Troubleshooting the IP Switch Processor
Problems logging into or accessing the unit
Not able to log into the console port and do not see any error
messages
Possible problems:
- Not connected to console port of the IP Switch Processor.
(Verify that you are connected to the port labeled 'console'.)
- Not connected with a null-modem cable. (Verify
that you are using a Null modem cable. See cable section for pinouts.)
- Wrong setting on terminal. (Verify terminal setting
8 data, 1 stop, No Parity, 9600 baud.)
- Terminal set for flow control (IP Switch Processor
does not use flow control, Terminal should be set for no flow
control.)
- Defective unit or file system (Try to boot from
boot floppy. See Full Install Instructions.)
Note:A good way of verifying
your terminal setup is to connect to a different computer and
ensure that you can talk to it. Using a terminal emulation program,
laptops or terminals should be able to talk back to back in
the same manner as the terminal would communicate with the IP
Switch Processor. If this is not possible, the problem is with
the terminal or cable and not with the IP Switch Processor
Get a Login Prompt, but will not accept password
Possible problems:
- Wrong password entered (Obtain valid password or default password.)
- Corrupted database (Default database or contact Ipsilon Customer
Services)
Procedure for overwriting the passwords
Note: This can only be done with local access to the unit
1. Connect a VT-100 terminal or PC running a VT-100 emulation
program into the console port.
2. Boot up in single user mode: To do this reboot or power cycle
the machine, When you see the line " boot: " you must
enter "-s" before it goes into multiuser mode. (you
have about 10 seconds)
3. It will then continue to boot in single user mode. After several
lines you will get the following message
'Enter pathname of shell or RETURN for sh: ' (Hit return at this point)
- Use the /etc/overpw command to enter new passwords. Below
is an example:
# /etc/overpw
After entering the new passwords type 'reboot'
Procedure for defaulting the database
Note: This will overwrite the entire database with the
factory defaults and bring
the unit up in a mode where it will ask for hostname,
passwords, and interface information.
- Log into the unit as user admin
- Use command /etc/unconfig (This will overwrite the configuration database!)
- Reboot the system. It will now boot as it did upon delivery.
Do not get a login prompt and error messages are displayed
Possible problems:
- Defective unit (Contact Ipsilon Customer Services.)
- Defective file system (Contact Ipsilon Customer Services.)
Caution: The procedure below can be used to install a system from
scratch, however this will completely replace the contents of the drive
and may be needed to restore or reload a unit. You should save
any valuable configuration information before proceeding.
See the download instructions thatcontain the full install procedure.
Not able to connect to the local unit with a browser, but console
access works
Possible problems:
- Wrong cable (If connected directly with a PC, a crossover ethernet
cable should be used. If connected to a hub, a straight-through cable should be used.)
- Port is not configured (marked) UP (use ifconfig from the console port
to verify that the port is marked UP, and RUNNING)
- PC and local ethernet port address configuration (Verify the
ethernet port on the PC and the ethernet port on the IP Switch Processor have
the same network/netmask settings.)
- Wrong link speed 10/100 mb (Verify that both ports are set
for the same speed. Solid data LED on port is a good indication
that there is a speed mismatch.)
General Interface Problems
Do not see interfaces that should be present
Possible problems: Local IP Switch Processor ports do not show up
- Defective card (Replace card.)
Possible problems: ATM1600 Switch ports do not show up
- GSMP link not up (Verify that the first port on the switch
is connected to the ATM port on the Switch processor and that
all fault lights are cleared.)
Possible Problems: FAS1200 ports do not show up but atm1600 ATM
port does show up
- IFMP-C link not up (Verify that the ATM link to the FAS1200
module is up and no fault lights are on.)
Common Ethernet problems (Connectivity problems with attached
device.)
Possible problems:
- Wrong cable used no link light (Crossover cable between directly
connected PCs, and direct connection between switch/hub)
- Wrong speed set (Verify that the speeds match on each end
10 or 100 MB. A solid data led indicator is a good indication
of a speed mismatch.)
- Port not enabled (Verify from the interface page in Voyager
that the interface is configured active.)
- High collisions on hub (If connected to a hub look for excessive
collisions. If excessive collisions are observed disconnect connections
one at a time until problem is localized to one machine and troubleshoot
further.)
Common ATM Interface problems
Possible problems:
- Wrong cable used (Verify that the proper crossover cable is
used. See cable section.)
- MMF to SMF interface (Verify that you are not trying to connect
MMF to SMF. SMF card have a red faceplate on switch and will only
work with other SMF interfaces.)
- No IFMP sync on links between switches and between switch
and gateway (Verify that each end of the link is configured UP
and has a IP address in the same subnetwork.)
Common Connectivity Problems (Interfaces
look good but not able to ping.)
Unable to Ping through unit (No connectivity between ports.)
Note: This section assumes that the user has localized
the problem by issuing pings to various network interfaces so
that the problem is within a router or network
- Interfaces not UP (See interfaces section to ensure that all
interfaces are UP and active.)
- No route to network (Check the routing table to see if a route
exists to the network where the interface is located. If not route
exists see troubleshooting routing below.)
- Attached device does not have proper default route or routing
information. If the problem is that a local PC is unable to ping
though an attached IP Switch Processor then it is possible that the
PC may contain an invalid default route or routing information.
If using default routes, from the PC ensure that the local IP Switch
Processor interface is the default route for that PC.
- ARP table has old information. It may be possible that the
arp table in the router has an old or invalid entry for the device
associated with the IP address you are attempting to ping. You
can view the arp table with the arp -a command from a console
session. You can delete an invalid entry with the arp -d <ip
address> command.
- Use tcpdump to help isolate (tcpdump can be used to verify
that a packet is leaving or entering a port. See the section on
tcpdump for further information.)
Troubleshooting routing Problems
Common Problems with OSPF
- OSPF not configured (Verify that OSPF is properly configured
for all interfaces that are involved in OSPF routing.)
- OSPF hello and dead timers are not the same on each interface
for a given link.
- Attached devices do not support OSPF (Ensure that attached
unit supports OSPF, if not, configure the unit for a default route,
or exchange routes with a protocol it does support.)
- Use tcpdump to view routing information (tcpdump -i "interface"
proto ospf will display routing updates on that interface.) See
tcpdump section for further information on this tool.
- You can flush the routing table if invalid routes exist with
the route -n flush command from a console session. See
man route for more information on the route command.
Common Problems with RIP
- RIP v1 must use consistent subnet mask (Variable subnet masks
are not supported for RIP v1. All subnet masks must be
the same if using RIP v1.)
- Verify Metrics (RIP has a limitation on the number of networks
it can span "16" verify that your network topology does
not exceed this limit.)
- Use tcpdump to view routing updates (See section on tcpdump
for further information on this tool.)
- You can flush the routing table if invalid routes exist with
the route -n flush command from a console session. See
man route for more information on the route command.
Common problems exchanging routes
- Always enter metric value if exporting routes from OSPF to
RIP.
- Exchanging routes may involve several configuration steps.
Follow the tasks in the on-line documentation to ensure that
all steps are followed.
- Problems with routing protocol (See sections above to ensure
that each routing protocol is functioning properly.)
Problems with Multicast
Possible problems
- Problems with IP connectivity (Verify that you have IP connectivity
first ping various hosts on each network.)
- DVMRP not enabled on the interfaces (Verify that DVMRP is
enabled on the interfaces in use.)
- Use tcpdump to view packets (tcpdump -i interface proto igmp.)
See tcpdump section for further information on this tool
- Use mtrace to view multicast routing path (See man page on
mtrace for further information.)
- Exceeding TTL on clients (Verify that the client is set up
for the proper TTL variable. Many clients are set to only receive
local traffic 1 hop away.)
Problems interfacing to 1483 devices (Classical IP)
Possible problems
- Make sure remote and local devices are configured for same
VC and VP value and are in the supported range of the NIC.
- The encapsulation must be LLC/SNAP.
- MTU size must be 1500. Ipsilon does not support MTU sizes
larger than this.
Problems upgrading a unit
Possible problems
- Failed to get image from FTP server. (Possible that the wrong
file name, or password was used. Try to manually FTP the file
to the unit and then *install from local file*.)
- Using full install file (The full install file is only for
installing a system from scratch with a boot floppy.)
- Corrupted upgrade file (Ensure that the file is not corrupted,
Ipsilon can provide an MD5 verification number if needed.)
- Trying to run 'setup' if you see the message: "There is already
another session of 'setup' in progress.", then delete
/tmp/.setup.lock file. This will allow 'setup' to run.
- 'Setup' will fail if the /Ipsilon/config/.IPSO.MANIFEST file
is corrupted. If this is the case, you will have to reinstall the
software from scratch. Save the configuration database and perform a full install.
TCP Dump command (Viewing packets on a interface)
tcpdump:
Tcpdump is a program provided with the Ipsilon software which
is very much like the tcpdump or snoop programs of a UNIX workstation.
Tcpdump is used to see the traffic on a network, not to alter
it. The information below contains some important features and
commands that are used with tcpdump. For further information see
the man page for tcpdump
tcpdump defaults to lowest number port:
control-c will stop tcpdump.
tcpdump -i <interface name> does tcpdump per specific
interface
Example:
tcpdump -i atm-s3p1c0
or for switch port from controller
tcpdump -i atm-s1p1c0s3p1c0
tcpdump -i <interfce name> proto <well known protocol
name>
Example:
tcpdump -i eth-s2p3c0 proto ospf
will only show ospf on that interface
tcpdump -i eth-s2p1c0 proto igrp
will show only the igrp traffic on that wire.
tcpdump -i <interface name> port <UNIX application
port>
Example:
tcpdump -i eth-s1p1c0 port telnet
or tcpudmp -i eth-s1p1c0 port 23
will show all telnet traffic
tcpdump -i <interfce name> <ip or udp> <UNIX
application port>
can specify ip or udp port
Example:
tcpdump -i eth-s2p1c0 udp port 68
will show all bootp/dhcp traffic.
tcpdump -i <interface name> <ip or udp> <not>
<UNIX application port>
How to filter traffic
Example:
tcpdump -i eth-s1p1c0 not port 80
will not show WWW traffic on that interfce
tcpdump -i <interface name> -s <packet size> -vv
How to specify how much of the packet to view
Example:
tcpdump -i eth-s1p1c0 -s 320 -vv
will recieve 320 bytes of packet, more decode will be done
Saving a trace to a file:
A trace file may be generated by using the tcpdump program and
giving the -w flag. This copies the packet to a file on the hard-drive
of the unit. This can then be used to mail back to Ipsilon Support,
or moved to another computer where tcpdump can be used to view
that file. NOTE1: this copies the first 68 bytes of every packet,
unless the capture size is increased. For users running without
data encryption, passwords are also copied into this file. NOTE2:
if the network being snooped is busy this file will grow quite
fast. It is usually a good idea to create this file on the /usr
partition, since it is largest. (Remember to delete this
file.)
Example:
tcpdump -i eth-s1p1c0 -w /usr/trace.file
Will not display packets, doing a control-c will end the capture
and print how many Packets were captured
RIP example:
tcpdump -i eth-s1p1c0 -s 320 -vv port 520
will show all RIP traffic on the network attached to eth-s1p1c0
port 520 is also the port used by 'routed' on UNIX workstations.
OSPFexample:
tcpdump -i atm-s3p1c0 -s 320 -vv proto ospf
will show all OSPF traffic on the atm link, including LSA's and
full information on routs.
IGRP example:
tcpdump -i eth-s1p1c0 -s 320 -vv proto igrp
will show all IGRP traffic on the network connected to eth-s1p1c0.
Telnet example:
tcpdump -i eth-s1p1c0 port 23
will show all telnet traffic on network connected to eth-s1p1c0.