Manuals / NEC / Computer Equipment / Network Hardware

NEC IP8800/S6600 Check to see authentication Ipv4 access list, No.9, Port for authentication

Models: IP8800/S6700 IP8800/S3600 IP8800/S6600 IP8800/S6300 IP8800/S2400

1 250

Download 250 pages 34.34 Kb

Page 155

3. Troubleshooting Functional Failures in Operation

No.	Troubleshooting Steps and Command	Action

4	Check to see authentication Ipv4 access list	• For IP8800/S6700, IP8800/S6600, and IP8800/S6300 models, go to
		No.9.
		• If a terminal before authentication sends packets out of the system,
		confirm that authentication IPv4 access list is applied.
		If access list and authentication IPv4 access list both are applied to
		the port for authentication, make sure the filter conditions described
		in IPv4 access list are set in the access list as well.
		• Confirm that filter condition for denying packets (such as deny ip) is
		not set to the access list/authentication IPv4 access list applied to the
		port for authentication.
		• Confirm that the IP address dedicated for Web authentication is not
		set in the filter condition of authentication IPv4 access list.
		• Confirm that "any" is not specified as a destination address in the
		filter conditions of authentication IPv4 access list.
		• Otherwise, go to No.9.

5	Use the show web-authentication user	• If not registered, use the set web-authentication user
	command to check to see if user ID is registered.	command to register the user ID, password, and VLAN-ID.
		• Otherwise, go to No. 6.

6	Check to see if the entered password is correct.	• If not correct, use the set web-authentication passwd
		command to change the password, or use the remove
		web-authentication user command to delete the user ID
		once, then use the set web-authentication user
		command to register the user ID, password, and VLAN-ID again.
		• Otherwise, go to No. 9.

7	Use the show web-authentication	• If the value of "TxError" of "[RADIUS frames]" is "0", check to see
	statistics command to check the	if aaa authentication web-authentication
	communication status with the RADIUS server.	default group radius and radius-server host in the
		configuration command are set correctly.
		• For IP8800/S3600 and IP8800/S2400 models, even though the dead
		interval lets RADIUS server get recovered from no-response state
		and become able to communicate, the system is not able to collate
		with the RADIUS server during a period of time specified by the
		configuration command authentication radius-server
		dead-interval. As a result, authentication error occurs.
		In this case, if the period of time is too long for the system to wait for
		an authentication error response, change the set value of
		configuration command authentication radius-server
		dead-interval or execute the clear
		web-authentication dead-interval-timer command.
		Authentication action against the first RADIUS will be taken again.
		• Otherwise, go to No. 8.

8	Check to see if the user ID and password are	• If not registered, register the user ID and password for the RADIUS
	registered for the RADIUS server.	server.
		• Otherwise, go to No. 9.

9	Use the show web-authentication	• If not displayed, go to No. 8.
	statistics command to check to see if Web	• Otherwise, go to No. 11.
	authentication statistical information is displayed.
10	Check to see if configuration command	• If not, set the configuration command web-authentication
	web-authentication	system-auth-control.
	system-auth-control is set.	• Otherwise, go to No. 11.

93

Image 155

NEC IP8800/S6600 Check to see authentication Ipv4 access list, No.9, IPv4 access list are set in the access list as well

Contents

IP88S36-T001-000 Troubleshooting GuideCopyright c 2009, NEC Corporation, All rights reserved November, 2009 1st Edition IP88S36-T001-000Intended users IntroductionApplicable product Correction of this manualIP8800/S6700, IP8800/S6600, IP8800/S6300 Troubleshooting Guide IP88S36-T001Operation Commands, Vol.1 IP88S63-S006 IP8800/S3600, IP8800/S2400Introduction IIIBGP4+ Conventions abbreviationsCIR MIP Conventions kB, MB, GB, and TB Page Contents IPv4 Network Communication Failure Layer 2 Authentication Communication FailureNetwork Interface Communication Failure Layer 2 Network Communication FailureSnmp Communication Failure 110 Problems on Power Saving Feature 123When Resource Shortage Occurs in Shared Memory 135 Communication Failure on High-reliability Function 103Restarting the System 160 Transferring Files for Maintenance Information 144Testing Line 154 Writing to MC 152Be careful in operation Safety guide for the IP8800/S6700 seriesSymbols Operations and actionsDo not put foreign matters in the device Do not use power not specifiedDo not place the device in an unstable location Do not remove the device coverDo not touch the potential tap Grounding is requiredDo not plug too many leads into a single outlet Handle the power cable with cautionKeep air dusters away from fire Before carrying the device, remove the cables Do not install the device in a humid or dusty environmentDo not stack the devices Do not block the intake and/or exhaust portDo not touch the inside of the device Do not roughly handle the power cableDo not drop an optional component An SFP-T has the following label attached Lithium batteryCleaning Be careful of laser beamsDo not attach a label or the like to the transceivers Handle a memory card with careAttach an option component with care Use air dusters with care Handle the optical connector with careMaintenance and cleaning Do not bring a TV or radio close to the devicePage Safety guide for the IP8800/S6600 series Safety Guide IP8800/S6600Do not place the device in an unstable location Safety Guide IP8800/S6600IP8800/S6604 45 kg/100 lb Or more IP8800/S6608 64 kg/142 lb XixModel Mass Number of people Label below is attached to the device Handle the power cable with cautionKeep air dusters away from fire IP8800/S6604 Use support brackets only for IP8800/S6604Use support brackets with care Model ItemsDo not block the intake and/or exhaust port Do not roughly handle the power cable Lithium battery Handle a memory card with care Attach an option component with care Do not bring a TV or radio close to the device Safety guide for the IP8800/S6300 series Safety Guide IP8800/S6300Do not place the device in an unstable location Safety Guide IP8800/S6300Grounding is required IP8800/S6304 45kg/100 lb Or more IP8800/S6308 64kg/142 lb Model Mass Number of peopleKeep air dusters away from fire IP8800/S6304 Use support brackets only for IP8800/S6304Do not block the intake and/or exhaust port Do not roughly handle the power cable Lithium battery Handle a memory card with care Damaged by the static electricity Attach an option component with careDo not bring a TV or radio close to the device Operations and Handling Safety guide for the IP8800/S3600 and IP8800/S2400 seriesDevice in Trouble Action to Be Taken Safety Guide IP8800/S3600 IP8800/S2400Do not put foreign materials in the device Do not use power not specified Do not use too many plugs at a single outlet Do not use the cable with the protection cap detachedDo not block the intake/exhaust port Do not place the device in an unstable locationXlvi Precaution on carrying the deviceBe careful of the laser beams Do not touch the device directly if you have metal allergiesDo not ride, recline, or place a heavy loading on the device Do not bring a TV or radio close to the device Handle a memory card and a dummy memory card with care Before installing or UninstallingDiscarding the device Use air dusters with carePage Overview Overview Failure Analysis OverviewName Type Status Description LED Indications, Switches, and ConnectorsSystem and Partial Failure Analysis Overview Overview Name Type Status Description Connecting operation terminalFailure Analysis for IP8800/S3600 and IP8800/S2400 LED Green Lit in green Power on OFF Power OFF or power failureConnector Memory card slot Name Type Function DescriptionBlocked Overview Name Type Function DescriptionOrange 100/1000BASE-T Ethernet port Sent/receivedSubitem Reference Functional Failure Analysis OverviewFunctional Failure Status and Reference Overview Subitem Reference Schedule Is Disabled IP8800/S6700 Time Synchronization by NTP Is DisabledActive System Switchover Is Disabled Active BSU Switchover Is DisabledPage Troubleshooting System Failures Failure Action Troubleshooting Procedure on System FailuresTroubleshooting System Failures Troubleshooting System FailuresTroubleshooting System Failures Action Power Failure Check ItemsReplacement Method of Optional Components Follow the steps in -4 Isolating Power Supply Failure Troubleshooting for IP8800/S3600 and IP8800/ S2400Failures on External Power Unit to isolate the failure Isolating Power Supply FailurePower failure according to -4 Isolating Power Supply Isolating Failures on Power Module Isolating Failures on External Power UnitIsolating Failures on External Power Unit Isolating Failures on External Power Unit Main BodyReplacement Method of System and Optional Components Troubleshooting Functional Failures in Operation Troubleshooting Functional Failures in Operation Forgot the System Administrator Password Problems on Login PasswordForgot the Login User Password Instruction in -1 Problems and Actions When MC Problems on MCMC not found is displayed when MC is accessed Problems and Actions When MC not found is displayedSystem and Partial Failure Analysis Overview Problems on Operation TerminalProblems and Actions When Connecting to Console Unable to Input/Display from the Console CorrectlySymptom Action to Be Taken or Reference Login from the Remote Operation Terminal Is FailedProblems and Actions When Connecting to Modem Some users remain in the login Login Authentication Using RADIUS/TACACS+ Is DisabledCommand Authorization Using RADIUS/TACACS+ Is Disabled Disabled, check No or laterTroubleshooting Functional Failures in Operation Checking port status NIF Status Problem ActionNetwork Interface Communication Failure Ethernet Port Cannot Be ConnectedCheck and Action for Port Status Port Status Problem ActionChecking statistical information Check and Action for BSU/PSP Operation Status Communication Failure in Basic Switching Unit BSU/PSPBSU Operation Problem Action Status Checking BSU/PSP operation statusActions against Troubles on 10BASE-T/100BASE-TX/ 1000BASE-T Status, see 3.20 Problems on RedundantConfiguration of Basic Switching Unit BSU Troubleshooting Steps Problem Action Troubleshooting for Failed 10BASE-T/100BASE-TX/1000BASE-T10 Failure Analysis Method for Troubles on 1000BASE-X Actions against Troubles on 1000BASE-XActions against Troubles on 10GBASE-R 11 Failure Analysis Method for Troubles on 10GBASE-R Troubleshooting Functional Failures in OperationTroubleshooting Steps and Command Action Communication Failure on Using PoEAllocations Communication Failure on Using Link AggregationFunction of the port by the power inline command Check the setting of failed link aggregationTion, set the Duplex mode to Full Check the setting of failed port status usingCH Disabled Link aggregation group is Disabled and DownChecking Vlan status Layer 2 Communication by Vlan Is DisabledLayer 2 Network Communication Failure Take the action below according to the Type displayed Checking MAC address tableFlooding is executed if the MAC address is not displayed Failures on Using Spanning TreeChecking filtering/QoS See 3.4 Network Interface Communication Failure Failures on Using Ring Protocol14 Spanning Tree Failure Analysis Method Analysis Flow Replace the faulty PartsTroubleshooting Steps Action Command 15 Ring Protocol Failure Analysis MethodSpanning tree or Gsrp is used at Configurations Same time Command to check timer values forTransmission delay is not considered See the manual Configuration GuideMulticast Relay by Igmp snooping Is Disabled Multicast in the VLAN. IP8800/S3600 16 Troubleshooting on Multicast RelayHas been set up appropriately for system operation Show system commandGroup address If a multicast router is connected, check mrouter-portIs it a relay within the same VLAN? Multicast Relay by MLD snooping Is DisabledCheck the following You want to use IPv6 multicast at 17 Troubleshooting on Multicast RelayUsing the show mld-snooping IPv4 Network Communication Failure Communication Is Disabled or Is DisconnectedRoute Checking logChecking interface status Checking ARP resolution information with neighboring systemChecking option license OP-NPAR OP-NPAR Checking DHCP/BOOTP setting informationChecking filtering/QoS setting information Checking unicast routing informationDHCP/BOOTP relay communication failure IP Addresses Cannot Be Assigned Using Dhcp FunctionChecking route information Checking ARP resolution information with neighboring systemChecking the log and interface Dhcp server communication trouble Checking filtering/QoS setting informationChecking DHCP/BOOTP setting information Associated with each log message Checking configurationChecking the log message and interface Checking layer 2 network DynamicDNS Cooperation in Dhcp Function Is DisabledSystem DNS update disabled Check the configurationChecking route information 18 RIP Failure Analysis Method IPv4 Unicast Routing Communication FailureNo RIP Routing Information Exists No Ospf Routing Information Exists21 VRF Failure Analysis Method No BGP4 Routing Information ExistsNo Routing Information Exist OP-NPAR 20 BGP4 Failure Analysis Method22 Common Check Items Communication on IPv4 PIM-SM Network Is DisabledIPv4 Multicast Routing Communication Failure Common check itemsBSR check items 24 Rendezvous Point Router Check Items Rendezvous point router check itemsLast-hop-router check items 23 BSR Check Items26 first-hop-router Check Items Multicast Data Is Double-relayed on IPv4 PIM-SM NetworkFirst-hop-router check items Multicast Sender First-hop-router Last-hop-router Data Communication on IPv4 PIM-SSM Network Is Disabled27 Check Items When Double-relay Continues 28 Common Check Items29 last-hop-router Check Items 30 first-hop-router Check Items Multicast Data Is Double-relayed on IPv4 PIM-SSM NetworkIs Double-relayed on IPv4 PIM-SSM Network 31 Check Items When Double-relay Continues5 IPv4 Multicast Communication Failure In VRF OP-NPAR 32 Check Items for VRFIPv6 Network Communication Failure Checking unicast interface information Checking NDP resolution information with neighboring systemChecking the log and interface Configuration is not distributed 2 IPv6 Dhcp TroubleshootingChecking RA setting information Check the status of IPv6DHCP server Checking the status of the IPv6 Dhcp server in this systemSee the manuals Message Log Reference Duplicate acquisition by the client Procedure to check configurationCondition Cause Binding Information Route Information Checking client settingProcedure for restoring from duplicate distribution Reproducing the Duid Reconfiguring route informationIf Duid of this system conflicts with other system Deleting the file containing Duid informationChecking the Duid 35 Failure Analysis of RIPng 10 IPv6 Unicast Routing Communication FailureNo RIPng Routing Information Exists No OSPFv3 Routing Information ExistsGo to No.5 if no route exist Hop address resolution in BGP4+ exist ExistsNo BGP4+ Routing Information Exists 37 BGP4+ Failure Analysis Method38 Common Check Items Communication on IPv6 PIM-SM Network Is Disabled11 IPv6 Multicast Routing Communication Failure If the unicast route does not exist, see 3.10 IPv6 Unicast Neighboring router using the show ipv6 pimCommand with interface parameter specified Relay target group address Rendezvous point setting41 last-hop-router Check Items Multicast receiver Configuration to run MLD39 BSR Check Items 40 Rendezvous Point Router Check Items42 first-hop-router Check Items 43 Check Items When Double-relay ContinuesMulticast Data Is Double-relayed on IPv6 PIM-SM Network To the ports to which neighboring routers connect Communication on IPv6 PIM-SSM Network Is Disabled44 Common Check Items 45 last-hop-router Check Items For MLD snooping Multicast Data Is Double-relayed on IPv6 PIM-SSM Network46 first-hop-router Check Items Group join function is runningTroubleshooting Functional Failures in Operation 47 Check Items When Double-relay Continues48 Ieee 802.1X Failure Analysis Method Layer 2 Authentication Communication FailureCommunication Failure on Using Ieee To see if authentication failed Following cause. Check to see if there is any problemTable setting failed Authentication dynamic mode, go to NoTunnel-Type for the Radius server to VLAN13 Command and check to see if dynamicAssignment of Vlan authentication Authentication dynamic. Match the Vlan ID set for50 Failure Analysis Method for Web Authentication Communication Failure on Using Web AuthenticationPort for authentication Check to see authentication Ipv4 access listConfirm that authentication IPv4 access list is applied IPv4 access list are set in the access list as wellRestarted. The Web server starts to perform authentication AuthenticatedCommand Soon After Suspended When Web Server Is restarted UsingSetting Information 51 Checking Web Authentication ConfigurationCheck Point Troubleshooting Steps Failure Analysis Method for Web Authentication 52 Web Authentication Failure Analysis Method53 Failure Analysis Method for MAC Authentication Communication Failure on Using MAC AuthenticationConfiguration command mac-authentication port IPv4 access list is appliedNot applied to the port for authentication Authentication is displayed by the show To No.7Failure Analysis Method for MAC Authentication Communication Failure on Using Authentication Vlan OP-VAA54 Checking MAC Authentication Configuration 55 MAC Authentication Failure Analysis Method100 56 Authentication Vlan Failure Analysis Method101 57 Checking Authentication Vlan ConfigurationWhen Vlan Identification Table Resource Shortage Occurs 102 Gsrp Communication Failures Communication Failure on High-reliability Function104 60 Analysis Method for Gsrp Unknown Adjacency105 61 Vrrp Failure Analysis Method106 107 62 Vrrp Failure Analysis Method108 109 Set up, and the virtual router may operate. IP8800/S3600Traps Cannot Be Received by Snmp Manager Snmp Communication FailureMIBs Cannot Be Obtained from Snmp Manager 111 Checking route to the collector Checking operation status by operation commandChecking configuration Checking failures etc SFlow Packets Do Not Reach CollectorCollector information must be set correctly Checking configuration114 Checking settings of collectorChecking NIF/port status Checking transmission interval of counter sample Flow Sample Does Not Reach CollectorCounter Sample Does Not Reach Collector Checking presence/absence of the relay packetNetwork Interface Communication Failure 63 Failure Analysis Method When Using Lldp Functions64 Failure Analysis When Using Oadp Function Otherwise, see 3.5 Layer 2 Network Communication Failure Checking Filtering/QoS Setting Information to check for it117 Otherwise, see 3.4 Network Interface Communication Failure65 NTP Failure Analysis Method Time Synchronization by NTP Is DisabledNTP Communication Failure Port Becomes Inactive Due to IEEE802.3ah/UDLD Function Communication Failure on IEEE802.3ah/UDLD FunctionCause for Switchover Disabled Troubleshooting Steps Active System Switchover Is Disabled67 Problems and Actions When Switching Active System 68 Failure Analysis Method When BSU Switchover Disabled Active BSU Switchover Is DisabledBoards 122Display of Result Confirmation Cause Action Problems on Power Saving FeatureSet to disabled, delete the entry that is Schedule error caused byDisconnected Neighboring system in 3.6.1 Communication Is Disabled or IsNeighboring system in 3.9.1 Communication Is Disabled or Is 125 Checking packet discarding by filtering Communication Failure Caused by Settings of Filtering/QoSChecking Filtering/QoS Setting Information 127 IP8800/S3600 and IP8800/S2400Page 129 IP8800/S6700 IP8800/S6600 IP8800/S6300Operation Log Message for Checking Resource Use Status MAC Address Table Resource ShortageChecking Resource Usage of MAC Address Table Operation Log Message for Checking Resource UsageFile Name Specified for get Log Message 131132 Checking Vlan Identification Table Resource Usage Tag translation function Vlan setting.*1Vlan Identification Table Entry Clear Method Entry to Be Cleared StepChecking Resource Usage of Shared Memory When Resource Shortage Occurs in Shared MemoryPage 137 Collecting Failure InformationFile Name Specified for get Acquiring Basic Information Collecting Failure InformationAvailable Information via ftp Collecting Failure Information139 Collecting basic information140 Collecting Failure Information Using dump Command IP8800Collecting memory dump when communication failure occurs 141 After above log is displayed, execute next the dump command142 143 Storage Location and File Name File Transfer Transferring Files for Maintenance InformationMaintenance Information 145 Transferring Files Using ftp CommandTransferring dump files to the remote operation terminal 146 147 ETA148 Transferring failure backup information files to a consoleTransferring dump files to a console Transferring log information to a console149 IP8800/S6700 IP8800/S6600 IP8800/S6300File Name Specified for Acquired Files Files That Can Be Acquired Using ftp Command150 151 10 Collecting Dump Files from the Remote TerminalWriting to MC Writing File to MC Using Operation Terminal153 Line TestLine Test Type for Each Frame Loopback Point Testing LineEthernet Port Checking frame loopback within system155 Command IP8800/S6700 IP8800/S6600 IP8800/S6300156 Checking frame loopback at a loop connector157 Page 159 Restarting the SystemRestarting the System Restarting the SystemParameter to input Active Standby None 161Set the system to restart Or stop Specifying when162 163 Selecting CPU Memory Dump TypeCollecting memory Dump Back to command input mode164 Collect Memory dump? Memorydump is Restart?165 AppendixAppendix a Contents of show tech-support Command Display 167 168 169 170 171 172 173 174 Table A-2 Details of Display Contents IP8800/S3600IP8800/S3600 175 Information 2 for Ver.10.7 Earlier Update for Ver.11.1 and later176 Log information during software177 178 179 180 181 Table A-3 Details of Display Contents IP8800/S2400IP8800/S2400 182 Information on L2 loop detection For Ver.10.7 and later 183MLD snooping group information Built-in WEB authentication DB For Ver.10.3 and laterAuthenticated user account 184185 Page 187 IndexIndex 188