubleshooting Step:
l VLAN
l LoopGuard
l IP Source Guard
l DHCP Server
l DHCP Relay
l ACL
8/132
www.zyxel.com
5. Administrator cannot manage the switches.
Troubleshooting Step:
l VLAN
l Management
l DHCP Relay
l ACL
6. CCTV cannot watch Channel, LAG, Delay, Mosaics or Freeze.
Troubleshooting Step:
l VLAN
l Multicast Troubleshooting.
l L2 IGMP Snooping
l L3 IGMP Routing
l MVR
7. IP phone or IP Camera cannot be power on by PoE Switch.
Troubleshooting Step:
l PoE Troubleshooting Guide.
9/132
www.zyxel.com
3 Basic Information
If switch happen some problem, following are some general information may
need to confirm first:
l Firmware Version
l Configuration
l Tech-Support Logs
l Network Topology
Check Firmware Version
1. WebGUI:
Figure 1 Basic Setting > System Info
2. CLI:
Figure 2 Enter CLI command “show system-information”.
10/132
www.zyxel.com
Configuration
1. WebGUI:
Figure 3 Management > Maintenance > Backup Configuration
Tech-Support Logs
1. CLI:
Figure 4 Enter CLI command “show tech-support”.
Topology
In order to speed up to understand the issue how to happen, the topology
information is important for troubleshooting.
11/132
www.zyxel.com
4 Hardware Monitor Status
Check ALM LED
Figure 1 ALM LED On
Temperature Error
1. CLI:
Figure 2 Enter CLI command “Show hardware-monitor C”.
Note:
If MAC/CPU/PHY temperature status is error, the hardware may have some
problem. Please send the device to RMA.
12/132
www.zyxel.com
FAN Error
1. CLI:
Figure 3 Enter CLI command “Show hardware-monitor C”.
Note:
If FAN status is error, you can try to replace the FAN model to recovery it, if the
problem cannot resolve, please send to the device to RMA.
Voltage Error
1. CLI:
Figure 4 Enter CLI command “Show hardware-monitor C”.
Note:
If Voltage status is error, the problem may relate power supply or power
source.
Suggestion:
l Using a UPS connect to the switch and monitor a while, if the problem
can resolve, the root cause may relate customer’s environment.
l If problem cannot resolve by connection UPS, the root cause may relate
power supply, please send the switch to RMA.
13/132
www.zyxel.com
Switch cannot bootup successfully?
1. Use console to connect the switch and check all baudrate which is able to
display information or not.
l Baudrate 38400, 19200, 9600, 57600, 115200
Note:
If all baudrate has no any response, please send the switch to RMA.
2. If switch has responses, please verify below steps:
3. Open the terminal software (Need tosupport XModem function. e.g:
Teraturn)
4. Reboot the switch and enter into debug mode.
Figure 5 Enter debug mode
5. Check the Firmware version.
Figure 6 Enter CLI command “atsh”.
14/132
www.zyxel.com
6. Download Rom File
Figure 7 Enter CLI command “attd”.
Figure 8 Save Rom file.
7. Report to HQ CSO
Provide the rom file, firmware version and crash logs to HQ.
15/132
www.zyxel.com
5 Switch Auto-Reboot, Crash
How to check switch is whether auto-reboot?
1. Login to the switch via Console/Telnet/SSH.
2. Enter CLI command “Show Logging”.
l Switch Crash
¡ system: System warm start
¡ system: System has reset without management command
l Reload Config
¡ system: System warm start
¡ system: System has reset due to a management command
l Boot Config
¡ system: System cold start
¡ system: System has reset due to a management command
l Reboot by un-plug power cable
¡ system: System cold start
¡ system: System has reset without management command
If user found switch Crash logs, please provide the following information to HQ CSO.
l Basic information (Page No.6)
l Switch Crash Frequency
l If possible, use console connect to switch and capture the crash log when
issue happen.
l What’s the device connect to the switch?
l Is there any server polling to the switch regularly?
l Before device crash occurs, have modified or changed on the switch?
l How many devices met this problem?
16/132
www.zyxel.com
6 Troubleshooting for Loop
Flowchart:
Figure 1 %
Identify loop symptom
When loop happened, it is possible to find the following scenario:
l The traffic becomes slower than before.
l The traffic is not stable. The client always gets lost.
l The LED of port is keep flashing fast.
To find out the slowest node in the topology. If it is under control, please start
trouble shooting form here; if it is not, please contact another vendor.
17/132
www.zyxel.com
Find out the issue place
1. Use “tracert” command to find out the place where the most possible loop is.
Figure 2
For example, in the above, form client tracert to Yahoo, you can notice that it
get slower from no.8 node. And then to verify the area under no.8 can be
controlled or not. If yes, do the ping test to verify where the issue is.
Figure 3 !
18/132
www.zyxel.com
Enable Loop Guard
1. WebGUI:
Figure 4 Advanced Application>Loop Guard
2. CLI:
Figure 5
3. Check Loop Guard status.
Figure 6 Enter CLI command “show loopguard”
19/132
www.zyxel.com
Check Err-Disable status
1. WebGUI:
l If switch didn’t detect loop, you can see the status of Loop Guard is
“Forwarding”.
Figure 1 Advanced Application > Errdisable > Errdisable Status
l If switch detect loop, the status of Loop Guard is “Err-disable”.
Figure 2 Advanced Application > Errdisable > Errdisable Status!
2. CLI:
Figure 3 Enter CLI command “show errdisable”
20/132
www.zyxel.com
3. Loopguard event also record in system logs.
Figure 4 Enter CLI command “show logging”
Confirm Loop
We suggest that to enable Loop guard one by one from the core switch to the end
switch in topology. So that we can find where is loop.
Remove Loop
Un-plug cable from Err-Disable port.
Recovery Loop Port
1. If the port detect loop, the port status will become to “Err-disable”.
WebGUI:
Figure 5 Advanced Application > Errdisable > Errdisable Status
CLI:
Figure 6 Enter CLI command “show interface Port-ID”
21/132
www.zyxel.com
2. To recovery the port, it has to be disabled and enabled.
WebGUI:
Figure 7 Basic Setting > Port Setup
CLI:
Figure 8
3. Repeat the above configuration twice. The first time disables the port active,
the second time enables it. And the port is recovery to forwarding.
Figure 9
Figure 10 Enter CLI command “show interface Port-ID”!
22/132
www.zyxel.com
Disable Port Test
1. To check the port counters first. To compare their number of the RX (Multicast)
packets. The largest one has the highest possibility of Loop.
Figure 11 Enter CLI command “show interface Port-ID”!
2. Disable ports one by one to relieve loop.
WebGUI:
Figure 12 Basic Setting > Port Setup
CLI:
Figure 13 !
23/132
www.zyxel.com
Is the loop symptom relieved?
Confirm loop *
If the loop symptom relieved when the port is disable, we can know the port has
loop.
Why the port has loop, but loop guard doesn’t active?
A: Zyxel loop guard feature is use the loop-guard packet to discover where the loop
is. It is a multicast packet. But some features (ex. Unknown packet drop) will drop the
loop-guard packet. If there are any clients (devices) which have those feature. The
loop-guard will not be active. So that we suggest that the loop guard should be
enabled in the end device.
Others
1. There is no loop we can find in the topology, please go to the next process of
trouble shooting.
How to setup Loop Guard auto-recovery
1. WebGUI
Figure 14 Advanced Application > Errdisable > Errdisable Recovery
2. CLI: (config)# errdisable recovery cause loopguard interval <seconds>
Figure 15
24/132
www.zyxel.com
3. Verifying the err-disable recovery!
Figure 16 Enter CLI command “show errdisable recovery”!
Note:
The default recovery time is 300s. If time’s up and loop has removed, the
feature will auto recovery the port.
4. Loop Guard Packet
Figure 17
l The MAC of sender
l The port number of the sender. It starts from 0x0000. That’s 0x0000 stands
for logic port 1, and 0x000f stands for logic port 16.
l This is the timestamp that the sender set when the preparing the packet.
The unit is in seconds. With this field insert, the probe is different each time.
The receiving can also have the information that the delay time and loop
lasting time. Of course, to easy debug, we can have a debug flag to
switch off this field.
l This is the model name of the sender. Like ES-3124. This is a string like host
name.
25/132
www.zyxel.com
7 Troubleshooting for VLAN
Illustration:
Flowchart:
26/132
www.zyxel.com
OTHERS:
Identify and verify the MAC address of the interface of the
device with issue.
Example using Windows OS, identifying MAC address of Local Area
Connection
Figure 1
27/132
www.zyxel.com
After verifying MAC address, go to step 2.
Access the uplink Zyxel switch. Does the MAC address of the
device with issue appear on the MAC address table of the
Zyxel switch?
WebGUI:
Figure 2 Management > MAC Table
28/132
www.zyxel.com
Using CLI:
Figure 3 Enter CLI command “show mac address-table all”
If MAC address of the device does appear, go to step 3.
If MAC address of the device does not appear, go to <OTHERS>
Is the MAC address of the device with issue being processed
on the correct VID?
WebGUI:
Figure 4 Management > MAC Table
CLI:
Figure 5 Enter CLI command “show mac address-table all”
If MAC address of the device is processed in the correct VID, go to step 4.
If MAC address of the device is not processed in the correct VID, go to step 5.
29/132
www.zyxel.com
Are there any more Zyxel switches between this switch and
destination?
If there are switches, access the next uplink switch and repeat step 2.
If there are no switches, proceed to next agenda.
Verify whether device with issue’s incoming packets are
tagged or not.
This usually means that if the MAC address of the device is not processed in the
configured PVID, then packets are most likely already tagged when reaching
this Zyxel switch or another feature has forced the packet to be process in a
different VID.
Most end devices usually sends untagged packets up the network. Devices
like IP phones, Access Points, and neighboring switches, on the other hand,
have the possibility of sending tagged packets.
After verifying whether packets are tagged or untagged, go to step 6.
Is the PVID configured correctly?
The PVID decides which VLAN an untagged packet will be processed in. You
can disregard PVID configurations if the downlink device has already tagged
the device with issue’s packets correctly.
WebGUI:
Figure 6 Advance Application>VLAN>VLAN Configuration>VLAN Port Setup
30/132
www.zyxel.com
CLI:
Figure 7 Enter CLI command “show interface config Port-ID”
!
If PVID configuration is correct, go to step 7.
If PVID configuration is not correct, reconfigure and return to step 3.
Example using CLI:
Figure 8
Are the uplink and downlink ports fixed?
Packets can only be sent out ports that are fixed within the processed VLAN.
Make sure that the port heading to the destination is “fixed”. You will also need
to fix the port going back to the device with issue as well to complete the
communication.
Loading...