Avaya 2330/4134 Troubleshooting Manual
Avaya 2330/4134 Troubleshooting Manual

Avaya 2330/4134 Troubleshooting Manual

Secure router
Table of Contents

Advertisement

Troubleshooting

Avaya Secure Router 2330/4134
Release 10.3.5
NN47263-700
Issue 04.03
August 2013

Advertisement

Table of Contents

Troubleshooting

loading
Need help?

Need help?

Do you have a question about the 2330/4134 and is the answer not in the manual?

Questions and answers

Summary of Contents for Avaya 2330/4134

  • Page 1: Troubleshooting

    Troubleshooting Avaya Secure Router 2330/4134 Release 10.3.5 NN47263-700 Issue 04.03 August 2013...
  • Page 2 Product provided by Avaya including the selection, arrangement and to users of its products. Documentation does not include marketing design of the content is owned either by Avaya or its licensors and is materials. Avaya shall not be responsible for any modifications,...
  • Page 3 See the Avaya Support website: http://support.avaya.com for product notices and articles, or to report a problem with your Avaya product. For a list of support telephone numbers and contact addresses, go to the Avaya Support website: http://support.avaya.com, scroll to the bottom of the page, and select Contact Avaya Support.
  • Page 4 Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 5: Table Of Contents

    Password recovery............................ 20 Loss of non-admin user password....................20 Loss of Administrator password....................... 21 Rebooting the Secure Router 2330/4134....................21 Obtaining Configuration Mode access when occupied by an inactive or unresponsive session....21 Clearing an inactive session......................21 Removing an unresponsive session....................22 Defining default boot parameters......................
  • Page 6 Importing from a network location....................50 Viewing the current configuration......................50 Chapter 5: Troubleshooting an operational problem............Damaged router............................51 Normal operation of the Avaya Secure Router 2330/4134............... 51 Power problem............................52 Fans................................53 LEDs are off.............................. 54 Console problem............................54 Boot problems............................
  • Page 7 Troubleshooting a Frame Relay connection..................... 82 Frame Relay debugging commands....................82 Troubleshooting a PPP connection......................86 PPP debugging commands......................86 Troubleshooting MAC configuration and switching................... 89 Troubleshooting a configuration failure.................... 89 Troubleshooting an operational failure..................... 89 Troubleshooting VLAN Configuration and Switching................90 Troubleshooting a configuration failure....................
  • Page 8 Troubleshooting OSPF..........................127 OSPF debug options........................127 OSPF show command options......................130 OSPF clear command options......................131 Troubleshooting BGP..........................131 BGP debug options.......................... 131 BGP show options..........................132 BGP clear options..........................133 Troubleshooting RIP..........................134 RIP debug options..........................134 RIP show options..........................134 RIP clear options..........................
  • Page 9 debug rip packet..........................147 Debug command options for RIPng for IPv6.................... 147 debug ipv6 rip........................... 147 debug ipv6 rip all..........................148 debug ipv6 rip events........................148 debug ipv6 rip nsm........................... 148 debug ipv6 rip packet........................148 debug ipv6 rip packet detail......................149 debug ipv6 rip packet recv.......................
  • Page 10 Troubleshooting Static VPN ABOT......................215 Troubleshooting Dynamic VPN Peer to Peer over IP-IP tunnels.............. 217 Troubleshooting Dynamic VPN ABOT over IP-IP tunnels................ 219 Secure Router to Avaya VPN router interoperability tips................221 Troubleshooting OSPF over GRE/IPIP tunnels..................222 Troubleshooting RIP over GRE/IPIP tunnels.................... 223 OSPF debug commands........................
  • Page 11 Unable to make FXS calls........................ 333 FXS phones are not registered (Sylantro and BroadSoft only)............338 Unable to make FXO calls........................ 341 Secure Router 2330/4134 not reachable from SIP Server............... 346 Unable to make outbound calls to SIP endpoints................354 Codec mismatch..........................356 Troubleshooting the Mediation Server Module..................
  • Page 12 Message severity levels..........................375 Configuring the system for syslog reporting....................376 Enabling and disabling syslog messages..................376 Specifying the device to which the Secure Router 2330/4134 sends syslog messages....376 Configuring multiple Syslog servers....................377 Specifying the syslog messages to report..................378 Configuring the Syslog source address....................
  • Page 13: Chapter 1: Introduction

    Ongoing product training is available. For more information or to register, you can access the Web site at http://avaya-learning.com. Avaya Mentor videos Avaya Mentor is an Avaya-run channel on YouTube that includes technical content on how to install, configure, and troubleshoot Avaya products. Go to http://www.youtube.com/AvayaMentor...
  • Page 14: Support

    • Scroll down Playlists, and click the name of a topic to see the available list of videos posted on the site. Support Visit the Avaya Support website at http://support.avaya.com for the most up-to-date documentation, product notices, and knowledge articles. You can also search for release notes, downloads, and resolutions to issues.
  • Page 15: Chapter 2: New In This Release

    Chapter 2: New in this release The following section details what is new in Avaya Secure Router 2330/4134 Troubleshooting (NN47263-700) for Release 10.3.5. Features Troubleshooting security See the following sections for information about troubleshooting Release 10.3.5 security features: • Troubleshooting High CPU Utilization...
  • Page 16 New in this release Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 17: Chapter 3: Determining The Scope Of A Problem

    To ensure you always have current troubleshooting techniques and information, check the Avaya Technical Support web site regularly for updates to Avaya Secure Router 2330/4134 Troubleshooting (NN47263-700), including updates for SIP Media Gateway and VoIP troubleshooting: http://www.avaya.com/support You can determine the scope of a problem by answering the following questions: 1.
  • Page 18 • Multiple protocols on multiple ports in all slots in the router? If so, the problem is most likely operational. • Multiple routers? If so, the problem is most likely due to an external device. Try to determine the cause of the problem. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 19: Chapter 4: Global Troubleshooting Tasks

    Using debug commands Debug commands are used to troubleshoot various features of the Avaya Secure Router 2330/4134. While this book contains some common debug commands, you should refer to the Avaya Secure Router 2330/4134 — Command Line Reference (NN47263-507) for a complete listing and usage instructions.
  • Page 20: Changing The Password

    4. When prompted, enter the user password, up to 10 characters. 5. Repeat the password. For more information on adding users and user levels, see Avaya Secure Router 2330/4134 — Commissioning (NN47263-302). To delete/reset all non-admin user accounts on the system, use the command system reset-to-factory users.
  • Page 21: Loss Of Administrator Password

    This section describes steps used if an administrator level user needs to gain access to Configuration Mode in the Secure Router 2330/4134, but is unable to due to an inactive or unresponsive session. An inactive session would be classified as a session where a user has failed to issue the exit command to properly end their console session.
  • Page 22: Removing An Unresponsive Session

    Booting from a network FTP server page 41 or Booting from USB on page 43 Upgrading the normal and golden bootroms Use the procedures in this section to upgrade the normal and golden bootroms on the Secure Router 2330/4134. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 23 Upgrading the normal and golden bootroms If you have a Secure Router 2330/4134 with an older version of the software image (filename: tor.Z), you must upgrade your bootrom to accommodate the new software image (filename: SR4134.Z or SR2330.Z). It is important to upgrade both the normal and golden bootroms to prevent a bootrom mismatch.
  • Page 24: Determining What Modules Are Installed

    15. To update the normal bootrom, enter D at the prompt: [BOOT]: D Allow the boot sequence to complete. 16. When the boot sequence is complete, the Secure Router 2330/4134 returns a message indicating that the system will be rebooted again after updating the...
  • Page 25 Determining what modules are installed show tech-support 2. The following figure shows output from show chassis, which lists the slot that the module is in, its name, status, and serial number. Make a note of the names in the Card-Type column. They refer to the installed modules. 3.
  • Page 26 SIP Survivability Module (SSM) users activated. VPN_A Internal SR4134 High Performance IPsec VPN SR000002 Encryption Module (1000 IPsec tunnels) WDS3_1 Medium 1-port Clear Channel DS3 ** SR210401 WT3/ Medium 1-port Channelized T3 ** SR000001 DS3_1C Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 27: Hot Swapping A Card

    Hot swapping a card Card Type Module Description Order Size Number WTE_1 Small 1-port T1/E1 (DS0 and DS1 support) for SR000000 both TDM and Packet (Supports ISDN- PRI.) WTE_1S Small 1-port Sync and Async Serial. (Routing SR000000 license required to use on AG2330.) WTE_2M Small 2-port T1/E1 (DS0 and DS1 support) for...
  • Page 28: Dumping Log Files To Another Location

    Viewing debug output The Secure Router 2330/4134 CLI contains a variety of debug commands to assist in troubleshooting the router on a feature by feature basis. Please refer to the appropriate troubleshooting sections in this document for further details.
  • Page 29: Viewing Alarms

    Use the show module alarms command to quickly check for any irregularities. Procedure steps 1. To view the current alarms for any T1 WAN link on the Secure Router 2330/4134, enter: show module alarms t1 <slot/port>...
  • Page 30: Example Of Packet Capture Configuration

    Configure packet capture access-list acc1 add permit mac any any vlan 100 add permit mac any any vlan 200 add permit ip any 30.30.30.2 add permit ip any 50.50.50.2 exit capture cap1 attach ethernet 6/1 Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 31: Packet Capture Commands

    Packet capture filter acc1 in commit exit capture cap2 filter acc1 out attach bundle wan1 commit exit enable Packet capture commands debug pcap Use this command to configure next level packet capture commands. Syntax [no] debug pcap Example SR# debug pcap debug pcap capture Use this command to access packet capture related commands.
  • Page 32 Use this command to configure the number of packets to be captured. Syntax count <0 - 10000> Example SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# count 5000 debug pcap capture filter Use this command to configure the ACL applied. Syntax filter <aclname> Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 33 Packet capture Table 4: Variable definition Variable Value <aclname> The ACL name. Example SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# filter testacl debug pcap capture wrap Use this command to enable buffer wrap. Syntax wrap Example SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# wrap debug pcap capture size Use this command to configure the buffer size.
  • Page 34 Use this command to commit packet capture configurations. Syntax commit Example SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# commit debug pcap capture show-config Use this command to show packet capture configuration. Syntax show-config Example SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# show-config Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 35 Packet capture debug pcap capture stats Use this command to display packet capture statistics. Syntax stats Example SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# stats debug pcap capture dump Use this command to display a packet capture dump. Syntax dump Example SR# debug pcap capture cap1 SR/debug/pcap/capture cap1# dump...
  • Page 36 Use this command to delete all packet capture sessions, related statistics and data structures. Syntax debug pcap cleanup Example SR# debug pcap cleanup debug pcap upload Use this command to upload captured packets to a remote host. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 37 Packet capture Syntax [no] debug pcap upload <X.X.X.X> <name> <username> <password> Table 7: Variable definition Variable Value <name> The filename to store as. <password> The password to access the server. <username> The username to access the server. Example SR# debug pcap upload 10.10.10.1 testcap testuser testpass debug pcap save Use this command to save the packets captured.
  • Page 38: Interpreting Leds

    SR# debug pcap clear-stats Interpreting LEDs This section describes how to interpret the various LED indicators on the rear panel of the Secure Router 2330/4134. The following figure shows the location of the system LEDs. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 39: Fan Tray

    Interpreting LEDs Figure 1: Secure Router 4134 rear panel LEDs Figure 2: Secure Router 2330 rear panel LEDs Fan tray This section describes the LED behavior for the fan tray (FAN LED). • Green - The fan tray is installed and all fans are functioning normally. •...
  • Page 40: Power Supply

    • Red - Medium or large modules are installed, but one or more are malfunctioning. For more information, see the status LEDs on the modules. • Off - If the router is powered, and the LED is off, no medium or large modules are installed (Secure Router 4134 only). Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 41: Environment Management (Secure Router 2330 Only)

    Procedure steps To show the software version, run the following command: show version Booting from a network FTP server You can configure the Secure Router 2330/4134 to boot from a network FTP server. Procedure steps 1. Enter Configuration Mode: configure terminal 2.
  • Page 42 Show header enable [0:Disable,1:Enable]: 1 13. Enter the number (0, 1, or 2) that corresponds to the type of bootrom image update that you prefer, or enter 3 if you prefer to not update the bootrom image: Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 43: Booting From Usb

    2:GoldenBTupd,3:NoUpd]: 0 If you select 0, 1, or 2, the router returns the following: BOOT PARAMETERS HAVE BEEN SAVED. 14. Reboot the Secure Router 2330/4134 to activate changes, or continue with your configuration: DO YOU WANT TO REBOOT: (Y/N) ? y Booting from USB You can configure the Secure Router 4134 to boot from a USB device.
  • Page 44: Using The Show Tech-Support Command

    Use the show tech-support command to gather information about different layers on the Secure Router 2330/4134. This information may be used by a technical support professional to diagnose the source of a problem. You can show and save information per layer or as all layers.
  • Page 45: Sending Information To Another Source

    Using the show tech-support command Variable Value • layer1 - Gather Layer 1 information • layer2 - Gather Layer 2 information • layer3 - Gather Layer 3 information • all - Gather information for all layers Sending information to another source After gathering layer diagnostic information using the show tech-support command, you can copy or send the output file (showtech.txt) to another location for use in diagnosis.
  • Page 46: Saving The Config File

    After the test is completed, the test is terminated using the no command. Configuring BERT testing To configure a BERT test, perform the following steps: Procedure steps 1. Issue the test command, accompanied by the module type and identifier. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 47: Showing Bert Test Results And Status

    BERT test <module> <identifier> Example:test t1 6/3 2. Issue the command to begin BERT testing, accompanied by the pattern type and duration. bert <patterntype> <interval> Table 12: Variable definition Variable Value <identifier> The module identifier. <interval> The duration of the test, in minutes. If not otherwise specified, the default setting will be continuous.
  • Page 48: Ending A Bert Test

    Resetting to factory defaults This procedure describes the steps necessary to reset the Secure Router 2330/4134 to factory defaults. This command clears all the information stored in NvRam, including user information. Other major information that will be cleared includes event logs, crash logs, command logs, and boot parameters.
  • Page 49: Resetting To Factory Defaults From The Boot Menu

    Resetting to factory defaults from the boot menu Resetting to factory defaults from the boot menu This procedure describes the steps necessary to reset the Secure Router 2330/4134 to factory defaults from the boot menu in the event that the administration password has been lost. This command clears all the information stored in NvRam, including user information.
  • Page 50: Importing From A Network Location

    Viewing the current configuration This procedure describes the steps necessary to view the current system configuration. Procedure steps To view the current system configuration, run either of the following commands: show running-config show configuration running Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 51: Chapter 5: Troubleshooting An Operational Problem

    Normal operation of the Avaya Secure Router 2330/4134 To troubleshoot an issue, you must be familiar with the normal boot sequence of the Secure Router 2330/4134. In normal operating conditions, the following events occur when you power up the router: •...
  • Page 52: Power Problem

    • The logon prompt appears on the console screen. Power problem You can identify a power problem by the inactivity of the LEDs and the fans on the Avaya Secure Router 2000/4134. Use the procedure in this section to troubleshoot a power problem.
  • Page 53: Fans

    Fans 4. Verify that at least one power supply LED is green. If any power supply LED is red, replace that power supply. Fans Use the procedure in this section if fans are not functioning. Procedure steps 1. Check the status of the FAN LED on the rear panel of the chassis. 2.
  • Page 54: Leds Are Off

    If all LEDs are off, make sure the power cable is firmly connected to the router and to an electrical outlet. If there is power to the unit, and all LEDs remain off, contact Avaya Technical Support. Be sure to note whether the fans are running or not.
  • Page 55: Making Sure The Software Image Is Correct

    Ensure the normal and golden bootrom partitions are running the same image version. Use the show version command to find information for the image version running on the normal and golden bootrom partitions of your Secure Router 2330/4134. It is important that the normal and golden bootrom partitions use the same image version.
  • Page 56: Ping Does Not Work

    This section describes steps you can use to troubleshoot a scenario where ping does not work. In a scenario where you cannot ping the Secure Router 2330/4134, first try to ping the router from an adjacent device. If you are able to ping from an adjacent device you can troubleshoot the issue by invoking a traceroute to the Secure Router management IP address from both machines in an attempt to determine the source of the error.
  • Page 57: Chapter 6: Troubleshooting A Physical Media Problem

    • Check the cable - Use another cable • Check the source - Try another source • Verify the port on the Avaya Secure Router 2330/4134 is functioning Loopback testing Perform loopback tests to troubleshoot a circuit. For example, use a loopback test on a port to verify that the port is functioning.
  • Page 58: Loopback Testing For T3 Interfaces

    3. To begin a line loopback test with a remote device, enter: loopback remote line_t3 Loopback testing for E1 interfaces Use the commands in this section to run loopback tests on an E1 interface. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 59: Loopback Testing For Interfaces On The Ct3 Module

    Loopback testing Procedure steps 1. To access loopback testing commands, enter: test e1 <slot/port> 2. To begin a loopback test of the local line, enter: loopback line 3. To begin a loopback test of the local payload, enter: loopback payload 4.
  • Page 60: Loopback Testing For Serial Interfaces

    Ensure you use straight cables with FXS and FXO modules. TIP must connect to TIP and RING must connect to RING. FXS ground start does not work if polarity is reversed. The following table describes the LED states for the 2- and 4-port FXO and FXS Small Modules. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 61: Troubleshooting T1/E1

    Troubleshooting T1/E1 Table 18: FXS and FXO Module LEDs Description LINK/STAT 1 Status of interface 1: • Red: The port is not configured • Green: A call is in progress • Yellow: The port is configured and ready to accept calls LINK/STAT 2 Status of interface 2: •...
  • Page 62: Troubleshooting Ds3

    Use only the default framing format of C-BIT on Clear Channel DS3 interface modules. The following table describes the LED states for the DS3 Medium Module. Table 20: DS3 Module LEDs Description STAT General module status: Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 63: Troubleshooting Ct3

    Troubleshooting CT3 Description • Off: No power available to the module • Yellow: Out of service, or failed to initiate • Green: Power on and the module is operational. LINK/STAT Status of each interface: • Off: Not connected or the interface is out of service. •...
  • Page 64: Troubleshooting Serial

    • Green: The link is active and receiving a valid signal When you power on the Secure Router 2330/4134 with a serial configuration, the serial interface software polls the port hardware status to ensure the connected cable matches the port configuration. If a connected cable does not match the cable type and operational mode settings, the interface LED turns red and the port hardware is disabled.
  • Page 65: Troubleshooting Isdn

    Troubleshooting ISDN Description • Off: No power available to the module • Yellow: Out of service, or failed to initiate • Green: Power on and the module is operational. LINK/STAT Status of each interface: • Off: Not connected or the interface is out of service. •...
  • Page 66: Isdn Debugging Commands

    [no] debug isdn all <bundle> Table 25: Variable definition Variable Value <bundle> The ISDN bundle name. Example SR# debug isdn all test debug isdn cc Use this command to enable or disable call control debug messages. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 67 Troubleshooting ISDN Syntax [no] debug isdn cc <bundle> Table 26: Variable definition Variable Value <bundle> The bundle name. Example SR# debug isdn cc test debug isdn q921 Use this command to enable or disable q.921 debug messages. Syntax [no] debug isdn q921 <bundle> Table 27: Variable definition Variable Value...
  • Page 68 SR# debug isdn q931-timers test debug isdn physical-layer Use this command to enable or disable physical layer debug messages. Syntax [no] debug isdn physical-layer <bundle> Table 31: Variable definition Variable Value <bundle> The bundle name. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 69 Troubleshooting ISDN Example SR# debug isdn physical-layer test debug isdn data-path Use this command to enable or disable ISDN data path debug messages. Syntax [no] debug isdn data-path <bundle> Table 32: Variable definition Variable Value <bundle> The bundle name. Example SR# debug isdn data-path test debug isdn test-isdn-call Use this command to make an ISDN call.
  • Page 70 Use this command to display or reset q.931 statistics. Syntax [no] debug isdn q931Statistics <bundle> Table 36: Variable definition Variable Value <bundle> The bundle name. Example SR# debug isdn q931Statistics test debug isdn q921Statistics Use this command to display or reset q.921 statistics. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 71 Troubleshooting ISDN Syntax [no] debug isdn q921Statistics <bundle> Table 37: Variable definition Variable Value <bundle> The bundle name. Example SR# debug isdn q921Statistics test Troubleshooting August 2013...
  • Page 72 Troubleshooting a physical media problem Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 73: Chapter 7: Troubleshooting A Data Link Layer Problem

    Chapter 7: Troubleshooting a Data Link Layer problem Commonly used troubleshooting commands Interface commands • Use the show bridge port command to display interfaces, their states, modes, and VLAN membership information. • Use the show bridge port <interface_name> command to display a detailed information about a bridge port.
  • Page 74: Clear Commands

    • Use the clear gvrp state-machine [port-name] to clear the current state of GVRP. Debug commands Most subsystems in the Avaya Secure Router 2330/4134 support debug tracing. This feature can be turned on using the following commands: • debug all •...
  • Page 75 Troubleshooting MSTP • Check the region name on all switches in the topology. • Check the revision number on all switches in the topology. If all switches has to be in same region then check whether there equal number of instances on all the switches and check whether the same VLANs are mapped to same instance ID on all switches using the show spanning-tree mstp instance vlan.
  • Page 76: Troubleshooting An Operational Failure

    ROOT Forwarding state (others should be in Alternate Discarding) and other links (not to the root bridge) should be in Designated Forwarding states. There should be only one Root Port/Master Port per spanning tree. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 77 Troubleshooting MSTP Issue the clear spanning-tree mstp all command. Even if traffic looping did not stop then shutdown the redundant path links. Bridge is selected as a Root bridge even though there is another bridge with the Lower Priority • Issue the show spanning-tree detail command. Troubleshooting August 2013...
  • Page 78 The number of packets received should be incrementing on a regular basis if this bridge is not root-bridge. If the bridge is non-root and if it is not receiving the packets then it could be a hardware problem. Try to hot swap the card. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 79 Troubleshooting MSTP BPDU Skew detected • Skew message will appear when the network is bad. Check whether the number of packets transmitted by sender is almost same as that of receiver using the show spanning-tree statistics command. Number of packets received on receiver switch should be almost same as the number of BPDU packets transmitted by sender switch.
  • Page 80 Ports configured as Port Fast BPDU Guard are in Disable Discarding states Make sure the port in not receiving any BPDUs. Use debug tracing to monitor the packets received by port with the debug spanning-tree packet <transmit|receive> command. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 81 Troubleshooting MSTP Port state is Disable Discarding Check whether the port is administratively down using the show bridge port command. The lowest priority bridge is not selected as Regional Root This may not be an issue. The path cost to the CIST root has higher precedence for regional root selection.
  • Page 82: Troubleshooting A Frame Relay Connection

    Check if any other ports in the bridge are receiving Unknown Mac address packets. Troubleshooting a Frame Relay connection This section details the commands used to troubleshoot a Frame Relay connection. Frame Relay debugging commands debug fr Use this command to access Frame Relay debug commands. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 83 Troubleshooting a Frame Relay connection Syntax debug fr Example SR# debug fr debug fr pvc-info Use this command to show detailed frame relay virtual circuit information. Syntax [no] debug fr pvc-info <bundle> <dlci> Table 38: Variable definition Variable Value <bundle> The bundle name.
  • Page 84 Use this command to dump FR inverse arp packets. Syntax [no] debug fr packet inverse-arp Example SR# debug fr packet inverse-arp debug fr packet mfr Use this command to dump FRF.16.1 UNI/NNI MFR control packets. Syntax [no] debug fr packet mfr [content <brief|detailed>] Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 85 Troubleshooting a Frame Relay connection Table 41: Variable definition Variable Value <brief> Print single line information. [content] The content level to print. <detailed> Print detailed information. Example SR# debug fr packet mfr content detailed debug fr mfr Use this command to access MFR debug commands. Syntax [no] debug fr mfr Example...
  • Page 86: Troubleshooting A Ppp Connection

    SR# debug fr frf20 test 200 Troubleshooting a PPP connection This section details the commands used to troubleshoot a PPP connection. PPP debugging commands debug ppp Use this command to enable or disable PPP debug commands. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 87 Troubleshooting a PPP connection Syntax [no] debug ppp Example SR# debug ppp debug ppp mlpinfo Use this command to display MLPPP information. Syntax [no] debug ppp mlpinfo Example SR# debug ppp mlpinfo debug ppp pppstates Use this command to display PPP states information. Syntax [no] debug ppp pppstates Example...
  • Page 88: Debug Ppp Lcp

    Use this command to display bcp debug information. Syntax [no] debug ppp bcp Example SR# debug ppp bcp debug ppp ipv6cp Use this command to display ipv6cp debug information. Syntax [no] debug ppp ipv6cp Example SR# debug ppp ipv6cp Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 89: Troubleshooting Mac Configuration And Switching

    To add a list of interfaces and associated MAC addresses to the Layer 2 forwarding table, use the mac address <mac address> {forward|discard} <interface> vlan <vid> command. For more information please refer to Avaya Secure Router 2330/4134 Configuration — Layer 2 Ethernet (NN47263-501).
  • Page 90: Troubleshooting Vlan Configuration And Switching

    /configure/interface/ethernet (5/1)#switch trunk allow vlan 10 Troubleshooting a configuration failure Assigning a VLAN to an interface fails • VLAN may not be created in the VLAN database yet. Use the show bridge vlan to verify. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 91: Troubleshooting An Operational Failure

    <encapsulation> The protocol parameter is either a number (between 0-65535) or ipv4, ipv6, mpls, arp, rarp, vlan-tagged, appletalk, ipx, pppoe-disc, pppoe-session. The supported encapsulations are Ethernet Type II, LLC SNAP, or LLC Only. For more information please refer to Avaya Secure Router 2330/4134 Configuration — Layer 2 Ethernet (NN47263-501). Troubleshooting...
  • Page 92: Troubleshooting A Configuration Failure

    • Make sure the interface is in Hybrid mode using the show bridge port command. Configuration fails with Rule Subnet overlaps with ruleId error • Verify the previously configured rule X is not in the same subnet. Use show running- config command. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 93: Troubleshooting An Operational Failure

    Troubleshooting VLAN stacking Troubleshooting an operational failure The configure rule is not being applied • Verify the rule is assigned to the interface. Use the show running-config command. • Use a network sniffer to verify that the incoming packets fulfill the configured rules. •...
  • Page 94: Troubleshooting Port Mirroring

    The direction of packets can be specified as both or receive. Use a value of both to mirror both transmit and receive packets. Use a value of receive to mirror receive packets only. /configure# mirror source ethernet5/1 destination ethernet7/1 direction receive The configuration command may fail for one of the following reasons: Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 95: Troubleshooting An Operational Failure

    Troubleshooting port mirroring Command fails with invalid interface error • Make sure the interfaces are all non-CPU Ethernet ports using the show bridge port command. • Verify the interface name is not misspelled. • Verify both source and destination interfaces are created by executing the show bridge port command.
  • Page 96: Troubleshooting Link Aggregation

    In the active state, the switch initiates the negotiation. The link aggregate will be formed if the other end is running in LACP active or passive mode. Command fails with invalid interface error Make sure the interfaces are all non-CPU Ethernet ports using the command show bridge port. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 97: Troubleshooting A Operational Failure

    Troubleshooting Link Aggregation Command fails with Maximum # of member ports reached for Channel-Group error Verify the number of lines in the LAG does not exceed the maximum. Use the show lacp member-port and show lacp channel-group commands. Troubleshooting a operational failure First verify created channel groups (lag) using the show bridge port command.
  • Page 98 • Verify that all the ports in the LAG are in Current and Selected states using the show lacp dynamic detail command. • Verify the Tx and Rx rates at the edge of the bridge. Use the show interface <interface> command. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 99: Troubleshooting Gvrp

    By default GVRP is not enabled for the switch. You must first enable GVRP on the switch before you can configure the trunk ports for GVRP operation. Procedure steps 1. Configure the port as trunk. Please refer to Avaya Secure Router 2330/4134 Configuration — Layer 2 Ethernet (NN47263-501) for information. 2. Configure the port GVRP:...
  • Page 100: Troubleshooting An Operational Failure

    • Verify the port state using the show bridge port command. • Verify the dynamic and static VLANs using the show bridge vlan command. • Verify GVRP configuration and dynamic information using show gvrp detail command. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 101 Troubleshooting GVRP • Verify GVRP Statistics using the show gvrp statistics command. As shown above interface ethernet5/1 is both receiving and transmitting JoinIn packet. However, interface ethernet5/2 is only receiving JoinIn packets but not transmitting (interface is set to Alternate Discarding by MSTP). If an interface is in Forwarding state and still is not transmitting and receiving JoinnIn messages, disable GVRP and re-enable GVRP both globally and on the interface.
  • Page 102: Troubleshooting Igmp Snooping

    Mrouter port configuration failure Error: Interface (ethernet1/1) not found For configuring a mrouter port, the port needs to be present as a bridge port before configuration. Refer user guide on how to create a bridge port. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 103: Troubleshooting An Operational Failure

    Troubleshooting IGMP Snooping IGMP Version configuration failure on an interface Error: Port [ethernet2/1] is not switchport For configuring IGMP version on an interface the interface needs to be a bridge port. Refer user guide on how to create a bridge port. Troubleshooting an operational failure Host not added to a multicast group This problem may result in the following symptoms:...
  • Page 104 Verify the IGMP Snooping counters using the show ip igmp snooping statistics command. If the RX Invalid pkts counter is getting incremented then the incoming IGMP messages are not valid. This might be the reason for multicast group not being associated with host port. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 105 Troubleshooting IGMP Snooping 6. To analyze the reason for Invalid Pkts counter, enable appropriate debugs to verify the packets, timers and event notifications on IGMP Snooping module using the debug igmp-snooping <all | packet | event | timer> command. Use no debug igmp-snooping <all | packet | event | timer>...
  • Page 106 Troubleshooting a Data Link Layer problem • Static mrouter ports have to be cleared explicitly using “no mrouter <interface name>” command. Dynamic mrouter ports can be cleared using the clear ip igmp snooping mrouter command. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 107: Chapter 8: Troubleshooting Ethernet Cfm

    Use this command to specify the feature to debug and the level at which to debug. The Avaya Secure Router 2330/4134 does not write the debug information to a log file. The Secure Router 2330/4134 displays the debug information only on your screen.
  • Page 108 • ALL • CCI • CCR • CLI • DISPATCH • ERR • FRAME • LB • LPORT • LT • MA • MD • MEP • MIP • PORT Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 109: Debug Oam No Cfm

    Ethernet CFM debug commands Variable Value • QUE • RMEP • RSP • RX • STARTUP • TIMERS • TX Example SR/debug/oam# cfm debug-feature "LT LPORT MIP" debug-level 3 debug oam no cfm Use the command in this section to end the output of CFM-related debug and dump messages.
  • Page 110 Troubleshooting Ethernet CFM Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 111: Chapter 9: Troubleshooting An Mpls Problem

    Chapter 9: Troubleshooting an MPLS problem For troubleshooting an MPLS network, you should use a step by step approach for isolating the problems. The first step is to ensure the dependency interfaces are functioning properly, and in an “up” state. Other items to check include making sure the route exists, that you can ping the peer, and that the MPLS protocol is globally enabled.
  • Page 112: Troubleshooting Static Lsp

    3. Check the forwarding table entry for CLI-FTN: show mpls table-forwarding 4. Check the routing table for MPLS static routes: show ip route 5. Make sure the particular MPLS route is selected: show ip route database Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 113: Troubleshooting Ldp Lsp

    Troubleshooting LDP LSP 6. Make sure the forwarding entry and route database are in sync 7. Check the static LSP statistics for transmitted packets: show mpls stats-lsp 8. Check the MPLS forwarding statistics for transmitted packets: show mpls stats- ftn show mpls stats-interface 9.
  • Page 114 Troubleshooting an MPLS problem • Ensure the LDP protocol is enabled on the interface. Issue the command show ldp interface. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 115 Troubleshooting LDP LSP • Check the session adjacency information by issuing command show ldp adjacency. • Check the session status by issuing command show ldp session and show ldp session <session peer ip address>. • Ensure there is no access list to block the LDP messages. •...
  • Page 116: More Detailed Analysis

    Make sure the state machine is working by issuing debug ldp fsm. For further filtering, depending on the router type like upstream, down stream, transient, a user can issue the commands debug ldp usm, debug ldp dsm, and debug ldp tsm. Make sure the finite Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 117: Packets Not Forwarding

    Troubleshooting LDP LSP state machine is working fine. With debug ldp nsm a user can debug the events from NSM, route add delete and entries to forwarding. With debug ldp advertise-labels a user can debug access list issues. For detail information about the LDP packet send and receive use debug ldp packet.
  • Page 118: Troubleshooting Rsvp-Te Lsp

    Troubleshooting an MPLS problem If there is a problem, take appropriate action to fix it, then make sure the LSP is operating as expected. If problem still exists contact Avaya support for help. Troubleshooting RSVP-TE LSP This section details the steps and commands used to troubleshoot RSVP-TE LSPs.
  • Page 119 Troubleshooting RSVP-TE LSP 4. Check session information by issuing the commands show mpls traffic-eng- lsp session and show mpls traffic-eng-lsp session <session name> The resulting display will record session failure reasons like ingress problems, CSPF configuration errors, routing problems, MPLS label allocation failures, etc. The below table explains the major error codes/sub error codes, as well as root cause and corrective action for these error codes.
  • Page 120 CSPF flow. For RSVP sessions with QOS parameters, debug rsvp nsm will give more detailed information about the flow and the interfaces with QOS. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 121 Troubleshooting RSVP-TE LSP For detail information about RSVP packet send and receive use debug rsvp packet. For detailed analysis of packet send and receive and to dump the packet use debug rsvp hexdump. Troubleshooting packets not forwarding Follow the below steps to troubleshoot the problem. Procedure steps 1.
  • Page 122: Troubleshooting L2 Circuit

    Shut down and restart the incoming and outgoing interfaces. If there is a problem, take appropriate actions to fix it, then check to see if LSP is operating as expected. If problem still exist, contact Avaya support for help. Troubleshooting L2 circuit This section details the steps and commands used to troubleshoot L2 circuits.
  • Page 123: Static L2 Circuit

    Troubleshooting L2 circuit Static L2 circuit For static L2VPN VC, since there is no signaling, most problems might be due to the configuration and forwarding plane. Follow the below steps to troubleshoot the problem. Procedure steps 1. Ensure all MPLS prerequisites are satisfied. 2.
  • Page 124 5. Debug LDP signaling for l2 circuit: debug ldp vc 6. Check the MPLS forwarding statistics for L2VPN traffic: show mpls stats-ftn show mpls stats-interface 7. If the statistics are not getting updated, check the incoming data packet: show interface <interface name> Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 125: Chapter 10: Troubleshooting Unicast Routing

    Internet between your source device and a specified destination device. Route tracing also calculates and displays the duration of time from each hop to the next. The Avaya Secure Router 2330/4134 provides tools for tracing an IPv4 route and an IPv6 route. For information about multicast route tracing, see Troubleshooting multicast routing on page 153.
  • Page 126: The Route Table

    The system route table contains the best routes learnt through different protocols and includes the connected and static routes. The route table is, therefore, the best place to find which networks are reachable by the system. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 127: Troubleshooting Ospf

    Troubleshooting OSPF For the routing table display that consists of all the active routes (not recommended when you have a large number of routes), enter: show ip route show ipv6 route For a quick quantitative status of the number of routes for each protocol, enter: show ip route summary show ipv6 route summary To display the routes learned from a specific protocol (for example, OSPF), enter: show ip route ospf show ipv6 route ospf...
  • Page 128 IPv4 command options for OSPF packet tracing on an interface. Figure 5: ip ospf debug packet command options for IPv4 network The following figure shows IPv6 command options for OSPF packet tracing on an interface. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 129 Troubleshooting OSPF Figure 6: ipv6 ospf debug packet command options for IPv6 network For debugging issues related to adjacency formation, the following options can be particularly useful: • ip ospf debug packet (on a specific interface) ipv6 ospf debug packet (on a specific interface) •...
  • Page 130: Ospf Show Command Options

    Figure 10: show ip ospf database command options The summary option gives you a quick overview of the LSA types present in the system and the network, which is a good starting point for discovering missing routes or LSAs: show ip Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 131: Ospf Clear Command Options

    Troubleshooting BGP ospf database database-summary show ipv6 ospf database database- summary Other CLI commands that you can use to collect and debug specific problems are the following: • show ip ospf border-routers show ipv6 ospf border-routers • show ip ospf virtual-links show ipv6 ospf virtual-links •...
  • Page 132: Bgp Show Options

    Also, certain features (for example, dampening) can cause the routes to be suppressed in the event of excessive route flaps. It is often useful to selectively see the routes that are affected or modified as a result of a specific policy, attribute, or dampening when Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 133: Bgp Clear Options

    CLI command options you use to clear BGP routes. Figure 15: clear bgp all command options You can also selectively delete BGP routes based on the Secure Router 2330/4134 either generating or receiving the updates. Configure features such as soft-reconfiguration and route- refresh to help avoid disruptions in the network and to provide a quick recovery and reconvergence from the clear operation.
  • Page 134: Troubleshooting Rip

    146. For more information about the debug ipv6 rip commands for IPv6, Debug command options for RIPng for IPv6 on page 147. RIP show options Use the RIP show commands to help you troubleshoot. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 135: Rip Clear Options

    Troubleshooting RIP Use the following commands for a quick summary of information about the status of the RIP operations and the high-level configuration options: show ip protocols rip show ipv6 protocols rip Use the following command for issues related to interfaces, the status, and associated attributes: show ip rip interface show ipv6 rip interface Use the following commands to access the current RIP route database and to troubleshoot issues that relate to RIP routes:...
  • Page 136: Debug Command Options For Ospf

    • asbr - ASBR events • lsa - LSA events • nssa - NSSA events • os - OS interaction events • router - Router events • vlink - Virtual-Link events Example SR# debug ospf events nssa Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 137: Debug Ospf Ifsm

    Debug command options for OSPF debug ospf ifsm Use this command to debug OSPF Interface State Machine. Syntax [no] debug ospf ifsm [events|status|timers] Table 49: Variable definition Variable Value [events] IFSM event information. [status] IFSM status information. [timers] IFSM timer information. Example SR# debug ospf ifsm timers debug ospf lsa...
  • Page 138: Debug Ospf Nsm

    Example SR# debug ospf nsm interface debug ospf packet Use this command to debug OSPF packets. Syntax [no] debug ospf packet <pkttype> Table 53: Variable definition Variable Value <pkttype> The packet type. Available choices are: Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 139: Debug Ospf Route

    Debug command options for OSPF Variable Value • dd - database description • detail - detail information • hello - hello • ls-ack - link state acknowledgement • ls-request - link state request • ls-update - link state update • recv - received packets •...
  • Page 140: Debug Command Options For Ospfv3 For Ipv6

    - OSPF router events • vlink - OSPF virtual-link events debug ipv6 ospf ifsm Use this command to debug OSPFv3 Interface State Machine. debug ipv6 ospf ifsm [<events>|<status>|<timers>] Table 56: Variable definition Variable Value <events> IFSM event information. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 141: Debug Ipv6 Ospf Lsa

    Debug command options for OSPFv3 for IPv6 Variable Value <status> IFSM status information. <timers> IFSM timer information. debug ipv6 ospf lsa Use this command to debug OSPFv3 Link State Advertisement. debug ipv6 ospf lsa [<flooding>|<generate>|<install>|<maxage>| <refresh>] Table 57: Variable definition Variable Value <flooding>...
  • Page 142: Debug Ipv6 Ospf Packet

    Packets sent. debug ipv6 ospf route Use this command to debug OSPFv3 route information. debug ipv6 ospf route [<ase>|<ia>|<install>|<spf>] Table 61: Variable definition Variable Value <ase> External route calculation information. <ia> Inter-area route calculation information. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 143: Debug Ipv6 Ospf All

    Debug command options for BGP and BGP+ for IPv6 Variable Value <install> Route installation information. <spf> SPF calculation information. debug ipv6 ospf all Use this command to enable or disable all OSPFv3 debugging. debug ipv6 ospf all Debug command options for BGP and BGP+ for IPv6 This section describes debug command options that you use to troubleshoot issues with BGP and BGP+ for IPv6.
  • Page 144: Debug Bgp Dampening

    Use this command to debug BGP filters. Syntax [no] debug bgp filters Example SR# debug bgp filters debug bgp fsm Use this command to debug BGP Finite State Machine. Syntax [no] debug bgp fsm Example SR# debug bgp fsm Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 145: Debug Bgp Keepalives

    Debug command options for BGP and BGP+ for IPv6 debug bgp keepalives Use this command to debug BGP keepalives. Syntax [no] debug bgp keepalives Example SR# debug bgp keepalives debug bgp nsm Use this command to debug BGP FIB messages. Syntax [no] debug bgp nsm Example...
  • Page 146: Debug Command Options For Rip

    Use this command to enable all RIP debugging. Syntax [no] debug rip all Example SR# debug rip all debug rip events Use this command to debug RIP events. Syntax [no] debug rip events Example SR# debug rip events Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 147: Debug Rip Nsm

    Debug command options for RIPng for IPv6 debug rip nsm Use this command to debug RIP RIB information. Syntax [no] debug rip nsm Example SR# debug rip nsm debug rip packet Use this command to debug RIP packets. Syntax [no] debug rip packet <detail|recv|send> Table 63: Variable definition Variable Value...
  • Page 148: Debug Ipv6 Rip All

    Syntax [no] debug ipv6 rip nsm Example SR# debug ipv6 rip nsm debug ipv6 rip packet Use this command to debug RIPng packets. Syntax [no] debug ipv6 rip packet Example SR# debug ipv6 rip packet Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 149: Debug Ipv6 Rip Packet Detail

    Debug command options for VRRP debug ipv6 rip packet detail Use this command to display detailed information. Syntax [no] debug ipv6 rip packet detail Example SR# debug ipv6 rip packet detail debug ipv6 rip packet recv Use this command to debug RIPng receive packets. Syntax [no] debug ipv6 rip packet recv Example...
  • Page 150: Debug Ip Vrrp All

    Use this command to debug VRRP state transitions. Syntax [no] debug ip vrrp state Example SR# debug ip vrrp state debug ip vrrp events Use this command to debug all VRRP events. Syntax [no] debug ip vrrp events Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 151: Debug Ip Vrrp Packet

    Debug command options for VRRP Example SR# debug ip vrrp events debug ip vrrp packet Use this command to debug VRRP packet errors. Syntax [no] debug ip vrrp packet Table 64: Variable definition Variable Value <all> All packets. <arp> ARP packets. <recv>...
  • Page 152 Troubleshooting unicast routing Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 153: Chapter 11: Troubleshooting Ipv4 And Ipv6 Multicast Routing

    Chapter 11: Troubleshooting IPv4 and IPv6 multicast routing This section describes commands that you use to troubleshoot multicast routing. Troubleshooting multicast routing Begin troubleshooting multicast routing issues by verifying that the IP interfaces in the system are "up". Use the following commands to check the status of IP interfaces: show ip interfaces format brief (IPv4) show ipv6 interfaces format brief (IPv6) If you use PIM as the multicast routing protocol, it relies on the routes learned through the unicast routing protocols for building the multicast delivery trees.
  • Page 154 • clear ip mroute 229.0.0.1 10.0.0.1 The clear ip mroute command not only deletes the entries in the forwarding plane, but also ensures that the corresponding states in the multicast routing protocol (viz. DVMRP and Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 155: Ipv4 Multicast Debugging Commands

    Troubleshooting multicast routing PIM-SM), as well as IGMP, are deleted. Everything associated with the multicast state is cleared and relearned by the protocols, which helps to resolve issues related to multicast tree setup and forwarding. Be aware that this command affects the associated multicast flows and causes disruptions in the traffic flow.
  • Page 156 [no] debug ip multicast stats Example SR# debug ip multicast stats debug ip multicast vif Use this command to debug multicast interface information. Syntax [no] debug ip multicast vif Example SR# debug ip multicast vif Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 157: Troubleshooting Dvmrp

    Troubleshooting DVMRP Troubleshooting DVMRP DVMRP debugging commands debug dvmrp Use this command to access DVMRP debugging commands. Syntax [no] debug dvmrp Example SR# debug dvmrp debug dvmrp all Use this command to enable all DVMRP debugging. Syntax [no] debug dvmrp all Example SR# debug dvmrp all debug dvmrp events...
  • Page 158 Use this command to debug DVMRP packet events. Syntax [no] debug dvmrp events packet Example SR# debug dvmrp events packet debug dvmrp events prune Use this command to debug DVMRP prune events. Syntax [no] debug dvmrp events prune Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 159 Troubleshooting DVMRP Example SR# debug dvmrp events prune debug dvmrp events route Use this command to debug DVMRP route events. Syntax [no] debug dvmrp events route Example SR# debug dvmrp events route debug dvmrp mfc Use this command to debug multicast forwarding cache events. Syntax [no] debug dvmrp mfc Example...
  • Page 160 [no] debug dvmrp packet graft-ack Example SR# debug dvmrp packet graft-ack debug dvmrp packet in Use this command to debug incoming DVMRP packets. Syntax [no] debug dvmrp packet in Example SR# debug dvmrp packet in Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 161 Troubleshooting DVMRP debug dvmrp packet out Use this command to debug outgoing DVMRP packets. Syntax [no] debug dvmrp packet out Example SR# debug dvmrp packet out debug dvmrp packet probe Use this command to debug probe packets. Syntax [no] debug dvmrp packet probe Example SR# debug dvmrp packet probe debug dvmrp packet prune...
  • Page 162 [no] debug dvmrp timer prune Example SR# debug dvmrp timer prune debug dvmrp timer route Use this command to debug all route timers. Syntax [no] debug dvmrp timer route Example SR# debug dvmrp timer route Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 163: Troubleshooting Pim-Sm

    Troubleshooting PIM-SM Troubleshooting PIM-SM PIM-SM debugging commands debug pim Use this command to access next-level PIM Sparse-Mode debugging commands. Syntax [no] debug pim Example SR# debug pim debug pim sparse-mode Use this command to debug PIM Sparse-Mode. Syntax [no] debug pim sparse-mode Example SR# debug pim sparse-mode debug pim sparse-mode all...
  • Page 164 Use this command to debug the PIM next hop. Syntax [no] debug pim sparse-mode nexthop Example SR# debug pim sparse-mode nexthop debug pim sparse-mode database Use this command to debug PIM database information. Syntax [no] debug pim sparse-mode database Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 165 Troubleshooting PIM-SM Example SR# debug pim sparse-mode database debug pim sparse-mode packet Use this command to debug PIM packets. Syntax [no] debug pim sparse-mode packet <packettype> Table 66: Variable definition Variable Value <packettype> The packet type to debug. Possible choices are: •...
  • Page 166 [no] debug pim sparse-mode timer bsr Example SR# debug pim sparse-mode timer bsr debug pim sparse-mode timer hello Use this command to debug PIM hello timers. Syntax [no] debug pim sparse-mode timer hello Example SR# debug pim sparse-mode timer hello Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 167: Troubleshooting Igmp

    Troubleshooting IGMP debug pim sparse-mode timer joinprune Use this command to debug PIM joinprune timers. Syntax [no] debug pim sparse-mode timer joinprune Example SR# debug pim sparse-mode timer joinprune debug pim sparse-mode timer register Use this command to debug PIM register timers. Syntax [no] debug pim sparse-mode timer register Example...
  • Page 168 Use this command to enable IGMP event debugging. Syntax [no] debug igmp events Example SR# debug igmp events debug igmp fsm Use this command to enable IGMP FSM debugging. Syntax [no] debug igmp fsm Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 169: Troubleshooting Ipv6 Multicast

    Troubleshooting IPv6 Multicast Example SR# debug igmp fsm debug igmp tib Use this command to enable IGMP Tree Info Base debugging. Syntax [no] debug igmp tib Example SR# debug igmp tib Troubleshooting IPv6 Multicast IPv6 Multicast debugging commands debug ipv6 multicast Use this command to debug multicast information.
  • Page 170 Syntax [no] debug ipv6 multicast register Example SR# debug ipv6 multicast register debug ipv6 multicast stats Use this command to debug multicast statistics. Syntax [no] debug ipv6 multicast stats Example SR# debug ipv6 multicast stats Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 171: Troubleshooting Pim-Sm For Ipv6

    Troubleshooting PIM-SM for IPv6 debug ipv6 multicast mif Use this command to debug a multicast interface. Syntax [no] debug ipv6 multicast mif Example SR# debug ipv6 multicast mif Troubleshooting PIM-SM for IPv6 PIM-SM for IPv6 debugging commands debug ipv6 pim Use this command to access next level IPv6 PIM commands.
  • Page 172 Use this command to debug the PIM MIB. Syntax [no] debug ipv6 pim sparse-mode mib Example SR# debug ipv6 pim sparse-mode mib debug ipv6 pim sparse-mode nexthop Use this command to debug the PIM nexthop. Syntax [no] debug ipv6 pim sparse-mode nexthop Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 173 Troubleshooting PIM-SM for IPv6 Example SR# debug ipv6 pim sparse-mode nexthop debug ipv6 pim sparse-mode database Use this command to debug PIM database information. Syntax [no] debug ipv6 pim sparse-mode database Example SR# debug ipv6 pim sparse-mode database debug ipv6 pim sparse-mode packet Use this command to debug a PIM packet.
  • Page 174 SR# debug ipv6 pim sparse-mode timer assert debug ipv6 pim sparse-mode timer bsr Use this command to debug bootstrap timers. Syntax [no] debug ipv6 pim sparse-mode timer bsr Example SR# debug ipv6 pim sparse-mode timer bsr Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 175: Troubleshooting Mld

    Troubleshooting MLD debug ipv6 pim sparse-mode timer hello Use this command to debug hello timers. Syntax [no] debug ipv6 pim sparse-mode timer hello Example SR# debug ipv6 pim sparse-mode timer hello debug ipv6 pim sparse-mode timer joinprune Use this command to debug joinprune timers. Syntax [no] debug ipv6 pim sparse-mode timer joinprune Example...
  • Page 176 Use this command to enable MLD encode debugging. Syntax [no] debug mld encode Example SR# debug mld encode debug mld events Use this command to enable MLD event debugging. Syntax [no] debug mld events Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 177 Troubleshooting MLD Example SR# debug mld events debug mld fsm Use this command to enable MLD FSM debugging. Syntax [no] debug mld fsm Example SR# debug mld fsm debug mld tib Use this command to enable MLD Tree Info Base debugging. Syntax [no] debug mld tib Example...
  • Page 178 Troubleshooting IPv4 and IPv6 multicast routing Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 179: Chapter 12: Troubleshooting Adsl

    • Use the show chassis and show system configuration commands to make sure that the correct hardware version and card type are installed. Confirm that the card has been detected by the Avaya Secure Router 2330/4134. If the above fails: •...
  • Page 180 Only the following ADSL SM Cards are supported currently: • ANNEX A (ADSL_ANX_A) • ANNEX B (ADSL_ANX_B) The current CPLD Engineering Revision for the ADSL SM cards is 0x3 MT-6013 #show system configuration NCM System Configuration: Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 181 ADSL SM Card initialization Chassis Serial number: Chassis Rev: 65535 Slot Card-Type Status Serial# MPU_A NORMAL MT#80 ADSL_ANX_A NORMAL ADSL_A#35 UNKNOWN EMPTY ADSL_ANX_B NORMAL ADSL_B#04 Hardware Status: Processor: MPC8349 Memory Size: 1G Model Number: SR4134 Serial Number: MT#80 Runtime: 10.2.0.0 Created: Jul 24 2009, 04.44.23 Boot:0.0.0.45 (NORMAL Boot) NorBoot: 0.0.0.45...
  • Page 182: Adsl Layer 1

    Channel: FAST, Upstream rate = 1094 Kbps, Downstream rate = 22624 Kbps Link Power State: L0 Mode: ADSL2+ Line Status: No Defect SNR (dB): 6.8 7.0 Attn(dB): 1.0 0.0 Pwr(dBm): 7.5 0.8 Trellis Coding: Enable BitSwap Coding: Enable SRA: Disable L3 Power State: Disable Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 183: Adsl Sm Card Software Image

    ADSL SM Card Software Image ADSL SM Card Software Image Use this section to solve the issues if: • the ADSL configuration commands fail • the ADSL bundles fail to come-up Solution • Issue a show module configuration xdsl <slot/1> command at the CLI prompt and look for the software version.
  • Page 184: Asdl Bundle Configuration

    <adslBundleName> command. SR# show interface bundle xdsl bundle xdsl status up number of links 1 total bandwidth 1023 kbps link speed status xdsl 4/1 1023 encapsulation atm PVC 0/35 status up shaping(cir-bcmax-bcmin-be) 1023000-0-0-0 policing(de-cir-bc-be) D-1023000-1023000-0 Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 185 ASDL bundle configuration protocol support PPPOA counters since last boot/clear Bytes Rx 59436 Bytes Tx 46800 Packets Rx 1036 Packets Tx 780 Dropped Rx 0 Dropped Tx 0 Overruns Rx 0 Overruns Tx 0 Err Packets Rx 0 Err Packets Tx 0 ATM QoS Configurations Class_vc Name : defClassVc Service Category : ubr...
  • Page 186: Adsl Traffic Issues

    1065 kbps link speed status xdsl 2/1 1065 encapsulation atm PVC 0/35 status down, administratively disabled shaping(cir-bcmax-bcmin-be) 1065000-0-0-0 policing(de-cir-bc-be) D-1065000-1065000-0 protocol support BRIDGE counters since last boot/clear Bytes Rx 0 Packets Rx 0 Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 187 ADSL Traffic issues Dropped Rx 0 Overruns Rx 0 Err Packets Rx 0 Err Packets Tx 0 Bytes Tx 0 Packets Tx 0 Dropped Tx 0 Overruns Tx 0 ATM QoS Configurations Class_vc Name : bqos Service Category : nrtvbr PCR Value : 235 SCR Value : 2300 MBS value : 100...
  • Page 188 Troubleshooting ADSL Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 189: Chapter 13: Troubleshooting Sip Survivability

    Chapter 13: Troubleshooting SIP survivability This section describes commands that you use to troubleshoot SIP survivability. For more information about SIP survivability, see Avaya Secure Router 2330/4134 Configuration—SIP Survivability (NN7263-510). • SIP survivability show commands on page 189 • Debug/trace commands on page 190 •...
  • Page 190: Debug/Trace Commands

    Possible cause 1: SIP survivabililty software image not installed. Solution: The SIP survivability features are only supported in release 10.2.0.0 and later. Verify that the current release on the Avaya Secure Router 2330/4134 is supported by using the show version command.
  • Page 191: Sip Survivability Feature Does Not Start: Enable Fails

    Common issues Figure 21: show chassis sample output for PVM module SIP survivability feature does not start: enable fails Possible cause: Bind IP address for SIP survivability not configured. Solution: Before enabling the SIP survivability, bind IP address for the SIP survivability should be configured.
  • Page 192 CAC links (WAN or LAN links through which central SIP server is reachable) using the cac max-calls CLI command under configure/voice/service/voip/ssm. Figure 26: show ssm cac status Figure 27: cac interface configuration output for ssm Figure 28: show ssm cac status output sample Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 193: Sip Client Registrations Fail

    Common issues SIP client registrations fail Possible cause 1: Incorrect SIP client configuration. Solution: Verify the SIP client configuration. The SIP clients must be configured with SSM as their outbound proxy. Also ensure that the username and password configured on the client matches with the ones configured on the central SIP server.
  • Page 194: Unable To Call From Sip Client

    If the current registrations exceeds the licensed value, new registration request will be rejected with a 403 forbidden response. Verify the licensed number of SSM users using show ssm licensed-users. To upgrade the SSM user capacity, contact Avaya customer support using the procedure outlined in Avaya Secure Router 2330/4134 Configuration—SIP Survivability User Guide (NN47263-510).
  • Page 195: Unable To Make Sip To Gateway Calls

    Common issues Figure 35: show ssm cac status sample output (insufficient bandwidth) Figure 36: show ssm cac status sample output (insufficient bandwidth) Unable to make SIP to gateway calls Possible cause 1: SSM default gateway configuration missing. Solution: Verify whether default gateway is configured using the show ssm configuration command.
  • Page 196 Troubleshooting SIP survivability Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 197: Chapter 14: Troubleshooting Security

    Keep in mind that without a policy goal description, a network map, and access to the firewall login it is unlikely you will be able to troubleshoot firewall issues. Technicians with Avaya would almost certainly require this information to assist in troubleshooting such issues.
  • Page 198: Getting Started

    The console printing simply cannot keep up with packet rates on network interfaces. Thus, Avaya has implemented a feature within the debug firewall all command will, somewhat counter intuitively disable debug firewall packet.
  • Page 199: Isolating Faults

    SIP application from the same vendor may exhibit different behaviors which the firewall's SIP ALG did not anticipate. The Avaya Secure Router firewall ALGs are enabled by default. If you are having trouble with one particular application, try disabling the relevant ALG(s).
  • Page 200: Firewall Troubleshooting Commands

    Policies in the untrusted zone, internet, only protect the firewall internet interface itself. Firewall troubleshooting commands debug firewall alg debug firewall alg debug firewall attack debug firewall attack debug firewall connections debug firewall connections debug firewall ip-reassembly Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 201 Troubleshooting firewall debug firewall ip-reassembly debug firewall packet debug firewall packet [<direction>|<srcip>|<destip>| <protocol>|<numpkts>] Table 69: Variable definition Variable Value <destip> Match the destination IP address. Default is <direction> The packet direction. Possible choices are , or both . Default is both <numpkts>...
  • Page 202: Troubleshooting Nat

    Secure Router allows a configuration short cut where, without defining a pat type of NAT-object, a 'nat-ip' parameter may be configured directly onto the policy. A NAT-ip policy is the same as a policy with a pat type of NAT-object applied. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 203: Getting Started

    Troubleshooting NAT NAT policies are configured in a trusted zone. A firewall "out" policy will be a "forward" NAT policy. A firewall "in" policy will be a reverse NAT policy. A NAT failover feature is also available in the Secure Router. If you have named an interface to NAT out on and that interface goes down, then a named backup interface may take over the NATting function.
  • Page 204: Common Errors

    This section details techniques used to troubleshoot VPN. Before getting started Avaya Secure Routers offer an IPsec VPN capability for IPv4 networks. IPsec VPNs offer the security services of privacy (encryption), data integrity (hashed message authentication codes), peer authentication (through IKE), replay protection and access control (through policy filtering).
  • Page 205: Getting Started

    Troubleshooting VPN policy, but there is little hope of troubleshooting (or soliciting support help with troubleshooting) VPN problems without a network map. A site to site IPsec VPN may be either native IPsec tunnels or may be IPsec transport protected GRE/IPIP tunnels.
  • Page 206: Getting Details

    You may see current IKE and IPsec policies with the following show commands: show crypto ike policy all [detail] show crypto ipsec policy all [detail] You may clear current IKE and IPsec SAs with the following clear commands: clear crypto ipsec sa [all | name] Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 207: Isolating Faults

    Troubleshooting VPN clear crypto ike sa [all | name] When clearing SAs, it makes sense to clear the IPsec SAs before the IKE SAs. This is because when you clear the IPsec SAs, that action will send a message through the IKE SA to the peer that an IPsec SA is being deleted.
  • Page 208: Troubleshooting Tunnels

    [no] debug ip tunnel all Example SR# debug ip tunnel all debug ip tunnel error Use this command to debug tunnel error messages. Syntax [no] debug ip tunnel error Example SR# debug ip tunnel error Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 209 Troubleshooting tunnels debug ip tunnel encap Use this command to debug encapsulation related messages. Syntax [no] debug ip tunnel encap Example SR# debug ip tunnel encap debug ip tunnel decap Use this command to debug decapsulation related messages. Syntax [no] debug ip tunnel decap Example SR# debug ip tunnel decap debug ip tunnel packet...
  • Page 210 Syntax [no] debug ipv6 tunnel all Example SR# debug ipv6 tunnel all debug ipv6 tunnel error Use this command to debug error messages. Syntax [no] debug ipv6 tunnel error Example SR# debug ipv6 tunnel error Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 211 Troubleshooting tunnels debug ipv6 tunnel encap Use this command to debug encapsulation related messages. Syntax [no] debug ipv6 tunnel encap Example SR# debug ipv6 tunnel encap debug ipv6 tunnel decap Use this command to debug decapsulation related messages. Syntax [no] debug ipv6 tunnel decap Example SR# debug ipv6 tunnel decap debug ipv6 tunnel packet...
  • Page 212 [no] debug crypto ipsec mode spd Example SR# debug crypto ipsec mode spd debug crypto failover Use this command to debug static weighted tunnel and dynamic tunnel failover messages. Syntax [no] debug crypto failover Example SR# debug crypto failover Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 213: Troubleshooting Static Vpn Peer To Peer

    Troubleshooting Static VPN Peer to Peer Troubleshooting Static VPN Peer to Peer Use the following steps to troubleshoot Static routing over VPN (where nailed-up configuration and periodic DPD are optional). Procedure steps 1. To verify that the internal VPN accelerator card is installed on the SR2330/4134, enter: show chassis For the SR4134, verify that internal card type VPN_A is installed.
  • Page 214 7. To display debug commands on the console, enter: system logging console priority debug system logging console enable 8. To enable debugging on the firewall, enter: debug firewall connections Verify that the policy exists and connections are being made. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 215: Troubleshooting Static Vpn Abot

    Troubleshooting Static VPN ABOT 9. To verify whether the packets are traversing the firewall or whether they are being dropped, enter: debug firewall packet 10. To verify the VPN configuration by displaying the IKE policy, enter: show crypto ike policy all detail Confirm that the IKE proposal properties (such as local-address, and pre-shared key) match on the peers.
  • Page 216 DHCP, be sure to specify a local ID in order to have a local identifier for IKE negotiation and authentication in phase 1. The local- address must be configured as 0.0.0.0. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 217: Troubleshooting Dynamic Vpn Peer To Peer Over Ip-Ip Tunnels

    Troubleshooting Dynamic VPN Peer to Peer over IP-IP tunnels The following is a sample configuration: crypto ike policy toNVR 4.4.4.1 local-id key-id 12345 local-address 0.0.0.0 key avaya123 6. To display the IPSec policy, enter: show crypto ipsec policy all detail Be sure that the peer IP is properly configured, the network to be protected is properly configured, and IPSec proposal properties match on the peers.
  • Page 218 Note: In order to interoperate with NVR at HO, IKE and IPsec proposals have to be modified. For details, see Secure Router to Avaya VPN router interoperability tips on page 221. 4. To display the IPSec policy details, enter:...
  • Page 219: Troubleshooting Dynamic Vpn Abot Over Ip-Ip Tunnels

    Troubleshooting Dynamic VPN ABOT over IP-IP tunnels show crypto ipsec policy all detail Confirm the source address and destination address, and that the IPSec parameters match on the peers. 5. To display the IKE SA state and counters, enter: show crypto ike sa all 6.
  • Page 220: Show Ip Interface Brief

    The auto-created IKE and IPsec policies can be modified and saved to suit the deployment needs. Note: In order to interoperate with the Avaya VPN Router at the head office, IKE and IPsec proposals have to be modified. For details, see Secure Router to Avaya VPN router interoperability tips on page 221.
  • Page 221: Secure Router To Avaya Vpn Router Interoperability Tips

    • debug dhcp-client—enables DHCP client debug messages (for VPN ABOT) Secure Router to Avaya VPN router interoperability tips In both static and dynamic tunnels, if the peer is an Avaya VPN router and a NAT exists between the two peers, use the enable-natt-rfc3947 command under the IKE policy for NAT traversal to work with Avaya VPN router.
  • Page 222: Troubleshooting Ospf Over Gre/Ipip Tunnels

    Troubleshooting security Attributes SR2330/4134 Avaya VPN router Action (Default values) (Default values) Disabled Enabled Disable PFS on Avaya VPN router or enable the appropriate key exchange group in IPSec compression Not supported Enabled Disable on Avaya VPN router. Keepalives On-demand...
  • Page 223: Troubleshooting Rip Over Gre/Ipip Tunnels

    Troubleshooting RIP over GRE/IPIP tunnels 5. To verify the routes calculated by the OSPF protocol, enter: show ip ospf route 6. To verify that OSPF learned routes are in the forwarding table, enter: show ip route 7. To verify redistributed routes in the local OSPF database, enter: show ip ospf database Troubleshooting RIP over GRE/IPIP tunnels This section describes how to troubleshoot RIP over GRE/IP-IP encapsulated tunnels.
  • Page 224: Ospf Debug Commands

    The following sections describe some common OSPF routing problems and potential solutions. OSPF Neighbor in INIT State If two-way communication is not established by the neighbors, the following debug option can be used to display the hello packet and its contents: Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 225: Show Ip Ospf

    The following debug option can be used to display the DBD packet exchanges: debug ospf packet dd detail By default, the Avaya VPN router sends 1500 as the MTU in database description packets. However, the Secure Router default tunnel MTU is 1420 bytes. As a result, one of the following changes is required on the Secure Router OSPF settings: •...
  • Page 226 Troubleshooting security Reason for OSPF Adjacency Problem Commands to Diagnose OSPF neighbors have duplicate Router show ip ospf IDs. show ip ospf interface show router-id Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 227: Chapter 15: Troubleshooting Quality Of Service

    Chapter 15: Troubleshooting Quality of Service This section details the commands and procedures used to troubleshoot QoS. Chassis QoS troubleshooting This section contains the basic step-by-step troubleshooting procedure for QoS in order to isolate the issue for further troubleshooting. QoS troubleshooting Enable QoS The show qos chassis system command shows the global auto-qos status and the status of global QoS, whether enabled or disabled.
  • Page 228 For measuring SLA parameters such as delay, jitter and packet-loss SLA feature can be used. To view the statistics of the configured SLA profile show sla profile <sla-id> command can be used. To view all the active and inactive SLAs show sla profile command can be used. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 229 Chassis QoS troubleshooting Policy-map When a policy map is created it will be listed with other policy-maps when “show qos chassis policy-map” command is executed. Policy-maps are used to configure class-maps with required parameters for classification, CBQ and policing. These policy-maps can be mapped to any valid interface and direction.
  • Page 230 <policy-name>. This will also list the interfaces to which this policy-map is mapped. For detailed information about a class show qos chassis policy- map <map-name> class <class-name>. The configurations displayed include classification keys assigned to the class, CBQ, policing parameters and RED configurations. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 231 Chassis QoS troubleshooting Policing You can also configure the Avaya Secure Router 2330/4134 to police the traffic. There are two types of policing available: srTCM and trTCM. The steps included configuring policing are: create policy-map, class-map, and policer(srTCM/trTCM), and issue the service-policy-input command in order to apply the policy-map to the interface.
  • Page 232 [interface-type] [interface-name]”, it will display the policy-maps that are mapped to that interface on both directions. Show qos chassis interface command displays the policy- map attached and the classes that are created through the service-policy. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 233 Chassis QoS troubleshooting Class configurations The configurations that are done for a class-map can be verified by the show qos chassis policy-map [policy-name] class-map [class-name] command. After mapping the policy-map to an interface, the configurations for the instantiated classes on the interface can be verified by show qos chassis [interface-type] [interface-name] class [class-name] [inbound/outbound].
  • Page 234 Troubleshooting Quality of Service Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 235: Policy Based Routing

    Chassis QoS troubleshooting Policy Based Routing The PBR redirect action is specified for each policy class. The PBR redirection action includes configuring either next-hop IP address or interface. The command show qos chassis policy-map [policy-map name] detail will display the PBR configuration for a class.
  • Page 236 FTP server. The file name will have the time at which it is uploaded. Statistics are taken for every sample interval for a period of upload interval time. Then this statistics will be Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 237 Chassis QoS troubleshooting uploaded to the FTP server. The command show qos chassis historical-stats configuration used to verify the historical statistics configuration. MPLS-QoS The command show qos chassis [interface-name] mpls lsp [lsp-name] will display the MPLS configuration. Interface RED The command show qos chassis red [bundle name] will display interface RED configuration for a bundle.
  • Page 238: Troubleshooting Qos - Error Conditions

    Symptom: The following error message will come. 'Error! Invalid classification type requested'. Problem description: In MF classification tree Each level should have unique classification type i.e. all the classes in same level should have the same classification type. Prerequisite: Policy-map should be created successfully Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 239 Chassis QoS troubleshooting Troubleshooting tips: We can't assign different classification type for the classes at the same level. Same classification key should not be assigned to some other class in the same level Symptom: The following error message will come. 'Error! [classification type] was already assigned.' Problem description: In MF classification tree, different classes at the same level can not have same classification key value.
  • Page 240 If we do so it will add the new key as additional one instead of over write the existing one. Prerequisite: Policy-map should be created successfully. Troubleshooting tips: First give 'no' form of the command then assign the new key value to the class. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 241 Chassis QoS troubleshooting Packets are not getting classified Symptom: Packet count can be '0' or very less for a class Problem description: When a policy-map is attached to a interface, the user may perceive packet count is '0' or very less for a class. Giving the command show qos chassis [interface] [interface name] can see packet flow.
  • Page 242 Troubleshooting Quality of Service Scenario 2: Troubleshooting tips: • Check whether any of the QoS feature like monitoring, policing, or CBQ is enabled. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 243 Chassis QoS troubleshooting • QoS feature is enabled but packets are classified into interface default class as shown in Scenario 2. possible cause for this is the packet may not reach the leaf node. Follow the steps given below. - the MF tree configured. you can use 'show qos chassis policy-map [policy-map name] detail' to get the details about the policy-map.
  • Page 244 Prerequisite: Policy-map should be created and attached to an interface successfully. Troubleshooting tips: To what are all the interfaces the policy-map is attached can be known by using the command show qos chassis policy-map [policy-map name]. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 245 Chassis QoS troubleshooting We can alternatively remove the policy-map by using the 'force' option. This option will remove the policy-map force fully if it is attached to the interfaces. Not able to modify the policy-map Symptom 1: Modification fails Problem description: If the policy-map is attached to a crypto interface and the modification is related to IPv6 then it fails since crypto interface won't support IPv6.
  • Page 246 Troubleshooting Quality of Service Example 2: policy-map is configured with policing parameter in kbps. policy-map is attached to a logical interface. Try to reconfigure the policing parameters in percentage. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 247 Chassis QoS troubleshooting Troubleshooting tips: If a policy-map is attached to any of the logical interfaces then policing parameters should be kbps. Symptom 3: Modification of CBQ parameter fails. Problem description: When we modify the CBQ we should take of the interface bandwidth. Since the modification is in percentage sometimes the percentage value may lead to bandwidth allocation for a class as less than 1 kbps which cbq doesn't support.
  • Page 248 Troubleshooting tips: Remove any of the existing unwanted class-map to add a new one. Policing/Metering Configuring policing mode as color aware/blind fails Symptom: The following message will be popping up 'policing is not configured for this class'. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 249 Chassis QoS troubleshooting Problem description: Policing can be configured either in color aware or color blind mode. By default color blind will be enabled. Configuring color aware mode requires policing parameters to be configured first. Prerequisite: Policy-map and class map should be created successfully. Troubleshooting tips: Configure the policing parameters (CIR/PIR and CBS/PBS) first before configuring color aware mode.
  • Page 250 Problem description: Three actions can be configured for different conformance level. Troubleshooting tips: Some of the reasons that could result in the above behavior are described below: 1. Remark is not configured for the class 2. Policing is not enabled for the interface. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 251 Chassis QoS troubleshooting Shaping Configuring CBQ fails on a Class-map Symptom: An Error message will be thrown when CBQ is configured at policy-map level. Problem description: Configuring CBQ parameters should adhere to the following conditions: 1. Sum of all leaf classes should not exceed 99 percent. 2.
  • Page 252 • Buffers are not available for a particular interfaces. Buffers are allocated to interfaces based on the interface bandwidth. The CBQ configuration should not exceed the allocated buffers. Prerequisite: Policy-map should be successfully created and mapped to interfaces. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 253 Chassis QoS troubleshooting Troubleshooting tips: 1. Make sure that the configuration doesn’t result in less than 1 Kbps in any of the mapped interfaces. 2. Verify that there will not be any buffer issues on any interface due to the new configuration.
  • Page 254 PBR is configured. Make sure that rules are configured correctly using the following command and make sure the packets hit the class-map by enabling PBR. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 255 Chassis QoS troubleshooting • PBR configuration status is not up. Based on the correctness of the PBR configuration, the PBR status will be displayed. Make sure the PBR status is UP using the show qos chassis ethernet 0/2 class c1 command. Troubleshooting August 2013...
  • Page 256: Auto Qos

    Problem description: Auto-qos can be enabled for all interfaces by executing “enable-auto- qos” command at global qos level. Enabling auto-qos will create predefined classes on all applicable interfaces and enable Policing or CBQ functionality on the interfaces. There can be Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 257 Chassis QoS troubleshooting two reasons for auto-qos status to be in disabled for an interface even after enabling global auto-qos: 1. Auto-qos is in manual state 2. Interface is not applicable for that interface Case – 1: Auto-qos will be applied in inbound direction for ethernet interfaces and outbound direction for bundle interfaces.
  • Page 258 SLA profile. If the Transmit Status is “IN PROCESS” then the SLA profile cannot be modified. 2. If the SLA type is not configured for that SLA then it cannot be scheduled. Prerequisite: SLA profile has to be successfully created. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 259 Chassis QoS troubleshooting Troubleshooting tips: • Wait for the SLA profile to complete the process then try again. • Configure a valid SLA type for the SLA profile before scheduling it. Larger or negative time values in delay parameters Symptom: “show sla profile [id]” will show large delay and jitter values. Problem description: SLA calculates the delay and jitter values between two nodes by sending packets to the destination.
  • Page 260 Prerequisite: Historical statistics configured Troubleshooting tips: • Configure the upload interval and enable uploading historical statistics: Router/configure/qos/chassis/historical-stats# upload interval 1 Uploading of Historical Statistics enabled Upload interval set to 1 hours • Configure the FTP parameters. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 261 Chassis QoS troubleshooting Router/configure/qos/chassis/historical-stats# ftp-parameters Primary Ftp Server: 1.1.1.1 Secondary Ftp Server: 2.2.2.2 Ftp user name: user Ftp password: • Ping to the FTP server and verify that the connection is available to the FTP server. Statistics are not uploaded for a particular interface Symptom: Historical statistics are not uploaded for a particular interface.
  • Page 262: Module Qos Troubleshooting

    The queue based CoS marking is used to assign user priority based on the default queue assigned to the packet. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 263 Module QoS troubleshooting The show qos module ethernet command shows the default queue assignment and dscp, user-priority CoS markings for packets coming on the interface. Troubleshooting August 2013...
  • Page 264 The show qos module policing-cos-map ip command shows the CoS markings based on previous DSCP value and the conformance level assigned to the packet by the Policer. This is used for IP packets. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 265: Classification

    Module QoS troubleshooting The show qos module policing-cos-map non-ip command shows the CoS markings based on previous UP value and the conformance level assigned to the packet by the Policer. This is used for non-IP packets. Classification Classification is used to classify packets into classes based on various fields in the packet header.
  • Page 266 Troubleshooting Quality of Service The show qos module service-policy command shows all the policy-maps servicing different interface The service policy of an interface can be seen in the show qos module ethernet command too. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 267: Policing

    Module QoS troubleshooting Policing Traffic policing provides the conformance metering, CoS re-marking and rate limiting functionality. The conformance metering functionality of the policer determines the conformance level of the packets (conforming, exceeding, and violating) and performs a configurable action based on the conformance level. The action configured could be re- marking CoS attributes based on conformance level and/or dropping of violating packets (rate- limit).
  • Page 268 Troubleshooting Quality of Service The show qos module policy-map command (brief display) shows the policing configuration for a class-map within a policy-map The show qos module system command shows the global accounting status. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 269: Congestion Avoidance

    Module QoS troubleshooting Congestion avoidance The purpose of congestion avoidance is to identify the onset of congestion early enough and start dropping packets to avoid complete depletion of resources. RED monitors queue congestion and discards packets before they are admitted to the queue. The WRED algorithm is an extension to RED in the sense that it also incorporates the packet’s conformance level (DP) into consideration, so that traffic with high DP is dropped first.
  • Page 270 Troubleshooting Quality of Service The congestion profile attached to an interface can be seen in show qos module ethernet command output too. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 271: Output Queuing And Scheduling

    Module QoS troubleshooting Output queuing and scheduling Module QoS supports fixed set of eight egress queues on each port. When these queues have packet descriptors en-queued for transmission, the transmit scheduler is responsible for selecting one of the queues for transmission. Each of the queues in the Network Module ports can be scheduled using either Strict Priority (SP) or D-WRR (Deficit Weighted Round Robin).
  • Page 272: Shaping

    Module QoS supports shaping both at port level and at queue level. Shaping can be enabled independently for ports and queues. The show qos module ethernet command shows the port and queue level shaping configuration. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 273: Buffer Management

    Module QoS troubleshooting Buffer management Module QoS provides a total of 4000 packet buffers in each line card. It supports per port buffer limits in the ingress direction (ingress buffers) and per-port packet descriptor limits in the egress direction (egress buffers) to avoid over-utilization of buffers by any specific port. Module QoS also supports buffer limits at the queue level to allow fair sharing of buffers and packet descriptors across the queues associated with a port.
  • Page 274: Flow Rate Monitoring

    The show qos module system command shows the global sampling interval and sampling period configuration. It also shows if rate-monitoring is in progress or not. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 275 Module QoS troubleshooting The show qos module policy-map command shows if flow rate monitoring is enabled for a class-map or not and the rate-monitoring statistics. Troubleshooting August 2013...
  • Page 276: Auto Qos

    The Auto QoS feature allows user to configure default or basic QoS treatment in a system. It is supported at both interface and at global level. The show qos module system command shows the global auto-qos configuration. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 277 Module QoS troubleshooting The show qos module ethernet command shows the interface level auto-qos configuration. Troubleshooting August 2013...
  • Page 278: Qos Status Management

    However every packet transiting the Ethernet will get subjected to QoS enforcement. It cannot be bypassed. The show qos module system command shows the global qos status. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 279 Module QoS troubleshooting The show qos module ethernet command shows the interface level qos status. Troubleshooting August 2013...
  • Page 280: Limitations, Errors And Warnings

    Queue 1 is of highest priority and queue 8 is the lowest priority queue. In general, the control traffic generated by the CPU will go through the highest priority queue. So, if you attempt Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 281: Troubleshooting Module Qos - Error Conditions

    Troubleshooting Module QoS - Error conditions to assign this high priority queue for user traffic, you encounter this warning message suggesting that the user traffic assigned to this queue will cause drop of the critical traffic. Warning!! This setting will make critical and data traffic treated with same priority. This will cause drops in critical traffic Please not that the configuration will still be successful after this warning.
  • Page 282 • Accounting not enabled for the class-map. For the user to see the classification counters, accounting needs to be enabled for the class-map. • Accounting disabled globally. Accounting is enabled globally by default. Verify that accounting is enabled globally. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 283 Troubleshooting Module QoS - Error conditions • Policy-map is not attached to the ingress interface. The policy-map to be serviced must be attached to the interface on which the traffic is sent. Verify that the policy-map is attached to the interface with one of the following commands: show qos module service-policy show qos module policy-map m1 detail Troubleshooting...
  • Page 284 • QoS not enabled on the interface. QoS must be enabled on the interface on which the service-policy is mapped. Verify that QoS is enabled on the interface using one of the following commands: show qos module ethernet 6/20 show qos module service-policy Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 285 Troubleshooting Module QoS - Error conditions 2. Not able to delete a policy-map Symptom: User may not be able to delete a policy-map configured and an error message is displayed. Troubleshooting August 2013...
  • Page 286 To attach a user policy-map to the interface, remove auto-qos configuration on the interface first and then attempt to attach the user policy-map to the interface. Use the following command to see the service policy mappings: show qos module service-policy Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 287 Troubleshooting Module QoS - Error conditions • Interface is not a Module Ethernet interface. Module QoS policy-maps can be attached only on the Module Ethernet interfaces. They cannot be mapped to any other interface. If so, error will be reported to the user. 4.
  • Page 288 Troubleshooting Quality of Service using the following commands: show qos module policy-map m1 detail show qos module system Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 289 Troubleshooting Module QoS - Error conditions • Policing is disabled. By default, when policing configuration is configured for a class-map, policing will be enabled. However user can disable it anytime. Troubleshooting August 2013...
  • Page 290 DUT. Verify that the policy-map is attached to the interface using the following command: show qos module policy-map m1 detail Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 291 Troubleshooting Module QoS - Error conditions • QoS is not enabled on the interface. QoS must be enabled on the interface on which the service-policy is mapped. Verify that QoS is enabled on the interface using one of the following commands: show qos module service- policy 5.
  • Page 292 By default, policing based CoS remarking is disabled. Verify that policing based CoS remarking is enabled using the following command: show qos module policy-map m1 detail Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 293 Troubleshooting Module QoS - Error conditions 7. Flow rate monitoring not working Symptom: User may see that the flow rate monitoring statistics are not shown Description: Flow rate monitoring can be enabled for any specified class-map by the user. User may see that flow rate monitoring statistics are not incrementing. Troubleshooting tips: Some of the reasons that could result in the above behavior are described below: •...
  • Page 294 • Configure and start rate monitoring globally. For flow rate monitoring to work for a class, the rate sampling has to be started from the global context. Verify that rate sampling is in progress using the following command: show qos module system Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 295 Troubleshooting Module QoS - Error conditions 8. Not able to enable rate monitoring for a class-map Symptom: User may not be able to enable rate monitoring for a class-map. Description: Flow rate monitoring has to be enabled for any specified class-map by the user.
  • Page 296 User has to stop the global rate-sampling before enabling the rate-monitoring for a class- map. Use the following command to verify that rate-sampling is in progress: show qos module system Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 297 Troubleshooting Module QoS - Error conditions 9. Congestion Management doesn’t seem to work Symptom: User may perceive that congestion management (RED) is not working. Description: In Module QoS same congestion profile is used for both tail drop and random drop. User may sometimes see that tail-drop is happening and not random drop.
  • Page 298 To attach the new policy-map, disable auto-qos on the interface and then attach the new policy-map to the interface. To verify if a service-policy exists Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 299 Troubleshooting Module QoS - Error conditions for a policy-map, use the following command: show qos module service- policy 11. Enabling auto-qos fails on an interface Symptom: User may get an error if auto-qos is enabled on an interface either from the global context or from the interface context.
  • Page 300 • PBR configuration status is not up. Based on the correctness of the PBR configuration, the PBR status will be displayed. Make sure the PBR status is UP using the following command: show qos module policy-map m1 detail Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 301 Troubleshooting Module QoS - Error conditions • Qos is not enabled on the interface. QoS should be enabled on the interface on which the policy-map is attached. Verify that qos is enabled on the interface using the following command: show qos module service-policy Troubleshooting August 2013...
  • Page 302 Troubleshooting Quality of Service Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 303: Chapter 16: Troubleshooting A Sip Media Gateway Problem

    365 Debug command overview The following diagram shows the Avaya Secure Router 2330/4134 telephony building blocks. The ISDN Signaling, CAS Signaling, FXS/FXO Signaling and SIP Signaling block take care of the corresponding protocol signaling. The Media Stream Manager is in charge of the digital signal processing (DSP).
  • Page 304: Debug Cas

    Use this command to enable SIP related call control debugging. Use the no form of this command to disable the debug messages. Syntax [no] debug ccsip all Example SR# debug ccsip all Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 305: Debug Ccsip Api

    Debug command overview debug ccsip api Use this command to enable SIP application interface debugging. If no parameters are specified, all SIP application related debugs are output. Use the no form of this command to disable the debug messages. Syntax [no] debug ccsip api [ calling-num <calling-number>...
  • Page 306: Debug Ccsip Messages

    Use this command to enable Q921 related ISDN debugging. Use the no form of this command to disable the debug messages. Syntax [no] debug isdn q921 <bundle-name> Table 74: Variable definitions Variable Value <bundle-name> Specifies the ISDN bundle name. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 307: Debug Isdn Q931

    Debug command overview Example SR# debug isdn q921 pri1 debug isdn q931 Use this command to enable Q931 related ISDN debugging. Use the no form of this command to disable the debug messages. Syntax [no] debug isdn q931 <bundle-name> [mon <1-3>] Table 75: Variable definitions Variable Value...
  • Page 308: Debug Voip Dial-Peer

    SR# debug voice cc routing debug voip dial-peer Use this command to debug VoIP dial peers. Use the no form of this command to disable the debug messages Syntax [no] debug voip dial-peer Example SR# debug voip dial-peer Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 309: Common Problems And Solutions

    Codec mismatch on page 356 No voice commands available If the Secure Router 2330/4134 is not equipped for voice traffic, the CLI does not display voice commands. To list the available commands, enter a ? at the configure# prompt. The following figure shows a sample output with some voice-related commands highlighted in red.
  • Page 310 Troubleshooting a SIP Media Gateway problem Figure 39: CLI help sample output If the Secure Router 2330/4134 does not display voice commands, see the following sections for troubleshooting. Voice-compatible software image not installed The SIP Media Gateway features are only supported in release 10.1.0.0 and later. Verify that the Secure Router 2330/4134 is running the minimum release of software using the show version command.
  • Page 311 Common problems and solutions Figure 40: show version sample output for software release If the Secure Router 2330/4134 is not running 10.1.0.0 or later software, perform the required upgrade. PVM or PVIM module not installed The internal Packetized Voice Module (PVM) on the Secure Router 4134 or Packetized Voice Internal Module (PVIM) on the Secure Router 2330 must be installed for the Secure Router to support the SIP Media Gateway features.
  • Page 312 Troubleshooting a SIP Media Gateway problem Figure 41: PVM installation in the Secure Router 4134 To display the presence of the internal PVM module (listed as VoIP_A card type), enter the show chassis command. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 313: New Calls Fail If More Than 8 (Or 16, 32, 64) Simultaneous G.711 Calls Are Attempted

    PVM installation, see Avaya Secure Router 2330/4134 Installation — Hardware Components (NN47263-301). The Secure Router 2330/4134 does not support hot swap for the internal PVM module. If the PVM module is inserted at run-time, this can damage the main board or the PVM module.
  • Page 314 Figure 44: show voice dsp status sample output for maximum DSP channels To upgrade the DSP channel capacity, contact Avaya customer support for a DSP license upgrade. You must provide Avaya customer support with the serial number of the Secure Router 2330/4134 motherboard and the maximum number of channels required.
  • Page 315 Figure 45: show chassis sample output for motherboard serial number With the motherboard serial number and the number of required channels, Avaya customer support can provide you a license key that you must install on the router for the upgrade. (See Avaya Secure Router 2330/4134 Configuration —...
  • Page 316: Port 0/0 Cannot Be Configured

    To view the status of the physical layer of the module, enter the show module configuration t1 command. The following figure shows a sample output with an example alarm received from a remote peer. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 317 (B8ZS or AMI). Make sure these configurations match at both ends. The most common configuration for framing format is ESF and for linecode is B8ZS (the defaults for the Secure Router 2330/4134). The Secure Router 2330/4134 Media Gateway supports only ESF framing on T1 CAS; it does not support D4 framing.
  • Page 318 Make sure that the peer you are connected to is a T1 source and not E1. Normally sources can be configured for both T1 and E1. The Secure Router 2330/4134 can also be configured for both T1 and E1, but for Release 10.1, voice is not supported on E1 links. Therefore, make sure both ends are configured for T1.
  • Page 319: Remote T1 Link Reports Clock Slip Or Frame Drop Errors

    Common problems and solutions Figure 50: show module configuration all sample output Remote T1 link reports clock slip or frame drop errors If the remote T1 link reports a clock slip or that frames are being dropped, see the following section for troubleshooting.
  • Page 320: Network Clock Misconfigured, Does Not Lock, Or Displays As Bad Clock

    Make sure that the Secure Router 2330/4134 is configured as the clock slave to the remote end and the remote end is configured as the clock master. If both the Secure Router 2330/4134 and the peer are configured as slaves, neither end of the link can lock to the external clock.
  • Page 321 Common problems and solutions Figure 53: show network-clocks sample output for bad clock source To change the clock configuration on the Secure Router 2330/4134, use the network- clock-select command. Then use the show network-clocks command to verify that the Secure Router 2330/4134 locks to the clock from the remote peer.
  • Page 322: Configuration Of Bri, T1, Or Pri Port As Clock Source Produces Error

    The following figure shows a T1 CAS port that can be used as the clock source. Figure 56: show voice port summary sample output for CAS The following figure shows a T1 PRI link in a voice bundle that can be used as the clock source. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 323: Module Leds For T1 Or Bri Are Off

    Module LEDs for T1 or BRI are off The Secure Router 2330/4134 supports hot swap of identical external modules. If you boot up and the LEDs on a module are off, the module may be in the process of being hot swapped.
  • Page 324 To bring a module out of the hot swap state, use the no shutdown command and reboot the chassis. Figure 60: module no shutdown sample output for hot swap To verify that the card is in the normal state after the reboot, enter the show chassis command again. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 325: Creation Of T1 Cas Of Addition Of Pri Link To Bundle Produces An Error On The State Of The Slot

    Figure 61: show module t1 sample output with error The Secure Router 2330/4134 produces these errors when the port in question is on a module that is shutdown for a hot swap. Module LEDs for T1 or BRI are off on page 323 to troubleshoot a module in the hot swap state.
  • Page 326 You can display the configuration status using the debug isdn isdn-status command: Figure 62: debug isdn isdn-status sample output Be sure that the far end also uses the same switch type (in this example, shown as primary 5ess). Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 327 Common problems and solutions Also, be sure that the other end is configured as network side. The current release only supports user side on the Secure Router 2330/4134. Verify the D channel status To verify that the D channel is up, use the show interface bundle command.
  • Page 328 Perform Layer 3 traces For further ISDN troubleshooting, you can also perform Layer 3 traces using the debug isdn q931 command. The following figures show sample Layer 3 traces for a successful ISDN call flow. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 329 Common problems and solutions Figure 65: debug isdn q931 sample output Troubleshooting August 2013...
  • Page 330: Unable To Make Calls On T1 Cas

    The following is a typical configuration: config term module t1 1/2 cas-group timeslots 1-24 em-wink-start exit voice-port 1/2 no shutdown exit Be sure to enter no shutdown under voice-port. (Note that ISDN ports are enabled by default.) Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 331 Common problems and solutions Also, make sure that the CAS protocol is the same on both ends of the link. Verify that the CAS link is up Make sure the CAS link is up. Use the show module configuration all command to check the state of the link for the CAS port.
  • Page 332: Fxs/Fxo Port Status Leds

    LEDs are off, the card is not detected or is in hot swap shutdown mode. The following table describes how to interpret the other LED colors. LED color Description Not configured Amber Configured and idle Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 333: No Dial Tone On The Analog Fxs Phones Or Ports

    Common problems and solutions LED color Description Green Busy; Call in Progress No dial tone on the analog FXS phones or ports The dial tone is only played on the FXS ports after the voice ports have been configured and enabled.
  • Page 334 The following figures show sample call traces of successful FXS calls: first from FXS to SIP, and then from SIP to FXS. The red text highlights the various steps of the call setup. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 335 Common problems and solutions Figure 73: debug voice cc pots sample output Troubleshooting August 2013...
  • Page 336 Troubleshooting a SIP Media Gateway problem Figure 74: debug voice cc pots sample output (continued) Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 337 Common problems and solutions Figure 75: debug voice cc pots sample output (continued) Troubleshooting August 2013...
  • Page 338: Fxs Phones Are Not Registered (Sylantro And Broadsoft Only)

    With Sylantro and BroadSoft SIP servers, if no calls can be completed, the FXS phones might not be registered. To troubleshoot this issue, refer to the following sections. Verify SIP registrar configuration You can verify whether the SIP registrar is configured using the show sip-ua status command. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 339 Common problems and solutions Figure 77: show sip-ua status sample output If the registrar is not configured, then configure it using the sip-ua registar command. For example: SR/configure# sip-ua registrar ipv4:47.100.107.46 expires 3600 Verify that registration is configured on the dial peer If FXS phones are still not registered, then verify whether registration is enabled for the dial- peer corresponding to the FXS port using the show dial-peer voice command.
  • Page 340 Figure 79: show sip-ua register status sample output Ping If the FXS phones are still not able to register, then verify whether the configured registrar can be reached from the Secure Router 2330/4134 using the ping command. Troubleshooting August 2013...
  • Page 341: Unable To Make Fxo Calls

    Common problems and solutions Unable to make FXO calls If you are unable to make FXO calls, refer to the following sections for troubleshooting. Verify that the port and dial peer are enabled Make sure the port is not shut down using the show voice port summary command. Figure 80: show voice port summary sample output Make sure the dial peer is configured with the appropriate destination pattern and is not shut down using the show dial-peer voice summary command...
  • Page 342 Figure 82: show voice port sample output Perform call trace For further FXO troubleshooting, you can perform a call trace using the debug voice cc pots command. The following figures show sample call traces of successful FXO calls. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 343 Common problems and solutions Figure 83: debug voice cc pots sample output Troubleshooting August 2013...
  • Page 344 Troubleshooting a SIP Media Gateway problem Figure 84: debug voice cc pots sample output (continued) Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 345 Common problems and solutions Figure 85: debug voice cc pots sample output (continued) Troubleshooting August 2013...
  • Page 346: Secure Router 2330/4134 Not Reachable From Sip Server

    Figure 86: debug voice cc pots sample output (continued) Secure Router 2330/4134 not reachable from SIP Server All Secure Router 2330/4134 call routing is performed by the central SIP Server. In cases where no calls can be completed, the Secure Router 2330/4134 may not be reachable from...
  • Page 347 SIP Server. Use the ping command to verify that the SIP server can communicate with the Secure Router 2330/4134 SIP gateway. Also, if the Secure Router 2330/4134 SIP Media Gateway is configured with FQDN, then verify whether the FQDN can be resolved. Be sure that the DNS server is specified using the ip pname_server command.
  • Page 348 As a solution, you must disable digit stripping or enable forward-digits all. Dialed number not configured If the dialed number is not configured on the Secure Router 2330/4134, the call cannot be completed. The following figure shows a sample output for the debug voice cc routing command in which the dialed destination number is not found.
  • Page 349 The display confirms that there are no dial peers configured with the dialed destination pattern of 3087771004. If the number is expected to be handled by Secure Router 2330/4134, then you must configure a dial peer with a destination pattern of 3087771004.
  • Page 350 Returning CC 503 message indicates that a PRI T1 link is down. Figure 93: debug voice cc routing sample output To display the T1 module status, enter the show module configuration t1 command. The following figure shows that alarms have been detected on the module. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 351 Common problems and solutions Figure 94: show module configuration sample output Alternatively, you can also enter the show module configuration all command. Figure 95: show module configuration all sample output To display the ISDN PRI D channel status, enter the show interface bundle command. The following figure shows that the PRI bundle is down.
  • Page 352 To troubleshoot the issue, make sure that the T1 PRI cables are connected correctly. Also, verify the D channel and link status from the PBX side. Also, see Unable to make calls on T1 on page 325 for further troubleshooting instructions. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 353 Common problems and solutions T1 CAS link down The following figure shows a sample output for the debug voice cc routing command which the Returning CC 503 message indicates that the T1 CAS link is down. Figure 98: debug voice cc routing sample output To display the T1 CAS status, enter the show module configuration t1 command.
  • Page 354: Unable To Make Outbound Calls To Sip Endpoints

    Media Gateway can communicate with the SIP server. Also, if the SIP server is configured with FQDN, then verify whether the FQDN can be resolved. Be sure that the DNS server is specified on the Secure Router 2330/4134 using the ip pname_server command.
  • Page 355 Common problems and solutions The SIP server address can be configured on the Secure Router 2330/4134 using two methods: • globally using the sip-server command under voice service voip • for a particular destination pattern by configuring a VoIP Dial peer You can verify whether the SIP server is configured using the show sip-ua status command.
  • Page 356: Codec Mismatch

    Alternatively, you can configure a VoIP dial peer by entering the following commands config term dial-peer voice voip 100 session target ipv4:47.100.107.46:5060 destination-pattern 408.%T no shutdown exit exit Codec mismatch To troubleshoot a potential codec mismatch, enable SIP debugging using the debug ccsip message command. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 357 Common problems and solutions Figure 103: debug ccsip message sample output Troubleshooting August 2013...
  • Page 358 Figure 104: debug ccsip message sample output (continued) In the preceding figures, the codecs offered in the INVITE message are not configured on the Secure Router 2330/4134, and the call is therefore rejected. Verify the configured codec by entering the show voice service voip command.
  • Page 359: Troubleshooting The Mediation Server Module

    Troubleshooting the Mediation Server Module Figure 105: show voice service voip sample output As the solution, configure Secure Router 2330/4134 to support the G.711 a-law codec offered by the endpoint. config term voice service voip codec 1 g711alaw exit 2...
  • Page 360: Problem Scenario 2

    Mediation Server in the Mediation Server module does not come up. Solution 1. Verify that Mediation Server module has a valid IP address configured. See Avaya Secure Router 2330/4134 Configuration — SIP Media Gateway (NN47263-508) for details to configure the IP address of the Mediation Server module.
  • Page 361: Collecting The Ocs Mediation Server Logs On The Secure Router 4134 Mediation Server Module

    Troubleshooting the Mediation Server Module 4. Check whether you have the TDM trunks configured and the TDM links up on the Secure Router 4134. If not, see Avaya Secure Router 2330/4134 Configuration — SIP Media Gateway (NN47263-508) to configure the required network interfaces.
  • Page 362 Troubleshooting a SIP Media Gateway problem Figure 107: OCS Logging Tool dialog box 3. Initiate a call between an OCS Client and a PSTN user. When the call is completed (successfully or not) click Stop Logging. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 363: Network Packet Capture

    Troubleshooting the Mediation Server Module Figure 108: OCS Logging Tool window with active log session After you stop the logging, the log file MediationServer.etl is created in the Log File Folder, and the View Log Files button becomes active on the OCS Logging Tool window.
  • Page 364 5. In the Filter window, you have the option of specifying a filter to limit the number of packets you want to filter. Select sip to capture the voice signaling traffic (SIP) and rtp to capture the voice media traffic (RTP). Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 365: Re-Imaging The Mediation Server Module

    Avaya strongly recommends the following procedures to protect the software on the Mediation Server Module: • Create at least one additional user account with administrator privileges on the Microsoft Windows Server 2003 running on the Mediation Server Module for OCS.
  • Page 366: Cloning The Mediation Server Module Image To A Usb Drive

    It takes approximately 30 minutes to create a backup image if you use Ghost software. 6. Close the cloning application. 7. Remove the USB drive from the Mediation Server Module. Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 367: Restoring The Mediation Server Module Image From The Backup On A Usb Drive

    Re-imaging the Mediation Server Module 8. Insert the USB drive into a desktop PC. 9. Verify that the cloned image has been successfully created. If you use Ghost software, ensure that the cloned image is created in the correct path and that the following three files exist: •...
  • Page 368 Troubleshooting a SIP Media Gateway problem Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 369: Chapter 17: Troubleshooting High Cpu Utilization

    The CPU Utilization feature provides data about CPU usage by the processes running on Secure Router 2330/4134. You can view CPU utilization information for the past 10 seconds (s), 1 minute (min), 5 minutes (min), or since system startup. The router displays CPU utilization as a percentage. The CPU utilization information allows you to see how the CPU was used during a specific time interval.
  • Page 370: Cpu Utilization Debug Commands

    • SR/configure/process cpu# threshold total red 90 green 50 interval 10 notify once CPU utilization debug commands This section provides the CPU utilization debug commands. Related topics: debug process start-history on page 371 debug process stop-history on page 371 Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 371: Debug Process Start-History

    CPU utilization show commands debug process start-history Use this command to start the history collection for a process. Syntax start-history <WORD> Table 79: Variable definitions Variable Value <WORD> Name of the process Example SR/debug/process# start-history rxPoll debug process stop-history Use this command to stop the history collection for a process. Syntax stop-history <WORD>...
  • Page 372: Show Processes Cpu Color

    • days - displays CPU utilization history in days (maximum 30 days) • all - displays CPU utilization history in seconds, minutes, hours, and days Example • SR# show processes cpu history format seconds • SR# show processes cpu history format minutes Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 373: Show Processes Cpu History Process

    CPU utilization show commands show processes cpu history process Use this command to view the history graph of the CPU utilization of processes. Syntax show processes cpu history process <WORD> Table 82: Variable definitions Variable Value <WORD> Name of the process Example SR# show processes cpu history process rxPoll show processes cpu show-config...
  • Page 374 • all - displays full information Example • SR# show processes cpu utilization format brief • SR# show processes cpu utilization format invoked • SR# show processes cpu utilization format all Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 375: Chapter 18: Secure Router 2330/4134 System Error Messages

    Chapter 18: Secure Router 2330/4134 system error messages Use syslog error messages to assist you in troubleshooting errors or issues in the Avaya Secure Router 2330/4134 system. Important: Syslog and console reporting can generate a substantial amount of output and can use a substantial amount of system resources.
  • Page 376: Configuring The System For Syslog Reporting

    2. To enable or disable syslog messages, enter: system logging syslog {enable|disable} Specifying the device to which the Secure Router 2330/4134 sends syslog messages Use the commands in this section to specify the host IP address to which the Secure Router...
  • Page 377: Configuring Multiple Syslog Servers

    Table 85: Variable definitions Variable Value <ipaddr> The IP address of the host to which the Secure Router 2330/4134 sends the syslog messages. Enter the IP address in the proper format for your network (that is, in IPv4 or IPv6 format). <udp_portno>...
  • Page 378: Specifying The Syslog Messages To Report

    Use the commands in this section to specify the syslog messages that the Secure Router 2330/4134 reports. Procedure steps 1. To access configuration mode, enter: configure terminal 2. To specify the syslog messages that the Secure Router 2330/4134 reports, enter: system logging syslog module <module> <facility> <priority> Table 87: Variable definitions Variable Value <facility>...
  • Page 379 Configuring the system for syslog reporting Variable Value • local7 • sys9 • sys10 • sys11 • sys12 • sys13 • sys14 The default value is "local0". <module> The type of event to report. Valid values are the following: • auth – events related to the authorization facility •...
  • Page 380 Secure Router 2330/4134 system error messages Variable Value • security – events related to the security facility • system – events related to the system facility • userdb – user database • vif – virtual interface (for PPPoE and L2TP server) •...
  • Page 381: Configuring The Syslog Source Address

    Configuring the system for console logging Configuring the Syslog source address Use the following procedure to configure the Syslog server source address for all services. Procedure Steps 1. To configure source addresses for a service, enter Configuration Mode. configuration terminal 2.
  • Page 382: Syslog Error Messages That Indicate A Possible Fault In The System

    The following table provides a list of Secure Router 2330/4134 syslog error messages that indicate a possible fault condition in the Secure Router 2330/4134. If you receive one of the following error messages, contact Technical Support. Table 90: Syslog error messages that require Avaya Technical Support assistance...
  • Page 383 Syslog error messages that indicate a possible fault in the system Security Level Module Message CRITICAL FORWARDING ipOutput: queue pointer NULL for interface <x>:if_type :<y> CRITICAL FORWARDING ipOutput: queue pointer NULL for interface <x> CRITICAL FORWARDING ip6Output: invalid interface <x> CRITICAL FORWARDING ip6Output: queue pointer NULL for...
  • Page 384 Secure Router 2330/4134 system error messages Security Level Module Message CRITICAL HDLC ioctl GHDLC_RECONNECT_LINK failed CRITICAL HDLC ioctl GHDLC_DISCONNECT_LINK failed CRITICAL HDLC GHDLC_GET_STAT failed CRITICAL HDLC ioctl GHDLC_CLR_MIB failed CRITICAL HDLC ioctl GHDLC_CLR_STAT failed CRITICAL MLFR ioctl FR_STOP/ START_TRAFFIC_ON_LINK failed...
  • Page 385 Syslog error messages that indicate a possible fault in the system Security Level Module Message CRITICAL MLPPP ioctl PPP_GET_CONFIG failed for MLP –discriminator mlppp config for bundle <name> CRITICAL MLPPP ioctl PPP_SET_CONFIG failed for mlp in setting discriminator mlppp config for bundle <name>...
  • Page 386 Secure Router 2330/4134 system error messages Security Level Module Message CRITICAL ioctl PPP_GET_CONFIG failed for local lcp –get ppp config for bundle <name> ERROR Memory Allocation Failure. Report Error ERROR Error in clearing incomplete tcp connection ERROR FORWARDING ip6MuxScanIPv6AddrLstAcrossIntf: unit <x> out of range...
  • Page 387 Syslog error messages that indicate a possible fault in the system Security Level Module Message ERROR FORWARDING Error bringing up staticroute <ip_address> <mask> ERROR ERR:Fr_Dequeue failed: Report Error ERROR Error: unable to add 32 bit interface route, could not delete conflicting routes ERROR rtinit: wrong ifa (<x>) was(<y>)
  • Page 388 Secure Router 2330/4134 system error messages Security Level Module Message NOTIFCATION FORWARDING Ipv6 is activated on bundle <name> PVC <x> NOTIFCATION FORWARDING Ipv6 is deactivated on bundle <name> PVC <x> NOTIFCATION bundle UP: <name> NOTIFCATION bundle DOWN: <name> NOTIFCATION <type>VC UP:<name><dlci>...
  • Page 389 Syslog error messages that indicate a possible fault in the system Security Level Module Message DEBUGGING FORWARDING sfSendToStack2(): sfSendToStack() failed ! DEBUGGING FORWARDING ipMuxIfReset: (unit): <x> DEBUGGING frReserveAtEnd(): Enter!-n=<x> DEBUGGING frReserveAtEnd(): Found the last bp DEBUGGING frReserveAtEnd(): Allocating new buf DEBUGGING frReserveAtEnd(): Alloc new buf failed DEBUGGING...
  • Page 390 Secure Router 2330/4134 system error messages Security Level Module Message DEBUGGING MLPPP ioctl PPP_SET_CONFIG successful for local lcp - MRU mlppp config for bundle:<name> DEBUGGING MLPPP ioctl PPP_GET_CONFIG successful for remote lcp - MTU mlppp config for bundle:<name> DEBUGGING MLPPP...
  • Page 391 Syslog error messages that indicate a possible fault in the system Security Level Module Message DEBUGGING ioctl PPP_GET_CONFIG successful for local lcp - MRU ppp config for bundle: <name> DEBUGGING ioctl PPP_SET_CONFIG successful for local lcp - MRU ppp config for bundle: <name>...
  • Page 392 Secure Router 2330/4134 system error messages Security Level Module Message DEBUGGING ioctl PPP_SET_CONFIG successful for local BCP for bundle:<name> Troubleshooting August 2013 Comments? infodev@avaya.com...
  • Page 393: Chapter 19: Emergency Recovery Procedure

    5. Enter the show tech-support command and save the file for use in diagnosis. See Using the show tech-support command on page 44 6. If you feel there is an issue with Secure Router 2330/4134 configuration, restore with a known good configuration. If still unresponsive, reboot the router. See Importing a saved configuration on page 49 7.
  • Page 394 After the restore, reapply the saved configuration from the network. 8. If a console or telnet session is unresponsive, you can recover access without having to reboot. Obtaining Configuration Mode access when occupied by an inactive or unresponsive session on page 21 Troubleshooting August 2013 Comments? infodev@avaya.com...

Table of Contents