- Index
- Preface
- Product Overview
-
- Configuring Ethernet Interfaces
- Configuring VLANs
- Configuring Private VLANs
- Configuring Rapid PVST+
- Configuring Multiple Spanning Tree
- Configuring STP Extensions
- Configuring Port Channels
- Configuring Access and Trunk Interfaces
- Configuring the MAC Address Table
- Configuring IGMP Snooping
- Configuring Traffic Storm Control
-
- Configuring Fibre Channel Interfaces
- Configuring Domain Parameters
- Configuring N-Port Virtualization
- Configuring VSAN Trunking
- Configuring SAN PortChannels
- Configuring and Managing VSANs
- Configuring and Managing Zones
- Distributing Device Alias Services
- Configuring Fibre Channel Routing Services and Protocols
- Managing FLOGI, Name Server, FDMI, and RSCN Databases
- Discovering SCSI Targets
- Advanced Features and Concepts
- Configuring FC-SP and DHCHAP
- Configuring Port Security
- Configuring Fabric Binding
- Configuring Fabric Configuration Servers
- Configuring Port Tracking
Troubleshooting
This chapter describes basic troubleshooting methods used to resolve issues with a Cisco Nexus 5000 Series switch. This chapter includes the following sections:
Recovering a Lost Password
This section describes how to recover a lost network administrator password using the console port of the switch.
You can recover the network administrator password using one of two methods:
This section includes the following topics:
Using the CLI with Network-Admin Privileges
If you are logged in to, or can log into, the switch with a username that has network-admin privileges, follow these steps:
Step 1
Verify that your username has network-admin privileges.
Step 2 Assign a new network administrator password if your username has network-admin privileges.
Step 3 Save the configuration.
Power Cycling the Switch
If you cannot start a session on the switch that has network-admin privileges, you must recover the network administrator password by power cycling the switch.
This procedure disrupts all traffic on the switch.
Note You cannot recover the administrator password from a Telnet or SSH session. You must have access to the local console connection.
To recover the network administrator password by power cycling the switch, follow these steps:
Step 1 Establish a terminal session on the console port of the supervisor module.
Step 2 Power cycle the switch.
Step 3 Press the Ctrl-B key sequence from the console port session when the switch begins the Cisco NX-OS software boot sequence to enter the boot prompt mode.
Step 4 Reset the network administrator password.
switch(boot)# configure terminal
Step 5 Display the bootflash: contents to locate the Cisco NX-OS software image file.
switch(boot)# dir bootflash:
Step 6 Load the Cisco NX-OS system software image.
In the following example, the system image filename is nx-os.bin:
Step 7 Log in to the switch using the new administrator password.
Step 8 Reset the new password to ensure that is it is also the SNMP password.
Step 9 Save the configuration.
Using Ethanalyzer
Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code. Ethanalyzer is a command-line version of Wireshark that captures and decodes packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic.
To configure Ethanalyzer, use the following commands:
Ethanalyzer does not capture data traffic that Cisco NX-OS forwards in the hardware.
Ethanalyzer uses the same capture filter syntax as tcpdump. For more information, see the following URL:
http://www.tcpdump.org/tcpdump_man.html
For information on the syntax of the display filter, see the following URL:
http://wiki.wireshark.org/DisplayFilters
This example shows captured data (limited to four packets) on the management interface:
Capturing on eth0
2005-01-25 07:18:08.997132 10.193.24.42 -> 10.200.0.103 TELNET Telnet Data...
2005-01-25 07:18:09.166266 10.200.0.103 -> 10.193.24.42 TCP 1235 > telnet [ACK] Seq=0 Ack=19 Win=64129 Len=0
2005-01-25 07:18:09.166830 10.193.24.42 -> 10.200.0.103 TELNET Telnet Data...
2005-01-25 07:18:09.376250 10.200.0.103 -> 10.193.24.42 TCP 1235 > telnet [ACK] Seq=0 Ack=99 Win=64049 Len=0
4 packets captured
This example shows detailed captured data for one HSRP packet:
Capturing on eth0
Frame 1 (60 bytes on wire, 60 bytes captured)
Arrival Time: Jan 25, 2005 08:49:49.250719000
[Time delta from previous captured frame: 1106642989.250719000 seconds]
[Time delta from previous displayed frame: 1106642989.250719000 seconds]
[Time since reference or first frame: 1106642989.250719000 seconds]
Frame Number: 1
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
Ethernet II, Src: 00:1a:a2:d2:d7:00 (00:1a:a2:d2:d7:00), Dst: 00:0d:ec:6d:81:00 (00:0d:ec:6d:81:00)
Destination: 00:0d:ec:6d:81:00 (00:0d:ec:6d:81:00)
Address: 00:0d:ec:6d:81:00 (00:0d:ec:6d:81:00)
.......0................ = IG bit: Individual address (unicast)
......0................. = LG bit: Globally unique address (factory default)
Source: 00:1a:a2:d2:d7:00 (00:1a:a2:d2:d7:00)
Address: 00:1a:a2:d2:d7:00 (00:1a:a2:d2:d7:00)
.......0................ = IG bit: Individual address (unicast)
......0................. = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: 10.200.0.103 (10.200.0.103), Dst: 10.193.24.42 (10.193.24.42)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
......0. = ECN-Capable Transport (ECT): 0
.......0 = ECN-CE: 0
Total Length: 40
Identification: 0xa651 (42577)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x2765 [correct]
[Good: True]
[Bad : False]
Source: 10.200.0.103 (10.200.0.103)
Destination: 10.193.24.42 (10.193.24.42)
Transmission Control Protocol, Src Port: 1288 (1288), Dst Port: telnet (23), Seq: 0, Ack: 0, Len: 0
Source port: 1288 (1288)
Destination port: telnet (23)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0....... = Congestion Window Reduced (CWR): Not set
.0...... = ECN-Echo: Not set
..0..... = Urgent: Not set
...1.... = Acknowledgment: Set
.... 0... = Push: Not set
.....0.. = Reset: Not set
......0. = Syn: Not set
.......0 = Fin: Not set
Window size: 64334
Checksum: 0x934f [correct]
[Good Checksum: True]
[Bad Checksum: False]
1 packets captured
For more information on Wireshark, see the following URL: http://www.wireshark.org/docs/
Troubleshooting Fibre Channel
This section describes troubleshooting methods to resolve issues with Fibre Channel. This section includes the following topics:
fctrace
The fctrace feature provides the following capabilities:
You can invoke fctrace by providing the FC ID, the N port WWN, or the device alias of the destination.
The trace frame is routed normally through the network until it reaches the far edge of the fabric. When the frame reaches the edge of the fabric (the F port connected to the end node with the given port WWN or the FC ID), the frame is looped back (swapping the source ID and the destination ID) to the originator.
If the destination cannot be reached, the path discovery starts, which traces the path up to the point of failure.
Note The fctrace feature works only on TE ports. Make sure that only TE ports exist in the path to the destination. If there is an E port in the path, the fctrace frame is dropped by that switch. Also, fctrace times out in the originator, and path discovery does not start.
To perform the fctrace operation, perform one of these tasks:
fcping
The fcping feature verifies reachability of a node by checking its end-to-end connectivity. You can invoke the fcping feature by providing the FC ID, the destination port WWN, or the device alias information.
To perform a fcping operation, perform this task:
Verifying Switch Connectivity
You can verify connectivity to a destination switch.
Note The FC ID variable used in this procedure is the domain controller address; it is not a duplication of the domain ID.
To verify connectivity to a destination switch, perform this task:
show tech-support Command
The show tech-support command is useful when collecting a large amount of information about the switch for troubleshooting purposes. The output of this command can be provided to technical support representatives when reporting a problem.
The show tech-support command displays the output of several show commands at once. The output from this command varies depending on your configuration. Use the show tech-support command in EXEC mode to display general information about the switch when reporting a problem.
You can choose to have detailed information for each command. You can specify the output for a particular interface, module, or VSAN. Each command output is separated by line and the command precedes the output.
Note Explicitly set the terminal length command to 0 (zero) to disable auto-scrolling and enable manual scrolling. Use the show terminal command to view the configured the terminal size. After obtaining the output of this command, remember to reset your terminal length as required.
Tip You can save the output of this command to a file by appending > (left arrow) and the filename to the show tech-support command. If you save this file, verify you have sufficient space to do so—each of these files may take about 1.8 MB. However, you can zip this file using the gzip filename command. Copy the zipped file to the required location using the copy command and unzip the file using the gunzip command.
The default output of the show tech-support command includes the output of the following commands:
- show switchname
- show system uptime
- show interface mgmt0
- show interface mgmt1
- show system resources
- show version
- dir bootflash:
- show inventory
- show diagnostic result all
- show logging log
- show module
- show environment
- show sprom backplane
- show clock
- show callhome
- show cfs application
- show cfs lock
- show snmp
- show interface brief
- show interface
- show running-config
- show startup-config
- show ip route
- show arp
- show monitor session all
- show accounting log
- show process
- show process cpu
- show process log
- show process memory
- show processes log details
- show logging log
- show license host-id
- show license
- show license usage
- show system reset-reason
- show logging nvram
- show install all status
- show install all failure-reason
- show system internal log install
- show system internal log install details
- show cores
- show topology
- show kernel internal aipc
- show tech-support acl
- show vlan
- show vlan access-map
- show mac-address-table
- show spanning-tree summary
- show spanning-tree active
- show interface trunk
- show aclmgr status
- show aclmgr internal dictionaries
- show aclmgr internal log
- show aclmgr internal ppf
- show aclmgr internal state-cache
- show access-lists
- show platform software ethpm internal info all
- show object-group
- show logging onboard obfl-logs
show tech-support brief Command
Use the show tech-support brief command to obtain a quick, condensed review of the switch configurations. This command provides a summary of the current running state of the switch (see the following example).
The show tech-support brief command is useful when collecting information about the switch for troubleshooting purposes. The output of this command can be provided to technical support representatives when reporting a problem.
Tip You can save the output of this command to a file by appending > (left arrow) and the filename to the show tech-support brief command.
This example shows how to display a condensed view of the switch configurations:
show tech-support fc Command
Use the show tech-support fc command to obtain information about the FC configuration on your switch.
The output of the show tech-support fc command includes the output of the following commands:
- show interface brief
- show interface
- show port internal info all
- show port internal event-history lock
- show port internal event-history msgs
- show port internal event-history errors
- show port internal mem-stats detail
- show san-port-channel internal event-history all
- show san-port-channel internal event-history errors
- show san-port-channel internal event-history msgs
- show san-port-channel internal event-history lock
- show san-port-channel internal mem-stats detail
- show san-port-channel usage
- show san-port-channel summary
- show san-port-channel consistency detail
- show tech-support device-alias
- show fcdomain domain-list
- show tech-support fcns
- show fcns database vsan 1-4093
- show fcns database detail vsan 1-4093
- show fcns database local vsan 1-4093
- show fcns database local detail vsan 1-4093
- show fcns statistics vsan 1-4093
- show fcns statistics detail vsan 1-4093
- show fcns internal info vsan 1-4093
- show fcns internal event-history
- show fcns internal event-log
- show fcroute unicast
- show fcs database
- show fcs ie
- show fctimer
- show flogi database
- show flogi internal info
- show fspf
- show fspf database
- show tech-support rscn
- show rscn internal vsan 1-4093
- show rscn internal event-history
- show rscn internal mem-stats detail
- show rscn internal session-history vsan 1-4093
- show rscn internal merge-history vsan 1-4093
- show rscn statistics vsan 1-4093
- show rscn scr-table vsan 1-4093
- show rscn session status vsan 1-4093
- show vsan
- show vsan membership
- show tech-support zone
- show zone status vsan 1-4093
- show zoneset active vsan 1-4093
- show zoneset vsan 1-4093
- show zone vsan 1-4093
- show fcalias vsan 1-4093
- show zone-attribute-group vsan 1-4093
- show zone policy vsan 1-4093
- show zoneset pending active vsan 1-4093
- show zoneset pending vsan 1-4093
- show zone pending vsan 1-4093
- show zone pending active vsan 1-4093
- show fcalias pending vsan 1-4093
- show zone policy pending vsan 1-4093
- show zone pending-diff vsan 1-4093
- show zone analysis active vsan 1-4093
- show zone analysis vsan 1-4093
- show zone ess vsan 1-4093
- show zone internal vsan 1-4093
- show zone internal change event-history vsan 1-4093
- show zone internal ifindex-table vsan 1-4093
- show zone internal merge event-history vsan 1-4093
- show zone internal event-history
- show zone internal event-history errors
- show zone internal tcam event-history vsan 1-4093
- show zone statistics vsan 1-4093
- show system default zone
- show zone internal ddas-table
- show zone internal sdv-table vsan 1-4093
- show zone internal mem-stats
- show zone internal mem-stats detail
- show zone internal transit-table received vsan 1-4093
- show zone internal transit-table forwarded vsan 1-4093
- show zone internal transit-table rejected vsan 1-4093
Tip You can save the output of this command to a file by appending > (left arrow) and the filename to the show tech-support zone command.
show tech-support platform Command
Use the show tech-support platform command to obtain information about the platform configuration of your switch.
The output of the show tech-support platform command includes the output of the following commands:
- show platform fwm mem-stats detail
- show platform fwm info global
- show platform fwm info pif all verbose
- show platform fwm info lif all verbose
- show platform fwm info vlan all verbose
- show platform fwm info error stats
- show platform fwm info error history
- show platform fwm info stm-stats
- show platform fwm info pc all verbose
- show platform fwm info ppf
- show platform fwm info pss all
- show platform hardware fwm info vlan all
- show platform hardware fwm info pif all
- show platform hardware fwm info lif all
- show platform hardware fwm info global
- show platform software zschk internal info
- show platform software zschk internal msgs
- show platform software statsclient msgs
- show hardware internal gatos detail
- show hardware internal gatos all-ports detail
- show hardware internal altos detail
- show hardware internal altos event-history errors
- show hardware internal altos event-history messages
- show platform fcfib fcflow
- show platform fcfib event-history all
- show platform fcfib unicasts
- show platform fcfib unicasts forwarding-configuration
- show platform fcfib vsan
- show platform fcfib san-port-channel
- show platform software fcfib devices
- show platform software fcfib multipath
- show platform software fcfib vsanidxtable
- show platform software fcfib domainidxtable
- show platform hardware fcfib pathselecttable
- show platform hardware fcfib pathselecttable all
- show platform software fcfib fctable-check
- show fc2 internal event-history errors
- show system internal liod liod_db
- show system internal liod queues
- show system internal liod state
- show system internal liod time_db
- show system internal rib domain
- show system internal rib system-attributes
- show system internal rib unicast
- show system internal rib vsan-attributes
- show system internal fcfwd fwidxmap if_index
- show system internal fcfwd idxmap interface-to-port
- show system internal fcfwd pcmap
- show platform afm info global
- show platform afm info attachment brief
- show platform afm info group-cfg all
- show platform afm info lop all
- show platform software altos detail
- show platform software altos event-history errors
- show platform software altos event-history msgs
- show platform software altos ports all
- show platform hardware altos counters all
- show platform hardware altos counters interrupts all
- show platform hardware altos interrupts all detail
Default Settings
Table 1-1 lists the default settings for the features included in this chapter.
|
|
|
|---|---|
Feedback