It is important to understand that most troubleshooting processes occur remotely. The following sections are written with this premise in mind: You are located somewhere else, possibly thousands of miles from the remote user's location. The core router is located somewhere on your campus, or possibly both the core and the end user's router are miles away from you. NOTE Make sure that you understand the environment in which you are troubleshooting because troubleshooting is an environment-dependant activity. After you establish the environment with which you are dealing, you need to set up your own environment. This section focuses on how you should set up your troubleshooting process. Of course, the real world can offer you much less, but any part of these recommendations can help you pinpoint the problem faster. These recommendations include the following:
Using #show isdn status to View Service LayersIf the remote user's ISDN is not functioning correctly, you cannot telnet to the router. Your best chance is to work with the remote user. Take time to help the user (if necessary) by teaching him or her how to use the telnet session or the console connection to the router. One of the most useful IOS commands for ISDN troubleshooting is show isdn status, which provides a snapshot of all layers of the service. Example 13-1 shows an ISDN line in the activation stage. The first layer of this IOS-based router is active, but the second layer negotiation is still in progress. Example 13-1. Snapshot of ISDN BRI Layers 804-isdn#show isdn status Global ISDN Switchtype = basic-5ess ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-ni Layer 1 Status: ACTIVE Layer 2 Status: TEI = 96, Ces = 1, SAPI = 0, State = TEI_ASSIGNED TEI = 105, Ces = 2, SAPI = 0, State = TEI_ASSIGNED TEI 96, ces = 1, state = 3(await establishment) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 0, tid = 1 TEI 105, ces = 2, state = 1(terminal down) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask: 0x80000003 Total Allocated ISDN CCBs = 0 804-isdn# NOTE The dynamics of ISDN events can be seen using the powerful command 804-isdn#debug isdn events [interface bri 0]. This command requires a detailed understanding of the messages on the screen and generates significant output. If you feel confident enough, use it; but when you use it on the core router, limit the duration to less than ten minutes and turn it off. The #show isdn status output in Example 13-2 is of a properly functioning BRI circuit. In Example 13-2, Layer 1 is active and Layer 2 is in a MULTIPLE_FRAME_ESTABLISHED state. The terminal endpoint identifiers (TEIs) are successfully negotiated, and the ISDN Layer 3 is ready to make or receive calls. Example 13-2. All Layers of ISDN Are Active804-isdn#show isdn status Global ISDN Switchtype = basic-5ess ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-ni Layer 1 Status: ACTIVE Layer 2 Status: TEI = 96, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI = 105, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED TEI 96, ces = 1, state = 5(init) spid1 configured, spid1 sent, spid1 valid Endpoint ID Info: epsf = 0, usid = 0, tid = 1 TEI 105, ces = 2, state = 5(init) spid2 configured, spid2 sent, spid2 valid Endpoint ID Info: epsf = 0, usid = 1, tid = 1 Layer 3 Status: 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask: 0x80000003 Total Allocated ISDN CCBs = 0 804-isdn# This is an important command. You must understand each line of this output. Table 13-1 provides a detailed description of the output.
In the enterprise environmentwhere usually you have deployed limited types of Cisco ISDN routersyou might have more options available, such as ISDN lines and Cisco routers configured for test purposes. The following sections give you details on these. Preconfiguring the Routers on Both EndsThe first thing you must consider is the router that's immediately available to you. It's a good idea to use any Cisco ISDN router, such as Cisco 776, Cisco 804, Cisco 1604, and so on, to perform initial testing of the remote user's router. If you are a network administrator who is responsible for a relatively big ISDN environment, it's a good idea to have an ISDN line at your desk. For example, the Cisco 77x router at your desk with a simple configuration can help you perform initial troubleshooting. The following are recommended configuration lines: set system ENS set ppp secret client secret secret set ppp secret host secret secret set ppp auth out none NOTE The system name can be anything as long as the system name on both ends (the test side and the remote user side) is the same. If the remote user has a 77x router, the following configuration needs to be applied to the user's router to allow remote access for troubleshooting: set user ENS set ppp client ENS set bridging on set ppp authentication outgoing chap set ppp secret client secret secret set ppp secret host secret secret cd set active ENS NOTE One possible option is to turn off the authentication on both ends of the link to rule it out as a problem. The benefit of this configuration is that, if the remote user's router includes this user configuration, you can call the LDN using the 77x router at your desk. The user's router simply prompts you for a password. NOTE Remember that the Cisco 77x series router has only one level of password authentication. This is unlike IOS routers, which have more sophisticated password systems, such as vty authentication option, enable password, and secrets. To verify that the user profile exists and it is active on both sides, enter the show user command on both routers, as shown in Example 13-3. Example 13-3. show user Output ENS> show user User State Connection -------------------------------------------- LAN Active LAN Internal Active INTERNAL Standard Active 1 gateway Active 2 ENS Active 3 ENS> NOTE The remote user's router must be powered up for testing purposes. Even when troubleshooting is performed by the LEC, the technician cannot run any tests without the powered-up NT1. If the router has a built-in NT1, the router must be powered on; if not, the power supply for NT1 must be turned on. Most of the line tests by the local providers require looping back the NT1. Accessing the Remote User's RouterWith your router and the user's router setup, you can now make a manual call to the remote user's router from your test router, which will result in a number of typical situations:
After this point, you are in the remote user's router. If the provided password is correct, you see the remote user's router prompt: 776-isdn> Now you have direct access to the user's router without needing the end user to assist you with troubleshooting. Preliminary Test of Remote IOS-Based ISDN Router with Test 776 RouterIf the user's router is an IOS-based ISDN router and you are calling from a 77x router, you can still make a call, but the IOS will not prompt you (by default). To gain access to an IOS router, you usually use a Telnet or Secure Shell (SSH) session. The problem is: How do you use Telnet if the remote user's router cannot pass data? This is the benefit of using a 77x to call an 804 router. If the call is successful, you see the following message: ENS> call 1 14087312598 01/01/1995 00:07:36 L05 0 14087312598 Outgoing Call Initiated ENS> ENS> 01/01/1995 00:07:37 L08 1 14087312598 Call Connected ENS> 01/01/1995 00:07:37 L60 1 Password Not Found ENS> 01/01/1995 00:07:37 L12 1 Disconnected Remotely Cause 16 Normal Disconnect ENS> 01/01/1995 00:07:37 L27 1 Disconnected ENS> Your 776 router makes a call to 1 408 731-2598, which is configured in Cisco IOS 804 router. If remote users see the channel1 light, and both the TxD and RxD lights blink, the status of the ISDN service is okay (see the show isdn status command later). But the connection drops with the message Password Not Found, which gives you an indication of what the problem is. First of all, this is the expected message and the connection is dropping at the authentication phase of PPP protocol because you are calling from the test router, but not from the core router. This narrows down the probable causes of the problem. Recall from the explanations in Chapter 12 that to reach the PPP authentication phase, the ISDN service goes through all three layers of the D channel, through the LCP stage of PPP, and, just after that, it reaches the authentication phase. At this point, all you have to do is to concentrate on possible PAP/CHAP issues on both the remote user's and core routers. Preliminary Test of Remote 77x Router with Test IOS-Based ISDN RouterHow do you call from an IOS-based router to a 77x router? Example 13-4 shows you how this works. Your test router ENS-isdn is calling 1 831 430-0444 by using your first channel. You are debugging the ppp negotiation with the command #debug ppp negotiation. Example 13-4. The Output of Calling a 77x Router from an IOS-Based RouterENS-isdn#isdn call interface bri0:1 18314300444 *Mar 7 02:28:31.895: BR0:1 PPP: Phase is TERMINATING *Mar 7 02:28:31.899: BR0:1 LCP: O TERMREQ [Open] id 107 len 4 *Mar 7 02:28:31.899: Vi1 CDPCP: State is Closed *Mar 7 02:28:31.903: Vi1 IPCP: State is Closed *Mar 7 02:28:31.907: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down *Mar 7 02:28:31.907: Vi1 PPP: Phase is TERMINATING *Mar 7 02:28:31.911: Vi1 LCP: State is Closed *Mar 7 02:28:31.911: Vi1 PPP: Phase is DOWN *Mar 7 02:28:31.911: Di1 IPCP: Remove route to 172.30.253.254 *Mar 7 02:28:32.115: BR0:1 LCP: I TERMACK [TERMsent] id 107 len 4 *Mar 7 02:28:32.115: BR0:1 LCP: State is Closed *Mar 7 02:28:32.119: BR0:1 PPP: Phase is DOWN *Mar 7 02:28:32.119: BR0:1 PPP: Phase is ESTABLISHING, Passive Open *Mar 7 02:28:32.119: BR0:1 LCP: State is Listen *Mar 7 02:28:32.127: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 18007735555 access-gw1, call lasted 61 seconds *Mar 7 02:28:32.319: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down *Mar 7 02:28:32.331: BR0:1 LCP: State is Closed *Mar 7 02:28:32.331: BR0:1 PPP: Phase is DOWN8314300444 *Mar 7 02:28:32.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down *Mar 7 02:28:32.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to down *Mar 7 02:28:35.883: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up *Mar 7 02:28:35.899: BR0:1 PPP: Treating connection as a callout *Mar 7 02:28:35.899: BR0:1 PPP: Phase is ESTABLISHING, Active Open *Mar 7 02:28:35.903: BR0:1 LCP: O CONFREQ [Closed] id 108 len 35 *Mar 7 02:28:35.903: BR0:1 LCP: AuthProto CHAP (0x0305C22305) *Mar 7 02:28:35.907: BR0:1 LCP: MagicNumber 0xD030C260 (0x0506D030C260) *Mar 7 02:28:35.907: BR0:1 LCP: MRRU 1524 (0x110405F4) *Mar 7 02:28:35.907: BR0:1 LCP: EndpointDisc 1 Local (0x131001706E6564656C74632D6973646E) *Mar 7 02:28:37.539: BR0:1 LCP: I CONFREQ [REQsent] id 89 len 31 *Mar 7 02:28:37.543: BR0:1 LCP: AuthProto CHAP (0x0305C22305) *Mar 7 02:28:37.543: BR0:1 LCP: MagicNumber 0xB13FEF1B (0x0506B13FEF1B) *Mar 7 02:28:37.543: BR0:1 LCP: MRRU 1524 (0x110405F4) *Mar 7 02:28:37.547: BR0:1 LCP: EndpointDisc 1 Local (0x130C01627564692D6973646E) *Mar 7 02:28:37.551: BR0:1 LCP: O CONFACK [REQsent] id 89 len 31 *Mar 7 02:28:37.551: BR0:1 LCP: AuthProto CHAP (0x0305C22305) *Mar 7 02:28:37.551: BR0:1 LCP: MagicNumber 0xB13FEF1B (0x0506B13FEF1B) *Mar 7 02:28:37.555: BR0:1 LCP: MRRU 1524 (0x110405F4) *Mar 7 02:28:37.555: BR0:1 LCP: EndpointDisc 1 Local (0x130C01627564692D6973646E) *Mar 7 02:28:37.903: BR0:1 LCP: TIMEout: State ACKsent *Mar 7 02:28:37.903: BR0:1 LCP: O CONFREQ [ACKsent] id 109 len 35 *Mar 7 02:28:37.903: BR0:1 LCP: AuthProto CHAP (0x0305C22305) *Mar 7 02:28:37.907: BR0:1 LCP: MagicNumber 0xD030C260 (0x0506D030C260) *Mar 7 02:28:37.907: BR0:1 LCP: MRRU 1524 (0x110405F4) *Mar 7 02:28:37.907: BR0:1 LCP: EndpointDisc 1 Local (0x131001706E6564656C74632D6973646E) *Mar 7 02:28:37.947: BR0:1 LCP: I CONFACK [ACKsent] id 109 len 35 *Mar 7 02:28:37.947: BR0:1 LCP: AuthProto CHAP (0x0305C22305) *Mar 7 02:28:37.947: BR0:1 LCP: MagicNumber 0xD030C260 (0x0506D030C260) *Mar 7 02:28:37.951: BR0:1 LCP: MRRU 1524 (0x110405F4) *Mar 7 02:28:37.951: BR0:1 LCP: EndpointDisc 1 Local (0x131001706E6564656C74632D6973646E) *Mar 7 02:28:37.955: BR0:1 LCP: State is Open *Mar 7 02:28:37.955: BR0:1 PPP: Phase is AUTHENTICATING, by both *Mar 7 02:28:37.955: BR0:1 CHAP: O CHALLENGE id 176 len 34 from "ENS-isdn" *Mar 7 02:28:37.959: BR0:1 CHAP: I CHALLENGE id 87 len 30 from "804-isdn" *Mar 7 02:28:37.963: BR0:1 CHAP: Username 804-isdn not found ! Username is not found *Mar 7 02:28:37.963: BR0:1 CHAP: Unable to authenticate for peer ! Unable to authenticate *Mar 7 02:28:37.963: BR0:1 PPP: Phase is TERMINATING *Mar 7 02:28:37.967: BR0:1 LCP: O TERMREQ [Open] id 110 len 4 *Mar 7 02:28:37.995: BR0:1 LCP: I TERMACK [TERMsent] id 110 len 4 *Mar 7 02:28:37.995: BR0:1 LCP: State is Closed *Mar 7 02:28:37.995: BR0:1 PPP: Phase is DOWN *Mar 7 02:28:37.995: BR0:1 PPP: Phase is ESTABLISHING, Passive Open *Mar 7 02:28:37.999: BR0:1 LCP: State is Listen *Mar 7 02:28:38.003: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 18314300475 804-isdn, call lasted 2 seconds *Mar 7 02:28:38.159: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down *Mar 7 02:28:38.167: BR0:1 LCP: State is Closed *Mar 7 02:28:38.167: BR0:1 PPP: Phase is DOWN ENS-isdn# The procedure is successful until the authentication phase (see Chapter 12 for more information on the authentication phase), at which point the call is dropped in two seconds. This shows that the ISDN layers are okay, PPP is configured, LCP is okay, CHAP is the chosen authentication option, and CHAP is configured two ways. From this point, you can focus on authentication, NCP protocols, and routing. NOTE It is important to understand that, in this example, username failed because, by default, IOS is trying to use the host name for the CHAP username. With theses initial recommendations, you are now ready to tackle some of the problems you might face. The following scenarios walk you through typical situations that you might encounter when troubleshooting ISDN remote services. |