|
|
This chapter is designed to provide a general introduction to common operations used in troubleshooting Cisco remote access to Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) integration over a shared infrastructure. For specifics of troubleshooting each remote access method, see the chapters that follow:
For component overviews and technological descriptions of remote access to MPLS VPN, see the Cisco Remote Access to MPLS VPN Integration 2.0 Overview and Provisioning Guide.
For all remote access methods, you follow a similar process to troubleshoot problems:
Step 1 Verify that the configuration on each device is correct. For example, in an L2TP dial-in solution using the service provider's AAA RADIUS server for user authorization, authentication, and accounting, you would verify the configuration on the network access server (NAS), virtual home gateway provider edge router (VHG/PE), and the AAA RADIUS server.
Step 2 Identify the main events in the call flow. In the following chapters, you will find a sample topology and call flow for each of the remote access methods.
Step 3 If possible, identify where in the call flow the problem may originate. Check "Potential Problem Areas" to see if your problem is listed, along with suggested troubleshooting topics.
Step 4 Troubleshoot the appropriate events in the call flow using show or debug commands. If you are not sure which events to focus on, proceed from start to finish. In each section, we describe how to troubleshoot each major event in the call flow. Information on initiating and viewing command output is provided in "Initiating and Viewing Command Output".
For troubleshooting any remote access method, you typically view and analyze the output of show or debug commands. As you know if you have done configuration and provisioning for your remote access to MPLS VPN integration solution, Cisco IOS software provides the capability to configure Cisco routers and switches using command-line interface (CLI) commands. It also provides the capability to troubleshoot problems in the network by using show or debug commands relevant to various events in the call flow.
When entering commands:
When you use the CLI, a command interpreter called EXEC is employed by the operating system to translate any command and execute its operation. This command interpreter has two access modes, user and privileged, which provide security to the respective command levels. Each command mode restricts you to a subset of mode-specific commands.
debug commands are issued in privileged EXEC mode. You enter privileged mode from user mode. Once in privileged mode, you can enter debugging commands.
Table 1-1 shows how to enter and move between user and privileged modes.
| Command Mode | Prompt | Access Method | Escape Method |
|---|---|---|---|
User EXEC | | Log in. | Use the exit or logout command to leave the command line interface. |
Privileged EXEC | | From user EXEC mode, enter the enable command. | Use the disable command to escape back to user EXEC mode. Use the exit or logout command to leave the command line interface. |
Before issuing debug commands, please refer to "Important Information on Debug Commands" at http://www.cisco.com/warp/customer/793/access_dial/debug.html .
All debug commands are entered in privileged EXEC mode, and most debug commands take no arguments. For example, to enable the debug vpdn events command, enter the following in privileged EXEC mode at the command line:
debug vpdn events
If you are using Telnet to connect to the router, enter the following to display the debug output:
terminal monitor
To turn off the debug vpdn events command, in privileged EXEC mode, enter the no form of the command at the command line:
no debug vpdn events
To display the state of each debugging option, enter the following at the command line in privileged EXEC mode:
show debugging
Enabling a debug command results in output similar to the following example for the debug vpdn events command:
Router# debug vpdn events
%LINK-3-UPDOWN: Interface Async6, changed state to up
*Mar 2 00:26:05.537: looking for tunnel -- cisco.com --
*Mar 2 00:26:05.545: Async6 VPN Forwarding...
*Mar 2 00:26:05.545: Async6 VPN Bind interface direction=1
*Mar 2 00:26:05.553: Async6 VPN vpn_forward_user bum6@cisco.com is forwarded
%LINEPROTO-5-UPDOWN: Line protocol on Interface Async6, changed state to up
*Mar 2 00:26:06.289: L2F: Chap authentication succeeded for stella.
The router continues to generate such output until you enter the corresponding no debug command (in this case, no debug vpdn events).
 |
Note The output of debug commands can be extensive. To use debug commands effectively, use a focused rather than a scattershot approach. Identify beforehand what you are looking for in a particular debug command and run the minimum number of commands necessary for your objective. |
Context-sensitive help is available at any command prompt. Enter a question mark (?) for a list of complete command names, semantics, and command mode command syntax. Use arrow keys at command prompts to scroll through previous mode-specific commands for display.
|
Note Cycle through mode specific commands at a mode specific prompt. |
For a list of available commands, enter a question mark.
AS5800> ?
To complete a command, enter known characters followed by a question mark (no space).
AS5800> s?
For a list of command variables, enter the command followed by a space and a question mark.
AS5800> show ?
Posted: Sun Sep 29 17:41:59 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.