This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Issue 04 (2007-06-15) Huawei Technologies Proprietary i
Contents
8 PPP and MP Troubleshooting .................................................................................................8-1 8.1 PPP and MP...................................................................................................................................................8-2
8.4 Troubleshooting Cases ................................................................................................................................8-14 8.4.1 The Physical Link Cannot Be Up.......................................................................................................8-14 8.4.2 LCP Cannot Be Opened .....................................................................................................................8-15 8.4.3 The CHAP Authentication of PPP Fails .............................................................................................8-16 8.4.4 The State of the Serial Interface Among the MP Interfaces Is Unstable ............................................8-17
The following table lists the contents of this chapter.
Section Describes
8.1 PPP and MP Provides the knowledge you should know before PPP and MP troubleshooting.
8.2 Troubleshooting PPP As for the PPP networking environment, introduces the PPP configuration notes, the troubleshooting flowchart and the detailed troubleshooting procedure.
8.3 Troubleshooting MP As for the MP networking environment, introduces the MP configuration notes, the troubleshooting flowchart and the detailed troubleshooting procedure.
8.4 Troubleshooting Cases Presents the actual troubleshooting cases.
8.5 FAQs Lists frequently asked questions and their answers.
8.6 Diagnostic Tools Introduces the diagnostic tools, including the display command and debugging command.
8 PPP and MP Troubleshooting Quidway NetEngine16E/08E/05
Concepts of PPP Point-to-Point Protocol (PPP) is one of the link layer protocols. It bears the packets at the network layer over the point-to-point link.
PPP consists of the following two types:
Link Control Protocol (LCP) Used to establish, terminate and monitor the PPP data link
Network Control Protocol (NCP) Used to negotiate the format and type of packets transmitted over a data link
PPP also provides the following authentication protocols about the network security:
PPP is widely used because it has the following features:
Providing the authentication
Easy to extend
Supporting the synchronization and asynchronization
PPP Features PPP has the following features:
Supporting the point-to-point connection (different from the data link layer protocol, such as X.25 and Frame Relay)
Allowing the physical layer to be the synchronous or asynchronous circuit Encapsulating the network data packets with various NCP protocols, including IPCP and
MPLSCP Allowing the data packet to have no retransmission mechanism and the network
overhead to be small Providing the security authentication by the authentication protocol, CHAP and PAP
PPP Functions PPP can provide the following functions:
User authentication and accounting Callback: the receiver pays the charge MP: multi-link binding Virtual Private Network (VPN): L2TP Data compression: supports the compression of the header of stac and Van Jacobson
TCP/IP
Quidway NetEngine16E/08E/05 Troubleshooting 8 PPP and MP Troubleshooting
PPPoE / PPPoA: the access solution of the broadband network
PPP Running Procedure The running procedure of PPP is shown in Figure 8-1.
Figure 8-1 Running flowchart of PPP
Dead Establish Authenticate
Terminate Network
UP OPENED
FAIL FAIL
DOWN CLOSING
SUCCESS/NONE
1. At the beginning of setting the PPP link, you can enter the Establish phase. 2. In the Establish phase, the PPP link carries out the LCP negotiation, including the
working mode, the Single-link PPP (SP) or the Multilink PPP (MP), the authentication mode and the MTU. The PPP link is opened after the LCP negotiation succeeds and the bottom link has been set up.
3. Enter the authentication phase after the authentication is set up and then start the CHAP or PAP.
4. If the authentication fails, you can enter the Terminate phase and remove the link. The state of the LCP changes into down. If the authentication succeeds, enter the NCP, the state of the LCP is still opened and the state of the NCP changes from initial to request.
5. The NCP negotiation supports the IPCP, MPLSCP and OSCICP. The IPCP negotiation contains both IP addresses. You can choose and set one network layer protocol by the NCP negotiation. Only after the negotiation of the network layer protocol succeeds, can the network protocol be used to send the packets by the PPP link.
6. The communication keeps on the PPP link until the definite LCP or NCP frame closes the link or some external events occur, such as the intervention from the users.
LCP Negotiation After the physical link is up, the PPP carries out the LCP negotiation first. The negotiation contains:
the MTU
the magic number the authentication mode the mapping of the asynchronous character
For details, you can refer to RFC1661).
When the initial status of the physical interface is not up, the status of the local end is initial.
At the beginning when the physical interface is not up, the state is initial. When the Physical Layer is prepared the layer sends out an up event, the local PPP starts the LCP negotiation.
8 PPP and MP Troubleshooting Quidway NetEngine16E/08E/05
1. After the local LCP is open, you can reset the entries of the link negotiation and change the state machine state into starting.
2. Trigger the lowerup event and send the Conf-Request. Negotiate the entries, such as MTU and CHAP/PAP and change the state of the local end from starting to reqsent.
3. The remote end receives and processes the negotiation packets according to the entries and the packet.
The interface will pick up the entries that it cannot accept; then pick up some of them to form the Conf-Rej packet, and send them back. Its state is reqsent.
The interface will pick up the entries that it can but do not will to accept; then enable them to form the Conf-Nak packet, and send them back. Its state is reqsent.
In the above cases, both ends will renegotiate until the counter of the renegotiation reaches the maximum value.
4. Repeat the process until the remote end accepts all requests. Send Conf-Ack back and the state becomes acksent.
PPP persists on the equal end. So the same negotiation is carried out at both ends and the changes of state occur at the same time. When the state of the local end is acksent and receives the Conf-Ack from the remote end, both ends complete the negotiation and enter the next phase. In this way, the upper layer will be up and its state will be changed into opened. The negotiation ends.
8.1.2 MP MultiLink PPP (MP) is formed by binding the multiple PPP links together to increase the bandwidth. It can be applied on the serial or the POS interface.
MP allows the packet fragmentation. The packets can be sent to the same destination through the multiple PPP links.
Implementation Methods Methods for NE16E/08E/05 to support the MP configuration:
MP-group Virtual-Template (VT)
It is recommended not to configure many services, such as MP, L2TP and PPPoE, on the same virtual template.
When you configure MP in the MP-group mode, you can add the physical interface to the MP group.
The configuration of MP by VT contains as follows:
1. Direct binding
The system binds the links to the specified virtual template in the direct way. Authentication is optional:
If authentication is configured, the system binds the links to the specified virtual interface template after the interface passes the authentication
If authentication is not configured, the system binds the links directly to the specified virtual template when the interface is available
Quidway NetEngine16E/08E/05 Troubleshooting 8 PPP and MP Troubleshooting
Use the following parameters to authenticate the binding:
Username: indicates the received peer username of the PPP link in PAP or CHAP authentication
Endpoint Discriminator: identifies a router only and is the received peer endpoint discriminator in the LCP negotiation
The above two parameters can be used to authenticate the binding at the same time. The interfaces with the same user names and endpoint discriminator are bound to the same virtual template.
If the local needs to perform the MP binding based on the username, you can configure the local end to authenticate the peer in CHAP or PAP mode.
For the configuration procedures, you can refer to the section of the PPP and MP configuration in operation manual. Bind the ppp mp command on the interface to the MP.
You must use the same method to bind the interfaces that need to be bound together.
In the actual applications, you can set up one kind of the authentication. Only one end can be directly bound to the virtual template and the other ends need to search for the template according to the user name.
Negotiation Process. The MP negotiation process has two types, that is, the LCP negotiation and the NCP negotiation process
LCP negotiation: The two peers carry out the LCP negotiation. In addition to the negotiation of the LCP parameters, the router authenticates if the peer interface works in the MP mode. If the two peers work in different modes, LCP does not succeed.
NCP negotiation: The two peers carry out the NCP negotiation according to the NCP parameters of the MP-group interface and the specified virtual interface module. The NCP parameter of the interface is not carried out.
When the NCP negotiation succeeds, you can set up the MP link.
Realizing that the negotiation can succeed as long as the authentication of routers on both ends is the same
CHAP authentication Paying attention to what kind of the authentication is, that is, the unidirectional one or the bidirectional one
Negotiation of the PPP parameters
PAP authentication Assuring the information on the user that needs to be authenticated
The configuration of the PPP on the POS interface is shown as follows. (Take the PAP authentication as an example with Router A being the authenticating side.)
To configure the IP address of the local interface and that of the peer interface, make sure that the two IP addresses must be in the same network segment.
Configuring Router A as follows:
<RouterA> system-view
[RouterA] aaa
[RouterA-aaa] local-user aa password simple bb
[RouterA-aaa] quit
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] clock master
[RouterA-Pos1/0/0] link-protocol ppp
[RouterA-Pos1/0/0] ppp authentication-mode pap
[RouterA-Pos1/0/0] ip address 10.1.1.1 255.255.255.252
[RouterA-Pos1/0/0] shutdown
[RouterA-Pos1/0/0] undo shutdown
[RouterA-Pos1/0/0] quit
Configuring Router B as follows:
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] link-protocol ppp
[RouterB-Pos1/0/0] ppp pap local-user aa password simple bb
[RouterB-Pos1/0/0] ip address 10.1.1.2 255.255.255.252
[RouterB-Pos1/0/0] shutdown
[RouterB-Pos1/0/0] undo shutdown
[RouterB-Pos1/0/0] quit
Quidway NetEngine16E/08E/05 Troubleshooting 8 PPP and MP Troubleshooting
8.2.3 Diagnostic Flowchart As for the network that is shown in Figure 8-2, if the state of the link layer protocol cannot be up after every router is configured, you can use the diagnostic flowchart as shown in Figure 8-3.
Figure 8-3 Diagnostic flowchart of faults on PPP
Theconfigurations on
both ends areconsistent?
The physicallayer can be up?
PPPcannot be up.
The problem is solved?
Enable the debugging.
The LCPnegotiation
passes?
The authentication is configured
correctly?
The NCPnegotiation
passes?
Seek thetechnology
support.
Confirm the physic al connection is
correct and restartthe interface.
Reconfigure therelated entrieson both ends.
Reconfigure thenegotiation entries
on both ends.
Reconfigure theauthentication
according to therequirements on the
authenticationconfiguration.
Confirm the networklayer protocols are
identical.
The problem is solved?
The problem is solved?
The problem is solved?
The problem is solved?
End
Yes
No
No
No
Yes
Yes
Yes
Yes
No
No
No
Yes
Yes
No
Yes
No
Yes
No
No
Yes
8 PPP and MP Troubleshooting Quidway NetEngine16E/08E/05
8.2.4 Troubleshooting Procedure The following table gives the summary of the troubleshooting procedure.
Step Action
1 Checking That the Physical Layer Is Up
2 Enabling the Debugging of PPP
3 Checking the Configurations on Both Ends
4 Checking That the LCP Negotiation Succeeds
5 Checking That Authentication Is Correct
6 Checking That the NCP Authentication Succeeds
7 Checking That the Scramble on Both Ends Is Consistent
The details of troubleshooting are described below:
Checking That the Physical Layer Is Up If the physical layer is not up, you can first check that the link connection is correct. You can try to exchange the receiving and sending fibers of the switch board and check that the state of the physical layer is up.
Excluding the faults on the fiber, you can check that the optical modules on both ends are matchable. Check that the wavelength of the optical module and the single-mode is matchable in the multi-mode.
After you have confirmed that the fault is not in the optical module, if the interface is the interface connects the serial link that is channelized by CPOS/E1/T1, check whether the clock mode is master at one end and slave at the other end.
After proving that the faults is not related to the clock mode, enter the interface view and use the display this command to check the setting on the interface and confirm that the undo shutdown command has been executed on both ends.
After the above procedure is finished, the board may be damaged if the interface is still down. You can contact the technological engineer or access http://support.huawei.com to feed your problems back.
Excluding the problems at the physical layer, execute the following steps if the physical layer is up but the protocol layer is down.
The multi-mode fiber can only be used for the multi-mode optical module, while the single-mode
fiber can only be used for the single-mode optical module. Using the display interface pos 1/0/0 verbose command, you can check more.
Enabling the Debugging of PPP You need to enable the debugging of PPP in the command mode.
Taking the POS1/0/0 as an example, execute the following commands:
Quidway NetEngine16E/08E/05 Troubleshooting 8 PPP and MP Troubleshooting
<Quidway> debugging ppp all verbose interface pos1/0/0
As for the CE1 and CPOS interface, if you want to get the information on the ppp debugging of the sub-interface, you can add the index number of the sub-interface at the end of the command. For example, you can execute the debugging ppp all interface serial 2/0/0:2 command on the serial interface 2/0/0:2 of the CE1.
The information on the received and sent packets will be shown when PPP debugging is enabled.
The description is omitted here.
Checking the Configurations on Both Ends Using the display interface interface-type interface-number command, you can check that the fields on both ends, such as Link layer protocol, Scramble, CRC and clock, are proper.
The Maximum Transmit Unit is 4470 bytes, Hold timer is 10(sec)
Internet Address is 10.1.1.1/30
Link layer protocol is PPP
LCP initial
Physical layer is Packet Over SDH
“Line protocol current state:” displays the state of the PPP protocol. If the state is down, you can check that the LCP negotiation succeeds.
The field “LCP initial” displays the state of the LCP. The state of the LCP negotiation contains Initial, REQSENT, ACKSENT and Opened. If the negotiation state is opened, the negotiation succeeds.
If the state of the LCP is not opened, the LCP negotiation does not succeed.
The possible causes are as follows:
In the operation, the LCP negotiation often occurs on the interaction among different devices, because the negotiation parameters on different devices may be different. When this case occurs, using the information on the ppp debugging, you can see the contents of the received and sent packet and confirm that the encapsulation of the data packet is correct and the local device can resolute the packet that is sent from the remote end.
On the serial link with the interface being channelized from CPOS/E1/T1, check whether the clock mode is master at one end and slave on the other end.If both ends are set to master or both ends are set to slave, this setting may cause that the link is unable to be up so that LCP negotiation fails.
When you find that the LCP cannot be open, you can start with the count on the local and remote interface if the received packets are all correct.
The failures of the authentication and the NCP negotiation cause the LCP renegotiation. If the LCP negotiation succeeds, you need to pay attention to the troubleshooting on the authentication and the NCP, some faults occur in the authentication phase and the NCP phase.
The instability of the physical link affects the state of the LCP. When the LCP is changing from up and down, you can check the state of the physical link.
Checking That Authentication Is Correct The PPP has two authentication modes: that is, the PAP and the CHAP authentication. These two modes adopt different ways.
You can check that the authentication is correct by the setting on the interface.
Pay attention to the following aspects during the PAP authentication:
Configuring the user name and password on the client during the PAP authentication, such as ppp pap local-user ROUTERA password simple ROUTERA_PassWord
Configuring the ppp authentication-mode pap command on the authenticator
Quidway NetEngine16E/08E/05 Troubleshooting 8 PPP and MP Troubleshooting
For the correct authentication, configuring the user name and the password sent by the client in the AAA on the server
Pay attention to the following aspects during the CHAP authentication:
Listing the remote user name and password in the local user list when you configure the local device with the CHAP mode to authenticate the remote device
Configuring the local device with the user name and password in the CHAP authentication when you configure the local device with the CHAP mode to authenticate the remote device
The user name of CHAP being different from the user name configured on the local AAA
Checking That the NCP Authentication Succeeds You can choose and configure one or more network layer protocols in the NCP phase. The transferring process of the state of the network layer protocol is the same as that in the LCP phase. You can refer to the transferring process of the state of the LCP.
If the IP protocol is adopted at the network layer, you need to set an IP address or get the IP address by the negotiation.
Checking That the Scramble on Both Ends Is Consistent Using the display interface interface-type interface-number command, you can check that the scramble on both ends is consistent. If not, you can use the scramble/undo scramble command to set them to be consistent.
If you still cannot enable the link layer protocol to be up, you can contact the technology engineer or access http://support.huawei.com to feed your problems back.
Set the link layer protocol of the VT interface with PPP. Configure VT with the MP binding
Configure the local and remote interfaces and the settings on both ends are identical.
The authentication binding has three modes, that is, the user name, the terminal identifier, and the user name and the terminal identifier.
Configure VT with the MP authentication binding
At present, MP does not support the binding among the interfaces of the boards. You can carry out the MP binding only according to the user name.
Carrying out the MP negotiation, you need to negotiate the terminal identifier by default. The remote end does not send the terminal identifier, and the MP negotiation cannot pass. In this case, the terminal identifier is not negotiated on the local end.
Configure the MP-group with the MP binding
If you execute the undo discriminator command on the MP-group interface, you must execute the shutdown, undo shutdown command in the sub-channel of the MP-group to enable the setting to take effect.
Configure the MP parameters
After modifying the parameters that are set in the virtual interface template view, you need to execute the shutdown command in all bound sub-tunnels to remove the MP. Then execute the undo shutdown command in the bound sub-tunnel to enable the MP to be rebound. After it, all configured commands can take effect.
8.3.3 Diagnostic Flowchart The flowchart of locating faults on the MP interface is shown in Figure 8-5.
Quidway NetEngine16E/08E/05 Troubleshooting 8 PPP and MP Troubleshooting
3 Checking the Link Layer Protocol on the MP Interface Runs Normally
Excluding the Physical Faults You can exclude the physical faults when locating the MP faults.
For the roadmap and detailed operation, refer to “Checking That the Physical Layer Is Up.”
Checking the include on the MP Interface The include on the MP interface specifies the number of the serial links that are bound in the MP.
Executing the display this interface command in the MP interface view, you can see the include value on the MP interface.
If the include value is 0, no serial link is bound on the MP interface, so it is normal that the MP is not up. This case is often caused by the setting error. you can refer to the configuration manual to exclude the errors.
If the include value is not 0, at least one serial link is bound on the MP interface.
Checking the Link Layer Protocol on the MP Interface Runs Normally Running the display this interface command on the MP interface, you can check that the link layer protocol MP-group is up. If the MP interfaces cannot ping through each other when the protocol is up, you can check the count of packets on the ingress and seek the technology support.
On the premise that the state of the MP physical interface is up and the IP address is configured in a correct way, you can see the state of the IPCP negotiation on the MP interface by the display this interface command.
When the state of IPCP is opened, the IPCP negotiation is finished. You can check the statistics of the received and sent packets on the interface to locate the defaults. If you do not find any abnormity, you can check the Troubleshooting PPP.
If you still cannot enable the link layer protocol to be up, you can contact the technology engineer or access http://support.huawei.com to feed your problems back.
8.4 Troubleshooting Cases 8.4.1 The Physical Link Cannot Be Up
Fault Description Executing the display interface command, you can check the state of the interface. The physical link cannot be up.
Serial3/1/0:0 current state : DOWN
Quidway NetEngine16E/08E/05 Troubleshooting 8 PPP and MP Troubleshooting
Analysis The state of the physical link cannot be up, and the possible causes are as follows:
The interface is not activated The physical layer parameters are not set in a correct way.
Troubleshooting Procedure
Step Action
1 Check the connection of the lines. Reconnect them if they are not connected in the correct or firm way.
2 Check that the optical modules are the same or the fiber and the optical module are matchable.
3 Executing the display interface command, you can check that the physical settings of both ends are consistent. If not, you can modify the parameters.
4 After modifying the parameters, you can execute the shutdown and undo shutdown commands to restart the interface.
8.4.2 LCP Cannot Be Opened
Fault Description The PPP link layer protocol cannot be Opened.
Analysis The possible causes include:
The PPP physical parameters are not configured in a correct way. The authentication modes on both ends are not the same.
Troubleshooting Procedure
Step Action
1 Executing the debugging ppp all interface interface-number command, you can enable the debugging.
2 If the LCP negotiation fails, check the LCP negotiation parameters.
8 PPP and MP Troubleshooting Quidway NetEngine16E/08E/05
3 If no faults exist in the LCP parameters, you can check that the authentication mode is correct, because the LCP negotiation contains the authentication negotiation. The failure of the authentication mode negotiation leads to the failure of the LCP negotiation.
4 Execute the display interface command to get more about the setting on the interface. Check if the configured parameter takes effect. If not, you can execute the shutdown command to disable the interface and then execute the undo shutdown command to restart the interface.
8.4.3 The CHAP Authentication of PPP Fails
Fault Description Connect one router to the devices of other company and then configure the CHAP authentication on the interfaces.
The authentication fails.
Analysis Some companies require the user name of the authenticator to be different from the user name of the authentication.
The NE16E/08E/05 has no requirement on it.
Troubleshooting Procedure Check the CHAP configuration on two devices.
If the user name of the authenticator is the same as the user name of the authentication, you need to modify it.
Step Action
1 Check the CHAP configuration on two devices. If the user name of the authenticator is the same as the user name of the authentication, you can modify it.Executing the display interface command on the NE16E/08E/05, you can check the CHAP configuration.
2 After modifying the CHAP configuration, you need to restart the both ends to enable the configuration. Execute the shutdown command on the NE16E/08E/05 in interface view to disable the interface, and then execute the undo shutdown command to restart the interface.
Quidway NetEngine16E/08E/05 Troubleshooting 8 PPP and MP Troubleshooting
8.4.4 The State of the Serial Interface Among the MP Interfaces Is Unstable
Network Environments The network structure is shown in Figure 8-6.
Figure 8-6 Networking of the troubleshooting instance on the MP interface
Connected directly or through the transmission
device
CPOS1/0/0 CPOS1/0/0
RouterA RouterB
Configure MP1 and MP2 on CPOS interfaces on routers of both ends. Every MP binds two serial interfaces.
After the process is finished, some serial interfaces are inactive and some are changing between up and down.
Analysis The incorrectness of the negotiation parameters on the serial interface may lead to the renegotiation, because the state of MP1 is up and one of the serial interfaces bound by MP1 is changing from up and down.
Troubleshooting Procedure
Step Action
1 Executing the display interface serial command in MP1 interface view, you can find the state of the LCP negotiation is changing between OPENED and CLOSED.
2 Executing the debugging ppp mp all command, you can find the description of the terminal of the serial interface is not consistent with the description of other serial interfaces.
3 Checking the description of the terminal of the MP2 interface, you can find the description of the abnormal serial interface is the same as the that of the terminal that is bound by MP2.
4 Checking that the abnormal serial interface joints the correct MP, you can find that the serial interface joints the MP2 binding group.
Summary The settings of physical interfaces on both ends must be consistent.
8 PPP and MP Troubleshooting Quidway NetEngine16E/08E/05
8.5 FAQs Q: Why cannot the protocol layer be up when the physical layer is up?
A: Possible causes are:
− Authentication fails; − You need to configure the IP address if IPCP is chosen in the NCP phase; − When connected with routers of other company, negotiation requirements of both
ends are inconsistent (you can configure the negotiation field manually to solve the problem).
Q: Can I configure authentication on both ends?
A: Yes.
If authentication of either end fails, the negotiation is restarted.
Q: Can I enable PPP to be up by the Loopback local command?
A: No.
The check mechanism of the magical character can find loopback. When loopback exists, the LCP negotiation cannot succeed.
Q: What are a large number of packets when debugging of PPP is enabled after the negotiation succeeds?
A: The Hello packet. After the LCP negotiation succeeds, the router sends the hello packet periodically to check the state of the link. You can set the interval of sending the hello packet by the timer hold command.
8.6 Diagnostic Tools 8.6.1 display Command
Command Description
display interface mp-group mp-group-interface Display the state of the Mp-group interface.
display ppp compression iphc { rtp | tcp } Display the statistics of the compression of the IP packets on the PPP link.
The router has sent an LCP configure-request control packet. The information includes the ID and length of the control packet; the length and value of the two parameters MRU and MagicNumber.