Troubleshooting FA Server Rejection of I-SID-to-VLAN Assignments Using Trace

Consider an FA solution where the FA Server receives I-SID-to-VLAN assignment requests from a proxy device and some of these assignment requests are rejected by the FA Server. Use this procedure to help you troubleshoot the cause of the rejection.

Note

Note

When the FA Server rejects an I-SID-to-VLAN assignment request, the error message in the log file lists a generic reason for the failure, such as rejected due to application error (status 9). To troubleshoot further, you must use trace.

This procedure also demonstrates how you can configure trace for enhanced troubleshooting.

Procedure

Begin troubleshooting on the FA Server

  1. Enter Privileged EXEC mode:

    enable

  2. Verify that router IS-IS is enabled. This is required for proper FA operation.

    show isis

    Note

    Note

    I-SID-to-VLAN assignments are always rejected if router IS-IS is disabled.

  3. Verify that FA is enabled on the interface on which I-SID-to-VLAN assignments are expected.

    show fa interface [disabled-auth] [enabled-auth] [mlt <1–512>] [port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]

  4. Verify the discovery and authentication status of the proxy device, on the interface.

    show fa elements [{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]

  5. Determine the I-SID-to-VLAN assignments received on the interface and which ones are rejected.

    show fa assignment [{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}]]

  6. View the log file to determine the cause of the assignment rejection.

    show log file module fa

    Note

    Note

    When the FA Server rejects an I-SID-to-VLAN assignment request, only a generic reason for the rejection is logged.

Enhanced troubleshooting using trace

  1. Configure trace:
    1. Enable keyword search in the trace output:

      trace grep WORD<0-128>

    2. Set the trace level for FA:

      trace level <Module_ID>

      Note

      Note

      • <Module_ID> specifies the module for the trace. Different hardware platforms support different ID ranges because of feature support differences. To see which module IDs are available on the switch, use the show trace modid-list command or CLI command completion Help.

      • FA uses the trace level 221.

    3. Turn on trace:

      trace screen [enable]|[disable]

Example:

The following example simulates a configuration error on the FA Server as a result of which the FA Server rejects I-SID-to-VLAN assignments from the proxy device. When the FA Server rejects an I-SID-to-VLAN assignment, the error message listed in the log file is a generic reason for the rejection, as demonstrated in this example. To troubleshoot further, set up trace.

On the FA Server, assume that the interface MLT 1 consists of ports 1/5 and 1/6. Assume that a proxy device sends I-SID-to-VLAN assignment mapping requests with I-SID 9005 and CVID 400, on this interface.

Simulate a configuration error on the FA Server:

Configure a management I-SID with a C-VID value that is different from that of the C-VID in the I-SID-to-VLAN assignment request from the proxy. So, for example, configure a management I-SID with C-VID 999, which is different from the C-VID advertised by the proxy, which is 400. This causes rejection of I-SID-to-VLAN assignment requests on the interface.

Switch:1>en
Switch:1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch:1(config)#interface mlt 1
Switch:1(config-mlt)#no fa enable
Switch:1(config-mlt)#fa management i-sid 9005 c-vid 999
Switch:1(config-mlt)#fa enable
Switch:1(config-mlt)#exit
Switch:1(config)#exit

At this stage, the FA Server rejects I-SID-to-VLAN assignments as shown below.

Switch:1#show fa assignment 

=======================================================================
                          Fabric Attach Assignment Map 
=======================================================================
Interface  I-SID      Vlan       State      Origin    
-----------------------------------------------------------------------
1/5        312        710        active     proxy     
1/5        9005       400        reject     proxy     
1/6        312        710        active     proxy     
1/6        9005       400        reject     proxy     
-----------------------------------------------------------------------
4 out of 4 Total Num of fabric attach assignment mappings displayed
-----------------------------------------------------------------------

Begin troubleshooting on the FA Server:

Verify that IS-IS is enabled.

Switch:1>en
Switch:1#show isis

================================================================================
                               ISIS General Info
================================================================================
                            AdminState : enabled
                            RouterType : Level 1
                             System ID : 8404.bcb1.0043
                  Max LSP Gen Interval : 900
                                Metric : wide
                   Overload-on-startup : 20
                              Overload : false
                         Csnp Interval : 10
                         PSNP Interval : 2
                     Rxmt LSP Interval : 5
                             spf-delay : 100
                           Router Name : FAServer
                     ip source-address : 43.43.43.43
                   ipv6 source-address : 1:43:0:0:0:0:0:43
              ip tunnel source-address : 12.43.43.43
                            Tunnel vrf : 12
                         ip tunnel mtu :
                     Num of Interfaces : 4
                 Num of Area Addresses : 1
                        inband-mgmt-ip : 
                              backbone : disabled
              Dynamically Learned Area : 00.0000.0000
                            FAN Member : No
Switch:1#

Verify that FA is enabled on the interface MLT 1, on which the I-SID-to-VLAN assignments are expected. View the SERVER STATUS field.

Switch:1#show fa interface mlt 1

==================================================================
                            Fabric Attach Interfaces 
==================================================================
INTERFACE    SERVER   MGMT     MGMT     MSG AUTH MSG AUTH         
             STATUS   ISID     CVID     STATUS   KEY              
------------------------------------------------------------------
Mlt1         enabled  0        0        enabled  ****             

------------------------------------------------------------------
1 out of 1 Total Num of fabric attach interfaces displayed
------------------------------------------------------------------

Verify the discovery and authentication status of the proxy device on the interface. Note that the proxy is successfully discovered and authenticated on ports 1/5 and 1/6 of MLT 1.

Switch:1#show fa elements

================================================================================
                        Fabric Attach Discovery Elements
================================================================================
                         MGMT                                         ELEM ASGN
PORT   TYPE              VLAN STATE  SYSTEM ID                        AUTH AUTH
--------------------------------------------------------------------------------
1/5    proxy             1    T / S  10:cd:ae:09:40:00:20:00:00:01    AP   AP
1/6    proxy             1    T / S  10:cd:ae:09:40:00:20:00:00:01    AP   AP

================================================================================
                      Fabric Attach Authentication Detail
================================================================================
       ELEM OPER                      ASGN OPER
PORT   AUTH STATUS                    AUTH STATUS
--------------------------------------------------------------------------------
1/5    successAuth                    successAuth
1/6    successAuth                    successAuth


State Legend: (Tagging/AutoConfig)
T= Tagged,    U= Untagged,    D= Disabled,    S= Spbm,    V= Vlan,    I= Invalid


Auth Legend:
AP= Authentication Pass,  AF= Authentication Fail,
NA= Not Authenticated,  N= None



--------------------------------------------------------------------------------

2 out of 2 Total Num of fabric attach discovery elements displayed

--------------------------------------------------------------------------------

View the log file to determine the cause of the rejection. The log file displays the generic error rejected due to application error (status 9) as follows:

Switch:1#show log file module fa
...
CP1  [12/04/15 00:45:51.185:UTC] 0x00374583 00000000 GlobalRouter FA INFO Fabric Attach Element Discovered on interface 1/5 Element type proxy (3) Id 50:61:84:ee:8c:00:20:00:00:01 CP1  [12/04/15 00:45:51.187:UTC] 0x0037458f 00000000 GlobalRouter FA INFO Fabric Attach Assignment rejected: interface 1/5 i-sid 9005 cvid 400 rejected due to application error (status 9)
...
...

To troubleshoot further, use trace.

Switch:1#trace grep fa
Switch:1#trace level 221 3
Switch:1#trace screen enable
Screen tracing is on

View the trace output. The trace output displays that the error was caused because the FA interface (MLT 1) was configured with a different C-VID for I-SID 9005.

Switch:1#0:07:57.801252 1  fa.c                  :858 [lcy-ve][12898-13062]cbcp-main.x:faUpdateSwitchedUni      :FA: faUpdateSwitchedUni port 196 isid 9005 cvid 400
0:07:57.801283 1  fa_swuni.c            :2900[lcy-ve][12898-13062]cbcp-main.x:faUpdateSwitchedUniCheck :FA: Call faUpdateSwitchedUniCheckSmlt for mlt 1
0:07:57.801644 1  fa_swuni.c            :2421[lcy-ve][12898-13062]cbcp-main.x:faSwitchedUniCheckEndpointParms:FA: Failed rcIsidElanEndPointTblConsistencyCheckCommon for Ifindex 6144 Isid 9005 Cvid 400 error Switched UNI/Fabric Attach MLT cannot be configured for different c-vid for same I-SID
0:07:57.802074 1  fa.c                  :858 [lcy-ve][12898-13062]cbcp-main.x:faUpdateSwitchedUni      :FA: faUpdateSwitchedUni port 197 isid 9005 cvid 400
0:07:57.802086 1  fa_swuni.c            :2900[lcy-ve][12898-13062]cbcp-main.x:faUpdateSwitchedUniCheck :FA: Call faUpdateSwitchedUniCheckSmlt for mlt 1
0:07:57.802276 1  fa_swuni.c            :2421[lcy-ve][12898-13062]cbcp-main.x:faSwitchedUniCheckEndpointParms:FA: Failed rcIsidElanEndPointTblConsistencyCheckCommon for Ifindex 6144 Isid 9005 Cvid 400 error Switched UNI/Fabric Attach MLT cannot be configured for different c-vid for same I-SID”