Configuring avaya wireless lan controller 8180 with avaya 8120 access points to support avaya a175 desktop video devices using 802.1x authentication – issue 1.0 (24 pages)
Ethernet routing switch, filters and qos
configuration for ethernet routing switch (73 pages)
Summary of Contents for Avaya 3524gt
Page 1
Avaya Ethernet Routing Switch 3500 Series Troubleshooting NN47203-700 Issue 01.02 March 2013...
Page 2
Product provided by Avaya including the selection, arrangement and within them. Avaya does not guarantee that these links will work all the design of the content is owned either by Avaya or its licensors and is time and has no control over the availability of the linked pages.
Page 3
Marks of Avaya, its affiliates, or other third parties. Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the Documentation and Product(s)
Page 4
Troubleshooting March 2013 Comments? infodev@avaya.com...
SNMP trap enhancements........................22 SNMP Trap list web page in EDM......................22 Remote monitoring (RMON) (RFC1757) per port Statistics History Alarm and Events......22 Avaya knowledge and solution engine...................... 23 Chapter 6: General diagnostic tools................. ACLI command modes..........................25 Chapter 7: Initial troubleshooting..................
Page 6
Auto configuration is not applied....................... 56 Correct auto configuration........................ 56 Chapter 11: Troubleshooting authentication..............EAP client authentication.......................... 60 Restore RADIUS connection......................61 Enable EAP on the PC........................63 Apply the method..........................64 Enable EAP globally......................... 65 EAP multihost repeated re-authentication issue..................67 Match EAP-MAC-MAX to EAP users....................
Chapter 1: Purpose of this document This document describes common problems and error messages and the techniques to resolve them. Troubleshooting March 2013...
Page 8
Purpose of this document Troubleshooting March 2013 Comments? infodev@avaya.com...
Chapter 2: New in this release This is a new document for Avaya Ethernet Routing Switch 3500 Series Release 5.0. The Avaya ERS 3500 Series is new and supports the following hardware and software features: ERS 3500 hardware The following table lists and describes the supported hardware for ERS 3500 Series 5.0. Question marks (?) in the table signify power cord types;...
Page 10
21–24, plus two SFP rear ports. Rack Mount Kits AL3511001–E6 Spare Rack Mount Kit — this kit can be used as a replacement rack mount kit for ERS 3524GT, ERS 3524GT-PWR+, ERS 3526T or ERS 3526T-PWR + switches. AL3511002–E6 3510–Pair Rack Mount Kit — this kit is used to...
Page 11
• 802.1Q tagging • 802.1p traffic class support / remarking • Advanced QoS (traffic classification, filtering, mark/remarking, metering, shaping) • Avaya Automatic-QoS • Single 802.1d Spanning Tree Protocol (STP) on all ports • Spanning Tree port mode • Spanning Tree 802.1d compliance mode •...
Page 12
• 802.1X NEAP fail-open VLAN • 802.1X NEAP re-authentication timer • 802.1X NEAP and Guest VLAN on same port • RADIUS EAP / NEAP to different servers • RADIUS Server reachability • DA Filtering • Port Naming Troubleshooting March 2013 Comments? infodev@avaya.com...
Page 13
• CANA • SSHv2 • SSH enhancement to support RSA • Secure FTP (SFTP) • Auto Detection And Configuration (ADAC) with 802.1AB interaction • 802.1AB MED (Cisco IP Phones) • 802.1AB Location TLV • 802.1AB and ADAC interoperability • 802.1AB Integration features •...
Page 14
New in this release Troubleshooting March 2013 Comments? infodev@avaya.com...
Manager (EDM) • Guides you through some common problems to achieve a first tier solution to these situations • Advises you what information to compile prior to troubleshooting or calling Avaya for help This documents assumes that you: • Have basic knowledge of networks, ethernet bridging, and IP routing •...
Page 16
Introduction Troubleshooting March 2013 Comments? infodev@avaya.com...
There are things you can do to minimize the need for troubleshooting and to plan for doing it as effectively as possible: 1. Use the Avaya Ethernet Routing Switch 3500 Series — Documentation Roadmap , NN47203– 101 to familiarize yourself with the documentation set, so you know where to get information when you need it.
Page 18
This speeds the process of isolating network problems. Troubleshooting March 2013 Comments? infodev@avaya.com...
This section describes available troubleshooting tools and their applications. Port mirroring Avaya Ethernet Routing Switch 3500 Series switches have a port mirroring feature that helps you to monitor and analyze network traffic. The port mirroring feature supports both ingress (incoming traffic) and egress (outgoing traffic) port mirroring. When port mirroring is enabled, the ingress or egress packets of the mirrored (source) port are forwarded normally and a copy of the packets is sent from the mirrored port to the mirroring (destination) port.
Ethernet Routing Switch 3500 Series device running in a network accessible to the workstation. For more information about system logging, see Avaya Ethernet Routing Switch 3500 Series- Configuration — System Monitoring, NN47203–501.
The software exception log provides a method for capturing software faults in the SYSLOG application as critical customer messages. The CLI allows you to display and clear the last software exceptions generated in the system. For more information, see Avaya Ethernet Routing Switch 3500 Series-Configuration — System Monitoring, NN47203–501.
The switch displays memory utilization in terms of the lowest percentage of dynamic memory available since system startup. No configuration is required for this display-only feature. For more information, see Avaya Ethernet Routing Switch 3500 Series - Configuration — System Monitoring, NN47203–501.
• gathering cumulative statistics for Ethernet interfaces • tracking a history of statistics for Ethernet interfaces For more information on RMON per port Statistics, History, Alarms and Events, see Avaya Ethernet Routing Switch 3500 Series - Configuration — System Monitoring, NN47203–501.
Page 24
Troubleshooting fundamentals Troubleshooting March 2013 Comments? infodev@avaya.com...
Chapter 6: General diagnostic tools The Avaya Ethernet Routing Switch 3500 Series device has diagnostic features available through EDM and ACLI. You can use these diagnostic tools to help you troubleshoot operational and configuration issues. You can configure and display files, view and monitor port statistics, trace a route, run loopback and ping tests, test the switch fabric, and view the address resolution table.
Page 26
It is possible to move between command modes on a limited basis. This is explained in the Common Procedures section of this document. You can move between command modes on a limited basis. For more information about the ACLI command modes, see Avaya Ethernet Routing Switch 3500 Series — Fundamentals. NN47203–102. Troubleshooting March 2013 Comments? infodev@avaya.com...
As part of your initial troubleshooting, Avaya recommends that you check the Knowledge and Solution Engine on the Avaya Web site for known issues and solutions related to the problem you are experiencing. Gather information Before contacting Avaya Technical Support, you must gather information that can help the Technical Support personnel.
Page 28
• Connectivity information. When connectivity problems occur, get information on at least five working source and destination IP pairs and five IP pairs with connectivity issues. To obtain this information, use the following commands: - show tech - show running-config - show port-statistics <port> Troubleshooting March 2013 Comments? infodev@avaya.com...
Chapter 8: Emergency recovery trees An Emergency Recovery Tree (ERT) is designed to quickly guide you through some common failures and solutions, by providing a quick reference for troubleshooting without procedural detail. This chapter provides emergency recovery trees (ERTs) for the following ERS 3500 failure symptoms: •...
Page 30
For assistance with tasks in the Corruption of Flash Emergency Recovery Tree, see • Locating the switch console ports on page 36 • Using the Diagnostics Menu on page 37 Corruption of flash recovery tree Figure 2: Corruption of flash recovery tree Troubleshooting March 2013 Comments? infodev@avaya.com...
Incorrect Port VLAN Identifier (PVID) Incorrect Port VLAN Identifier (PVID) Port VLAN identifier (PVID) is a classification mechanism that associates a port with a specific VLAN. For example, a port with a PVID of 3 (PVID=3) assigns all untagged frames received on this port to VLAN 3.
Uplink ports not tagged to VLAN When an ERS 3500 series switch is connected to an ERS 8600 series switch or another Avaya Ethernet series switch, and devices in a VLAN on the ERS 8600 series switch are not able to communicate with devices at the ERS 3500 series switch in the same VLAN, then it is likely that the uplink ports are not tagged to the VLAN on the ERS 3500 series switch.
Page 33
Uplink ports not tagged to VLAN • Untagged frame: a frame that carries no VLAN tagging information in the frame header. • Tagged frame: a frame that contains the 32–bit 802.1q field (VLAN tag) and identifies the frame as belonging to a specific VLAN. •...
Page 34
Emergency recovery trees Uplink ports not tagged to VLAN recovery tree Figure 4: Uplink ports not tagged to VLAN recovery tree Troubleshooting March 2013 Comments? infodev@avaya.com...
Agent Recovery Agent Recovery In some cases during a software upgrade, the switch turns off before the software agent has been completely written to flash. This may be due to a power outage. In this case, the switch will report an error such as Agent code verification fails!! Units exhibiting the symptoms should NOT be returned through the Return Merchandise Authorization (RMA).
Emergency recovery trees Agent Recovery Emergency Recovery Tree Figure 5: Agent Recovery Emergency Recovery Tree Locating the switch console ports The following figure identifies the ports on the ERS 3500 switches: Troubleshooting March 2013 Comments? infodev@avaya.com...
Using the Diagnostics Menu Figure 6: ERS 3500 Series switch console ports Using the Diagnostics Menu On power up, the Power-On Self Tests (POST) are executed and the following is displayed: Test 111 DDRAM Walking 1/0s -PASSED Test 112 DDRAM Byte/Word/Long -PASSED Test 113 DDRAM Power-of-2...
Page 38
Error Log: Bad Port Mask = 00000000 Loop Test Error Description: <errors> The flash config/log area is initialized. This area is used by the Agent code. The POST tests are executed again. Resets the switch Troubleshooting March 2013 Comments? infodev@avaya.com...
Example Checking PVID of ports Example Checking PVID of ports The following figure shows output from the show vlan interface info command. Example VLAN Interface VLAN IDs The following figure provides example output from the show vlan interface vids command. Troubleshooting March 2013...
Emergency recovery trees Tagging options Use the commands and outputs in this example to assist in adding missing VLANs to affected uplink ports. Troubleshooting March 2013 Comments? infodev@avaya.com...
Chapter 9: Troubleshooting hardware Use this section for hardware troubleshooting specific to the Ethernet Routing Switch 3500 Series. Work flow Troubleshooting hardware The following work flow assists you to determine the solution for some common hardware problems: Troubleshooting March 2013...
Check power Check power Confirm power is being delivered to the device. Task flow Check power The following task flow assists you to confirm that the Ethernet Routing Switch 3500 Series device is powered correctly. Figure 8: Check power Correcting voltage source Confirm the power cord is connected to the appropriate voltage source.
Page 44
Know the current version of your software before reloading it. Loading incorrect software versions may cause further complications. 1. Use the show sys-info command to view the software version. 2. See Avaya Ethernet Routing Switch 3500 Series Release 5.0 Release Notes (NN47203-400) for information about software installation. Returning unit for repair Return unit to Avaya for repair.
Check port Check port Confirm the port and ethernet cable connecting the port are in proper configuration. Task flow Check port The following task flow assists you to check the port and ethernet cables: Figure 9: Check port Viewing port information Review the port information to ensure that the port is enabled.
Confirm the fiber port is working and the cable connecting the port is the proper type. Task flow Check fiber port The following task flow assists you to confirm that the fiber port cable is functioning and is of the proper type. Troubleshooting March 2013 Comments? infodev@avaya.com...
Page 47
Check fiber port Figure 10: Check fiber port Viewing fiber port information Review the port information to ensure the port is enabled. 1. Use the show interfaces <port> command to display the port information. 2. Note the port status. Enabling the port Ensure the port on the Ethernet Routing Switch 3500 series device is enabled.
Caution: Due to physical handling of the device and your physical proximity to electrical equipment, review and adhere to all safety instructions and literature included with device and in Avaya Ethernet Routing Switch 3500 Series – Regulatory Information (NN47203-100). Verifying software version is correct on new device Verify that the new device to be inserted has the identical software version.
Page 49
2. Allow time for the configuration of the failed unit to be replicated on the new unit. 3. Confirm that the new unit has reset itself. This confirms that replication has completed. Returning unit for repair Return unit to Avaya for repair. Contact Avaya for return instructions and RMA information. Troubleshooting March 2013...
Page 50
Troubleshooting hardware Troubleshooting March 2013 Comments? infodev@avaya.com...
Chapter 10: Troubleshooting ADAC Automatic Detection and Automatic Configuration (ADAC) can encounter detection and configuration errors that can be easily corrected. ADAC clarifications ADAC VLAN settings are dynamic and are not saved to nonvolatile memory. When ADAC is enabled, all VLAN settings that you manually made on ADAC uplink or telephony ports are dynamic and are not saved to non-volatile memory.
The following work flow assists you to resolve detection issues. Figure 12: IP phone not detected Correct filtering Configure the VLAN filtering to allow ADAC. Task flow Correct filtering The following task flow assists you to correct the filtering. Troubleshooting March 2013 Comments? infodev@avaya.com...
IP phone is not detected Figure 13: Correct filtering Confirming port belongs to at least one VLAN View information to ensure that the port belongs to a VLAN. 1. Use the show vlan interface info <port> command to view the details. 2.
Page 54
MAC addresses already learned on the respective port are aged out. 1. Use the no adac enable <port> command to disable ADAC. 2. Use the adac enable <port>command to enable ADAC. Troubleshooting March 2013 Comments? infodev@avaya.com...
IP phone is not detected Reduce LLDP devices Reduce the number of LLDP devices. More than 16 devices may cause detection issues. Task flow Reduce LLDP devices The following task flow assists you to reduce the number of LLDP devices on the system. Figure 15: Reduce LLDP devices Viewing LLDP information Display the LLDP devices that are connected to a port.
Figure 16: Auto configuration is not applied Correct auto configuration Tagged frames mode may be causing a problem. In tagged frames mode, everything is configured correctly, but auto configuration is not applied on a telephony port. Troubleshooting March 2013 Comments? infodev@avaya.com...
Page 57
Auto configuration is not applied Task flow Correct auto configuration The following task flow assists you to correct auto configuration. Figure 17: Correct auto configuration Viewing ADAC global status Display the global status of ADAC. 1. Use the show adac command to display the ADAC information. 2.
Page 58
Configuring another call server and uplink port can assist the auto configuration. 1. Use the adac uplink-port <port> command to assign the uplink port. 2. Use the adac call-server-port <port> command to assign the call server port. Troubleshooting March 2013 Comments? infodev@avaya.com...
Chapter 11: Troubleshooting authentication Authentication issues can interfere with device operation and function. The following work flow shows common authentication problems. Work flow Troubleshooting authentication The following work flow shows typical authentication problems. These work flows are not dependant upon each other. Figure 18: Troubleshooting authentication Troubleshooting March 2013...
Ethernet Routing Switch 3500 Series devices. Work flow EAP client is not authenticating The following work flow assists you to determine the cause and solution of an EAP client that does not authenticate as expected. Troubleshooting March 2013 Comments? infodev@avaya.com...
EAP client authentication Figure 19: EAP client is not authenticating Restore RADIUS connection Ensure that the RADIUS server has connectivity to the device. Troubleshooting March 2013...
Page 62
This section provides troubleshooting guidelines for obtaining the RADIUS server settings. 1. Obtain network information for the RADIUS server from the Planning and Engineering documentation. 2. Follow vendor documentation to set the RADIUS authentication method MD5 Troubleshooting March 2013 Comments? infodev@avaya.com...
EAP client authentication Viewing RADIUS information Review the RADIUS server settings in the device. The default server port is 1812/UDP. Older servers may use 1645/UDP, and other older servers do not support UDP at all. 1. Use the show radius-server command to view the RADIUS server settings. 2.
3. Ensure the card is configured to support EAP. Apply the method Ensure you apply the correct EAP method. Task flow Apply the method The following task flow assists you to apply the correct EAP method. Troubleshooting March 2013 Comments? infodev@avaya.com...
EAP client authentication Figure 22: Apply the method Configuring the RADIUS server Configure the RADIUS server to authenticate using MD5. 1. Obtain network information for the RADIUS Server from Planning and Engineering. 2. Save the information for later reference. Enable EAP globally Enable EAP globally on the 3500 Series device.
Page 66
2. Ensure that there are no errors after command execution. Viewing EAPOL settings Review the EAPOL settings to ensure EAP is enabled. 1. Use the show eapol port <port#> command to display the information. 2. Observe the output. Troubleshooting March 2013 Comments? infodev@avaya.com...
EAP multihost repeated re-authentication issue Setting EAPOL port administrative status to auto Set the EAPOL port administrative status to auto. 1. Use the eapol status auto command to change the port status to auto. 2. Ensure that there are no errors after the command execution. EAP multihost repeated re-authentication issue Eliminate the multiple authentication of users.
Use the show eapol multihost status command to display the authenticated users. Task flow Match EAP-MAC-MAX to EAP users The following task flow assists you to match the EAP-MAC-MAX to the number of EAP users. Figure 25: Match EAP-MAC-MAX to EAP users Troubleshooting March 2013 Comments? infodev@avaya.com...
EAP multihost repeated re-authentication issue Lowering EAP max MAC Lower the eap-mac-max value to match the users. 1. Use the eapol multihost eap-mac-max command to set the mac-max value. 2. Ensure that there are no errors after execution. Set EAPOL request packet Change the request packet generation to unicast.
Ensure that the RADIUS VLAN is applied correctly to support EAP. Work flow EAP RADIUS VLAN is not being applied The following work flow assists you to determine the cause and solution of the RADIUS VLAN not being applied. Troubleshooting March 2013 Comments? infodev@avaya.com...
EAP RADIUS VLAN is not being applied Figure 27: EAP RADIUS VLAN is not being applied Configure VLAN at RADIUS Correct any discrepancies in VLAN information at the RADIUS server. Task flow Configure VLAN at RADIUS The following task flow assists you to ensure the VLAN is configured at the RADIUS server. Troubleshooting March 2013...
Viewing RADIUS information Obtain the radius information to identify its settings. Use vendor documentation to obtain settings display. Configuring RADIUS Configure the RADIUS server with the correct VLAN information. Use vendor documentation to make the required changes. Troubleshooting March 2013 Comments? infodev@avaya.com...
EAP RADIUS VLAN is not being applied There are three attributes that the RADIUS server sends back to the NAS (switch) for RADIUSassigned VLANs. These attributes are the same for all RADIUS vendors: • Tunnel-Medium-Type – 802 • Tunnel-Pvt-Group-ID – <VLAN ID> •...
Page 74
Set the VLAN config control to flexible to avoid complications with strict. 1. Use the vlan config control flexible command to set the VLAN config control to flexible. 2. Ensure that there are no errors after execution. Troubleshooting March 2013 Comments? infodev@avaya.com...
Configured MAC is not authenticating Showing spanning tree View the VLANs added to the desired STG. If the RADIUS assigned VLAN and the original VLAN are in the same STG, the EAP enabled port is moved to RADIUS assigned VLAN after EAP authentication succeeds. 1.
Configure the switch to ensure the correct settings are applied to ensure the MAC is authenticating. Task flow Configure the switch The following task flow assists you to ensure the MAC is authenticating on the ERS 3500 Series device. Troubleshooting March 2013 Comments? infodev@avaya.com...
Page 77
Configured MAC is not authenticating Figure 31: Configure the switch Showing EAPOL port Display the EAPOL port information 1. Use the show eapol port <port> command to display the port information. 2. Ensure that EAP is enabled globally, and that the port EAP status is set to auto. Setting global EAP enabled and port at eap-auto Make corrections to ensure that EAP is enabled globally, and that the port EAP status is set to auto.
Page 78
Showing EAPOL multihost non-eap-mac interface Display the EAPOL multihost interface information. 1. Enter the show eapol multihost non-eap-mac interface <port> command to display the information. 2. Note that the MAC address is in the list. Troubleshooting March 2013 Comments? infodev@avaya.com...
Non-EAP RADIUS MAC not authenticating Ensuring MAC in the list Add the MAC address to the list if it was omitted. 1. Use the show eapol multihost non-eap-mac status command to view MAC addresses. 2. Use the eapol multihost non-eap-mac <H.H.H> <port> command to add a MAC address to the list.
Figure 33: Configure switch Displaying EAPOL port Review the EAPOL port information. 1. Enter the show eapol port <port#> command to display the information. 2. Ensure that global EAP is enabled and port is eap-auto. Troubleshooting March 2013 Comments? infodev@avaya.com...
Page 81
Non-EAP RADIUS MAC not authenticating Setting global EAP enabled and port at eap-auto Make corrections to ensure that EAP is enabled globally, and that the port EAP status is set to auto. 1. Use the eapol enable command to enable EAP globally. 2.
The RADIUS server requires that the MAC address and password for the 3500 Series device be correct. If it is incorrect, the 3500 Series device may not authenticate. See the vendor documentation for the RADIUS server for details. Troubleshooting March 2013 Comments? infodev@avaya.com...
Non-EAP MHSA MAC is not authenticating Non-EAP MHSA MAC is not authenticating Ensure that the switch is configured correctly. Work flow Non-EAP MHSA MAC is not authenticating The following work flow assists you to determine the solution for an MHSA MAC that is not authenticating.
Page 85
Non-EAP MHSA MAC is not authenticating Showing EAPOL port Review the EAPOL port information. 1. Enter the show eapol port <port#> command to display the information. 2. Ensure that global EAP is enabled and that the port status is eap-auto. Showing EAPOL multihost Review the EAPOL multihost information.
Figure 37: EAP — non-EAP unexpected port shutdown Configure switch Configure ports to allow more unauthorized clients. Task flow Configure switch The following task flow assists you to allow an increased number of unauthorized clients on the ports. Troubleshooting March 2013 Comments? infodev@avaya.com...
Page 87
EAP–non-EAP unexpected port shutdown Figure 38: Configure switch Showing Logs Display log information to provide additional information. 1. Use the show logging command to display the log. 2. Observe the log output and note any anomalies. Showing EAP–non-EAP clients on port Display EAP–non-EAP client information on the port to provide additional information.
Page 88
1. Use the eap-force-unauthorised command to set the administrative state of the port to forced unauthorized. 2. Use the eapol status autocommand to change to eap-auto. 3. In the Interface Configuration Mode, use the shut/no shut commands. Troubleshooting March 2013 Comments? infodev@avaya.com...