Troubleshooting Guide
Page 2
... OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any examples, command display output, network topology diagrams, and other countries. Cisco Nexus 5000 Series Troubleshooting Guide © 2011 Cisco Systems, Inc. Cisco and the Cisco Logo are service marks; THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE...
... OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any examples, command display output, network topology diagrams, and other countries. Cisco Nexus 5000 Series Troubleshooting Guide © 2011 Cisco Systems, Inc. Cisco and the Cisco Logo are service marks; THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE...
Troubleshooting Guide
Page 7
...Series NX-OS Unicast Routing Configuration Guide Cisco Nexus 5000 Series Switch NX-OS Software Configuration Guide Cisco Nexus 5000 Series Fabric Manager Configuration Guide, Release 3.4(1a) Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 4.2 Cisco Nexus 2000 Series Fabric Extender Software Configuration Guide Maintain and Operate Guides Cisco Nexus 5000 Series NX-OS Operations Guide Installation and Upgrade Guides Cisco Nexus 5000 Series and Cisco Nexus 5500 Platform Hardware Installation Guide Cisco Nexus 2000 Series Hardware Installation Guide Cisco Nexus 5000 Series...
...Series NX-OS Unicast Routing Configuration Guide Cisco Nexus 5000 Series Switch NX-OS Software Configuration Guide Cisco Nexus 5000 Series Fabric Manager Configuration Guide, Release 3.4(1a) Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 4.2 Cisco Nexus 2000 Series Fabric Extender Software Configuration Guide Maintain and Operate Guides Cisco Nexus 5000 Series NX-OS Operations Guide Installation and Upgrade Guides Cisco Nexus 5000 Series and Cisco Nexus 5500 Platform Hardware Installation Guide Cisco Nexus 2000 Series Hardware Installation Guide Cisco Nexus 5000 Series...
Troubleshooting Guide
Page 14
... and CLI Commands Chapter 1 Troubleshooting Overview Send document comments to the bootflash, FTP, or TFTP server. switch# tac-pac switch# dir volatile: 374382 Aug 16 17:15:55 2010 show_tech_out.gz From volatile, copy the file to nexus5k-docfeedback@cisco.com. switch# copy volatile:show_tech_out.gz ? In the following examples, the logging command and the Device Manager display severity information: Viewing Severity Information with the CLI switch(config)# show interface...
... and CLI Commands Chapter 1 Troubleshooting Overview Send document comments to the bootflash, FTP, or TFTP server. switch# tac-pac switch# dir volatile: 374382 Aug 16 17:15:55 2010 show_tech_out.gz From volatile, copy the file to nexus5k-docfeedback@cisco.com. switch# copy volatile:show_tech_out.gz ? In the following examples, the logging command and the Device Manager display severity information: Viewing Severity Information with the CLI switch(config)# show interface...
Troubleshooting Guide
Page 22
Device ID:TM-6506-1 System Name: Interface address(es): IPv4 Address: 11.1.1.1 Platform: cisco WS-C6506, Capabilities: Router Switch IGMP Filtering Interface: Ethernet1/4, Port ID (outgoing port): TenGigabitEthernet1/2 port connections Holdtime: 133 sec ? Verifies proper Version: Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-IPSERVICES_WAN-VM), Version 12.2(18)SXF11, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by bringing down all uplink connectivity to...
Device ID:TM-6506-1 System Name: Interface address(es): IPv4 Address: 11.1.1.1 Platform: cisco WS-C6506, Capabilities: Router Switch IGMP Filtering Interface: Ethernet1/4, Port ID (outgoing port): TenGigabitEthernet1/2 port connections Holdtime: 133 sec ? Verifies proper Version: Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-IPSERVICES_WAN-VM), Version 12.2(18)SXF11, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by bringing down all uplink connectivity to...
Troubleshooting Guide
Page 26
... peer supports LLDP. switch# show running-config feature fcoe vlan 1 vlan 100 fcoe vsan database vsan 100 interface vfc4 bind interface Ethernet1/4 no shutdown vsan database vsan 100 interface vfc4 interface fc2/1 no shutdown interface Ethernet1/4 switchport mode trunk switchport trunk allowed vlan 100 spanning-tree port type edge trunk • Check to nexus5k-docfeedback@cisco.com. Example: switch# show lldp interface ethernet 1/4 command. Use the show lldp interface ethernet 1/4 Interface Information: Enable (tx/rx/dcbx): Y/Y/Y Port Mac address: 00...
... peer supports LLDP. switch# show running-config feature fcoe vlan 1 vlan 100 fcoe vsan database vsan 100 interface vfc4 bind interface Ethernet1/4 no shutdown vsan database vsan 100 interface vfc4 interface fc2/1 no shutdown interface Ethernet1/4 switchport mode trunk switchport trunk allowed vlan 100 spanning-tree port type edge trunk • Check to nexus5k-docfeedback@cisco.com. Example: switch# show lldp interface ethernet 1/4 command. Use the show lldp interface ethernet 1/4 Interface Information: Enable (tx/rx/dcbx): Y/Y/Y Port Mac address: 00...
Troubleshooting Guide
Page 30
The FCoE interface only supports a Generation-2 Converged Network Adapter. auto Advertise priority-flow-control capability on Turn on priority-flow-control Note The default setting for this command is an example of a service policy that the type of Converged Network Adapter might not be configured: F340.24.10-5548-1 class-map type qos class-fcoe class-map type queuing class-fcoe match qos-group 1 class-map type queuing class...
The FCoE interface only supports a Generation-2 Converged Network Adapter. auto Advertise priority-flow-control capability on Turn on priority-flow-control Note The default setting for this command is an example of a service policy that the type of Converged Network Adapter might not be configured: F340.24.10-5548-1 class-map type qos class-fcoe class-map type queuing class-fcoe match qos-group 1 class-map type queuing class...
Troubleshooting Guide
Page 34
... displays the ethernet statistics. • Microsoft Windows - Specific model of this tool displays details about DCB configurations and FIP settings within the FC interface. • Qlogic - Chapter 2 Troubleshooting FCoE Issues CNA Send document comments to manage Emulex CNAs. FCoE VLAN must be configured at every converged access switch and every blade switch to carry traffic for each virtual fabric (VSAN) in the SAN (for example, VLAN 1002 for...
... displays the ethernet statistics. • Microsoft Windows - Specific model of this tool displays details about DCB configurations and FIP settings within the FC interface. • Qlogic - Chapter 2 Troubleshooting FCoE Issues CNA Send document comments to manage Emulex CNAs. FCoE VLAN must be configured at every converged access switch and every blade switch to carry traffic for each virtual fabric (VSAN) in the SAN (for example, VLAN 1002 for...
Troubleshooting Guide
Page 39
... errors command. Possible Cause If the peer supports PFC TLV with DCBX capable devices: • no priority-flow-control mode on • flowcontrol receive on • flowcontrol send on a Nexus 5000 switch that connects DCBX-capable devices. Possible Cause Currently there are no CLI commands to clear PFC frames (Bug ID is incremented using the show int ethx/x flowcontrol command. It is not enabled...
... errors command. Possible Cause If the peer supports PFC TLV with DCBX capable devices: • no priority-flow-control mode on • flowcontrol receive on • flowcontrol send on a Nexus 5000 switch that connects DCBX-capable devices. Possible Cause Currently there are no CLI commands to clear PFC frames (Bug ID is incremented using the show int ethx/x flowcontrol command. It is not enabled...
Troubleshooting Guide
Page 45
... the MAC addresses across the VPC switches. Possible Cause The MAC address is disabled. This triggers new learning and synchronization of a VPC scenario. Solution Enable the BPDU filter on the HIF and on one switch only. Use the following commands to confirm the details of the STP port state for the port: • show spanning-tree interface detail • show spanning-tree vlan Solution • Check...
... the MAC addresses across the VPC switches. Possible Cause The MAC address is disabled. This triggers new learning and synchronization of a VPC scenario. Solution Enable the BPDU filter on the HIF and on one switch only. Use the following commands to confirm the details of the STP port state for the port: • show spanning-tree interface detail • show spanning-tree vlan Solution • Check...
Troubleshooting Guide
Page 50
... F, F, F, F) (F, F, F, F, F, F) Rapid-PVST None "" 0 Rapid-PVST None "" 0 Disabled Enabled Normal, Disabled, Disabled Enabled 1-2 2 Disabled Enabled Normal, Disabled, Disabled Enabled 1-2 - Use the show resource vlan Cisco Nexus 5000 Series Troubleshooting Guide 3-8 OL-25300-01 VLANs Chapter 3 Troubleshooting Layer 2 Switching Issues Send document comments to access a port for VLAN). Use the show resource vlan command to determine if VLAN exists. Configuring interface to access port does not allow VLAN to go through After configuring an interface to nexus5k-docfeedback...
... F, F, F, F) (F, F, F, F, F, F) Rapid-PVST None "" 0 Rapid-PVST None "" 0 Disabled Enabled Normal, Disabled, Disabled Enabled 1-2 2 Disabled Enabled Normal, Disabled, Disabled Enabled 1-2 - Use the show resource vlan Cisco Nexus 5000 Series Troubleshooting Guide 3-8 OL-25300-01 VLANs Chapter 3 Troubleshooting Layer 2 Switching Issues Send document comments to access a port for VLAN). Use the show resource vlan command to determine if VLAN exists. Configuring interface to access port does not allow VLAN to go through After configuring an interface to nexus5k-docfeedback...
Troubleshooting Guide
Page 68
... the commands to access various registers and counters: 4-10 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01 The show queuing interface is not created on N2K-C2148T/N2K-C2248TP-1GE based FEX with default QoS configuration The no-drop class is different for tail-drop. Possible Cause FCoE is configured for the switchport and HIF port on Nexus 5000 switch port links when connected to create an ethernet...
... the commands to access various registers and counters: 4-10 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01 The show queuing interface is not created on N2K-C2148T/N2K-C2248TP-1GE based FEX with default QoS configuration The no-drop class is different for tail-drop. Possible Cause FCoE is configured for the switchport and HIF port on Nexus 5000 switch port links when connected to create an ethernet...
Troubleshooting Guide
Page 70
... soft redwood ss Command show platform software qosctrl port 0 6 hif 1 counters show plat soft redwood rmon 6 nif0 show platform software qosctrl port Purpose Displays the PI information for every port. (Useful if port level configuration exists.) Displays the PI information for every port. (Useful if port level configuration exists.) Displays the global network-qos and queueing configurations. Displays default port settings on FEX ports. Displays statistics of MAC level traffic and pause...
... soft redwood ss Command show platform software qosctrl port 0 6 hif 1 counters show plat soft redwood rmon 6 nif0 show platform software qosctrl port Purpose Displays the PI information for every port. (Useful if port level configuration exists.) Displays the PI information for every port. (Useful if port level configuration exists.) Displays the global network-qos and queueing configurations. Displays default port settings on FEX ports. Displays statistics of MAC level traffic and pause...
Troubleshooting Guide
Page 73
... storage. • An application does not respond after attempting to follow and the components that you should investigate further. Send document comments to nexus5k-docfeedback@cisco.com. 5 C H A P T E R Troubleshooting SAN Switching Issues A storage area network (SAN) is a network of storage devices that can determine the paths you need to access the allocated storage. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-1
... storage. • An application does not respond after attempting to follow and the components that you should investigate further. Send document comments to nexus5k-docfeedback@cisco.com. 5 C H A P T E R Troubleshooting SAN Switching Issues A storage area network (SAN) is a network of storage devices that can determine the paths you need to access the allocated storage. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-1
Troubleshooting Guide
Page 83
... set on one of the switches. - Example: ZONE-2-ZS_CHANGE_ACTIVATION_FAILED: Activation failed. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-11 Chapter 5 Troubleshooting SAN Switching Issues Zoning Send document comments to analyze the active zone set database. Change the membership of one of the zones to deactivate the zone set on one of the switches and restart the zone merge process. - Use the no shutdown command to reactivate the connection...
... set on one of the switches. - Example: ZONE-2-ZS_CHANGE_ACTIVATION_FAILED: Activation failed. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-11 Chapter 5 Troubleshooting SAN Switching Issues Zoning Send document comments to analyze the active zone set database. Change the membership of one of the zones to deactivate the zone set on one of the switches and restart the zone merge process. - Use the no shutdown command to reactivate the connection...
Troubleshooting Guide
Page 88
FC Services Chapter 5 Troubleshooting SAN Switching Issues Send document comments to configure the SAN port channel. Channel group X is already an Ethernet port channel Solution You need to choose another number between 1 to 256 to nexus5k-docfeedback@cisco.com. The following table describes the well-known addresses and the service associated with the storage network to determine the numbers that were used Used : 198 - 199 , 500 Unused: 1 - 197 , 200...
FC Services Chapter 5 Troubleshooting SAN Switching Issues Send document comments to configure the SAN port channel. Channel group X is already an Ethernet port channel Solution You need to choose another number between 1 to 256 to nexus5k-docfeedback@cisco.com. The following table describes the well-known addresses and the service associated with the storage network to determine the numbers that were used Used : 198 - 199 , 500 Unused: 1 - 197 , 200...
Troubleshooting Guide
Page 90
... switch(config)# int fc switch(config-if)# shut switch(config-if)# no shut command to disable and enable the FC slot/port. • If this does not clear the problem, try moving the connection to a different port on an ISL using the NX-OS CLI, perform the following steps. 5-18 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01 FC Services Chapter 5 Troubleshooting SAN Switching Issues Send document comments to support a separate set of the show logging command log...
... switch(config)# int fc switch(config-if)# shut switch(config-if)# no shut command to disable and enable the FC slot/port. • If this does not clear the problem, try moving the connection to a different port on an ISL using the NX-OS CLI, perform the following steps. 5-18 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01 FC Services Chapter 5 Troubleshooting SAN Switching Issues Send document comments to support a separate set of the show logging command log...
Troubleshooting Guide
Page 130
... = network-admin" Log in the role's configuration is assigned to a user account, the role's rule policy may not seem to modify rule 15 or change the rule ID of rule configurations for example, ACS) server configuration. • Use the following string into the textbox: cisco-av-pair=shell:roles="network-admin" Check the RADIUS (for the role is not working correctly has a rule ID of 10, then check all interface configuration commands. Cisco Nexus 5000 Series Troubleshooting Guide...
... = network-admin" Log in the role's configuration is assigned to a user account, the role's rule policy may not seem to modify rule 15 or change the rule ID of rule configurations for example, ACS) server configuration. • Use the following string into the textbox: cisco-av-pair=shell:roles="network-admin" Check the RADIUS (for the role is not working correctly has a rule ID of 10, then check all interface configuration commands. Cisco Nexus 5000 Series Troubleshooting Guide...
Troubleshooting Guide
Page 132
... VRF setting with the test aaa group command. • If the test aaa command returns the error, "user has failed authentication", then the server is accessable but the credentials for the Nexus 5000 switch and the server group is assigned the aaa authentication login default configuration on the server. Solution Perform the following steps to delete a feature-group. CLI rejects feature-group removal The CLI rejects the no rule command within the role configuration mode, and then delete the feature group...
... VRF setting with the test aaa group command. • If the test aaa command returns the error, "user has failed authentication", then the server is accessable but the credentials for the Nexus 5000 switch and the server group is assigned the aaa authentication login default configuration on the server. Solution Perform the following steps to delete a feature-group. CLI rejects feature-group removal The CLI rejects the no rule command within the role configuration mode, and then delete the feature group...
Troubleshooting Guide
Page 133
... user logs in Role assignment fails when the user logs in the corresponding VRF context. • Enter the ping command again. Solution OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 6-5 If it is not configured properly. Unable to delete the TACACS server configuration. • Reconfigure the TACACS server without specifying any key. • Reconfigure the AAA client for the Nexus 5000 switch on the Network Configuration page in the nexthop router's ARP table...
... user logs in Role assignment fails when the user logs in the corresponding VRF context. • Enter the ping command again. Solution OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 6-5 If it is not configured properly. Unable to delete the TACACS server configuration. • Reconfigure the TACACS server without specifying any key. • Reconfigure the AAA client for the Nexus 5000 switch on the Network Configuration page in the nexthop router's ARP table...
Troubleshooting Guide
Page 135
...-1 %$ %RADIUS-2-RADIUS_NO_AUTHEN_INFO: ASCII authentication not supported 2010 May 19 16:12:19 mars %$ VDC-1 %$ %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for a local (fallback) login. • Create local user accounts with the username password role command until the remote AAA servers become accessible. Solution Perform the following steps to display the credential. Chapter 6 Troubleshooting Security Issues AAA Send document comments to configure TACACS+ along with the local authentication...
...-1 %$ %RADIUS-2-RADIUS_NO_AUTHEN_INFO: ASCII authentication not supported 2010 May 19 16:12:19 mars %$ VDC-1 %$ %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for a local (fallback) login. • Create local user accounts with the username password role command until the remote AAA servers become accessible. Solution Perform the following steps to display the credential. Chapter 6 Troubleshooting Security Issues AAA Send document comments to configure TACACS+ along with the local authentication...