Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Ethernet Ports

From DocWiki

(Difference between revisions)
Jump to: navigation, search
m
m
 
(20 intermediate revisions not shown)
Line 1: Line 1:
-
This article describes the ACE appliance physical Gigabit Ethernet (GE) ports and how to troubleshoot port-related issues.
+
This article describes the ACE appliance physical Gigabit Ethernet (GE) ports and how to troubleshoot port-related issues. Note that the ACE module has no external ports of its own and it relies on the back plane of the Catalyst 6500 series switch for communication with the rest of the network.
{| align="right" border="1" cellspacing = "0"
{| align="right" border="1" cellspacing = "0"
|align="center"|'''Guide Contents'''
|align="center"|'''Guide Contents'''
|-
|-
-
|[[Cisco Application Control Engine (ACE) Troubleshooting Guide|Main Article]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Overview of ACE Troubleshooting|Overview of ACE Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Understanding the ACE Module Architecture and Traffic Flow|Understanding the ACE Module Architecture and Traffic Flow]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Preliminary ACE Troubleshooting|Preliminary ACE Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting ACE Boot Issues|Troubleshooting ACE Boot Issues]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting with ACE Logging|Troubleshooting with ACE Logging]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Connectivity|Troubleshooting Connectivity]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Remote Access|Troubleshooting Remote Access]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Access Control Lists|Troubleshooting Access Control Lists]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Network Address Translation|Troubleshooting Network Address Translation]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting ACE Health Monitoring|Troubleshooting ACE Health Monitoring]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Layer 4 Load Balancing|Troubleshooting Layer 4 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Layer 7 Load Balancing|Troubleshooting Layer 7 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Redundancy|Troubleshooting Redundancy]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting SSL|Troubleshooting SSL]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Performance Issues|Troubleshooting Performance Issues]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits|ACE Resource Limits]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Managing Resources|Managing ACE Resources]]<br>
+
|[[Cisco Application Control Engine (ACE) Troubleshooting Guide|Main Article]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Overview of ACE Troubleshooting|Overview of ACE Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Understanding the ACE Module Architecture and Traffic Flow|Understanding the ACE Module Architecture and Traffic Flow]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Preliminary ACE Troubleshooting|Preliminary ACE Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting ACE Boot Issues|Troubleshooting ACE Boot Issues]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting with ACE Logging|Troubleshooting with ACE Logging]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Connectivity|Troubleshooting Connectivity]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Ethernet Ports|Troubleshooting ACE Appliance Ethernet Ports]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Remote Access|Troubleshooting Remote Access]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Access Control Lists|Troubleshooting Access Control Lists]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Network Address Translation|Troubleshooting Network Address Translation]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting ACE Health Monitoring|Troubleshooting ACE Health Monitoring]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Layer 4 Load Balancing|Troubleshooting Layer 4 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Layer 7 Load Balancing|Troubleshooting Layer 7 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Redundancy|Troubleshooting Redundancy]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting SSL|Troubleshooting SSL]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Compression|Troubleshooting Compression]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Performance Issues|Troubleshooting Performance Issues]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits|ACE Resource Limits]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Managing Resources|Managing ACE Resources]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Show Counter Reference|Show Counter Reference]]<br>
|}
|}
Line 35: Line 35:
-
_Overview of ACE Appliance Ethernet Ports_
+
== Troubleshooting ACE Appliance Ethernet Ports ==
There are four gigabit Ethernet (GE) ports in an ACE appliance with a full duplex throughput of 1 Gbps each. To check the status of a GE port, enter the following command:
There are four gigabit Ethernet (GE) ports in an ACE appliance with a full duplex throughput of 1 Gbps each. To check the status of a GE port, enter the following command:
-
switch/Admin# '''show interface gigabitEthernet 1/2’’’
+
switch/Admin# '''show interface gigabitEthernet 1/2'''
 +
 +
GigabitEthernet Port 1/2 is UP, line protocol is UP <----------------- If the GE port is down, then check that the corresponding interface on the Catalyst 6500 series switch or other
 +
                                                                        Cisco switch is not shutdown and that the physical interface on the ACE appliance is not shutdown. Verify that
 +
                                                                        the physical connectivity between the ACE and the Cisco 3750 series switch or the Catalyst 6500 is fine.
 +
  Hardware is ACE Appliance 1000Mb 802.3, address is 00:1b:24:93:21:cf
 +
  MTU 9216 bytes
 +
  Full-duplex, 1000Mb/s
 +
  COS bits based QoS is disabled
 +
  input flow-control is off, output flow-control is off
 +
    26556020169 packets input, 4515905164244 bytes, 0 dropped
 +
    Received 15932917284 broadcasts (99696635 multicasts)
 +
    0 runts , 0 giants
 +
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
 +
    1 packets output, 64 bytes
 +
    1 broadcast, 0 multicast, 0 control output packets
 +
    0 underflow, 0 single collision, 0 multiple collision output packets
 +
    0 excessive collision and dropped, 0 Excessive Deferral and dropped
-
GigabitEthernet Port 1/2 is UP, line protocol is UP <<<<<<<<<<<<<<<< If this shows down then check that the corresponding interface on Cat6k is not shutdown  and also that the physical interface on ace-appliance is not shutdown. Verify that the physical connectivity with 3750 or cat6k is fine.
+
== Configuring a Port Channel ==
-
Hardware is ACE Appliance 1000Mb 802.3, address is 00:1b:24:93:21:cf
+
-
MTU 9216 bytes
+
-
Full-duplex, 1000Mb/s
+
-
COS bits based QoS is disabled
+
-
input flow-control is off, output flow-control is off
+
-
    26556020169 packets input, 4515905164244 bytes, 0 dropped
+
-
    Received 15932917284 broadcasts (99696635 multicasts)
+
-
    0 runts , 0 giants
+
-
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
+
-
    1 packets output, 64 bytes
+
-
    1 broadcast, 0 multicast, 0 control output packets
+
-
    0 underflow, 0 single collision, 0 multiple collision output packets
+
-
    0 excessive collision and dropped, 0 Excessive Deferral and dropped
+
-
switch/Admin#
+
 +
You can assign VLANs directly under the physical interface or using a channel group. These can be trunked or access ports. For trunked ports, the default native VLAN is 1, which can you can change by entering the '''switchport trunk native vlan number''' command under the physical port or a channel group.
-
You can assign VLANs directly under the physical interface or using a channel group. These can be trunked or access ports. For trunked ports, the default native VLAN is 1, which can be changed using the ‘’’switchport trunk native vlan number’’’ command under the physical port or a channel group.
+
The following example shows how to configure a port channel in the ACE appliance:
-
Configuring a Port Channel
+
interface port-channel 250
-
================
+
  switchport trunk native vlan 3
 +
  switchport trunk allowed vlan 9,101-110,128,132,144,331,349
 +
  no shutdown
 +
 +
or
 +
 +
interface port-channel 2
 +
  switchport access vlan 5
 +
  no shutdown
 +
 +
port-channel can be assigned to physical port using the channel-group command:
 +
interface gigabitEthernet 1/2
 +
  channel-group 250
 +
  shutdown
-
interface port-channel 250
+
By default, the load-balancing scheme is source-dest-mac. You can change it to destination-ip, destination mac, and so on using the '''port-channel load-balance''' command.
-
  switchport trunk native vlan 3
+
-
  switchport trunk allowed vlan 9,101-110,128,132,144,331,349
+
-
  no shutdown
+
-
or
+
== Troubleshooting Port Channels ==
-
interface port-channel 2
+
-
  switchport access vlan 5
+
-
  no shutdown
+
-
port-channel can be assigned to physical port using the channel-group command:
+
If the configured VLAN or BVI does not come up, verify that the assigned port-channel is up and that it is configured correctly on the 3750 or Catalyst 6500 series switch, and check the physical ports.
-
interface gigabitEthernet 1/2
+
-
  channel-group 250
+
-
  shutdown
+
-
 
+
-
By default, the load-balancing scheme is source-dest-mac. You can change it to destination-ip, destination mac, and so on using the ‘’’port-channel load-balance <>’’’ command.
+
-
 
+
-
If the configured VLAN or BVI does not come up, verify that the assigned port-channel is up and that it is configured correctly on 3750/Catalyst 6500 series switch as well as the physical ports.
+
To check the status of the port channel, enter the following command:
To check the status of the port channel, enter the following command:
-
switch/Admin# ‘’’show interface port-channel 250’’’
+
switch/Admin# '''show interface port-channel 250'''
-
 
+
-
PortChannel 250:
+
PortChannel 250:
-
----------------------------
+
----------------------------
-
Description:
+
Description:
-
mode: Trunk
+
mode: Trunk
-
native vlan: 0
+
native vlan: 0
-
status: (UP), load-balance scheme: src-dst-mac  <<< if the channel-group is up.
+
status: (UP), load-balance scheme: src-dst-mac  <<< if the channel-group is up.
-
 
+
-
PortChannel 250 mapped phyport: 1/2 1/3 <<< the physical interfaces to which the channel-group is assigned.  
+
PortChannel 250 mapped phyport: 1/2 1/3 <<< the physical interfaces to which the channel-group is assigned.  
-
PortChannel 250 mapped active phyport: 1/3  <<< from the above list, list of active interface.
+
PortChannel 250 mapped active phyport: 1/3  <<< from the above list, list of active interface.
-
PortChannel 250 allow vlan:  vlan<9>  vlan<101>-<110>  vlan<128>  vlan<132>  vlan<144>  vlan<331>  vlan<349>  << Assigned vlans
+
PortChannel 250 allow vlan:  vlan<9>  vlan<101>-<110>  vlan<128>  vlan<132>  vlan<144>  vlan<331>  vlan<349>  << Assigned vlans
-
    33581781 packets input, 2333352580 bytes, 0 dropped
+
    33581781 packets input, 2333352580 bytes, 0 dropped
-
    Received 20430421 broadcasts (13005450 multicasts)
+
    Received 20430421 broadcasts (13005450 multicasts)
-
    0 runts , 0 giants
+
    0 runts , 0 giants
-
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
+
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
-
    10944303 packets output, 744212928 bytes
+
    10944303 packets output, 744212928 bytes
-
    10944285 broadcast, 18 multicast, 0 control output packets
+
    10944285 broadcast, 18 multicast, 0 control output packets
-
    0 underflow, 0 single collision, 0 multiple collision output packets
+
    0 underflow, 0 single collision, 0 multiple collision output packets
-
    0 excessive collision and dropped, 0 Excessive Deferral and dropped
+
    0 excessive collision and dropped, 0 Excessive Deferral and dropped
-
switch/Admin#
+
-
 
+
-
Vlan assignment on physical ports:
+
-
 
+
-
interface gigabitEthernet 1/1
+
-
  switchport access vlan 77
+
-
  no shutdown
+
-
or
+
-
interface gigabitEthernet 1/1
+
-
  switchport trunk native vlan 3
+
-
  switchport trunk allowed vlan 77
+
-
  no shutdown
+
-
 
+
-
To check the list of VLANs that are up on the physical interface, enter the ‘’’show vlans’’’ command.
+
== Troubleshooting VLANs on the Physical Ports ==
-
switch/Admin# show vlans
+
The following example shows how to configure the VLANs on the physical ports:
-
Vlans configured on physical port(s)
+
-
vlan3  vlan5  vlan9-10  vlan30  vlan77  vlan101-110  vlan128  vlan132  vlan144
+
-
vlan331  vlan349
+
-
switch/Admin#
+
-
Finally, enter the show interface vlan command to see that the specified VLAN is up:
+
interface gigabitEthernet 1/1
 +
  switchport access vlan 77
 +
  no shutdown
 +
 +
or
 +
 +
interface gigabitEthernet 1/1
 +
  switchport trunk native vlan 3
 +
  switchport trunk allowed vlan 77
 +
  no shutdown
-
switch/Admin# show in
+
To check the list of VLANs that are up on the physical interface, enter the ‘following command:
-
interface inventory
+
-
switch/Admin# show interface vlan 77
+
-
vlan77 is up, administratively up
+
switch/Admin# '''show vlans'''
 +
Vlans configured on physical port(s)
 +
  vlan3  vlan5  vlan9-10  vlan30  vlan77 vlan101-110  vlan128  vlan132  vlan144
 +
  vlan331  vlan349
-
  Hardware type is VLAN
+
Finally, to see that the specified VLAN is up, enter the following command:
-
  MAC address is 00:1b:24:78:b1:e8
+
-
  Virtual MAC address is 00:0b:fc:fe:1b:15
+
-
  Mode : routed
+
-
  IP address is 77.5.0.11 netmask is 255.0.0.0
+
-
  FT status is active
+
-
  Description:not set
+
-
  MTU: 1500 bytes
+
-
  Last cleared: never
+
-
  Last Changed: Thu Mar 18 13:27:20 2010
+
-
  No of transitions: 1
+
-
  Alias IP address not set
+
-
  Peer IP address is 77.5.0.12 Peer IP netmask is 255.0.0.0
+
-
  Assigned on the physical port, up on the physical port
+
-
    170 unicast packets input, 412878159 bytes
+
switch/Admin# '''show interface vlan 77'''
-
    2231611 multicast, 3730365 broadcast
+
-
    0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
+
vlan77 is up, administratively up
-
    105 unicast packets output, 2949996 bytes
+
-
    2 multicast, 45981 broadcast
+
  Hardware type is VLAN
-
    0 output errors, 0 ignored
+
  MAC address is 00:1b:24:78:b1:e8
-
switch/Admin#
+
  Virtual MAC address is 00:0b:fc:fe:1b:15
 +
  Mode : routed
 +
  IP address is 77.5.0.11 netmask is 255.0.0.0
 +
  FT status is active
 +
  Description:not set
 +
  MTU: 1500 bytes
 +
  Last cleared: never
 +
  Last Changed: Thu Mar 18 13:27:20 2010
 +
  No of transitions: 1
 +
  Alias IP address not set
 +
  Peer IP address is 77.5.0.12 Peer IP netmask is 255.0.0.0
 +
  Assigned on the physical port, up on the physical port
 +
 +
      170 unicast packets input, 412878159 bytes
 +
      2231611 multicast, 3730365 broadcast
 +
      0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
 +
      105 unicast packets output, 2949996 bytes
 +
      2 multicast, 45981 broadcast
 +
      0 output errors, 0 ignored

Latest revision as of 21:29, 11 March 2011

This article describes the ACE appliance physical Gigabit Ethernet (GE) ports and how to troubleshoot port-related issues. Note that the ACE module has no external ports of its own and it relies on the back plane of the Catalyst 6500 series switch for communication with the rest of the network.

Guide Contents
Main Article
Overview of ACE Troubleshooting
Understanding the ACE Module Architecture and Traffic Flow
Preliminary ACE Troubleshooting
Troubleshooting ACE Boot Issues
Troubleshooting with ACE Logging
Troubleshooting Connectivity
Troubleshooting ACE Appliance Ethernet Ports
Troubleshooting Remote Access
Troubleshooting Access Control Lists
Troubleshooting Network Address Translation
Troubleshooting ACE Health Monitoring
Troubleshooting Layer 4 Load Balancing
Troubleshooting Layer 7 Load Balancing
Troubleshooting Redundancy
Troubleshooting SSL
Troubleshooting Compression
Troubleshooting Performance Issues
ACE Resource Limits
Managing ACE Resources
Show Counter Reference

Contents















Troubleshooting ACE Appliance Ethernet Ports

There are four gigabit Ethernet (GE) ports in an ACE appliance with a full duplex throughput of 1 Gbps each. To check the status of a GE port, enter the following command:

switch/Admin# show interface gigabitEthernet 1/2

GigabitEthernet Port 1/2 is UP, line protocol is UP <----------------- If the GE port is down, then check that the corresponding interface on the Catalyst 6500 series switch or other
                                                                       Cisco switch is not shutdown and that the physical interface on the ACE appliance is not shutdown. Verify that
                                                                       the physical connectivity between the ACE and the Cisco 3750 series switch or the Catalyst 6500 is fine.
 Hardware is ACE Appliance 1000Mb 802.3, address is 00:1b:24:93:21:cf
 MTU 9216 bytes
 Full-duplex, 1000Mb/s
 COS bits based QoS is disabled
 input flow-control is off, output flow-control is off
    26556020169 packets input, 4515905164244 bytes, 0 dropped
    Received 15932917284 broadcasts (99696635 multicasts)
    0 runts , 0 giants
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
    1 packets output, 64 bytes
    1 broadcast, 0 multicast, 0 control output packets
    0 underflow, 0 single collision, 0 multiple collision output packets
    0 excessive collision and dropped, 0 Excessive Deferral and dropped

Configuring a Port Channel

You can assign VLANs directly under the physical interface or using a channel group. These can be trunked or access ports. For trunked ports, the default native VLAN is 1, which can you can change by entering the switchport trunk native vlan number command under the physical port or a channel group.

The following example shows how to configure a port channel in the ACE appliance:

interface port-channel 250
  switchport trunk native vlan 3
  switchport trunk allowed vlan 9,101-110,128,132,144,331,349
  no shutdown

or 

interface port-channel 2
  switchport access vlan 5
  no shutdown

port-channel can be assigned to physical port using the channel-group command:
interface gigabitEthernet 1/2
  channel-group 250
  shutdown

By default, the load-balancing scheme is source-dest-mac. You can change it to destination-ip, destination mac, and so on using the port-channel load-balance command.

Troubleshooting Port Channels

If the configured VLAN or BVI does not come up, verify that the assigned port-channel is up and that it is configured correctly on the 3750 or Catalyst 6500 series switch, and check the physical ports.

To check the status of the port channel, enter the following command:

switch/Admin# show interface port-channel 250

PortChannel 250:
----------------------------
Description:
mode: Trunk
native vlan: 0
status: (UP), load-balance scheme: src-dst-mac  <<< if the channel-group is up.

PortChannel 250 mapped phyport: 1/2 1/3 <<< the physical interfaces to which the channel-group is assigned. 
PortChannel 250 mapped active phyport: 1/3  <<< from the above list, list of active interface.
PortChannel 250 allow vlan:  vlan<9>  vlan<101>-<110>  vlan<128>  vlan<132>  vlan<144>  vlan<331>  vlan<349>  << Assigned vlans
    33581781 packets input, 2333352580 bytes, 0 dropped
    Received 20430421 broadcasts (13005450 multicasts)
    0 runts , 0 giants
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
    10944303 packets output, 744212928 bytes
    10944285 broadcast, 18 multicast, 0 control output packets
    0 underflow, 0 single collision, 0 multiple collision output packets
    0 excessive collision and dropped, 0 Excessive Deferral and dropped

Troubleshooting VLANs on the Physical Ports

The following example shows how to configure the VLANs on the physical ports:

interface gigabitEthernet 1/1
  switchport access vlan 77
  no shutdown

or

interface gigabitEthernet 1/1
  switchport trunk native vlan 3
  switchport trunk allowed vlan 77
  no shutdown

To check the list of VLANs that are up on the physical interface, enter the ‘following command:

switch/Admin# show vlans
Vlans configured on physical port(s)
 vlan3  vlan5  vlan9-10  vlan30  vlan77  vlan101-110  vlan128  vlan132  vlan144
 vlan331  vlan349

Finally, to see that the specified VLAN is up, enter the following command:

switch/Admin# show interface vlan 77

vlan77 is up, administratively up

  Hardware type is VLAN
  MAC address is 00:1b:24:78:b1:e8
  Virtual MAC address is 00:0b:fc:fe:1b:15
  Mode : routed
  IP address is 77.5.0.11 netmask is 255.0.0.0
  FT status is active
  Description:not set
  MTU: 1500 bytes
  Last cleared: never
  Last Changed: Thu Mar 18 13:27:20 2010
  No of transitions: 1
  Alias IP address not set
  Peer IP address is 77.5.0.12 Peer IP netmask is 255.0.0.0
  Assigned on the physical port, up on the physical port

     170 unicast packets input, 412878159 bytes
     2231611 multicast, 3730365 broadcast
     0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
     105 unicast packets output, 2949996 bytes
     2 multicast, 45981 broadcast
     0 output errors, 0 ignored

Rating: 0.0/5 (0 votes cast)

Personal tools