ZyXEL Communications ES 3500 Series Troubleshooting Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Switch
  5. ES3500 Series
  6. Troubleshooting manual
ZyXEL Communications ES 3500 Series Troubleshooting Manual

ZyXEL Communications ES 3500 Series Troubleshooting Manual

Hide thumbs Also See for ES 3500 Series:
Table of Contents

Advertisement

Quick Links

See also: User Manual
Switch Series
ES 3500 Series
GS 1920 Series / 2210 Series / 3700 Series
XGS 2210 Series / 3700 Series / 4500 Series
XS 1920-12 / 3700-24/ 3900-48
Firmware Version 4.00~4.30
Edition 1, 9/2016

Troubleshooting Guide

Default Login Details
LAN Port IP Address
User Name
Password
https://192.168.1.1
admin
1234
www.zyxel.com
1/132

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications ES 3500 Series

Summary of Contents for ZyXEL Communications ES 3500 Series

  • Page 1: Troubleshooting Guide

    Switch Series ES 3500 Series GS 1920 Series / 2210 Series / 3700 Series XGS 2210 Series / 3700 Series / 4500 Series XS 1920-12 / 3700-24/ 3900-48 Firmware Version 4.00~4.30 Edition 1, 9/2016 Troubleshooting Guide Default Login Details LAN Port IP Address https://192.168.1.1...

  • Page 2: Table Of Contents

    www.zyxel.com 1 How to Troubleshoot Switch Related Issues ............3 2 Symptom of Troubleshooting ................7 3 Basic Information ..................... 9 4 Hardware Monitor Status ................11 5 Switch Auto-Reboot, Crash ................15 6 Troubleshooting for Loop ................16 7 Troubleshooting for VLAN ................25 8 Troubleshooting for Multicast ................ 37 9 Troubleshooting for Layer 2 IGMP Snooping ........... 44 Troubleshooting for L3 IGMP Routing ............56 Troubleshooting for Multicast VLAN Registration ........64 Troubleshooting for IP Source Guard ............76 Troubleshooting for DHCP Relay ..............86 Troubleshooting for DHCP Server ..............97 Troubleshooting for ACL ................105 Troubleshooting for Routing ..............116 Troubleshooting for CPU high .

  • Page 3: How To Troubleshoot Switch Related Issues

    www.zyxel.com 1 How to Troubleshoot Switch Related Issues This document describes the necessary process for troubleshooting Zyxel Switch related issues. STEP 1: Information Gathering Start by gathering basic and general information. This is necessary for the following reasons: Attempt to locally reproduce issue. Gain perspective over customer’s network architecture.
  • Page 4 www.zyxel.com STEP 3: Following the Troubleshooting Guides Each symptoms will have a list of corresponding Troubleshooting Steps that you will need to look through. Example: If customer encounters symptom involving “PC cannot communicate with other devices”, they will start the troubleshooting process by reviewing the following order: Troubleshooting of VLAN Troubleshooting of Loop...
  • Page 5 www.zyxel.com Verify: indicates whether the issue is resolved or not. FINISH: is achieved when symptom related to this feature has either been resolved, or never encountered in the first place. Reaching this process will usually inform you to proceed to the next troubleshooting guide/agenda.
  • Page 6 www.zyxel.com 6/132...

  • Page 7: Symptom Of Troubleshooting

    www.zyxel.com 2 Symptom of Troubleshooting Following are some common issue symptom report from customer, according to the symptoms of these problems, you can follow the below step and it will help you speed up to identify the cause of the problem. 1.
  • Page 8 www.zyxel.com 5. Administrator cannot manage the switches. Troubleshooting Step: VLAN Management DHCP Relay 6. CCTV cannot watch Channel, LAG, Delay, Mosaics or Freeze. Troubleshooting Step: VLAN Multicast Troubleshooting. L2 IGMP Snooping L3 IGMP Routing 7. IP phone or IP Camera cannot be power on by PoE Switch. Troubleshooting Step: PoE Troubleshooting Guide.

  • Page 9: Basic Information

    www.zyxel.com 3 Basic Information If switch happen some problem, following are some general information may need to confirm first: Firmware Version Configuration Tech-Support Logs Network Topology Check Firmware Version 1. WebGUI: Figure 1 Basic Setting > System Info 2. CLI: Figure 2 Enter CLI command “show system-information”.
  • Page 10 www.zyxel.com Configuration 1. WebGUI: Figure 3 Management > Maintenance > Backup Configuration Tech-Support Logs 1. CLI: Figure 4 Enter CLI command “show tech-support”. Topology In order to speed up to understand the issue how to happen, the topology information is important for troubleshooting. 10/132...

  • Page 11: Hardware Monitor Status

    www.zyxel.com 4 Hardware Monitor Status Check ALM LED Figure 1 ALM LED On Temperature Error 1. CLI: Figure 2 Enter CLI command “Show hardware-monitor C”. Note: If MAC/CPU/PHY temperature status is error, the hardware may have some problem. Please send the device to RMA. 11/132...
  • Page 12 www.zyxel.com FAN Error 1. CLI: Figure 3 Enter CLI command “Show hardware-monitor C”. Note: If FAN status is error, you can try to replace the FAN model to recovery it, if the problem cannot resolve, please send to the device to RMA. Voltage Error 1.
  • Page 13 www.zyxel.com Switch cannot bootup successfully? 1. Use console to connect the switch and check all baudrate which is able to display information or not. Baudrate 38400, 19200, 9600, 57600, 115200 Note: If all baudrate has no any response, please send the switch to RMA. 2.
  • Page 14 www.zyxel.com 6. Download Rom File Figure 7 Enter CLI command “attd”. Figure 8 Save Rom file. 7. Report to HQ CSO Provide the rom file, firmware version and crash logs to HQ. 14/132...

  • Page 15: Switch Auto-Reboot, Crash

    www.zyxel.com 5 Switch Auto-Reboot, Crash How to check switch is whether auto-reboot? 1. Login to the switch via Console/Telnet/SSH. 2. Enter CLI command “Show Logging”. Switch Crash system: System warm start ¡ system: System has reset without management command ¡ Reload Config system: System warm start ¡...

  • Page 16: Troubleshooting For Loop

    www.zyxel.com 6 Troubleshooting for Loop Flowchart: Figure 1 Identify loop symptom When loop happened, it is possible to find the following scenario: The traffic becomes slower than before. The traffic is not stable. The client always gets lost. The LED of port is keep flashing fast. To find out the slowest node in the topology.
  • Page 17 www.zyxel.com Find out the issue place 1. Use “tracert” command to find out the place where the most possible loop is. Figure 2 For example, in the above, form client tracert to Yahoo, you can notice that it get slower from no.8 node. And then to verify the area under no.8 can be controlled or not.
  • Page 18 www.zyxel.com Enable Loop Guard 1. WebGUI: Figure 4 Advanced Application>Loop Guard 2. CLI: Figure 5 3. Check Loop Guard status. Figure 6 Enter CLI command “show loopguard” 18/132...
  • Page 19 www.zyxel.com Check Err-Disable status 1. WebGUI: If switch didn’t detect loop, you can see the status of Loop Guard is “Forwarding”. Figure 1 Advanced Application > Errdisable > Errdisable Status If switch detect loop, the status of Loop Guard is “Err-disable”. Figure 2 Advanced Application >...
  • Page 20 www.zyxel.com 3. Loopguard event also record in system logs. Figure 4 Enter CLI command “show logging” Confirm Loop We suggest that to enable Loop guard one by one from the core switch to the end switch in topology. So that we can find where is loop. Remove Loop Un-plug cable from Err-Disable port.
  • Page 21 www.zyxel.com 2. To recovery the port, it has to be disabled and enabled. WebGUI: Figure 7 Basic Setting > Port Setup CLI: Figure 8 3. Repeat the above configuration twice. The first time disables the port active, the second time enables it. And the port is recovery to forwarding. Figure 9 Figure 10 Enter CLI command “show interface Port-ID”...
  • Page 22 www.zyxel.com Disable Port Test 1. To check the port counters first. To compare their number of the RX (Multicast) packets. The largest one has the highest possibility of Loop. Figure 11 Enter CLI command “show interface Port-ID” 2. Disable ports one by one to relieve loop. WebGUI: Figure 12 Basic Setting >...
  • Page 23 www.zyxel.com Is the loop symptom relieved? Confirm loop * If the loop symptom relieved when the port is disable, we can know the port has loop. Why the port has loop, but loop guard doesn’t active? A: Zyxel loop guard feature is use the loop-guard packet to discover where the loop is.
  • Page 24 www.zyxel.com 3. Verifying the err-disable recovery Figure 16 Enter CLI command “show errdisable recovery” Note: The default recovery time is 300s. If time’s up and loop has removed, the feature will auto recovery the port. 4. Loop Guard Packet Figure 17 The MAC of sender The port number of the sender.

  • Page 25: Troubleshooting For Vlan

    www.zyxel.com 7 Troubleshooting for VLAN Illustration: Flowchart: 25/132...
  • Page 26 www.zyxel.com OTHERS: Identify and verify the MAC address of the interface of the device with issue. Example using Windows OS, identifying MAC address of Local Area Connection Figure 1 26/132...
  • Page 27 www.zyxel.com After verifying MAC address, go to step 2. Access the uplink Zyxel switch. Does the MAC address of the device with issue appear on the MAC address table of the Zyxel switch? WebGUI: Figure 2 Management > MAC Table 27/132...
  • Page 28 www.zyxel.com Using CLI: Figure 3 Enter CLI command “show mac address-table all” If MAC address of the device does appear, go to step If MAC address of the device does not appear, go to <OTHERS> Is the MAC address of the device with issue being processed on the correct VID? WebGUI: Figure 4...
  • Page 29 www.zyxel.com Are there any more Zyxel switches between this switch and destination? If there are switches, access the next uplink switch and repeat step 2. If there are no switches, proceed to next agenda. Verify whether device with issue’s incoming packets are tagged or not.
  • Page 30 www.zyxel.com CLI: Figure 7 Enter CLI command “show interface config Port-ID” If PVID configuration is correct, go to step 7. If PVID configuration is not correct, reconfigure and return to step 3. Example using CLI: Figure 8 Are the uplink and downlink ports fixed? Packets can only be sent out ports that are fixed within the processed VLAN.
  • Page 31 www.zyxel.com Using Web GUI: Figure 9 Advance Application > VLAN > VLAN Configuration > Static VLAN Using CLI: Figure 10 If a port on VLAN configuration is correct, go to step 8. If ports on VLAN configuration are not correct, reconfigure and return to step Example using CLI: Figure 11 31/132...
  • Page 32 www.zyxel.com Is the egress rule configured correctly? The egress rule indicates whether the packet going out the port should be “tagged” or “untagged”. A port should generally be sending out untagged packets if the port is directly connected to an end station (PC, laptops, printers, etc.).
  • Page 33 www.zyxel.com Example using Web GUI: Figure 14 Advance Application > VLAN > Static VLAN *Check “Tx Tagging” if the port needs to send out tagged packets. Example using CLI: Figure 15 *Check “Tx Tagging” if the port needs to send out tagged packets. OTHERS: 1.
  • Page 34 www.zyxel.com If the device with issue is using an invalid MAC address, issue is not caused by the ZXEL switch. 3. Does traffic between device with issue and destination hit any Policy Rule classifiers? If a policy applies to this traffic, move to Policy Rule Troubleshooting. 4.
  • Page 35 www.zyxel.com *This example ensures that IP address 192.168.1.32~192.168.1.63 is processed in VLAN 10. Using CLI: Figure 19 Enter CLI command “show subnet-vlan” If traffic should hit Protocol Based VLAN criteria, Verify that device with issue’s IP address hits the correct protocol. Verify that device with issue is connected under the correct port.
  • Page 36 www.zyxel.com If traffic should hit Voice VLAN criteria, Verify that Voice VLAN is enabled. Verify that traffic is sent to the destination’s VLAN. Using Web GUI: Figure 22 Advance Application > VLAN > VLAN Configuration > Voice VLAN Setup Using CLI: Figure 23 Enter CLI command “show voice-vlan”...

  • Page 37: Troubleshooting For Multicast

    www.zyxel.com Using CLI: Figure 25 After verifying and reconfiguring the special VLAN criteria, go back to step 3. 8 Troubleshooting for Multicast Flowchart: 37/132...
  • Page 38 www.zyxel.com OTHERS: 38/132...
  • Page 39 www.zyxel.com Can the multicast client with issue receive “any” video or audio? There is a difference between clients receiving no stream and clients receiving poor stream. Figure 1 Good Stream 39/132...
  • Page 40 www.zyxel.com Figure 2 Poor stream (mosaic and blur) When a multicast client receives no stream, two things may occur: Screen remains dark and no video nor audio. Image remains frozen right before joining/leaving a different multicast stream If the multicast client receives stream but with poor quality, go to step 2. If the multicast client does not receive any stream from any multicast address, go to step 4.
  • Page 41 www.zyxel.com Figure 4 Advance Application > Multicast > IPv4 Multicast > IGMP Snooping Using CLI: Figure 5 Layer 3 IGMP Routing Figure 6 Layer 2 IGMP Snooping If IGMP “unknown multicast frame: drop” is not enabled on the switches between server clients, reconfigure the switches and repeat step 1.
  • Page 42 www.zyxel.com Identify the multicast clients, multicast servers, and multicast stream with issue. There are three main factors to consider when dealing with multicast: a. Which multicast clients are affected? b. Where is the multicast server located? Server should be directly connected to the IGMP querier.
  • Page 43 www.zyxel.com Figure 8 Switch B and Switch D only. *IGMP Querier Mode: Auto allows non-queriers to forward join/leave request towards direction of the querier. Once you have determined the path of the IGMP join/leave requests, go to step 6. Can the querier or Zyxel switch directly connected to the multicast server perform Layer 3 IGMP Routing? Layer 3 IGMP Routing and Layer 2 IGMP Snooping have very different configurations available.

  • Page 44: Troubleshooting For Layer 2 Igmp Snooping

    www.zyxel.com 9 Troubleshooting for Layer 2 IGMP Snooping Flowchart: Access the switch using Layer 2 IGMP Snooping closest to the multicast server. Is the switch the active querier? By default, querier is disabled on the Zyxel switch using IGMP Snooping. There are two things that needs to be verified in check whether or not the switch is the active querier.
  • Page 45 www.zyxel.com 1. IGMP querier mode is globally enabled. Using Web GUI: Figure 9 Advance Application > Multicast > IPv4 Multicast > IGMP Snooping 2. The CLI shows a “No last querier is found”. Using CLI: Figure 10 Enter CLI command “show igmp-snooping querier” *The “No last querier is found”...
  • Page 46 www.zyxel.com Can the Zyxel switch receive the multicast stream? You can verify whether the switch is receiving multicast frames by looking at the port counters. Locate the port of the switch in the direction of the multicast server. Afterwards, check the port counters for received multicast packets. Check the port counters again after a few seconds.
  • Page 47 www.zyxel.com Figure 12 Using CLI: Figure 13 Enter CLI command “show interface Port-ID” 47/132...
  • Page 48 www.zyxel.com Figure 14 *This shows the difference in port counters, from left to right, in the span of a few seconds. If the switch can receive the multicast stream, go to step 4. If the switch cannot receive the multicast stream, go to<OTHERS>. Perform an IGMP Join/Leave from the multicast client.
  • Page 49 www.zyxel.com Access the multicast client with issue (usually the set-top box of an IPTV), and start changing IPTV from one channel to the channel with the multicast issue (if any). Every time a channel changes, the set-top box sends an IGMP Join for the new channel as well an IGMP Leave for the old channel.
  • Page 50 www.zyxel.com Can the multicast client receive the multicast stream? If both multicast stream and IGMP join/leave reaches this switch, then the multicast client with issue should most likely be able to watch the channel through the IPTV. If the multicast client can now receive the multicast stream, repeat the Multicast Troubleshooting section.
  • Page 51 www.zyxel.com Using CLI: Figure 18 In this example, the network in VLAN 1 is 10.251.30.0/24. Configuring the IP address to 10.251.30.1 will ensure that this device will be the active querier in VLAN 1. After reconfiguring the IP address of the IGMP querier’s interface, repeat step 2. Is the IGMP Snooping VLAN fixed only on specific VLANs? By default, IGMP join/leave are processed in all VLAN.
  • Page 52 www.zyxel.com Using CLI: Figure 20 Enter CLI command “show igmp-snooping vlan” If the switch is either using “Auto” or “Fixed” with the configured VLAN, proceed to step 9. If the switch has “Fixed” configured but did not configure the VLAN of multicast clients, reconfigure and repeat step 4.
  • Page 53 www.zyxel.com Using Web GUI: Figure 22 Advance Application > Multicast > IPv4 Multicast > IGMP Snooping Figure 23 Advance Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile 53/132...
  • Page 54 www.zyxel.com Using CLI: Figure 24 Figure 25 If the port is configured with a correct IGMP profile, proceed to step 10. If the port is not configured with a correct IGMP profile, reconfigured and repeat step 4. Are there any other switch between this switch and the multicast client with issue? If there is a switch between this switch and the multicast client with issue, proceed to step 11.
  • Page 55 www.zyxel.com Does the other switch require MVR? Multicast VLAN Registration (MVR) is a solution that allows multicast streaming between multicast clients and servers not sharing the same VLAN for a pure layer 2 type application. If the other switch does not require MVR, access the next switch and repeat step 3. If the other switch requires MVR, access the MVR switch and go to step 8 of the MVR section.

  • Page 56: Troubleshooting For L3 Igmp Routing

    www.zyxel.com 10 Troubleshooting for L3 IGMP Routing Flowchart: Access the switch using Layer 3 IGMP Routing. Is the switch the active querier? By default, querier is enabled on the Zyxel switch using IGMP Routing. However, this switch can disable its querier role if another switch in the network also has IGMP routing enabled.
  • Page 57 www.zyxel.com Using CLI: Figure 26 *The switch will display “Querier” if this device is the active querier. If the switch is the active querier, go to step 3. If the switch is not the active querier, go to step 7. Can the IGMP Querier receive the multicast stream? You can confirm whether or not the IGMP Routing querier is receiving the multicast stream only by CLI.
  • Page 58 www.zyxel.com Perform an IGMP Join/Leave from the multicast client. Access the multicast client with issue (usually the set-top box of an IPTV), and start changing IPTV from one channel to the channel with the multicast issue (if any). Every time a channel changes, the set-top box sends an IGMP Join for the new channel as well an IGMP Leave for the old channel.
  • Page 59 www.zyxel.com Did the Zyxel switch receive the IGMP Join/Leave from the multicast client? Access CLI to verify whether or not the Zyxel switch receives the IGMP Join/Leave. Figure 29 *The multicast group address will appear in the table if the switch receives the IGMP Join.
  • Page 60 www.zyxel.com Figure 30 *Figure shows that the switch has known multicast traffic 225.225.225.225. If the L3 IGMP Router now has the known multicast traffic for the multicast address with issue, repeat the Multicast Troubleshooting section. 60/132...
  • Page 61 www.zyxel.com Ensure that the Zyxel switch using Layer 3 IGMP Routing is the active querier. When two devices have querier mode enabled, the device with the lower IP address will assume the role of the active querier. In this case, we can configure the interface IP address of the IGMP querier to the lowest possible IP address in the network.
  • Page 62 www.zyxel.com Is Layer 3 IGMP Routing enabled on the multicast client’s subnet? Using Web GUI: Figure 33 IP Application > IGMP Using CLI: Figure 34 62/132...
  • Page 63 www.zyxel.com Configure using CLI: Figure 35 If IGMP is not enabled in the multicast client’s network, the Layer 3 IGMP Router will not stream video on that network. If the interface or network of the multicast client does not have IGMP enabled, reconfigure and repeat step 4.

  • Page 64: Troubleshooting For Multicast Vlan Registration

    www.zyxel.com 11 Troubleshooting for Multicast VLAN Registration Flowchart: Access the switch using MVR. Is the switch the active querier? By default, querier is disabled on the Zyxel switch using IGMP Snooping. There are two things that needs to be verified to check whether or not the switch is the active querier.
  • Page 65 www.zyxel.com The CLI shows a “No last querier is found”. Using CLI: Figure 2 *The “No last querier is found” only means that there are no other active IGMP queriers in the network. This does not indicate whether this device is the active IGMP querier.
  • Page 66 www.zyxel.com Can the Zyxel switch receive the multicast stream? You can verify whether the switch is receiving multicast frames by looking at the port counters. Locate the port of the switch in the direction of the multicast server. Afterwards, check the port counters for received multicast packets. Check the port counters again after a few seconds.
  • Page 67 www.zyxel.com Figure 4 Using CLI: Figure 5 67/132...
  • Page 68 www.zyxel.com Figure 6 *This shows the difference in port counters, from left to right, in the span of a few seconds. If the switch can receive the multicast stream, go to step 4. If the switch cannot receive the multicast stream, go to<OTHERS>. 68/132...
  • Page 69 www.zyxel.com Perform an IGMP Join/Leave from the multicast client. Access the multicast client with issue (usually the set-top box of an IPTV), and start changing IPTV from one channel to the channel with the multicast issue (if any). Every time a channel changes, the set-top box sends an IGMP Join for the new channel as well an IGMP Leave for the old channel.
  • Page 70 www.zyxel.com Using Web GUI: Figure 8 Advance Application > Multicast Using CLI: Figure 9 If the switch can receive the IGMP Join/Leave in the Multicast VLAN ID, proceed to step 6. If the switch cannot receive the IGMP Join/Leave, go to step 10. Can the multicast client receive the multicast stream? If both multicast stream and IGMP join/leave reaches this switch, then the multicast client with issue should most likely be able to watch the channel through the IPTV.
  • Page 71 www.zyxel.com Ensure that the Zyxel switch using MVR is the active querier. When two devices have querier mode enabled, the device with the lower IP address will assume the role of the active querier. In this case, we can configure the interface IP address of the IGMP querier to the lowest possible IP address in the network.
  • Page 72 www.zyxel.com Is the multicast stream being sent in the multicast VLAN Make sure that the Multicast VLAN ID matches the multicast stream’s VLAN. If the multicast stream does not contain any VLAN tags, then multicast stream will be processed through this port’s PVID. Using Web GUI: Figure 12 Advance Application >...
  • Page 73 www.zyxel.com Are the MVR source and receiver ports configured correctly? Make sure that the port towards the server is a source port, while ports to subscribers or multicast clients are receiver ports. You will need to use tagging if the path to the querier is through a specific VLAN.
  • Page 74 www.zyxel.com Using CLI: Figure 16 If the MVR ports are configured correctly, go to step 11. If the MVR ports are not configured correctly, reconfigure and repeat step 3. Is the multicast stream within the MVR group address range? The MVR group address range allows the IGMP join/leave for this specific address range from multicast clients to be forwarded across the Multicast VLAN ID.
  • Page 75 www.zyxel.com Using CLI: Figure 18 If the multicast stream’s address is within the MVR address range, go to <OTHERS>. If the multicast stream’s address is not within the MVR address range, reconfigure and repeat step 3. 75/132...

  • Page 76: Troubleshooting For Ip Source Guard

    www.zyxel.com 12 Troubleshooting for IP Source Guard Illustration: Flowchart: OTHERS: 76/132...
  • Page 77 www.zyxel.com Access the switch directly connected to the client with issue. Is ARP Inspection enabled on the Switch? Using Web GUI: Figure 1 Advance Application > IP Source Guard > IP Source Guard Setup > ARP Inspection> Configure Using CLI: Figure 2 If ARP Inspection is enabled, go to step 3.
  • Page 78 www.zyxel.com Is the client with issue using a static IP address? If the client with issue is using a static IP address, go to step 4. If the client with issue is using a dynamic IP address, go to step 9. Initiate a ping request from client with issue to destination with issue.
  • Page 79 www.zyxel.com Is the port to the inner network configured as an ARP Inspection “trust” port? The inner network’s port should be configured as a trust port. This is because there are locally resources such as severs or gateways which are classified as trusted devices managed by the administrators.
  • Page 80 www.zyxel.com Does a static binding entry exist for this client? Using Web GUI: Figure 6 Advance Application > IP Source Guard > IP Source Guard Setup > Static Binding Using CLI: Figure 7 If a static binding entry exists for this client already, go to step 8. If a static binding entry does not exist for this client yet, create an entry for the client with issue and repeat step 4.
  • Page 81 www.zyxel.com Does the static binding entry match all of the client’s information? The IP source binding will only allow a client to forward traffic while ARP Inspection is enabled when all the following matches: Source MAC address of the client Source IP address of the client The VLAN client’s traffic will pass through The physical port on the switch where client’s traffic is coming from.
  • Page 82 www.zyxel.com Using CLI: Figure 9 If DHCP Snooping is enabled, go to step 10. If DHCP Snooping is disabled, proceed to the next agenda. Initiate a DHCP-discover on client with issue. Figure 10 Afterwards, proceed to step 11. 82/132...
  • Page 83 www.zyxel.com Can the DHCP client receive a correct dynamic IP address? Figure 11 If the dynamic IP configurations are all correct, go to step 5. If there are no dynamic IP configurations or configurations are incorrect, go to step 83/132...
  • Page 84 www.zyxel.com Is the port to the true DHCP server a “trusted” port? Using Web GUI: Figure 12 Advance Application > IP Source Guard > IP Source Guard Setup > DHCP Snooping > Configure > Port Using CLI: Figure 13 If only the port to the true DHCP server is a “trusted” port, go to step 13. If the port to the true DHCP server is not a “trusted”...
  • Page 85 www.zyxel.com 13. Is DHCP Snooping enabled on the client’s VLAN? Using Web GUI: Figure 14 Advance Application > IP Source Guard > IP Source Guard Setup > DHCP Snooping > Configure > VLAN *You must first indicate the star and end VID in order to view the VID list. Using CLI: Figure 15 If DHCP Snooping is already enabled on the client with issue’s VLAN, go to <OTHERS>.

  • Page 86: Troubleshooting For Dhcp Relay

    www.zyxel.com 13 Troubleshooting for DHCP Relay Flowchart: OTHERS: Can the switch performing DHCP relay ping the DHCP server? If the DHCP relay can ping the DHCP server, go to step 2. If the DHCP relay cannot ping the DHCP server, go to <OTHERS>. Are there other DHCP servers on different VLANs? When clients and DHCP server are on different IP networks, there are two choices for DHCP Relays.
  • Page 87 www.zyxel.com DHCP Smart Relay illustration: When there is only one DHCP server in the network, you can enabled DHCP Smart relay to send client DHCP packet to the DHCP Server. Figure 1 Using Web GUI: Figure 2 IP Application > DHCP > DHCPv4 > Global Using CLI: Figure 3 87/132...
  • Page 88 www.zyxel.com DHCP Per-VLAN Relay illustration: For a larger enterprise network deployment, more than one DHCP server may exist on different LAN segments while clients on specific VLANs need to acquire configurations from specific DHCP servers. Figure 4 Using Web GUI: Figure 5 IP Application >...
  • Page 89 www.zyxel.com Using CLI: Figure 6 If customer has DHCP servers on only one VLAN, configure DHCP Smart Relay and go to step 3. If customer has DHCP servers on different VLANs, configure per-VLAN DHCP Relay and go to step 9. Allow client to initiate a DHCP discover.
  • Page 90 www.zyxel.com Can the client with issue receive the correct dynamic configurations? If the client receives the correct dynamic configuration, proceed to the next agenda. If the client does not receive the correct dynamic configuration, go to step 5. Is the DHCP relay configured with the correct DHCP server address? Using Web GUI: Figure 8...
  • Page 91 www.zyxel.com Figure 11 Per-VLAN Relay If the relay is configured with the correct remote DHCP server address, go to step 6. If the relay is not configured with the correct remote DHCP server address, re-configure and repeat step 3. Is the switch’s VLAN interface for client using the correct IP subnet? The DHCP server will provide its dynamic configuration based on the DHCP relay’s VLAN interface towards the DHCP client.
  • Page 92 www.zyxel.com In the event that the VLAN interface has multiple IP addresses, the DHCP server will provide dynamic configurations for the lowest IP address. Using Web GUI: Figure 17 Basic Settings > IP Setup Using CLI: Figure 18 If the VLAN’s IP interface is configured correctly, go to step 7. If the VLAN’s IP interface is not configured correctly, reconfigure and repeat step 3.
  • Page 93 www.zyxel.com Is the DHCP relay’s option 82 configured correctly? If DHCP Relay option 82 profile is used, check the circuit-ID in the DHCP server. For example, option profile default 1(Slot-port, VLAN), the relay agent adds option 82 circuit-id in DHCP packets and forward this to the DHCP Server, then the DHCP server received the packet, it will check the option 82 and assign IP address.
  • Page 94 www.zyxel.com Figure 21 For Ubuntu, create the rule to assign IP address, below is an example circuit-id of dhcpd.conf; Figure 22 If option 82 is configured correctly, go to <OTHERS>. If option 82 is not configured correctly, reconfigure and repeat step 3 94/132...
  • Page 95 www.zyxel.com Verify which VLAN the client with issue belongs. You can verify this by checking the MAC address table. Below is an example on how to determine which VLAN client “20:6a:8a:39:fe:a9” is being processed in. Using Web GUI: Figure 23 Management >...
  • Page 96 www.zyxel.com Is the DHCP relay set for the VLAN of the client with issue? Make sure that the per-VLAN DHCP relay is configured on the correct VLAN of the client with issue Using Web GUI: Figure 25 IP Application > DHCP > DHCPv4 > VLAN Using CLI: Figure 26 If the VLAN is configured correctly, proceed to step 4.

  • Page 97: Troubleshooting For Dhcp Server

    www.zyxel.com 14 Troubleshooting for DHCP Server Flowchart: OTHERS: Is the client with issue and DHCP server on the same IP network? If the client and server are on the same IP network, go to step 2. If the client and server are not on the same IP network, proceed to the DHCP Relay Troubleshooting Guide.
  • Page 98 www.zyxel.com Can the client with issue ping the DHCP server’s interface using a static IP configuration? If the client with issue can ping the DHCP server, go to step 3. If the client with issue cannot ping the DHCP server, proceed to the VLAN Troubleshooting Guide.
  • Page 99 www.zyxel.com Allow client with issue to initiate a DHCP discover. Figure 3 Afterwards, proceed to step 5. 99/132...
  • Page 100 www.zyxel.com Can the DHCP client receive a correct dynamic IP address? Figure 4 If the dynamic IP configurations are all correct, proceed to the next agenda. If there are no dynamic IP configurations or configurations are incorrect, access the switch performing DHCP service and go to step 6. 100/132...
  • Page 101 www.zyxel.com Is there an IP address configured on the DHCP server’s interface? You cannot configure a DHCP pool if the VLAN for the DHCP service has no IP address configured. Using Web GUI: Figure 5 Basic Setting > IP Setup In this example, VLAN 10, 20, and 30 will be used for DHCP service.
  • Page 102 www.zyxel.com Is the DHCP pool in the same VLAN as the client with issue? Using Web GUI: Figure 7 IP Setting > DHCP > DHCPv4 > VLAN Using Web GUI: Figure 8 If a DHCP pool exist for the client with issues VLAN, go to step 8. If a DHCP pool does not exist for the client with issues VLAN, reconfigure and repeat step 4.
  • Page 103 www.zyxel.com Is the configured DHCP pool configured correctly? For clients to successfully access the internet, the IP address, subnet mask, default gateway, and at least a primary DNS server must be configured correctly. Using Web GUI: Figure 9 IP Setting > DHCP > DHCPv4 > “Index” Using CLI: Figure 10 If the configured DHCP pool is correct, go to step 9.
  • Page 104 www.zyxel.com Is there still room left in the DHCP pool? The size of client IP pool in the DHCP configuration limits the number of how many clients can successfully request a dynamic configuration from the DHCP server. Once the limit has been reached, the DHCP server will no longer send out DHCP offers.

  • Page 105: Troubleshooting For Acl

    www.zyxel.com 15 Troubleshooting for ACL Flowchart: OTHERS: 105/132...
  • Page 106 www.zyxel.com Initiate traffic from device or operation with issue Figure 1 Device with issue may refer to a specific device or a set of device that is not operating as intended Figure 2 Operation with issue refers to the specific network service or operation. 106/132...
  • Page 107 www.zyxel.com Is the device or operation working accordingly? If the device or operation is working accordingly, go to step 3. If the device or operation does not work accordingly, go to step 4. Are any policies previously disabled? If any policies were disabled on step 5, reactivate these policies and go to step 7. If there were no disabled policies from step 5, proceed to the next agenda.
  • Page 108 www.zyxel.com Using Web GUI: Figure 3 Advance Application > Classifier > Classifier Configuration Figure 4 Figure 5 Advance Application > Classifier Using CLI: Figure 6 After identifying the counting classifier, proceed to step 6. 108/132...
  • Page 109 www.zyxel.com Disable the policy rule or policy route of counting classifiers. Example: Figure 7 Advance Application > Classifier *Classifier shows raising counter on “ACL-2”. Figure 8 Advance Application > Policy Rule *Classifier is bound to Policy “Permit-2”. Figure 9 Advance Application > Policy Rule *Uncheck the “Active”...
  • Page 110 www.zyxel.com Initiate traffic from device or operation with issue. After initiating traffic, go to step 8. Is the device or operation working accordingly? If the device or operation is working accordingly, proceed to the next agenda. If the device or operation does not work accordingly, go to step 9. Does the policy drop the last identified classified frame? Verify the action of the last inactive policy rule or route.
  • Page 111 www.zyxel.com Using CLI: Figure 11 If policy action is to “Discard the packet”, reconfigure forwarding to “No change” and go to step 7. If policy action is not to “Discard the packet”,” go to step 10. 111/132...
  • Page 112 www.zyxel.com Does the policy rate limit the last identified classified frame? Verify the action of the last inactive policy rule or route. If action involves “Rate Limit”, the classified frames are undergoing bandwidth limitation. Using Web GUI: Figure 12 Advance Application > Policy Rule Using CLI: Figure 13 If policy action is to “Rate limit”, increase the bandwidth value and go to step 7.
  • Page 113 www.zyxel.com Does the policy route the last identified classified frame? Verify the action of the last inactive policy rule or route. Using Web GUI: Figure 14 IP Application > Policy Route > Rule Configuration Using CLI: Figure 15 If policy action is to route traffic, go to step 12. If policy action is not to route traffic, go to <OTHERS>.
  • Page 114 www.zyxel.com Using Web GUI: Figure 16 IP Application > Policy Route > Rule Configuration The policy route configuration can be viewed by clicking on the sequence number. Using CLI: Figure 17 If the switch can ping the next hop gateway, go to step 13. If the switch cannot ping the next hop gateway, go to <OTHERS>.
  • Page 115 www.zyxel.com Does the policy permit this routing? Using Web GUI: Figure 18 IP Application > Policy Route > Rule Configuration Using CLI: Figure 19 If the policy route state is permitted, go to <OTHERS>. If the policy route state is denied, change state to “permit” and repeat step 7. 115/132...

  • Page 116: Troubleshooting For Routing

    www.zyxel.com 16 Troubleshooting for Routing Flowchart: OTHERS: 116/132...
  • Page 117 www.zyxel.com Access the client with issue. For now, the client with issue will be considered as the downlink device. Afterwards, move on to step 2. Initiate a ping test from downlink device to destination with issue. The destination with issue could be one of the following: Device in the same LAN: ping the device’s IP address.
  • Page 118 www.zyxel.com Using Web GUI: Figure 2 Management > ARP Table Using CLI: Figure 3 If the uplink gateway can correctly learn the downlink device’s ARP entry, go to step If the uplink gateway cannot correctly learn the downlink device’s ARP entry, go to step 9.
  • Page 119 www.zyxel.com If downlink device is another Zyxel switch, verify whether a route exists for your destination address with the correct gateway. In this example, any packet destined for network “192.168.10.0” Using Web GUI: Figure 5 IP Application > Static Routing > IPv4 Static Route Using CLI: Figure 6 If there is a routing entry for destination address, then go to step 5.
  • Page 120 www.zyxel.com Can the downlink device learn the uplink gateway’s ARP? You can check the ARP table to verify that the uplink gateway’s traffic can reach the downlink device. Also verify that the IP address and MAC address matches the downlink device’s information in case of spoofing attacks. If downlink device is an end device: Figure 7 If the downlink device can correctly learn the uplink gateway’s ARP entry, go to step...
  • Page 121 www.zyxel.com Figure 8 Type “L” refers to local interfaces. This indicates that the switch locally has an IP interface for this destination address. While type “S” refers to static routes. This indicates that the destination network is not directly connected to this switch and network is mostly likely across another gateway.
  • Page 122 www.zyxel.com Figure 9 *Before *After If there are other uplink gateways in the corporate network, move on to the next set of downlink and uplink devices and repeat step 2. If there are no other uplink gateways in the corporate network, proceed to <OTHERS>.
  • Page 123 www.zyxel.com Using CLI: Figure 11 If the uplink gateway has the correct IP address in the correct VLAN, go to step 10. If the uplink gateway does not have the correct IP address in the correct VLAN, reconfigure and repeat step 2. Is there a static ARP entry using the IP of the downlink device or uplink gateway? Static ARP prevents the learning of ARP entries for another MAC address or port.
  • Page 124 www.zyxel.com Using CLI: Figure 13 Is the downlink device’s gateway the switch’s VRRP IP address? VRRP allows a switch to generate a virtual IP address for L3 gateway redundancy using a virtual MAC address. Verify whether a VRRP virtual interface is active on the client with issue’s network.
  • Page 125 www.zyxel.com If the switch has a virtual IP address for the client with issue’s network, proceed to step 12. If the switch does not have a virtual IP address for the client with issue’s network, go to step 14. Mirror and capture the traffic of client with issue. Access the switch directly connected to client with issue and mirror ingress and egress traffic on that port.
  • Page 126 www.zyxel.com Using CLI: Figure 17 After capturing the client with issue’s traffic, proceed to step 13. Does the client with issue’s ARP reply sent to the switch’s physical MAC address? Examine the packet capture of the client with issue’s traffic. Locate the client with issue’s ARP replies from the switch’s ARP request.
  • Page 127 www.zyxel.com Figure 18 Above shows client did not change uplink port Figure 19 Above shows client changed uplink port. If the client moved from one uplink port to another, this is a known issue. If the client did not move from one uplink port to another, go to Others. 127/132...

  • Page 128: Troubleshooting For Cpu High

    www.zyxel.com 17 Troubleshooting for CPU high Flowchart: Check syslog a. Verify frequency. b. Is there any special log before CPU high? c. Abnormal attack Is it caused by management commands? Some commands will cause the CPU high a. Save configuration (Write memory) b.

  • Page 129: Troubleshooting For Poe

    www.zyxel.com 18 Troubleshooting for PoE Before trouble shooting, you should know: A. PD : Model info, Supported PoE standard and class, the number B. PSE : Supported PoE standard, and the remaining power budget Class Current Range Power Range (W) PSE Allocated Power by (mA) Class...
  • Page 130 www.zyxel.com è If the customer original uses classification mode, please try to use consumption mode. But it is possible some PD will be shut down when the PoE Short-Circuit Event: The connected PD may be faulty. It could also mean that the PD is using an older standard and not 802.3af/at.
  • Page 131 www.zyxel.com Device PD Model X (1) PD Model X (2) PD Model Y Switch Model X (1) Fail Fail Fail Switch Model X (2) Success Success Success Switch Model Y Success Success Success Please test every ports in Switch Model X (1) to further verify the hardware issue. c.
  • Page 132 www.zyxel.com Wide Range Detection During the detection in the flow, PSE will send a little power to detect the connected device is PD or not. The IEEE802.3 defined a detected range for PD. If the PD out of the range, the PSE will not recognize it is a “PD”, and then the PSE decide not to supply it.

This manual is also suitable for:

Gs 1920 series2210 seriesXs 1920-123700-243900-483700 series ... Show all

Table of Contents